Hello, syzbot found the following issue on: HEAD commit: 4ac65880ebca Add linux-next specific files for 20250904 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=12951312580000 kernel config: https://syzkaller.appspot.com/x/.config?x=fbc16d9faf3a88a4 dashboard link: https://syzkaller.appspot.com/bug?extid=14c6a89d5f47cd26ea7a compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16951312580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b8e962580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/36645a51612c/disk-4ac65880.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bba80d634bef/vmlinux-4ac65880.xz kernel image: https://storage.googleapis.com/syzbot-assets/e58dd70dfd0f/bzImage-4ac65880.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+14c6a89d5f47cd26ea7a@xxxxxxxxxxxxxxxxxxxxxxxxx Oops: general protection fault, probably for non-canonical address 0xe0009d1000000000: 0000 [#1] SMP KASAN PTI KASAN: maybe wild-memory-access in range [0x0005088000000000-0x0005088000000007] CPU: 0 UID: 0 PID: 6069 Comm: syz.0.32 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:get_unaligned_le64 include/linux/unaligned.h:28 [inline] RIP: 0010:xxh64_update+0x55b/0xcf0 lib/xxhash.c:312 Code: 00 00 00 fc ff df 48 8b 44 24 30 48 83 c0 e0 48 89 44 24 18 48 89 5c 24 68 48 8b 1b 45 31 ff 4e 8d 0c 3e 4c 89 c8 48 c1 e8 03 <0f> b6 04 10 84 c0 0f 85 4a 01 00 00 4a 8d 3c 3e 48 83 c7 07 48 89 RSP: 0018:ffffc900039c7778 EFLAGS: 00010206 RAX: 0000a11000000000 RBX: 7a8f95a9137c12d5 RCX: ffff88802af8bc00 RDX: dffffc0000000000 RSI: 0005088000000000 RDI: 0000000000000000 RBP: 8c2c5b2336b29570 R08: c2b2ae3d27d4eb4f R09: 0005088000000000 R10: 0000000000000000 R11: ffffffff849f4de0 R12: bcfbe54b88bf1c85 R13: ffff88807c933360 R14: 128d621f73d40218 R15: 0000000000000000 FS: 00007fa7a7e826c0(0000) GS:ffff8881259fa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa7a7e60f98 CR3: 0000000075c6c000 CR4: 00000000003526f0 Call Trace: <TASK> xxhash64_update+0x27/0x40 crypto/xxhash_generic.c:46 crypto_shash_update include/crypto/hash.h:1006 [inline] shash_ahash_update+0x213/0x2f0 crypto/ahash.c:178 hash_sendmsg+0x96b/0x11d0 crypto/algif_hash.c:149 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:729 ____sys_sendmsg+0x505/0x830 net/socket.c:2614 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668 __sys_sendmsg net/socket.c:2700 [inline] __do_sys_sendmsg net/socket.c:2705 [inline] __se_sys_sendmsg net/socket.c:2703 [inline] __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa7a6f8ebe9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa7a7e82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa7a71c5fa0 RCX: 00007fa7a6f8ebe9 RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000004 RBP: 00007fa7a7011e19 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fa7a71c6038 R14: 00007fa7a71c5fa0 R15: 00007ffc0c907ff8 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:get_unaligned_le64 include/linux/unaligned.h:28 [inline] RIP: 0010:xxh64_update+0x55b/0xcf0 lib/xxhash.c:312 Code: 00 00 00 fc ff df 48 8b 44 24 30 48 83 c0 e0 48 89 44 24 18 48 89 5c 24 68 48 8b 1b 45 31 ff 4e 8d 0c 3e 4c 89 c8 48 c1 e8 03 <0f> b6 04 10 84 c0 0f 85 4a 01 00 00 4a 8d 3c 3e 48 83 c7 07 48 89 RSP: 0018:ffffc900039c7778 EFLAGS: 00010206 RAX: 0000a11000000000 RBX: 7a8f95a9137c12d5 RCX: ffff88802af8bc00 RDX: dffffc0000000000 RSI: 0005088000000000 RDI: 0000000000000000 RBP: 8c2c5b2336b29570 R08: c2b2ae3d27d4eb4f R09: 0005088000000000 R10: 0000000000000000 R11: ffffffff849f4de0 R12: bcfbe54b88bf1c85 R13: ffff88807c933360 R14: 128d621f73d40218 R15: 0000000000000000 FS: 00007fa7a7e826c0(0000) GS:ffff8881259fa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa7a7e60f98 CR3: 0000000075c6c000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess), 5 bytes skipped: 0: df 48 8b fisttps -0x75(%rax) 3: 44 24 30 rex.R and $0x30,%al 6: 48 83 c0 e0 add $0xffffffffffffffe0,%rax a: 48 89 44 24 18 mov %rax,0x18(%rsp) f: 48 89 5c 24 68 mov %rbx,0x68(%rsp) 14: 48 8b 1b mov (%rbx),%rbx 17: 45 31 ff xor %r15d,%r15d 1a: 4e 8d 0c 3e lea (%rsi,%r15,1),%r9 1e: 4c 89 c8 mov %r9,%rax 21: 48 c1 e8 03 shr $0x3,%rax * 25: 0f b6 04 10 movzbl (%rax,%rdx,1),%eax <-- trapping instruction 29: 84 c0 test %al,%al 2b: 0f 85 4a 01 00 00 jne 0x17b 31: 4a 8d 3c 3e lea (%rsi,%r15,1),%rdi 35: 48 83 c7 07 add $0x7,%rdi 39: 48 rex.W 3a: 89 .byte 0x89 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
