ci starts bisection 2023-06-11 06:11:50.535217253 +0000 UTC m=+334022.823644135
bisecting cause commit starting from 37ff78e977f1a4676354a6c6ebbbf293e540abc1
building syzkaller on 7086cdb95114c57c35cee9db87b80d4225d8795d
ensuring issue is reproducible on original commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1

testing commit 37ff78e977f1a4676354a6c6ebbbf293e540abc1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3de4b2215cf83c97d1792b3f1320129b20c310e0663f3c98d4d6b5e03fa037bd
all runs: crashed: general protection fault in shash_async_export
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2e276517926ec5c0f12cf6dbc08220aaa2369b261eba489a9a62d2554ddf843a
all runs: OK
# git bisect start 37ff78e977f1a4676354a6c6ebbbf293e540abc1 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 8003 revisions left to test after this (roughly 13 steps)
[cb6fe2ceb667eb78f252d473b03deb23999ab1cf] Merge tag 'devicetree-for-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit cb6fe2ceb667eb78f252d473b03deb23999ab1cf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 05dba3acad17d3982464d0a486a40bc69e94ca75d3d8a1e8c08c5e5636974083
all runs: OK
# git bisect good cb6fe2ceb667eb78f252d473b03deb23999ab1cf
Bisecting: 3989 revisions left to test after this (roughly 12 steps)
[58390c8ce1bddb6c623f62e7ed36383e7fa5c02f] Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bde6c3f2d1a3d3ca6919997911b893b4c0c81c8072ee8c52b4038a7ae1488566
all runs: OK
# git bisect good 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f
Bisecting: 1992 revisions left to test after this (roughly 11 steps)
[c259ad11698b8a573183aee8932d1885f4441c3a] Merge tag 'wireless-2023-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

testing commit c259ad11698b8a573183aee8932d1885f4441c3a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 839d3b9e8afa6e67efa8402c7fa1ada0065d9ba5ca56e7c97c0a32abed22efef
all runs: OK
# git bisect good c259ad11698b8a573183aee8932d1885f4441c3a
Bisecting: 995 revisions left to test after this (roughly 10 steps)
[7bdecc26722710bad806bc583a92881a2fa51c73] Merge tag 'iommu-fixes-v6.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 7bdecc26722710bad806bc583a92881a2fa51c73 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 40ba86a92e234b9cd6492a4ff8797388361e8e76ed215ad3841f455ce9945b5c
all runs: OK
# git bisect good 7bdecc26722710bad806bc583a92881a2fa51c73
Bisecting: 497 revisions left to test after this (roughly 9 steps)
[b8311f46c6f5a2030f43c764e742015867293493] net: dsa: microchip: add an enum for regmap widths

testing commit b8311f46c6f5a2030f43c764e742015867293493 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a81092111e81da63189090b2901dce48f69553e8962f48747c20711466371f39
all runs: OK
# git bisect good b8311f46c6f5a2030f43c764e742015867293493
Bisecting: 227 revisions left to test after this (roughly 8 steps)
[25041a4c02c7cf774d8b6ed60586fd64f1cdaa81] Merge tag 'net-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 86e032137d7203db263ac238c9d10c7fa05940b93af482ee4e515255cfaf2505
all runs: OK
# git bisect good 25041a4c02c7cf774d8b6ed60586fd64f1cdaa81
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a] net/mlx5: DR, handle more than one peer domain

testing commit 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 230f35aec71e42fec5645e9d8a2b0d78ee62b11e3b88c4c6bfdaf4dca3648739
all runs: OK
# git bisect good 6d5b7321d8af0d4f5ec81d8e739c7ed2a93cf12a
Bisecting: 56 revisions left to test after this (roughly 6 steps)
[6f8a76f8022121f7e4dc9cc29da7fb716b7db45f] tcp: Set route scope properly in cookie_v4_check().

testing commit 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 63e96bc03591843af09af2972575dc89a866edb582d47e63a0e85f8989cca381
all runs: OK
# git bisect good 6f8a76f8022121f7e4dc9cc29da7fb716b7db45f
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[b83c37315a620fc8dcb5f3cffe4753765228d1f4] net: txgbe: Support GPIO to SFP socket

testing commit b83c37315a620fc8dcb5f3cffe4753765228d1f4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b7513bcee4ec38d34885fa194394cd42eebc5b330fdb91a68d486a1e48f31bb4
all runs: OK
# git bisect good b83c37315a620fc8dcb5f3cffe4753765228d1f4
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[bfd019d10fdabf70f9b01264aea6d6c7595f9226] Merge branch 'crypto-splice-net-make-af_alg-handle-sendmsg-msg_splice_pages'

testing commit bfd019d10fdabf70f9b01264aea6d6c7595f9226 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: aa744e6094a4ce67aa7c336936884dd23a47a26e5de029b4ee0ce359e22670ee
all runs: crashed: general protection fault in shash_async_export
# git bisect bad bfd019d10fdabf70f9b01264aea6d6c7595f9226
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[936dc763c52e05cb2e7302af30a69c826916d89e] Wrap lines at 80

testing commit 936dc763c52e05cb2e7302af30a69c826916d89e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 801cb7e72e90a106aefedfd1e5cafefdac1e258bd4c8985c6c5d41f7f9b3160a
all runs: OK
# git bisect good 936dc763c52e05cb2e7302af30a69c826916d89e
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[73d7409cfdad7fd08a9203eb2912c1c77e527776] crypto: af_alg: Indent the loop in af_alg_sendmsg()

testing commit 73d7409cfdad7fd08a9203eb2912c1c77e527776 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b4ee416e18a29933743daea5908c512bacc3790d519ee800f3b6c3ec2c60833b
all runs: OK
# git bisect good 73d7409cfdad7fd08a9203eb2912c1c77e527776
Bisecting: 1 revision left to test after this (roughly 1 step)
[fb800fa4c1f5aee1238267252e88a7837e645c02] crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES

testing commit fb800fa4c1f5aee1238267252e88a7837e645c02 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 966b91745511b898a48fbc9b3d60a168446ea2474b9612553f4e84083d9917b0
all runs: OK
# git bisect good fb800fa4c1f5aee1238267252e88a7837e645c02
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c662b043cdca89bf0f03fc37251000ac69a3a548] crypto: af_alg/hash: Support MSG_SPLICE_PAGES

testing commit c662b043cdca89bf0f03fc37251000ac69a3a548 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6d1291491d7915a17eeecea56bfb98b08e9185bbbeaf959f9ac426be310b056c
all runs: crashed: general protection fault in shash_async_export
# git bisect bad c662b043cdca89bf0f03fc37251000ac69a3a548
c662b043cdca89bf0f03fc37251000ac69a3a548 is the first bad commit
commit c662b043cdca89bf0f03fc37251000ac69a3a548
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jun 6 14:08:56 2023 +0100

    crypto: af_alg/hash: Support MSG_SPLICE_PAGES
    
    Make AF_ALG sendmsg() support MSG_SPLICE_PAGES in the hashing code.  This
    causes pages to be spliced from the source iterator if possible.
    
    This allows ->sendpage() to be replaced by something that can handle
    multiple multipage folios in a single transaction.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Herbert Xu <herbert@gondor.apana.org.au>
    cc: "David S. Miller" <davem@davemloft.net>
    cc: Eric Dumazet <edumazet@google.com>
    cc: Jakub Kicinski <kuba@kernel.org>
    cc: Paolo Abeni <pabeni@redhat.com>
    cc: Jens Axboe <axboe@kernel.dk>
    cc: Matthew Wilcox <willy@infradead.org>
    cc: linux-crypto@vger.kernel.org
    cc: netdev@vger.kernel.org
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 crypto/af_alg.c     |  11 ++++--
 crypto/algif_hash.c | 100 ++++++++++++++++++++++++++++++++--------------------
 2 files changed, 70 insertions(+), 41 deletions(-)

culprit signature: 6d1291491d7915a17eeecea56bfb98b08e9185bbbeaf959f9ac426be310b056c
parent  signature: 966b91745511b898a48fbc9b3d60a168446ea2474b9612553f4e84083d9917b0
revisions tested: 16, total time: 4h40m10.646392223s (build: 2h26m54.45946825s, test: 2h9m40.121958541s)
first bad commit: c662b043cdca89bf0f03fc37251000ac69a3a548 crypto: af_alg/hash: Support MSG_SPLICE_PAGES
recipients (to): ["dhowells@redhat.com" "herbert@gondor.apana.org.au" "pabeni@redhat.com"]
recipients (cc): []
crash: general protection fault in shash_async_export
general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 1 PID: 5432 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_export include/crypto/hash.h:956 [inline]
RIP: 0010:shash_async_export+0x41/0xb0 crypto/shash.c:389
Code: 48 89 ea 48 83 ec 08 48 c1 ea 03 80 3c 02 00 75 4d 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 50 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 4f 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc90004cdfd48 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff208bd96
RDX: 0000000000000004 RSI: 0000000000000010 RDI: 0000000000000020
RBP: ffff888024ac4af8 R08: 0000000000000001 R09: ffffffff903f1e27
R10: 0000000000000001 R11: 0000000000000910 R12: 0000000000000010
R13: 0000000000000000 R14: ffff88806f1d1800 R15: ffff88807121db48
FS:  00007fd1663fe700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020011038 CR3: 0000000022c7e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 crypto_ahash_export include/crypto/hash.h:523 [inline]
 hash_accept+0x1f1/0x5b0 crypto/algif_hash.c:286
 do_accept+0x34c/0x4e0 net/socket.c:1883
 __sys_accept4_file net/socket.c:1924 [inline]
 __sys_accept4+0x57/0xb0 net/socket.c:1954
 __do_sys_accept net/socket.c:1971 [inline]
 __se_sys_accept net/socket.c:1968 [inline]
 __x64_sys_accept+0x70/0xb0 net/socket.c:1968
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd16708c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd1663fe168 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
RAX: ffffffffffffffda RBX: 00007fd1671abf80 RCX: 00007fd16708c169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fd1670e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6407d00f R14: 00007fd1663fe300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_export include/crypto/hash.h:956 [inline]
RIP: 0010:shash_async_export+0x41/0xb0 crypto/shash.c:389
Code: 48 89 ea 48 83 ec 08 48 c1 ea 03 80 3c 02 00 75 4d 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 50 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 4f 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc90004cdfd48 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff208bd96
RDX: 0000000000000004 RSI: 0000000000000010 RDI: 0000000000000020
RBP: ffff888024ac4af8 R08: 0000000000000001 R09: ffffffff903f1e27
R10: 0000000000000001 R11: 0000000000000910 R12: 0000000000000010
R13: 0000000000000000 R14: ffff88806f1d1800 R15: ffff88807121db48
FS:  00007fd1663fe700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f169ddf15a0 CR3: 0000000022c7e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 ea             	mov    %rbp,%rdx
   3:	48 83 ec 08          	sub    $0x8,%rsp
   7:	48 c1 ea 03          	shr    $0x3,%rdx
   b:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   f:	75 4d                	jne    0x5e
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	48 8b 5b 50          	mov    0x50(%rbx),%rbx
  1f:	48 8d 7b 20          	lea    0x20(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 4f                	jne    0x7f
  30:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  37:	fc ff df
  3a:	48 8b 5b 20          	mov    0x20(%rbx),%rbx
  3e:	48                   	rex.W
  3f:	8d                   	.byte 0x8d