ci starts bisection 2023-06-09 11:16:59.901616504 +0000 UTC m=+179532.190043386
bisecting cause commit starting from 37ff78e977f1a4676354a6c6ebbbf293e540abc1
building syzkaller on 7086cdb95114c57c35cee9db87b80d4225d8795d
ensuring issue is reproducible on original commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1

testing commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fe993b9213dad09f042590ec29c842c1a7619616472ae77dadb0b78499ea7963
all runs: crashed: general protection fault in crypto_shash_final
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 961a5e0cc4e8833f07ed8b2a5aef4c3eba6a23042a5f33b4533580986ab1e0d9
all runs: OK
# git bisect start 37ff78e977f1a4676354a6c6ebbbf293e540abc1 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 8003 revisions left to test after this (roughly 13 steps)
[cb6fe2ceb667eb78f252d473b03deb23999ab1cf] Merge tag 'devicetree-for-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit cb6fe2ceb667eb78f252d473b03deb23999ab1cf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ffbe62e9df4d1135d2e6ee7b51673c7937bdb325514fec366d2b2c01a2eb566e
all runs: OK
# git bisect good cb6fe2ceb667eb78f252d473b03deb23999ab1cf
Bisecting: 3989 revisions left to test after this (roughly 12 steps)
[58390c8ce1bddb6c623f62e7ed36383e7fa5c02f] Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8cd5f379011da0b23a018029d33b062dfd008a13de9e79c2d7f05a1449241aa8
all runs: OK
# git bisect good 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f
Bisecting: 1992 revisions left to test after this (roughly 11 steps)
[c259ad11698b8a573183aee8932d1885f4441c3a] Merge tag 'wireless-2023-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

testing commit c259ad11698b8a573183aee8932d1885f4441c3a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5d17f1bcc59fc01a7bcc59d88d04d01e710972b9c2265135c7d98ec625e0396d
all runs: OK
# git bisect good c259ad11698b8a573183aee8932d1885f4441c3a
Bisecting: 995 revisions left to test after this (roughly 10 steps)
[7bdecc26722710bad806bc583a92881a2fa51c73] Merge tag 'iommu-fixes-v6.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 7bdecc26722710bad806bc583a92881a2fa51c73 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7bba72d612bab4753909f8ec718efe1ca2c5191954b7264f04a2307abf5f8520
all runs: OK
# git bisect good 7bdecc26722710bad806bc583a92881a2fa51c73
Bisecting: 497 revisions left to test after this (roughly 9 steps)
[b8311f46c6f5a2030f43c764e742015867293493] net: dsa: microchip: add an enum for regmap widths

testing commit b8311f46c6f5a2030f43c764e742015867293493 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ebc844337bf01562d3455c550ce049e96f491da5276210b0b42e171e4bcafc3e
all runs: OK
# git bisect good b8311f46c6f5a2030f43c764e742015867293493
Bisecting: 227 revisions left to test after this (roughly 8 steps)
[25041a4c02c7cf774d8b6ed60586fd64f1cdaa81] Merge tag 'net-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d2bd3ad00a8ee2894230400f949cbce243993b7e649df302b8cc8fb5a6cf759b
all runs: OK
# git bisect good 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a] net/mlx5: DR, handle more than one peer domain

testing commit 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2b94158f9aca475a0520d032491c96d68330cdd26489b680920d7e599c7620c8
all runs: OK
# git bisect good 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a
Bisecting: 56 revisions left to test after this (roughly 6 steps)
[6f8a76f8022121f7e4dc9cc29da7fb716b7db45f] tcp: Set route scope properly in cookie_v4_check().

testing commit 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c7d18484fc0fcdeca1a67ef692ca88b109c40bda279f11c90428f854545b5113
all runs: OK
# git bisect good 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[b83c37315a620fc8dcb5f3cffe4753765228d1f4] net: txgbe: Support GPIO to SFP socket

testing commit b83c37315a620fc8dcb5f3cffe4753765228d1f4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9c5cf71b5ea131edc7a613dc579f43bc60aced9a0d83bd308e8e4c08d6dcbe74
all runs: OK
# git bisect good b83c37315a620fc8dcb5f3cffe4753765228d1f4
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[bfd019d10fdabf70f9b01264aea6d6c7595f9226] Merge branch 'crypto-splice-net-make-af_alg-handle-sendmsg-msg_splice_pages'

testing commit bfd019d10fdabf70f9b01264aea6d6c7595f9226 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 863d2e2a949e8a7713049e81b4d4ee46efbe8ee67c5fe87e9e8d6cd14b053f99
all runs: crashed: general protection fault in crypto_shash_final
# git bisect bad bfd019d10fdabf70f9b01264aea6d6c7595f9226
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[936dc763c52e05cb2e7302af30a69c826916d89e] Wrap lines at 80

testing commit 936dc763c52e05cb2e7302af30a69c826916d89e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9300f4642978f10d4a1a921358c73c8b945bd26534ea3a6953f87ecbaec6520e
all runs: OK
# git bisect good 936dc763c52e05cb2e7302af30a69c826916d89e
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[73d7409cfdad7fd08a9203eb2912c1c77e527776] crypto: af_alg: Indent the loop in af_alg_sendmsg()

testing commit 73d7409cfdad7fd08a9203eb2912c1c77e527776 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9effa3bf9b4fd019e1cf79b1ab40f905388a0e03c8f9e0b75cd4c42d24da8f79
all runs: OK
# git bisect good 73d7409cfdad7fd08a9203eb2912c1c77e527776
Bisecting: 1 revision left to test after this (roughly 1 step)
[fb800fa4c1f5aee1238267252e88a7837e645c02] crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES

testing commit fb800fa4c1f5aee1238267252e88a7837e645c02 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9763c2491ae20cd3c29b115dc5e8e09ecd01f80ccd2bf34bcd2a69184edb0f96
all runs: OK
# git bisect good fb800fa4c1f5aee1238267252e88a7837e645c02
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c662b043cdca89bf0f03fc37251000ac69a3a548] crypto: af_alg/hash: Support MSG_SPLICE_PAGES

testing commit c662b043cdca89bf0f03fc37251000ac69a3a548 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 04b5ff398dd2d00cbee08fd46ed71eb48dc3b347650880924f9225e9fed357a1
all runs: crashed: general protection fault in crypto_shash_final
# git bisect bad c662b043cdca89bf0f03fc37251000ac69a3a548
c662b043cdca89bf0f03fc37251000ac69a3a548 is the first bad commit
commit c662b043cdca89bf0f03fc37251000ac69a3a548
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jun 6 14:08:56 2023 +0100

    crypto: af_alg/hash: Support MSG_SPLICE_PAGES
    
    Make AF_ALG sendmsg() support MSG_SPLICE_PAGES in the hashing code.  This
    causes pages to be spliced from the source iterator if possible.
    
    This allows ->sendpage() to be replaced by something that can handle
    multiple multipage folios in a single transaction.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Herbert Xu <herbert@gondor.apana.org.au>
    cc: "David S. Miller" <davem@davemloft.net>
    cc: Eric Dumazet <edumazet@google.com>
    cc: Jakub Kicinski <kuba@kernel.org>
    cc: Paolo Abeni <pabeni@redhat.com>
    cc: Jens Axboe <axboe@kernel.dk>
    cc: Matthew Wilcox <willy@infradead.org>
    cc: linux-crypto@vger.kernel.org
    cc: netdev@vger.kernel.org
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 crypto/af_alg.c     |  11 ++++--
 crypto/algif_hash.c | 100 ++++++++++++++++++++++++++++++++--------------------
 2 files changed, 70 insertions(+), 41 deletions(-)

culprit signature: 04b5ff398dd2d00cbee08fd46ed71eb48dc3b347650880924f9225e9fed357a1
parent  signature: 9763c2491ae20cd3c29b115dc5e8e09ecd01f80ccd2bf34bcd2a69184edb0f96
revisions tested: 16, total time: 4h58m20.754929234s (build: 2h42m37.485675103s, test: 2h12m48.145891913s)
first bad commit: c662b043cdca89bf0f03fc37251000ac69a3a548 crypto: af_alg/hash: Support MSG_SPLICE_PAGES
recipients (to): ["dhowells@redhat.com" "herbert@gondor.apana.org.au" "pabeni@redhat.com"]
recipients (cc): []
crash: general protection fault in crypto_shash_final
general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 1 PID: 5010 Comm: kworker/1:3 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: cryptd cryptd_queue_worker
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_final+0x41/0x100 crypto/shash.c:171
Code: c1 ea 03 48 83 ec 08 80 3c 02 00 0f 85 ab 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 00 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7a 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc9000368fcc0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff208bdae
RDX: 0000000000000004 RSI: ffff888020882b90 RDI: 0000000000000020
RBP: ffff88802032bb08 R08: 0000000000000001 R09: ffffffff903f1e27
R10: 0000000000000001 R11: 1ffffffff1f5ccc7 R12: ffff88802032bb08
R13: ffff8880b9b47200 R14: ffff8880b9b46d10 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 0000000073d66000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 cryptd_hash_final+0xcc/0x140 crypto/cryptd.c:580
 crypto_request_complete include/crypto/algapi.h:272 [inline]
 cryptd_queue_worker+0x10f/0x1a0 crypto/cryptd.c:181
 process_one_work+0x86e/0x1410 kernel/workqueue.c:2405
 worker_thread+0x5af/0xf00 kernel/workqueue.c:2552
 kthread+0x2f0/0x3d0 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_final+0x41/0x100 crypto/shash.c:171
Code: c1 ea 03 48 83 ec 08 80 3c 02 00 0f 85 ab 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 00 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7a 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc9000368fcc0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff208bdae
RDX: 0000000000000004 RSI: ffff888020882b90 RDI: 0000000000000020
RBP: ffff88802032bb08 R08: 0000000000000001 R09: ffffffff903f1e27
R10: 0000000000000001 R11: 1ffffffff1f5ccc7 R12: ffff88802032bb08
R13: ffff8880b9b47200 R14: ffff8880b9b46d10 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056051d855950 CR3: 0000000022953000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	c1 ea 03             	shr    $0x3,%edx
   3:	48 83 ec 08          	sub    $0x8,%rsp
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 ab 00 00 00    	jne    0xbc
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	48 8b 5d 00          	mov    0x0(%rbp),%rbx
  1f:	48 8d 7b 20          	lea    0x20(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 7a                	jne    0xaa
  30:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  37:	fc ff df
  3a:	48 8b 5b 20          	mov    0x20(%rbx),%rbx
  3e:	48                   	rex.W
  3f:	8d                   	.byte 0x8d