ci starts bisection 2023-06-11 10:58:31.303159151 +0000 UTC m=+351223.591586034
bisecting cause commit starting from 37ff78e977f1a4676354a6c6ebbbf293e540abc1
building syzkaller on 7086cdb95114c57c35cee9db87b80d4225d8795d
ensuring issue is reproducible on original commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1

testing commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: df218fc55816ed7fbd5d4a86c33685969fd1230fa1461f261a0a9c2105e7f36e
all runs: crashed: general protection fault in shash_async_final
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e8c6272a4661a45179a4e10606db480ffe2238d668498f65fe53e0b3ca90378c
all runs: OK
# git bisect start 37ff78e977f1a4676354a6c6ebbbf293e540abc1 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 8003 revisions left to test after this (roughly 13 steps)
[cb6fe2ceb667eb78f252d473b03deb23999ab1cf] Merge tag 'devicetree-for-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit cb6fe2ceb667eb78f252d473b03deb23999ab1cf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1f90b40363fe798f1a3ddc5d54235424f7fae149f289c21657d7a79ef6db7ef9
all runs: OK
# git bisect good cb6fe2ceb667eb78f252d473b03deb23999ab1cf
Bisecting: 3989 revisions left to test after this (roughly 12 steps)
[58390c8ce1bddb6c623f62e7ed36383e7fa5c02f] Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ba2cab53c31011744b83fcffcd24dfe6455cc47b5cbaa64475155a28e9383279
all runs: OK
# git bisect good 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f
Bisecting: 1992 revisions left to test after this (roughly 11 steps)
[c259ad11698b8a573183aee8932d1885f4441c3a] Merge tag 'wireless-2023-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

testing commit c259ad11698b8a573183aee8932d1885f4441c3a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bb8edab53883e7ed91751cd8fa9065fa04de10b1b1b42f4b093f3ef2cdf94209
all runs: OK
# git bisect good c259ad11698b8a573183aee8932d1885f4441c3a
Bisecting: 995 revisions left to test after this (roughly 10 steps)
[7bdecc26722710bad806bc583a92881a2fa51c73] Merge tag 'iommu-fixes-v6.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 7bdecc26722710bad806bc583a92881a2fa51c73 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2c8b6b3cf93997e37ec61ad3fb90126ce53ee930498c72fd80a3827cd82e3252
all runs: OK
# git bisect good 7bdecc26722710bad806bc583a92881a2fa51c73
Bisecting: 497 revisions left to test after this (roughly 9 steps)
[b8311f46c6f5a2030f43c764e742015867293493] net: dsa: microchip: add an enum for regmap widths

testing commit b8311f46c6f5a2030f43c764e742015867293493 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bc5d6fa9494a847b693df1fdd69a0fd0960c66e81693b976518bc98d3f485215
all runs: OK
# git bisect good b8311f46c6f5a2030f43c764e742015867293493
Bisecting: 227 revisions left to test after this (roughly 8 steps)
[25041a4c02c7cf774d8b6ed60586fd64f1cdaa81] Merge tag 'net-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 66f5070bea2076246c6f3d9df770e56bf63c91ae4ce027021cbe02d3f331e226
all runs: OK
# git bisect good 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a] net/mlx5: DR, handle more than one peer domain

testing commit 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8e1f6efe5e400eba584c5a8201e5b4fffdc80fa18b51533bb4f093f3265fec74
all runs: OK
# git bisect good 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a
Bisecting: 56 revisions left to test after this (roughly 6 steps)
[6f8a76f8022121f7e4dc9cc29da7fb716b7db45f] tcp: Set route scope properly in cookie_v4_check().

testing commit 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 17b50342939441d689e3eec0f02146cc3eadcae06d0e0990a21e5719f4c73e63
all runs: OK
# git bisect good 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[b83c37315a620fc8dcb5f3cffe4753765228d1f4] net: txgbe: Support GPIO to SFP socket

testing commit b83c37315a620fc8dcb5f3cffe4753765228d1f4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f697dd53b3815e4bf73d937eee4f62e6c9f62f8e03f0c95f00e276a5031f7016
all runs: OK
# git bisect good b83c37315a620fc8dcb5f3cffe4753765228d1f4
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[bfd019d10fdabf70f9b01264aea6d6c7595f9226] Merge branch 'crypto-splice-net-make-af_alg-handle-sendmsg-msg_splice_pages'

testing commit bfd019d10fdabf70f9b01264aea6d6c7595f9226 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b511f90e9a0feaa901abf5200a4fa68e81c3f821edcefce30d1aa3763a421103
all runs: crashed: general protection fault in shash_async_final
# git bisect bad bfd019d10fdabf70f9b01264aea6d6c7595f9226
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[936dc763c52e05cb2e7302af30a69c826916d89e] Wrap lines at 80

testing commit 936dc763c52e05cb2e7302af30a69c826916d89e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ca2498d76f32f6ee4acc6e96b1bab963ccffeaea08bed9a1ceba90010ff4f25a
all runs: OK
# git bisect good 936dc763c52e05cb2e7302af30a69c826916d89e
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[73d7409cfdad7fd08a9203eb2912c1c77e527776] crypto: af_alg: Indent the loop in af_alg_sendmsg()

testing commit 73d7409cfdad7fd08a9203eb2912c1c77e527776 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8fd2eaa761882cd111d3d57969380420fc79816237eeb9a848adf0cfceacdcab
all runs: OK
# git bisect good 73d7409cfdad7fd08a9203eb2912c1c77e527776
Bisecting: 1 revision left to test after this (roughly 1 step)
[fb800fa4c1f5aee1238267252e88a7837e645c02] crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES

testing commit fb800fa4c1f5aee1238267252e88a7837e645c02 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3467e9848942a3bcb8326259d115b13b02cd7f5a31c4b087c0662ee2d194a63a
all runs: OK
# git bisect good fb800fa4c1f5aee1238267252e88a7837e645c02
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c662b043cdca89bf0f03fc37251000ac69a3a548] crypto: af_alg/hash: Support MSG_SPLICE_PAGES

testing commit c662b043cdca89bf0f03fc37251000ac69a3a548 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3e1c8c86492332061b243719939df577b12c87692bc5e17bb1edb6d7e96aad92
all runs: crashed: general protection fault in shash_async_final
# git bisect bad c662b043cdca89bf0f03fc37251000ac69a3a548
c662b043cdca89bf0f03fc37251000ac69a3a548 is the first bad commit
commit c662b043cdca89bf0f03fc37251000ac69a3a548
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jun 6 14:08:56 2023 +0100

    crypto: af_alg/hash: Support MSG_SPLICE_PAGES
    
    Make AF_ALG sendmsg() support MSG_SPLICE_PAGES in the hashing code.  This
    causes pages to be spliced from the source iterator if possible.
    
    This allows ->sendpage() to be replaced by something that can handle
    multiple multipage folios in a single transaction.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Herbert Xu <herbert@gondor.apana.org.au>
    cc: "David S. Miller" <davem@davemloft.net>
    cc: Eric Dumazet <edumazet@google.com>
    cc: Jakub Kicinski <kuba@kernel.org>
    cc: Paolo Abeni <pabeni@redhat.com>
    cc: Jens Axboe <axboe@kernel.dk>
    cc: Matthew Wilcox <willy@infradead.org>
    cc: linux-crypto@vger.kernel.org
    cc: netdev@vger.kernel.org
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 crypto/af_alg.c     |  11 ++++--
 crypto/algif_hash.c | 100 ++++++++++++++++++++++++++++++++--------------------
 2 files changed, 70 insertions(+), 41 deletions(-)

culprit signature: 3e1c8c86492332061b243719939df577b12c87692bc5e17bb1edb6d7e96aad92
parent  signature: 3467e9848942a3bcb8326259d115b13b02cd7f5a31c4b087c0662ee2d194a63a
revisions tested: 16, total time: 4h36m3.076308926s (build: 2h23m44.735988114s, test: 2h9m7.525881895s)
first bad commit: c662b043cdca89bf0f03fc37251000ac69a3a548 crypto: af_alg/hash: Support MSG_SPLICE_PAGES
recipients (to): ["dhowells@redhat.com" "herbert@gondor.apana.org.au" "pabeni@redhat.com"]
recipients (cc): []
crash: general protection fault in shash_async_final
general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 0 PID: 5431 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_final crypto/shash.c:171 [inline]
RIP: 0010:shash_async_final+0x68/0x130 crypto/shash.c:319
Code: 48 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 ab 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 50 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7a 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc9000449f968 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: 0000000000000010 RDI: 0000000000000020
RBP: ffff88801a6da2f8 R08: 0000000000000001 R09: 0000000000000010
R10: ffff88801a6da2a4 R11: ffff88801a6da2a8 R12: ffff8880265ef000
R13: ffff88801a6da238 R14: 0000000000000000 R15: ffffc9000449fdb8
FS:  00007faaee738700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020011038 CR3: 000000007343a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hash_recvmsg+0x234/0xab0 crypto/algif_hash.c:248
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg+0xcd/0x160 net/socket.c:1040
 ____sys_recvmsg+0x1b2/0x560 net/socket.c:2724
 ___sys_recvmsg+0xc3/0x130 net/socket.c:2766
 do_recvmmsg+0x1d9/0x570 net/socket.c:2860
 __sys_recvmmsg net/socket.c:2939 [inline]
 __do_sys_recvmmsg net/socket.c:2962 [inline]
 __se_sys_recvmmsg net/socket.c:2955 [inline]
 __x64_sys_recvmmsg+0x19e/0x200 net/socket.c:2955
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7faaeda8c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faaee738168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007faaedbabf80 RCX: 00007faaeda8c169
RDX: 000000000000049f RSI: 0000000020006100 RDI: 0000000000000004
RBP: 00007faaedae7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd81e2db8f R14: 00007faaee738300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_final crypto/shash.c:171 [inline]
RIP: 0010:shash_async_final+0x68/0x130 crypto/shash.c:319
Code: 48 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 ab 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 50 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7a 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc9000449f968 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: 0000000000000010 RDI: 0000000000000020
RBP: ffff88801a6da2f8 R08: 0000000000000001 R09: 0000000000000010
R10: ffff88801a6da2a4 R11: ffff88801a6da2a8 R12: ffff8880265ef000
R13: ffff88801a6da238 R14: 0000000000000000 R15: ffffc9000449fdb8
FS:  00007faaee738700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc0b7fe028 CR3: 000000007343a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 ea             	mov    %rbp,%rdx
   3:	48 c1 ea 03          	shr    $0x3,%rdx
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 ab 00 00 00    	jne    0xbc
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	48 8b 5b 50          	mov    0x50(%rbx),%rbx
  1f:	48 8d 7b 20          	lea    0x20(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 7a                	jne    0xaa
  30:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  37:	fc ff df
  3a:	48 8b 5b 20          	mov    0x20(%rbx),%rbx
  3e:	48                   	rex.W
  3f:	8d                   	.byte 0x8d