Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp342146imm; Sat, 26 May 2018 00:22:31 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqgHJkqPs+A9zxQnaHlKPuHCluHYpZZIK0zKaMXrRNTAV8U7VUOZcoBT3lOjIqhMNVDG1E/ X-Received: by 2002:a63:43c6:: with SMTP id q189-v6mr4423059pga.123.1527319351770; Sat, 26 May 2018 00:22:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527319351; cv=none; d=google.com; s=arc-20160816; b=ox173TKE7a9uMX1kDX6lQv5t2eRmaWodFdu+gIkEx8XZMyGhdZjqOsmtbX18mfwMii Kyz0sogEgccClp2LqC6cCjmDsac9pGmfoJcwm8gOfzUCog9epHuAVx/F0MGnFmPb8KjJ ax0rg0sG5+u7cdeCHKopmlCL4UZ9JD42MbCmrMm9BV5PnO5mNWNs5NWkb+tX8ERbYs+8 8b8u/+XKqwXuekX03qRSl9S4Q5/w6urtJlx1D6HsKjEx35iuxvEetGYYFvzW3CojWKIj qsv8xQNamKsvErFH469dJWwnGe5x4glPRPZYMG17ID2bzWUE3WkGT0juEzjLj0xH5HtV C+Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=3Ziz+5Ufhy5DE2zH0c31bjo7Eb96VcMfuA5gOOnMkvA=; b=hpJwD3HJEAxgbd0FyY/T4za1qSdJONLZMEox3GgxU7Pl0vwFRUGqia+HpKU2S2tV4e ec9z92uQTWoAXQY/pCsDUU/qf/dr2ARf7BoAZpXUJdlcrhRrsWFW+GL4DSMKUa7eXOYq h9J8ofLN6MgZRu+xlobu6JuOSRWenEHIWAaHw66Nwkgp8VvKBlgwWuv2yLrUoUHszPlw B7Tpl2ag+bpSxDR11TkUKwQ23VYbSQjImU3ji6w8pOtXVWEenjW1kOk1NIkJAG1v+1MM D/YXpZVO/Rih3ZCn9LSS1QkQDIGWBfmgyjfqBLP11JXca2Ccfw4wNB2ZRZ3fV5ZP3DtU OmWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lYHnukue; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b66-v6si25569461plb.107.2018.05.26.00.22.17; Sat, 26 May 2018 00:22:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lYHnukue; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031247AbeEZHWH (ORCPT + 99 others); Sat, 26 May 2018 03:22:07 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:46047 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031170AbeEZHWG (ORCPT ); Sat, 26 May 2018 03:22:06 -0400 Received: by mail-pg0-f66.google.com with SMTP id w3-v6so3189243pgv.12; Sat, 26 May 2018 00:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=3Ziz+5Ufhy5DE2zH0c31bjo7Eb96VcMfuA5gOOnMkvA=; b=lYHnukuewWEAq3ZYiCJS9BEYFATFfCU67S79r5eM0zgdTgvN5fUM4pl5ePsxIXjq1v 9cLF98vF178spLs0JpwVdc6NYmRNf6RYIRsGBMkpS5gjBRjDC1ZCnjpn4FeoTteB4mMe 3vaGrN5hwT5h4H0SuTmIOt0mPr4RAJ0/p8yQ2Uk6s5glOSRLWPUouzAlrAoYEPeZVYrA jqgxrG6K2PwkGpq2QL119L8bkvFoa3HZ8R7edT/UKZhKrbFoDE/Fiun5PU4ngG83mKHa 8ZLrrU7Acodd8fATz/Q3bnMQfKg+eHz6x+9lqH2QAll5Tqt2LJguUVtEaa0bBrNUrMD2 fLYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=3Ziz+5Ufhy5DE2zH0c31bjo7Eb96VcMfuA5gOOnMkvA=; b=aaoMqjPk7OjID3uRfJPdGdHelfGfT0kEUOiFsAvn0JUDHBtN5O8AOiPlcYHeoGqAVb 6pb3wZS4bjrF7u64K7kj1itc0mYir3LCqY0lE+l27WkdxGgCWDUPNevKtbRih6xuw0Pk plUhFIUN7pxYHNIif7duAF7jPNsxQAWl97gTXSy6z/A1AG3miQu9voNox8pfsLlDwX14 Ot8tSLaaSwXT+ooZCGn9XQOGP31xBnGhiIvks/9oAxV1U2ic0rWiNsXIaKejudYPDOp9 Rjg8HMamsQcu91GlPHTJavyjp23wL6B2+Ea4QkRzrqjZOMfpDzTXadQvdz6ax4hzifR6 fb+Q== X-Gm-Message-State: ALKqPweW3IgnnT0h1PiqxPPHdCG4uOIQNLJGXMKbVoraLR/febYsbfV7 Us5CzgBwldm+3Qac1vC1MEX42FH0 X-Received: by 2002:a62:568f:: with SMTP id h15-v6mr5535337pfj.131.1527319325623; Sat, 26 May 2018 00:22:05 -0700 (PDT) Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id b84-v6sm5608164pfm.123.2018.05.26.00.22.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 26 May 2018 00:22:04 -0700 (PDT) Date: Sat, 26 May 2018 00:22:03 -0700 From: Eric Biggers To: Dmitry Vyukov Cc: Ard Biesheuvel , syzbot , Herbert Xu , David Miller , linux-crypto@vger.kernel.org, LKML , Josh Poimboeuf , syzkaller-bugs Subject: Re: WARNING: kernel stack regs has bad 'bp' value (3) Message-ID: <20180526072203.GA724@sol.localdomain> References: <001a11449aa2faf11805643af581@google.com> <20180202221829.tdiji2332t7orcxj@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.0 (2018-05-17) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 12, 2018 at 10:43:08AM +0200, Dmitry Vyukov wrote: > On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers wrote: > > On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote: > >> On Fri, Feb 2, 2018 at 2:48 PM, syzbot > >> wrote: > >> > Hello, > >> > > >> > syzbot hit the following crash on upstream commit > >> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000) > >> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide > >> > > >> > So far this crash happened 4 times on net-next, upstream. > >> > C reproducer is attached. > >> > syzkaller reproducer is attached. > >> > Raw console output is attached. > >> > compiler: gcc (GCC) 7.1.1 20170620 > >> > .config is attached. > >> > >> > >> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers. > >> > > > > Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be > > updated to not use %ebp/%rbp. > > Ard, > > This was bisected as introduced by: > > commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6 > Author: Ard Biesheuvel > Date: Fri Jan 19 12:04:34 2018 +0000 > > crypto: sha3-generic - rewrite KECCAK transform to help the > compiler optimize > > https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt Note that syzbot's original C reproducer (from Feb 1) for this actually triggered the warning through salsa20-asm, which I've just proposed to "fix" by https://patchwork.kernel.org/patch/10428863/. sha3-generic is apparently another instance of the same bug, where the %rbp register is used for data. Eric