ci starts bisection 2023-07-06 21:57:49.449933587 +0000 UTC m=+35021.117943896 bisecting cause commit starting from ae230642190a51b85656d6da2df744d534d59544 building syzkaller on 7b33cf8fc1db47587d63fdba731651da20226503 ensuring issue is reproducible on original commit ae230642190a51b85656d6da2df744d534d59544 testing commit ae230642190a51b85656d6da2df744d534d59544 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ad3db1881f40046c9a1acc4a3b3f0cd8fee7916b0a5d496a7092fb3aefde03f7 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in __common_interrupt run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in __common_interrupt run #2: crashed: general protection fault in tomoyo_check_acl run #3: crashed: general protection fault in tomoyo_check_acl run #4: crashed: general protection fault in unlink_anon_vmas run #5: crashed: general protection fault in unlink_anon_vmas run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #8: crashed: kernel panic: corrupted stack end in syscall_exit_to_user_mode run #9: crashed: kernel panic: corrupted stack end in syscall_exit_to_user_mode run #10: crashed: general protection fault in unlink_file_vma run #11: crashed: general protection fault in unlink_file_vma run #12: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #13: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #14: crashed: general protection fault in tomoyo_check_acl run #15: crashed: general protection fault in tomoyo_check_acl run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues run #18: crashed: general protection fault in __rhashtable_lookup run #19: crashed: general protection fault in __rhashtable_lookup run #20: crashed: general protection fault,SeaBIOS (version NUM.NUM.NUM-google) run #21: crashed: general protection fault,SeaBIOS (version NUM.NUM.NUM-google) run #22: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #23: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #24: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #25: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #26: crashed: WARNING: ODEBUG bug in __do_softirq run #27: crashed: WARNING: ODEBUG bug in __do_softirq run #28: crashed: general protection fault in tomoyo_check_acl run #29: crashed: general protection fault in tomoyo_check_acl run #30: crashed: BUG: Bad rss-counter state run #31: crashed: BUG: Bad rss-counter state run #32: crashed: BUG: unable to handle kernel paging request in corrupted run #33: crashed: BUG: unable to handle kernel paging request in corrupted run #34: crashed: BUG: unable to handle kernel paging request in timerqueue_add run #35: crashed: BUG: unable to handle kernel paging request in timerqueue_add run #36: crashed: BUG: unable to handle kernel paging request in corrupted run #37: crashed: BUG: unable to handle kernel paging request in corrupted run #38: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in __common_interrupt, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit ae230642190a51b85656d6da2df744d534d59544 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 failed building ae230642190a51b85656d6da2df744d534d59544: ./include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with attribute error: copy source size is too small testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f6738b82bf215ff55d18038e77be5246d3478ba20f8416d9d38c149fc51eb9de all runs: OK # git bisect start ae230642190a51b85656d6da2df744d534d59544 457391b0380335d5e9a5babdec90ac53928b23b4 Bisecting: 8781 revisions left to test after this (roughly 13 steps) [fc2e58b8b7c94b8fe23977775550de00472f6a74] Merge tag 'spi-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi testing commit fc2e58b8b7c94b8fe23977775550de00472f6a74 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fc0d9f7f94e84ee91851547a482fba158154a06b6536ca028737b3ccdb8bee75 all runs: OK # git bisect good fc2e58b8b7c94b8fe23977775550de00472f6a74 Bisecting: 4417 revisions left to test after this (roughly 12 steps) [da9619a30e73b59605ed998bf7bc4359f5c0029a] dmapool: link blocks across pages testing commit da9619a30e73b59605ed998bf7bc4359f5c0029a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e593ad48fbeafb6ce799ea28a188fe134b662a8aabd24527d5cc78a6ea6438b3 all runs: OK # git bisect good da9619a30e73b59605ed998bf7bc4359f5c0029a Bisecting: 2211 revisions left to test after this (roughly 11 steps) [c8a5d5ea3ba6a18958f8d76430e4cd68eea33943] nouveau: fix client work fence deletion race testing commit c8a5d5ea3ba6a18958f8d76430e4cd68eea33943 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d67aefabe0ff9b702db41a7250e4d38a9ffc7e58ba33d2bd2be842dfd2f9bd90 all runs: OK # git bisect good c8a5d5ea3ba6a18958f8d76430e4cd68eea33943 Bisecting: 1105 revisions left to test after this (roughly 10 steps) [67d7f24b194e6e8e82540aa4fe97580f6cfa0902] wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed testing commit 67d7f24b194e6e8e82540aa4fe97580f6cfa0902 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e3a37f501628d084a60a466b989ce3d0d463b3009cbe70e0b6b69e513c71da65 all runs: OK # git bisect good 67d7f24b194e6e8e82540aa4fe97580f6cfa0902 Bisecting: 623 revisions left to test after this (roughly 9 steps) [25a9c8a4431c364f97f75558cb346d2ad3f53fbb] netlink: Add __sock_i_ino() for __netlink_diag_dump(). testing commit 25a9c8a4431c364f97f75558cb346d2ad3f53fbb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: be68de3e33df7e9beb708edded31ef8868edd4361f906e32182fce5051b358ca all runs: OK # git bisect good 25a9c8a4431c364f97f75558cb346d2ad3f53fbb Bisecting: 297 revisions left to test after this (roughly 8 steps) [08eeccb2491a3198f4adcba63adeace6e2499ea3] Merge tag 'linux-can-next-for-6.5-20230622' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next testing commit 08eeccb2491a3198f4adcba63adeace6e2499ea3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 433e23ff349924fe9820be9091710ae4807b3f36b06ed423e23950070da0cbb6 run #0: crashed: BUG: kernSeaBIOS (version NUM.NUM.NUM-google) run #1: crashed: BUG: kernSeaBIOS (version NUM.NUM.NUM-google) run #2: crashed: general protection fault in blk_stat_add run #3: crashed: general protection fault in blk_stat_add run #4: crashed: general protection fault in vma_interval_tree_insert run #5: crashed: general protection fault in vma_interval_tree_insert run #6: crashed: general protection fault in inode_permission run #7: crashed: general protection fault in inode_permission run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #12: crashed: general protection fault in cpuacct_account_field run #13: crashed: general protection fault in cpuacct_account_field run #14: crashed: general protection fault in hugepage_vma_check run #15: crashed: general protection fault in hugepage_vma_check run #16: crashed: WARNING: locking bug in psi_group_change run #17: crashed: WARNING: locking bug in psi_group_change run #18: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #19: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final representative crash: BUG: kernSeaBIOS (version NUM.NUM.NUM-google), types: [UNKNOWN] # git bisect bad 08eeccb2491a3198f4adcba63adeace6e2499ea3 Bisecting: 166 revisions left to test after this (roughly 7 steps) [5f2cf757f9c56255470c23a2a4a5574a34edad4b] net/mlx5: Remove unused ecpu field from struct mlx5_sf_table testing commit 5f2cf757f9c56255470c23a2a4a5574a34edad4b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2acc414b75be848ea867de66bd18ee8cc1cdaee4aa63e9c7ae2e29b5142941d8 all runs: OK # git bisect good 5f2cf757f9c56255470c23a2a4a5574a34edad4b Bisecting: 83 revisions left to test after this (roughly 6 steps) [ca4fa87435370747cac535cecfd08672bb679487] selftests: tc-testing: add one test for flushing explicitly created chain testing commit ca4fa87435370747cac535cecfd08672bb679487 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 76d68625ef13ad0adc4b79af611c523e622368a7275fc050afd71fd6f6d41331 run #0: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #1: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #2: crashed: general protection fault in call_timer_fn run #3: crashed: general protection fault in call_timer_fn run #4: crashed: general protection fault in ext4_mb_new_blocks run #5: crashed: general protection fault in ext4_mb_new_blocks run #6: crashed: general protection fault in blk_cgroup_bio_start run #7: crashed: general protection fault in blk_cgroup_bio_start run #8: crashed: kernel BUG in corrupted run #9: crashed: kernel BUG in corrupted run #10: crashed: general protection fault in corrupted run #11: crashed: general protection fault in corrupted run #12: crashed: kernel BUG in corrupted run #13: crashed: kernel BUG in corrupted run #14: crashed: PANIC: double fault in corrupted run #15: crashed: PANIC: double fault in corrupted run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in handle_edge_irq run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in handle_edge_irq run #18: crashed: possible deadlock in console_flush_all run #19: crashed: possible deadlock in console_flush_all representative crash: BUG: unable to handle kernel paging request in crypto_sha3_final, types: [UNKNOWN BUG] # git bisect bad ca4fa87435370747cac535cecfd08672bb679487 Bisecting: 41 revisions left to test after this (roughly 5 steps) [f61d2d5cf142436cd1a02ddc78425e91116b8b0d] sfc: fix uninitialized variable use testing commit f61d2d5cf142436cd1a02ddc78425e91116b8b0d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 63e0ca2eca86ad900f367cd05ce05ef7db7a681601e019af3345cf091a5b5898 run #0: crashed: general protection fault in corrupted run #1: crashed: general protection fault in corrupted run #2: crashed: INFO: trying to register non-static key in corrupted run #3: crashed: INFO: trying to register non-static key in corrupted run #4: crashed: general protection fault in insert_vmap_area run #5: crashed: general protection fault in insert_vmap_area run #6: crashed: INFO: trying to register non-static key in try_to_wake_up run #7: crashed: INFO: trying to register non-static key in try_to_wake_up run #8: crashed: WARNING in workingset_update_node run #9: crashed: WARNING in workingset_update_node run #10: crashed: WARNING: ODEBUG bug in ext4_put_io_end_defer run #11: crashed: WARNING: ODEBUG bug in ext4_put_io_end_defer run #12: crashed: general protection fault in put_prev_entity run #13: crashed: general protection fault in put_prev_entity run #14: crashed: general protection fault in integrity_inode_get run #15: crashed: general protection fault in integrity_inode_get run #16: crashed: general protection fault in tomoyo_find_domain run #17: crashed: general protection fault in tomoyo_find_domain run #18: crashed: general protection fault in update_curr run #19: crashed: general protection fault in update_curr representative crash: general protection fault in corrupted, types: [UNKNOWN] # git bisect bad f61d2d5cf142436cd1a02ddc78425e91116b8b0d Bisecting: 20 revisions left to test after this (roughly 4 steps) [a05d070a6164bd0578991e42181a52b9c7cf630c] ptp: Clarify ptp_clock_info .adjphase expects an internal servo to be used testing commit a05d070a6164bd0578991e42181a52b9c7cf630c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d6130e6eacbc406e0c8ec2c6f46361c07f2b242f1f3089cb6800234bc3cccf4d all runs: OK # git bisect good a05d070a6164bd0578991e42181a52b9c7cf630c Bisecting: 10 revisions left to test after this (roughly 3 steps) [462a3daad679406eed5d31b6bed8a19c236e1352] net: phy: mediatek: fix compile-test dependencies testing commit 462a3daad679406eed5d31b6bed8a19c236e1352 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6298de71bc22351cd8ffe8da7efccd31391da0450cad5b37fe9b074bc82178ac all runs: OK # git bisect good 462a3daad679406eed5d31b6bed8a19c236e1352 Bisecting: 5 revisions left to test after this (roughly 3 steps) [f0d952646bcf186d6d1bea6ec89f96b7e57f3b83] netlabel: Reorder fields in 'struct netlbl_domaddr6_map' testing commit f0d952646bcf186d6d1bea6ec89f96b7e57f3b83 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 138f5de4dca09ee35c174c97a6ee85c92d2210a948380346d689e056a6a94df4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues run #2: crashed: general protection fault in psi_account_irqtime run #3: crashed: general protection fault in psi_account_irqtime run #4: crashed: general protection fault in touch_atime run #5: crashed: general protection fault in touch_atime run #6: crashed: BUG: stack guard page was hit in corrupted run #7: crashed: BUG: stack guard page was hit in corrupted run #8: crashed: general protection fault in corrupted run #9: crashed: general protection fault in corrupted run #10: crashed: BUG: corrupted list in __send_signal_locked run #11: crashed: BUG: corrupted list in __send_signal_locked run #12: crashed: BUG: unable to handle kernel paging request in unwind_next_frame run #13: crashed: BUG: unable to handle kernel paging request in unwind_next_frame run #14: crashed: KASAN: null-ptr-deref Write in do_get_write_access run #15: crashed: KASAN: null-ptr-deref Write in do_get_write_access run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #18: crashed: general protection fault in clear_buddies run #19: crashed: general protection fault in clear_buddies representative crash: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues, types: [UNKNOWN] # git bisect bad f0d952646bcf186d6d1bea6ec89f96b7e57f3b83 Bisecting: 2 revisions left to test after this (roughly 1 step) [857922b16bb893d26d5ecd83acf9f20cb28eaea2] net: fec: allow to build without PAGE_POOL_STATS testing commit 857922b16bb893d26d5ecd83acf9f20cb28eaea2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f4b3470050df7eff598168820d0fede7d70aa24bbaa8ebea3c3b7328d4043003 run #0: crashed: general protection fault in update_curr run #1: crashed: general protection fault in update_curr run #2: crashed: general protection fault in tomoyo_check_acl run #3: crashed: general protection fault in tomoyo_check_acl run #4: crashed: INFO: trying to register non-static key in add_wait_queue run #5: crashed: INFO: trying to register non-static key in add_wait_queue run #6: crashed: kernel panic: corrupted stack end in corrupted run #7: crashed: kernel panic: corrupted stack end in corrupted run #8: crashed: general protection fault in tomoyo_find_domain run #9: crashed: general protection fault in tomoyo_find_domain run #10: crashed: general protection fault in cgroup_rstat_updated run #11: crashed: general protection fault in cgroup_rstat_updated run #12: crashed: general protection fault in corrupted run #13: crashed: general protection fault in corrupted run #14: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #15: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #16: crashed: general protection fault in add_grec run #17: crashed: general protection fault in add_grec run #18: crashed: kernel panic: stack is corrupted in lock_acquire run #19: crashed: kernel panic: stack is corrupted in lock_acquire representative crash: general protection fault in update_curr, types: [UNKNOWN] # git bisect bad 857922b16bb893d26d5ecd83acf9f20cb28eaea2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4] crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE) testing commit b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 18fa80c17739ae6e089540dc570a21ba656ceffbff65cbaa4483dc28026131c9 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: general protection fault in mmap_region run #3: crashed: general protection fault in mmap_region run #4: crashed: BUG: unable to handle kernel paging request in unwind_next_frame run #5: crashed: BUG: unable to handle kernel paging request in unwind_next_frame run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #8: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #9: crashed: BUG: unable to handle kernel paging request in crypto_sha3_final run #10: crashed: general protection fault in anon_vma_clone run #11: crashed: general protection fault in anon_vma_clone run #12: crashed: general protection fault in tomoyo_check_acl run #13: crashed: general protection fault in tomoyo_check_acl run #14: crashed: possible deadlock in console_flush_all run #15: crashed: possible deadlock in console_flush_all run #16: crashed: general protection fault in ext4_convert_unwritten_io_end_vec run #17: crashed: general protection fault in ext4_convert_unwritten_io_end_vec run #18: crashed: BUG: unable to handle kernel paging request in update_vsyscall run #19: crashed: BUG: unable to handle kernel paging request in update_vsyscall representative crash: BUG: unable to handle kernel paging request in corrupted, types: [UNKNOWN] # git bisect bad b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 is the first bad commit commit b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 Author: David Howells Date: Fri Jun 16 12:10:32 2023 +0100 crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE) If an AF_ALG socket bound to a hashing algorithm is sent a zero-length message with MSG_MORE set and then recvmsg() is called without first sending another message without MSG_MORE set to end the operation, an oops will occur because the crypto context and result doesn't now get set up in advance because hash_sendmsg() now defers that as long as possible in the hope that it can use crypto_ahash_digest() - and then because the message is zero-length, it the data wrangling loop is skipped. Fix this by handling zero-length sends at the top of the hash_sendmsg() function. If we're not continuing the previous sendmsg(), then just ignore the send (hash_recvmsg() will invent something when called); if we are continuing, then we finalise the request at this point if MSG_MORE is not set to get any error here, otherwise the send is of no effect and can be ignored. Whilst we're at it, remove the code to create a kvmalloc'd scatterlist if we get more than ALG_MAX_PAGES - this shouldn't happen. Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES") Reported-by: syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/000000000000b928f705fdeb873a@google.com/ Reported-by: syzbot+14234ccf6d0ef629ec1a@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/000000000000c047db05fdeb8790@google.com/ Reported-by: syzbot+4e2e47f32607d0f72d43@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/000000000000bcca3205fdeb87fb@google.com/ Reported-by: syzbot+472626bb5e7c59fb768f@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/000000000000b55d8805fdeb8385@google.com/ Signed-off-by: David Howells Reported-and-tested-by: syzbot+6efc50cc1f8d718d6cb7@syzkaller.appspotmail.com cc: Jens Axboe cc: Matthew Wilcox Acked-by: Herbert Xu Link: https://lore.kernel.org/r/427646.1686913832@warthog.procyon.org.uk Signed-off-by: Jakub Kicinski crypto/algif_hash.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) culprit signature: 18fa80c17739ae6e089540dc570a21ba656ceffbff65cbaa4483dc28026131c9 parent signature: 6298de71bc22351cd8ffe8da7efccd31391da0450cad5b37fe9b074bc82178ac revisions tested: 16, total time: 7h11m51.762174584s (build: 4h47m18.635833683s, test: 2h19m6.620828629s) first bad commit: b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE) recipients (to): ["dhowells@redhat.com" "herbert@gondor.apana.org.au" "kuba@kernel.org" "syzbot+6efc50cc1f8d718d6cb7@syzkaller.appspotmail.com"] recipients (cc): [] crash: BUG: unable to handle kernel paging request in corrupted ------------[ cut here ]------------ BUG: unable to handle page fault for address: ffff88801826f000 DEBUG_LOCKS_WARN_ON(chain_key != INITIAL_CHAIN_KEY) WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:5066 __lock_acquire+0x1d71/0x5f30 kernel/locking/lockdep.c:5066 #PF: supervisor write access in kernel mode Modules linked in: #PF: error_code(0x0003) - permissions violation CPU: 0 PID: 0 Comm: Not tainted 6.4.0-rc6-syzkaller #0 PGD 11201067 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 P4D 11201067 RIP: 0010:__lock_acquire+0x1d71/0x5f30 kernel/locking/lockdep.c:5066 PUD 11202067 Code: d2 0f 85 c5 39 00 00 44 8b 35 b7 a0 0c 0c 45 85 f6 0f 85 13 f1 ff ff 48 c7 c6 80 d6 6b 89 48 c7 c7 a0 a5 6b 89 e8 bf 2c e8 ff <0f> 0b e9 fc f0 ff ff 48 c7 c2 00 34 cc 90 48 b8 00 00 00 00 00 fc PMD 114f0063 RSP: 0018:ffffc9000444fa50 EFLAGS: 00010086PTE 800000001826f161 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000000000000001 KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RBP: ffff888017f41dc0 R08: 0000000000000001 R09: ffff8880b9a289cb CPU: 1 PID: 0 Comm: Not tainted 6.4.0-rc6-syzkaller #0 R10: ffffed1017345139 R11: 284e4f5f4e524157 R12: 0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 R13: 0000000000000000 R14: 0000000000000000 R15: ffff888017f42888 RIP: 0010:page_fault_oops+0x215/0x800 arch/x86/mm/fault.c:699 FS: 00007f3e93f93380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fb 04 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7f 20 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cf 04 00 00 49 81 3f 9d 6e ac 57 0f 85 85 00 00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RSP: 0018:ffffc9000449f908 EFLAGS: 00010046 CR2: 00007f3e9406b897 CR3: 000000007cdad000 CR4: 00000000003506f0 RAX: dffffc0000000000 RBX: 1ffff92000893f25 RCX: 0000000000000001 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888017f0d960 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RBP: ffffc9000449fa68 R08: 0000000000000001 R09: ffff8880b9b289cb Call Trace: ---------------- Code disassembly (best guess), 3 bytes skipped: 0: df 48 89 fisttps -0x77(%rax) 3: fa cli 4: 48 c1 ea 03 shr $0x3,%rdx 8: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) c: 0f 85 fb 04 00 00 jne 0x50d 12: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 19: fc ff df 1c: 4d 8b 7f 20 mov 0x20(%r15),%r15 20: 4c 89 fa mov %r15,%rdx 23: 48 c1 ea 03 shr $0x3,%rdx * 27: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2b: 0f 85 cf 04 00 00 jne 0x500 31: 49 81 3f 9d 6e ac 57 cmpq $0x57ac6e9d,(%r15) 38: 0f .byte 0xf 39: 85 .byte 0x85 3a: 85 00 test %eax,(%rax)