bisecting cause commit starting from f8fbb47c6e86c0b75f8df864db702c3e3f757361 building syzkaller on 3fd2ea69e05557e7e0fef9b68263b4150670671c testing commit f8fbb47c6e86c0b75f8df864db702c3e3f757361 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 89e657cb9a8802235e89f54d0cfa0a4b19e0d766f6028de8f3cae1eaeb486d14 all runs: crashed: general protection fault in scatterwalk_copychunks testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 160dd584d3041427002e5e881f98280ae9aebc819a2fa29b4bade4d15820e761 all runs: crashed: general protection fault in scatterwalk_copychunks testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b8cac70814a5fdbac7dbdd38e4214f03832ce2c4fc4b950864fc4c971afa2790 all runs: crashed: general protection fault in scatterwalk_copychunks testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f1d0cb916adcced6b6c9b2da961ed8830a0d6725dbc70234a7a33626cd76aafe all runs: crashed: general protection fault in gcmaes_crypt_by_sg testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2a15a524b9eccf3c507e1d167d1c435a69c6d207f31bdd5162bf857cc86a1af3 all runs: crashed: general protection fault in gcmaes_crypt_by_sg testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fd0a4e27ddcd396e6415d61f52a4ec85945b9492ec87a9a09a1dc277dacafb15 all runs: crashed: general protection fault in gcmaes_crypt_by_sg testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ecc34ef178adc7c0ca647a2fd494eeee0344ca866c6a5ab62d83419013222c3a all runs: crashed: general protection fault in gcmaes_crypt_by_sg testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 9b2bcabc91b7407d6b2c675a877e63ee5d45ce60cfeaa5d0ca1583b7952c51da all runs: crashed: general protection fault in gcmaes_crypt_by_sg testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 9022ef7263f3ac71b54b2d8852435853b3fd50cf19c59acd4b3401ba939ff3bf all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 362e02883c9067e1bd7735f739adbc21a32deab643d9f461fe0483d1cb2f57f1 run #0: boot failed: can't ssh into the instance run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 3742 revisions left to test after this (roughly 12 steps) [d38c07afc356ddebaa3ed8ecb3f553340e05c969] Merge tag 'powerpc-5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit d38c07afc356ddebaa3ed8ecb3f553340e05c969 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d0d11da173b813eca93eae534e2e5116d0e34f8c246a74982e8fdef93d149c5c all runs: OK # git bisect good d38c07afc356ddebaa3ed8ecb3f553340e05c969 Bisecting: 1871 revisions left to test after this (roughly 11 steps) [cf01699ee220c38099eb3e43ce3d10690c8b7060] tools/vm: fix cross-compile build testing commit cf01699ee220c38099eb3e43ce3d10690c8b7060 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 520ad67180031c7fbcecf1590514ef521acfe9c3877e8604774cd82bdd7fd1e4 all runs: OK # git bisect good cf01699ee220c38099eb3e43ce3d10690c8b7060 Bisecting: 936 revisions left to test after this (roughly 10 steps) [4334f30ebf395b204c6cbeabf371a5a998d6ba7c] Merge tag 'char-misc-5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 4334f30ebf395b204c6cbeabf371a5a998d6ba7c compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fe119ed84c4b109543243363e818a33c42e98e40cd8ae851d04fb6009e76ec4c all runs: OK # git bisect good 4334f30ebf395b204c6cbeabf371a5a998d6ba7c Bisecting: 468 revisions left to test after this (roughly 9 steps) [7b5b38010f4e2cd6387fcd97f704c3ad0ea6aeae] Merge branch 'vmwgfx-fixes-5.7' of git://people.freedesktop.org/~sroland/linux into drm-fixes testing commit 7b5b38010f4e2cd6387fcd97f704c3ad0ea6aeae compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c268f24abf9afd510a24efd28f30e64d54ef144f56ad5bfa52ee749ce2b953d4 all runs: OK # git bisect good 7b5b38010f4e2cd6387fcd97f704c3ad0ea6aeae Bisecting: 229 revisions left to test after this (roughly 8 steps) [caffb99b6929f41a69edbb5aef3a359bf45f3315] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 89a1fa04d1f212d88b8eb21a7b0b82172250b861258a04bdf82a49f3a8e0ba53 all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad caffb99b6929f41a69edbb5aef3a359bf45f3315 Bisecting: 118 revisions left to test after this (roughly 7 steps) [d3044d7d220529a4ce0cbfe00de63996935908d1] Merge tag 'tty-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit d3044d7d220529a4ce0cbfe00de63996935908d1 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f021b4801c05a57529f9cf619e6546e147feb51925dcdf63d2db3e4f7f476b12 all runs: OK # git bisect good d3044d7d220529a4ce0cbfe00de63996935908d1 Bisecting: 59 revisions left to test after this (roughly 6 steps) [8a1d24e1cc6d96a17f2dcb1400d370cadbfb7cb6] rxrpc: Fix a warning testing commit 8a1d24e1cc6d96a17f2dcb1400d370cadbfb7cb6 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6bc67f9de8b8ebad0dcb5df29ac0ffcc6b60dbc04f7ac87b2787e8156cc15d9c all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad 8a1d24e1cc6d96a17f2dcb1400d370cadbfb7cb6 Bisecting: 29 revisions left to test after this (roughly 5 steps) [a7bff11f6f9afa87c25711db8050c9b5324db0e2] net/tls: fix encryption error checking testing commit a7bff11f6f9afa87c25711db8050c9b5324db0e2 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d8b9744512b1ff851601e72ab6edc47dedaaea826f978b94fe414db4ffd27cfa all runs: OK # git bisect good a7bff11f6f9afa87c25711db8050c9b5324db0e2 Bisecting: 14 revisions left to test after this (roughly 4 steps) [79dde73cf9bcf1dd317a2667f78b758e9fe139ed] net/ethernet/freescale: rework quiesce/activate for ucc_geth testing commit 79dde73cf9bcf1dd317a2667f78b758e9fe139ed compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 8f18fb06711e758734968171d74970ad77c15241d962b0b7c834c249736b8714 all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad 79dde73cf9bcf1dd317a2667f78b758e9fe139ed Bisecting: 7 revisions left to test after this (roughly 3 steps) [b4024c9e5c57902155d3b5e7de482e245f492bff] felix: Fix initialization of ioremap resources testing commit b4024c9e5c57902155d3b5e7de482e245f492bff compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2f393f63e20113ae2b22b84148532f8b4df4a76ab033cbff31e3f8644146efdd all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad b4024c9e5c57902155d3b5e7de482e245f492bff Bisecting: 3 revisions left to test after this (roughly 2 steps) [57ebc8f08504f176eb0f25b3e0fde517dec61a4f] net: ipip: fix wrong address family in init error path testing commit 57ebc8f08504f176eb0f25b3e0fde517dec61a4f compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 35ff02e2197a8ec13803d37bd274027fe8a2160eb09acb9f5e9be813bab5724d all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad 57ebc8f08504f176eb0f25b3e0fde517dec61a4f Bisecting: 0 revisions left to test after this (roughly 1 step) [a5534617007a1c33095db35c36b6455ee7add00b] Merge branch 'net-tls-fix-encryption-error-path' testing commit a5534617007a1c33095db35c36b6455ee7add00b compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3409ab57b72ddc910ebf3a85c9e95258e164bd67413a3ed5cd11de7a81b4e8ec all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad a5534617007a1c33095db35c36b6455ee7add00b Bisecting: 0 revisions left to test after this (roughly 0 steps) [635d9398178659d8ddba79dd061f9451cec0b4d1] net/tls: free record only on encryption error testing commit 635d9398178659d8ddba79dd061f9451cec0b4d1 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3409ab57b72ddc910ebf3a85c9e95258e164bd67413a3ed5cd11de7a81b4e8ec all runs: crashed: general protection fault in gcmaes_crypt_by_sg # git bisect bad 635d9398178659d8ddba79dd061f9451cec0b4d1 635d9398178659d8ddba79dd061f9451cec0b4d1 is the first bad commit commit 635d9398178659d8ddba79dd061f9451cec0b4d1 Author: Vadim Fedorenko Date: Wed May 20 11:41:44 2020 +0300 net/tls: free record only on encryption error We cannot free record on any transient error because it leads to losing previos data. Check socket error to know whether record must be freed or not. Fixes: d10523d0b3d7 ("net/tls: free the record on encryption error") Signed-off-by: Vadim Fedorenko Signed-off-by: David S. Miller net/tls/tls_sw.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) culprit signature: 3409ab57b72ddc910ebf3a85c9e95258e164bd67413a3ed5cd11de7a81b4e8ec parent signature: d8b9744512b1ff851601e72ab6edc47dedaaea826f978b94fe414db4ffd27cfa revisions tested: 23, total time: 4h45m7.678552242s (build: 2h20m20.2839988s, test: 2h21m49.237868559s) first bad commit: 635d9398178659d8ddba79dd061f9451cec0b4d1 net/tls: free record only on encryption error recipients (to): ["aviadye@mellanox.com" "borisp@mellanox.com" "daniel@iogearbox.net" "davem@davemloft.net" "davem@davemloft.net" "john.fastabend@gmail.com" "kuba@kernel.org" "netdev@vger.kernel.org" "vfedorenko@novek.ru"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: general protection fault in gcmaes_crypt_by_sg general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 33 Comm: kworker/u4:2 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: pencrypt_parallel padata_parallel_worker RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:68 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:93 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:101 [inline] RIP: 0010:gcmaes_crypt_by_sg.constprop.6+0x10fd/0x1810 arch/x86/crypto/aesni-intel_glue.c:761 Code: 00 00 4c 8b 94 24 a8 00 00 00 e9 a3 fd ff ff 4c 89 ef e8 36 e9 4c 02 49 89 c5 48 8d 40 08 48 89 84 24 98 00 00 00 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e ea 05 00 00 41 8b 45 08 89 RSP: 0018:ffffc90000e87840 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 1ffff110160fe04b RSI: ffff8880b07f0264 RDI: ffff8880b07f0258 RBP: ffffc90000e87c10 R08: ffff8880b07f0650 R09: 0000000000000005 R10: 000000000000401b R11: ffff8880b07f030c R12: ffff8880b07f0300 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000004001 FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f227f19f080 CR3: 000000009e41e000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Modules linked in: ---[ end trace c7abea9ec9484b43 ]--- RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:68 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:93 [inline] RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:101 [inline] RIP: 0010:gcmaes_crypt_by_sg.constprop.6+0x10fd/0x1810 arch/x86/crypto/aesni-intel_glue.c:761 Code: 00 00 4c 8b 94 24 a8 00 00 00 e9 a3 fd ff ff 4c 89 ef e8 36 e9 4c 02 49 89 c5 48 8d 40 08 48 89 84 24 98 00 00 00 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e ea 05 00 00 41 8b 45 08 89 RSP: 0018:ffffc90000e87840 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 1ffff110160fe04b RSI: ffff8880b07f0264 RDI: ffff8880b07f0258 RBP: ffffc90000e87c10 R08: ffff8880b07f0650 R09: 0000000000000005 R10: 000000000000401b R11: ffff8880b07f030c R12: ffff8880b07f0300 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000004001 FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f227f19f080 CR3: 000000009e41e000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 4c 8b 94 24 a8 00 00 mov 0xa8(%rsp),%r10 9: 00 a: e9 a3 fd ff ff jmpq 0xfffffdb2 f: 4c 89 ef mov %r13,%rdi 12: e8 36 e9 4c 02 callq 0x24ce94d 17: 49 89 c5 mov %rax,%r13 1a: 48 8d 40 08 lea 0x8(%rax),%rax 1e: 48 89 84 24 98 00 00 mov %rax,0x98(%rsp) 25: 00 26: 48 c1 e8 03 shr $0x3,%rax 2a: 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 74 08 je 0x3b 33: 3c 03 cmp $0x3,%al 35: 0f 8e ea 05 00 00 jle 0x625 3b: 41 8b 45 08 mov 0x8(%r13),%eax 3f: 89 .byte 0x89