bisecting cause commit starting from bd4d08daeb959234a9f8365037b0fefa6ae790c6 building syzkaller on 370797126e9ba28a49317bf099076a5ca06e4501 testing commit bd4d08daeb959234a9f8365037b0fefa6ae790c6 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: crashed: KASAN: use-after-free Read in tls_write_space run #8: crashed: KASAN: use-after-free Read in tls_write_space run #9: crashed: KASAN: slab-out-of-bounds Read in tls_write_space testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: basic kernel testing failed: timed out run #8: OK run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #2: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #3: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #4: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #5: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #6: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #7: OK run #8: OK run #9: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #2: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #3: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #4: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #5: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #6: OK run #7: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #8: OK run #9: crashed: kernel panic: Fatal exception testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.13 v4.12 Bisecting: 7028 revisions left to test after this (roughly 13 steps) [ac7b75966c9c86426b55fe1c50ae148aa4571075] Merge tag 'pinctrl-v4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit ac7b75966c9c86426b55fe1c50ae148aa4571075 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad ac7b75966c9c86426b55fe1c50ae148aa4571075 Bisecting: 3538 revisions left to test after this (roughly 12 steps) [e24dd9ee5399747b71c1d982a484fc7601795f31] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit e24dd9ee5399747b71c1d982a484fc7601795f31 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e24dd9ee5399747b71c1d982a484fc7601795f31 Bisecting: 1787 revisions left to test after this (roughly 11 steps) [9cc9a5cb176ccb4f2cda5ac34da5a659926f125f] datapath: Avoid using stack larger than 1024. testing commit 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f with gcc (GCC) 7.3.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f Bisecting: 882 revisions left to test after this (roughly 10 steps) [073cf9e20c333ab29744717a23f9e43ec7512a20] Merge branch 'udp-reduce-cache-pressure' testing commit 073cf9e20c333ab29744717a23f9e43ec7512a20 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 073cf9e20c333ab29744717a23f9e43ec7512a20 Bisecting: 441 revisions left to test after this (roughly 9 steps) [8abd5599a520e9f188a750f1bde9dde5fb856230] Merge branch 's390-net-updates-part-2' testing commit 8abd5599a520e9f188a750f1bde9dde5fb856230 with gcc (GCC) 7.3.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad 8abd5599a520e9f188a750f1bde9dde5fb856230 Bisecting: 220 revisions left to test after this (roughly 8 steps) [2fae5d0e647c6470d206e72b5fc24972bb900f70] Merge branch 'bpf-ctx-narrow' testing commit 2fae5d0e647c6470d206e72b5fc24972bb900f70 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 2fae5d0e647c6470d206e72b5fc24972bb900f70 Bisecting: 110 revisions left to test after this (roughly 7 steps) [41500c3e2a19ffcf40a7158fce1774de08e26ba2] rds: tcp: remove cp_outgoing testing commit 41500c3e2a19ffcf40a7158fce1774de08e26ba2 with gcc (GCC) 7.3.0 all runs: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad 41500c3e2a19ffcf40a7158fce1774de08e26ba2 Bisecting: 54 revisions left to test after this (roughly 6 steps) [c27b32c2a4e6adc09323262d5b38b06979f063ab] r8152: support new chip 8050 testing commit c27b32c2a4e6adc09323262d5b38b06979f063ab with gcc (GCC) 7.3.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #6: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #7: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #8: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #9: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad c27b32c2a4e6adc09323262d5b38b06979f063ab Bisecting: 26 revisions left to test after this (roughly 5 steps) [206f60e1451b4b90cb7f3a803d1c440602a458e0] Merge branch 'Broadcom-DTE-based-PTP-clock' testing commit 206f60e1451b4b90cb7f3a803d1c440602a458e0 with gcc (GCC) 7.3.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 206f60e1451b4b90cb7f3a803d1c440602a458e0 Bisecting: 13 revisions left to test after this (roughly 4 steps) [57d1ef389c96b5ae192767ae16843e839b1eff74] net: dsa: mv88e6xxx: prefix Global Stats macros testing commit 57d1ef389c96b5ae192767ae16843e839b1eff74 with gcc (GCC) 7.3.0 all runs: basic kernel testing failed: timed out # git bisect skip 57d1ef389c96b5ae192767ae16843e839b1eff74 Bisecting: 13 revisions left to test after this (roughly 4 steps) [63fe4c39d2c1f67d9c9a58da0ec8627516a40d9a] net: sched: act_tunnel_key: request UDP checksum by default testing commit 63fe4c39d2c1f67d9c9a58da0ec8627516a40d9a with gcc (GCC) 7.3.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: basic kernel testing failed: timed out run #8: basic kernel testing failed: timed out run #9: basic kernel testing failed: timed out # git bisect bad 63fe4c39d2c1f67d9c9a58da0ec8627516a40d9a Bisecting: 7 revisions left to test after this (roughly 3 steps) [27c0e60097a55a1831de2ea8121f048b833b9d9a] net: dsa: mv88e6xxx: prefix Global ATU macros testing commit 27c0e60097a55a1831de2ea8121f048b833b9d9a with gcc (GCC) 7.3.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #6: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #7: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #8: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #9: basic kernel testing failed: timed out # git bisect bad 27c0e60097a55a1831de2ea8121f048b833b9d9a Bisecting: 3 revisions left to test after this (roughly 2 steps) [108ea51412a7fddcd0a39efe564dffd47a033e6c] Merge branch 'net-ktls' testing commit 108ea51412a7fddcd0a39efe564dffd47a033e6c with gcc (GCC) 7.3.0 run #0: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #1: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #5: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #6: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #7: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #8: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! run #9: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad 108ea51412a7fddcd0a39efe564dffd47a033e6c Bisecting: 1 revision left to test after this (roughly 1 step) [3c4d7559159bfe1e3b94df3a657b2cda3a34e218] tls: kernel TLS support testing commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 with gcc (GCC) 7.3.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: basic kernel testing failed: timed out run #8: basic kernel testing failed: timed out run #9: crashed: kernel BUG at ./include/linux/scatterlist.h:LINE! # git bisect bad 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 Bisecting: 1 revision left to test after this (roughly 1 step) [734942cc4ea6478eed125af258da1bdbb4afe578] tcp: ULP infrastructure testing commit 734942cc4ea6478eed125af258da1bdbb4afe578 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 734942cc4ea6478eed125af258da1bdbb4afe578 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e3b5616a347603a521fe3ac46f3194a60900e3a7] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions testing commit e3b5616a347603a521fe3ac46f3194a60900e3a7 with gcc (GCC) 7.3.0 image build failed: failed to run ["/tmp/syz-build861535553/create.sh" "/syzkaller/wheezy" "/syzkaller/jobs/linux/kernel/arch/x86/boot/bzImage"]: exit status 1 + CLEANUP= + trap 'eval " $CLEANUP"' EXIT + '[' '!' -e /syzkaller/wheezy/sbin/init ']' ++ basename /syzkaller/jobs/linux/kernel/arch/x86/boot/bzImage + '[' bzImage '!=' bzImage ']' + SYZ_VM_TYPE=gce + '[' gce == qemu ']' + '[' gce == gce ']' + : + BLOCK_DEVICE=loop ++ uname -a ++ grep Ubuntu + '[' 'Linux ci 4.15.0-43-generic #46~16.04.1-Ubuntu SMP Fri Dec 7 13:31:08 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux' '!=' '' ']' + BLOCK_DEVICE=nbd + sudo umount disk.mnt umount: disk.mnt: mountpoint not found + true + '[' nbd == loop ']' + '[' nbd == nbd ']' + sudo modprobe nbd + sudo qemu-nbd -d /dev/nbd0 /dev/nbd0 disconnected + rm -rf disk.mnt disk.raw + fallocate -l 2G disk.raw + '[' nbd == loop ']' + '[' nbd == nbd ']' + DISKDEV=/dev/nbd0 + sudo qemu-nbd -c /dev/nbd0 --format=raw disk.raw Failed to initialize module: /usr/lib/x86_64-linux-gnu/qemu/block-iscsi.so Note: only modules from the same build can be loaded. Failed to initialize module: /usr/lib/x86_64-linux-gnu/qemu/block-curl.so Note: only modules from the same build can be loaded. Failed to initialize module: /usr/lib/x86_64-linux-gnu/qemu/block-rbd.so Note: only modules from the same build can be loaded. Failed to initialize module: /usr/lib/x86_64-linux-gnu/qemu/block-dmg.so Note: only modules from the same build can be loaded. + eval ' ' # git bisect skip e3b5616a347603a521fe3ac46f3194a60900e3a7 There are only 'skip'ped commits left to test. The first bad commit could be any of: e3b5616a347603a521fe3ac46f3194a60900e3a7 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 We cannot bisect more! revisions tested: 24, total time: 5h8m8.064550618s (build: 2h10m0.302818283s, test: 2h48m7.961195108s) bisection is inconclusive, the first bad commit could be any of: e3b5616a347603a521fe3ac46f3194a60900e3a7 3c4d7559159bfe1e3b94df3a657b2cda3a34e218