ci starts bisection 2023-06-21 16:40:05.099819738 +0000 UTC m=+122270.761306153
bisecting cause commit starting from 26a4dd839eeba3638df8441223903baa49c6f0da
building syzkaller on 7086cdb95114c57c35cee9db87b80d4225d8795d
ensuring issue is reproducible on original commit 26a4dd839eeba3638df8441223903baa49c6f0da

testing commit 26a4dd839eeba3638df8441223903baa49c6f0da gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4b36814a77e0c4f6d98d24f80199a4677f4ea4968fec48cc49c7986ab144a9c8
all runs: crashed: general protection fault in shash_async_update
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 795f60a2ef067f18b6726e9dce75951ab670bec6563e2a7fe7a7586e20a14bc1
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect start 26a4dd839eeba3638df8441223903baa49c6f0da 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 8182 revisions left to test after this (roughly 13 steps)
[34b62f186db9614e55d021f8c58d22fc44c57911] Merge tag 'pci-v6.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci

testing commit 34b62f186db9614e55d021f8c58d22fc44c57911 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e7ffa17c94f651c66c5cd5b526c6df46c58649a96a726507287b68ad91a19578
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 34b62f186db9614e55d021f8c58d22fc44c57911
Bisecting: 4139 revisions left to test after this (roughly 12 steps)
[d75439d64a1e2b35e0f08906205b00279753cbed] Merge tag 'for-linus' of https://github.com/openrisc/linux

testing commit d75439d64a1e2b35e0f08906205b00279753cbed gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b5f2d7f0942cb8a283b0aad7230192964c46acac7a264ff779e70b3569d62d4b
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good d75439d64a1e2b35e0f08906205b00279753cbed
Bisecting: 2070 revisions left to test after this (roughly 11 steps)
[18f558876ff0361e8ceb537cdf6fec8936ff6f72] Merge branch 'bpf: Add socket destroy capability'

testing commit 18f558876ff0361e8ceb537cdf6fec8936ff6f72 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 22266fb72336eaa91c345f58b5c1573d7a6046a0ffe98b7583ef897ab6aa8ea1
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 18f558876ff0361e8ceb537cdf6fec8936ff6f72
Bisecting: 1043 revisions left to test after this (roughly 10 steps)
[4ff3dfc91c8458f65366f283167d1cd6f16be06f] Merge branch 'splice-net-handle-msg_splice_pages-in-chelsio-tls'

testing commit 4ff3dfc91c8458f65366f283167d1cd6f16be06f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 28eb80fd9c36a05f429b80d6a61d17988b56b00dc11090e3708aa541c26c38f4
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 4ff3dfc91c8458f65366f283167d1cd6f16be06f
Bisecting: 521 revisions left to test after this (roughly 9 steps)
[6f64a5ebe1dc64add6e1d8ed3113200909988c02] Merge tag 'irq_urgent_for_v6.4_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 6f64a5ebe1dc64add6e1d8ed3113200909988c02 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 807d71aca2f436b4d5dd66c5489fdd24af469e2c3d61b9d71f700bf8bf59884b
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 6f64a5ebe1dc64add6e1d8ed3113200909988c02
Bisecting: 260 revisions left to test after this (roughly 8 steps)
[ff6db4b58c93eada66f58423aa02363f987679c5] tools: ynl-gen: enable code gen for directional specs

testing commit ff6db4b58c93eada66f58423aa02363f987679c5 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
failed building ff6db4b58c93eada66f58423aa02363f987679c5: failed to run ["make" "-j" "64" "ARCH=x86_64" "bzImage"]: exit status 2
# git bisect skip ff6db4b58c93eada66f58423aa02363f987679c5
Bisecting: 260 revisions left to test after this (roughly 8 steps)
[4f48c30312b7af5365878ab191bb41e7b899e09b] pds_core: Fix FW recovery detection

testing commit 4f48c30312b7af5365878ab191bb41e7b899e09b gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 649291a2e7c37964e5725042a489053da788bcc4dc6b45abfa4ac045dd29d90a
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 4f48c30312b7af5365878ab191bb41e7b899e09b
Bisecting: 243 revisions left to test after this (roughly 8 steps)
[84e476b876d9164af4b965c97eee90fa88204b63] net: pcs: lynx: make lynx_pcs_create() static

testing commit 84e476b876d9164af4b965c97eee90fa88204b63 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e83b51753cdbc225643edb0da1b94d735622e91676c546a56f859d8cef2e342e
all runs: crashed: general protection fault in shash_async_update
# git bisect bad 84e476b876d9164af4b965c97eee90fa88204b63
Bisecting: 122 revisions left to test after this (roughly 7 steps)
[bfd019d10fdabf70f9b01264aea6d6c7595f9226] Merge branch 'crypto-splice-net-make-af_alg-handle-sendmsg-msg_splice_pages'

testing commit bfd019d10fdabf70f9b01264aea6d6c7595f9226 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 457c721b209e85616475b1fed129065a52440cbf389621fba3b6f7aeba59893a
all runs: crashed: general protection fault in shash_async_update
# git bisect bad bfd019d10fdabf70f9b01264aea6d6c7595f9226
Bisecting: 58 revisions left to test after this (roughly 6 steps)
[28cfea989d6f55c3d10608eba2a2bae609c5bf3e] Merge tag 'mlx5-updates-2023-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

testing commit 28cfea989d6f55c3d10608eba2a2bae609c5bf3e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e18b8b34175103926b8bb22a69bf6c63498c6437eab052e78fdc9cac10a8128c
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 28cfea989d6f55c3d10608eba2a2bae609c5bf3e
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[2cc9671a82e3ba8911f01b04fd8f8f2da3a238a7] tools: ynl-gen: fill in support for MultiAttr scalars

testing commit 2cc9671a82e3ba8911f01b04fd8f8f2da3a238a7 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 05c25370d5c7c872e4709d9dcdf305394cae058905ba6c475208d1a324aecffe
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 2cc9671a82e3ba8911f01b04fd8f8f2da3a238a7
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[b83c37315a620fc8dcb5f3cffe4753765228d1f4] net: txgbe: Support GPIO to SFP socket

testing commit b83c37315a620fc8dcb5f3cffe4753765228d1f4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9dd86a2f4999a5067b1de47350e9eb41402d7a85d7cee541edb5d1d618f7c60d
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good b83c37315a620fc8dcb5f3cffe4753765228d1f4
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[936dc763c52e05cb2e7302af30a69c826916d89e] Wrap lines at 80

testing commit 936dc763c52e05cb2e7302af30a69c826916d89e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 81a26f2cc0552def6275cf2730bb7d5278f4675a28836e097da4785407374691
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 936dc763c52e05cb2e7302af30a69c826916d89e
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[73d7409cfdad7fd08a9203eb2912c1c77e527776] crypto: af_alg: Indent the loop in af_alg_sendmsg()

testing commit 73d7409cfdad7fd08a9203eb2912c1c77e527776 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a51ca6edba52f0286d84564b94db36fc5c5f50fc19065bcfb33fa1d0b0da9161
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good 73d7409cfdad7fd08a9203eb2912c1c77e527776
Bisecting: 1 revision left to test after this (roughly 1 step)
[fb800fa4c1f5aee1238267252e88a7837e645c02] crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES

testing commit fb800fa4c1f5aee1238267252e88a7837e645c02 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 291c345a314ac0376af985cd4d18ecb2cee7adf36492b979fdb80792ff178451
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect good fb800fa4c1f5aee1238267252e88a7837e645c02
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c662b043cdca89bf0f03fc37251000ac69a3a548] crypto: af_alg/hash: Support MSG_SPLICE_PAGES

testing commit c662b043cdca89bf0f03fc37251000ac69a3a548 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8d93d4fa384791610b616beddde4e2a1771ddb20af1623bb3bea71b16d7bbc85
all runs: crashed: general protection fault in shash_async_update
# git bisect bad c662b043cdca89bf0f03fc37251000ac69a3a548
c662b043cdca89bf0f03fc37251000ac69a3a548 is the first bad commit
commit c662b043cdca89bf0f03fc37251000ac69a3a548
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jun 6 14:08:56 2023 +0100

    crypto: af_alg/hash: Support MSG_SPLICE_PAGES
    
    Make AF_ALG sendmsg() support MSG_SPLICE_PAGES in the hashing code.  This
    causes pages to be spliced from the source iterator if possible.
    
    This allows ->sendpage() to be replaced by something that can handle
    multiple multipage folios in a single transaction.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Herbert Xu <herbert@gondor.apana.org.au>
    cc: "David S. Miller" <davem@davemloft.net>
    cc: Eric Dumazet <edumazet@google.com>
    cc: Jakub Kicinski <kuba@kernel.org>
    cc: Paolo Abeni <pabeni@redhat.com>
    cc: Jens Axboe <axboe@kernel.dk>
    cc: Matthew Wilcox <willy@infradead.org>
    cc: linux-crypto@vger.kernel.org
    cc: netdev@vger.kernel.org
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 crypto/af_alg.c     |  11 ++++--
 crypto/algif_hash.c | 100 ++++++++++++++++++++++++++++++++--------------------
 2 files changed, 70 insertions(+), 41 deletions(-)

culprit signature: 8d93d4fa384791610b616beddde4e2a1771ddb20af1623bb3bea71b16d7bbc85
parent  signature: 291c345a314ac0376af985cd4d18ecb2cee7adf36492b979fdb80792ff178451
revisions tested: 17, total time: 6h6m17.108351681s (build: 3h43m42.409558454s, test: 2h13m29.773380194s)
first bad commit: c662b043cdca89bf0f03fc37251000ac69a3a548 crypto: af_alg/hash: Support MSG_SPLICE_PAGES
recipients (to): ["dhowells@redhat.com" "herbert@gondor.apana.org.au" "pabeni@redhat.com"]
recipients (cc): []
crash: general protection fault in shash_async_update
general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 1 PID: 5425 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_update crypto/shash.c:124 [inline]
RIP: 0010:shash_ahash_update crypto/shash.c:306 [inline]
RIP: 0010:shash_async_update+0xe2/0x1f0 crypto/shash.c:314
Code: e8 83 d5 ff ff 85 c0 89 c2 7e 75 41 80 3c 24 00 48 8b 74 24 40 0f 85 a8 00 00 00 4c 8b 7d 50 49 8d 7f 20 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 c6 00 00 00 4d 8b 7f 20 49 8d 7f 2c 48 89 f8 48
RSP: 0018:ffffc900048df970 EFLAGS: 00010202
RAX: 0000000000000004 RBX: dffffc0000000000 RCX: dffffc0000000000
RDX: 0000000000000dc0 RSI: ffff88807100c240 RDI: 0000000000000020
RBP: ffff88801ee932a8 R08: ffff88801ee932a8 R09: 000000000000fdc0
R10: 7fffffffffff023f R11: ffffed1003dd2601 R12: ffffed1003dd265f
R13: ffff88801ee932f8 R14: 1ffff9200091bf30 R15: 0000000000000000
FS:  00007fb2a1d18700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 0000000025ffe000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 crypto_ahash_update include/crypto/hash.h:608 [inline]
 hash_sendmsg+0x314/0xc60 crypto/algif_hash.c:139
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg+0xc0/0x150 net/socket.c:747
 ____sys_sendmsg+0x5e5/0x880 net/socket.c:2505
 ___sys_sendmsg+0xdb/0x160 net/socket.c:2559
 __sys_sendmsg+0xc7/0x160 net/socket.c:2588
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb2a108c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb2a1d18168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fb2a11abf80 RCX: 00007fb2a108c169
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000004
RBP: 00007fb2a10e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffecd1b062f R14: 00007fb2a1d18300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_update crypto/shash.c:124 [inline]
RIP: 0010:shash_ahash_update crypto/shash.c:306 [inline]
RIP: 0010:shash_async_update+0xe2/0x1f0 crypto/shash.c:314
Code: e8 83 d5 ff ff 85 c0 89 c2 7e 75 41 80 3c 24 00 48 8b 74 24 40 0f 85 a8 00 00 00 4c 8b 7d 50 49 8d 7f 20 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 c6 00 00 00 4d 8b 7f 20 49 8d 7f 2c 48 89 f8 48
RSP: 0018:ffffc900048df970 EFLAGS: 00010202
RAX: 0000000000000004 RBX: dffffc0000000000 RCX: dffffc0000000000
RDX: 0000000000000dc0 RSI: ffff88807100c240 RDI: 0000000000000020
RBP: ffff88801ee932a8 R08: ffff88801ee932a8 R09: 000000000000fdc0
R10: 7fffffffffff023f R11: ffffed1003dd2601 R12: ffffed1003dd265f
R13: ffff88801ee932f8 R14: 1ffff9200091bf30 R15: 0000000000000000
FS:  00007fb2a1d18700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563070b13131 CR3: 0000000025ffe000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 83 d5 ff ff       	callq  0xffffd588
   5:	85 c0                	test   %eax,%eax
   7:	89 c2                	mov    %eax,%edx
   9:	7e 75                	jle    0x80
   b:	41 80 3c 24 00       	cmpb   $0x0,(%r12)
  10:	48 8b 74 24 40       	mov    0x40(%rsp),%rsi
  15:	0f 85 a8 00 00 00    	jne    0xc3
  1b:	4c 8b 7d 50          	mov    0x50(%rbp),%r15
  1f:	49 8d 7f 20          	lea    0x20(%r15),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2e:	0f 85 c6 00 00 00    	jne    0xfa
  34:	4d 8b 7f 20          	mov    0x20(%r15),%r15
  38:	49 8d 7f 2c          	lea    0x2c(%r15),%rdi
  3c:	48 89 f8             	mov    %rdi,%rax
  3f:	48                   	rex.W