On Fri, Feb 2, 2018 at 2:48 PM, syzbot
<[email protected]> wrote:
> Hello,
>
> syzbot hit the following crash on upstream commit
> 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
> Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>
> So far this crash happened 4 times on net-next, upstream.
> C reproducer is attached.
> syzkaller reproducer is attached.
> Raw console output is attached.
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached.
>From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: [email protected]
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
>
> WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has
> bad 'bp' value 000000001077994c
> unwind stack type:0 next_sp: (null) mask:0x6 graph_idx:0
> 000000001d3b7fe2: ffff8801db4075c8 (0xffff8801db4075c8)
> 0000000083b445d5: ffffffff8128e6de (__save_stack_trace+0x6e/0xd0)
> 00000000b52ac563: 0000000000000000 ...
> 000000003035eb8b: ffff8801addd0000 (0xffff8801addd0000)
> 00000000ee6283c3: ffff8801addd8000 (0xffff8801addd8000)
> 00000000331afaf0: 0000000000000000 ...
> 00000000b93daa43: 0000000000000006 (0x6)
> 00000000aa09edca: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000005388d67c: 0000010100000000 (0x10100000000)
> 00000000d567f6b6: 0000000000000000 ...
> 00000000fd90d54b: ffff8801db407540 (0xffff8801db407540)
> 00000000d598c5fd: ffffffff8135b07e (._mainloop+0x187/0x4ca)
> 00000000255a8082: ffff8801addd7658 (0xffff8801addd7658)
> 000000000175a1d9: 0000000001000000 (0x1000000)
> 000000006420fb62: ffff8801aca0c780 (0xffff8801aca0c780)
> 00000000ef007705: ffff8801aca0c7a0 (0xffff8801aca0c7a0)
> 00000000c3a16804: ffffffff82213878 (selinux_cred_free+0x48/0x70)
> 0000000035d2f6f8: ffff8801db4075d8 (0xffff8801db4075d8)
> 00000000d255d236: ffffffff8128e75a (save_stack_trace+0x1a/0x20)
> 00000000ad4323cc: ffff8801db407808 (0xffff8801db407808)
> 00000000a76fbd41: ffffffff81a8d883 (save_stack+0x43/0xd0)
> 00000000104bc778: 000000400000000c (0x400000000c)
> 00000000920efa26: ffff8801db407600 (0xffff8801db407600)
> 00000000a66a1c57: ffffffff00000000 (0xffffffff00000000)
> 00000000602c97d2: ffffffff81a8d883 (save_stack+0x43/0xd0)
> 0000000011ee1976: ffffffff81a8e191 (kasan_slab_free+0x71/0xc0)
> 00000000c84a6163: ffffffff81a8bf06 (kfree+0xd6/0x260)
> 00000000e47cbeab: ffffffff82213878 (selinux_cred_free+0x48/0x70)
> 000000002d741013: ffffffff821fddd8 (security_cred_free+0x48/0x80)
> 000000004adf7771: ffffffff814a82b6 (put_cred_rcu+0x106/0x400)
> 0000000030fd4806: ffffffff815e6f2c (rcu_process_callbacks+0xd6c/0x17f0)
> 000000003b1f46f7: ffffffff85c002d7 (__do_softirq+0x2d7/0xb85)
> 00000000f227b7b3: ffffffff8142fbac (irq_exit+0x1cc/0x200)
> 000000005a82eab3: ffffffff85a05adb (smp_apic_timer_interrupt+0x16b/0x700)
> 00000000055afa4e: ffffffff85a01d69 (apic_timer_interrupt+0xa9/0xb0)
> 00000000a35590a8: ffffffff8135b07e (._mainloop+0x187/0x4ca)
> 00000000179a751c: ffffffff86b45498 (rcu_sched_state+0x18/0x1520)
> 000000000ba49ddf: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 00000000a404c5c9: 0000000041b58ab3 (0x41b58ab3)
> 000000001d2af172: ffffffff867cd428 (regoff.32610+0x28dca8/0x29dc80)
> 00000000584a687b: ffffffff81563440 (print_irqtrace_events+0x270/0x270)
> 000000006c14677d: 1ffff1003b680edd (0x1ffff1003b680edd)
> 000000009dfd46e8: ffffffff88271400 (obj_hash+0xebe00/0x100020)
> 00000000ba757625: ffff8801aca0d000 (0xffff8801aca0d000)
> 000000006f6bffaa: ffff8801db407708 (0xffff8801db407708)
> 000000000e864f6d: 1ffff1003b680edd (0x1ffff1003b680edd)
> 00000000005451e3: ffff8801aca0c7a0 (0xffff8801aca0c7a0)
> 00000000605a674b: ffff8801aca0c780 (0xffff8801aca0c780)
> 000000005f59b991: 00000000000ebe00 (0xebe00)
> 00000000c279fdba: fffffbfff104e280 (0xfffffbfff104e280)
> 000000003f76ca22: ffff8801aca0d000 (0xffff8801aca0d000)
> 00000000a56ab73c: ffffffff88271408 (obj_hash+0xebe08/0x100020)
> 00000000ac22805a: ffff8801db407708 (0xffff8801db407708)
> 00000000f9e3111c: 0000000041b58ab3 (0x41b58ab3)
> 00000000f1cc5486: ffffffff8681d8f0 (K512_4+0x3e6f0/0xd09a0)
> 0000000064d36645: ffffffff825e6230 (free_obj_work+0x690/0x690)
> 000000002f3949a8: 0000000041b58ab3 (0x41b58ab3)
> 0000000037d72c89: 0000000000000000 ...
> 00000000bec2a1d3: ffffffff81563440 (print_irqtrace_events+0x270/0x270)
> 000000001b90ad27: ffffffff88145240 (console_drivers+0x40/0x40)
> 00000000d2c3d196: ffff8801db407858 (0xffff8801db407858)
> 00000000c4fe609c: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 0000000002ee263f: ffff8801db407798 (0xffff8801db407798)
> 000000000be75ad5: 1ffff1003b680eef (0x1ffff1003b680eef)
> 0000000078f83b59: ffff8801db407880 (0xffff8801db407880)
> 0000000043ac401f: 0000000000000082 (0x82)
> 000000006e6e547c: ffff8801acacad30 (0xffff8801acacad30)
> 000000004b379a19: 000000028156b9f5 (0x28156b9f5)
> 00000000710ad3f2: 0000000000000082 (0x82)
> 00000000a7529a53: ffffffff825e2e84 (debug_object_deactivate+0x364/0x560)
> 00000000e23ff55c: ffff8801acacad60 (0xffff8801acacad60)
> 000000009138b0e5: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000007aeff588: ffffed00359595a6 (0xffffed00359595a6)
> 000000004d17d888: 0000000000000001 (0x1)
> 00000000db38d7a9: ffff8801acacad38 (0xffff8801acacad38)
> 00000000d60f6570: ffff8801db4077e8 (0xffff8801db4077e8)
> 0000000014dd9ef2: ffffffff8155d236 (__lock_is_held+0xb6/0x140)
> 000000002e903a30: ffffffff867cb5da (regoff.32610+0x28be5a/0x29dc80)
> 000000000a502b7b: ffff8801acacad30 (0xffff8801acacad30)
> 0000000071ad19d9: ffffffff86b41fc0 (rcu_callback_map+0x40/0x40)
> 00000000072ee6c6: 0000000000000082 (0x82)
> 00000000ce962e89: ffff8801acacad98 (0xffff8801acacad98)
> 00000000d718a978: ffff8801aca0c780 (0xffff8801aca0c780)
> 00000000b962b9ac: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 00000000888ad4d4: ffff8801db407830 (0xffff8801db407830)
> 000000001f27ab2e: ffffffff81565934 (debug_check_no_locks_freed+0x264/0x3c0)
> 00000000e49db643: 0000000000000282 (0x282)
> 00000000d93f5812: ffff8801aca0c780 (0xffff8801aca0c780)
> 00000000d11f1507: ffff8801db0001c0 (0xffff8801db0001c0)
> 000000005cffbd19: ffff8801db407830 (0xffff8801db407830)
> 000000004b1ccc49: ffffffff81a8e191 (kasan_slab_free+0x71/0xc0)
> 000000005a61e87a: ffff8801aca0c780 (0xffff8801aca0c780)
> 00000000411b1bce: 0000000000000282 (0x282)
> 00000000547fa5d9: ffff8801db0001c0 (0xffff8801db0001c0)
> 00000000a29803f9: ffff8801db407860 (0xffff8801db407860)
> 00000000c4b7b73b: ffffffff81a8bf06 (kfree+0xd6/0x260)
> 00000000ef2aa94d: ffff8801d5004000 (0xffff8801d5004000)
> 0000000037c17678: ffff8801aca0c780 (0xffff8801aca0c780)
> 000000005c898eec: ffff8801d5004000 (0xffff8801d5004000)
> 00000000b0aad8e7: 1ffff1003b680f1c (0x1ffff1003b680f1c)
> 0000000082d2b2a5: ffff8801db407880 (0xffff8801db407880)
> 00000000fe3dcf1d: ffffffff82213878 (selinux_cred_free+0x48/0x70)
> 0000000053b62c01: ffffffff86cab5e8 (selinux_hooks+0xb68/0x1d60)
> 00000000fe3a01e8: dffffc0000000000 (0xdffffc0000000000)
> 000000006924c1e1: ffff8801db4078a8 (0xffff8801db4078a8)
> 00000000e1157f2d: ffffffff821fddd8 (security_cred_free+0x48/0x80)
> 00000000c987a5e4: ffff8801d5004000 (0xffff8801d5004000)
> 000000005ff70485: ffff8801d5004098 (0xffff8801d5004098)
> 00000000fa5a662f: 1ffff1003b680f18 (0x1ffff1003b680f18)
> 00000000183a7ebf: ffff8801db407988 (0xffff8801db407988)
> 0000000040e8eade: ffffffff814a82b6 (put_cred_rcu+0x106/0x400)
> 00000000e3f594ce: dffffc0000000000 (0xdffffc0000000000)
> 00000000f5d6dad8: 0000000041b58ab3 (0x41b58ab3)
> 000000007d3e42d5: ffffffff867cb478 (regoff.32610+0x28bcf8/0x29dc80)
> 000000000c1cc55f: ffffffff814a81b0 (override_creds+0x140/0x140)
> 000000002530253f: ffffffff8681d7ed (K512_4+0x3e5ed/0xd09a0)
> 0000000009e6d976: ffffffff00000000 (0xffffffff00000000)
> 000000001b656a27: 0000000000000000 ...
> 0000000078ba303c: 0000000000000003 (0x3)
> 00000000c6734406: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 0000000027b737a4: dffffc0000000000 (0xdffffc0000000000)
> 0000000067c36649: ffff8801acacad38 (0xffff8801acacad38)
> 000000002a7be2b4: ffff8801db407958 (0xffff8801db407958)
> 0000000068aef5bb: 0000000000000000 ...
> 0000000065461d02: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 00000000a7f0bb44: ffffffff00000002 (0xffffffff00000002)
> 000000003fbbdbaa: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000006abbe3c2: ffffffff815e7341 (rcu_process_callbacks+0x1181/0x17f0)
> 00000000b19dd822: ffffffff86b45480 (rcu_bh_varname+0x60/0x60)
> 000000005a43295c: dffffc0000000000 (0xdffffc0000000000)
> 00000000d4e55392: ffff8801d5004098 (0xffff8801d5004098)
> 000000008fbb9a3c: ffff8801d5004098 (0xffff8801d5004098)
> 000000007914407d: ffff8801d5004098 (0xffff8801d5004098)
> 000000005c88735c: ffff8801d50040a0 (0xffff8801d50040a0)
> 0000000069b13852: ffffffff814a81b0 (override_creds+0x140/0x140)
> 000000007b99d03b: dffffc0000000000 (0xdffffc0000000000)
> 0000000011e9683d: ffff8801db407c58 (0xffff8801db407c58)
> 00000000b431476b: ffff8801db407c80 (0xffff8801db407c80)
> 0000000027a52264: ffffffff815e6f2c (rcu_process_callbacks+0xd6c/0x17f0)
> 000000006d66b78e: ffff8801db407c28 (0xffff8801db407c28)
> 000000002d227d3b: ffff8801db42d400 (0xffff8801db42d400)
> 000000007b722b8d: ffffffff86b45480 (rcu_bh_varname+0x60/0x60)
> 00000000e253efe1: ffffffff86ac93e8 (pv_irq_ops+0x8/0x30)
> 00000000b38d0a62: ffff8801db42d4b0 (0xffff8801db42d4b0)
> 000000005c723c7b: ffff8801db407a58 (0xffff8801db407a58)
> 000000007f64b998: ffffed003b680f4b (0xffffed003b680f4b)
> 00000000253e64be: ffffed003b680f85 (0xffffed003b680f85)
> 00000000827a486f: 000000000000000a (0xa)
> 000000002c75171d: 1ffff1003b680f3f (0x1ffff1003b680f3f)
> 00000000738eb29a: ffff8801db42d438 (0xffff8801db42d438)
> 0000000092aef19b: ffff8801db407c18 (0xffff8801db407c18)
> 00000000f2136ae5: 0000000041b58ab3 (0x41b58ab3)
> 000000002d5348b3: ffffffff867e7e28 (K512_4+0x8c28/0xd09a0)
> 000000009953037e: ffffffff815e61c0 (note_gp_changes+0x650/0x650)
> 00000000ab3efd04: ffff8801d9e975a0 (0xffff8801d9e975a0)
> 000000002f8cd5ff: ffff8801db407a68 (0xffff8801db407a68)
> 000000003d3ea36f: ffffffff858d8e99 (timerqueue_add+0x1e9/0x280)
> 0000000055531ae1: ffff8801db426638 (0xffff8801db426638)
> 00000000068342e4: ffff8801db425e00 (0xffff8801db425e00)
> 00000000ff73d63f: 0000000041b58ab3 (0x41b58ab3)
> 000000007866532f: ffffffff867cb071 (regoff.32610+0x28b8f1/0x29dc80)
> 0000000084d04424: ffffffff8155c730 (check_noncircular+0x20/0x20)
> 0000000076ce12d6: ffff8801db426620 (0xffff8801db426620)
> 00000000407a8f62: ffff8801db425d40 (0xffff8801db425d40)
> 0000000093f4f3aa: 0000000000000001 (0x1)
> 00000000aac725d4: ffff8801db407b50 (0xffff8801db407b50)
> 00000000886f569a: ffffffff8160b4a7 (enqueue_hrtimer+0x177/0x4b0)
> 00000000aa19cc07: ffffffff8156b820 (lock_release+0xa40/0xa40)
> 0000000055308ac5: ffffffff00000000 (0xffffffff00000000)
> 000000000555ee10: 0000000041b58ab3 (0x41b58ab3)
> 00000000c8d89ac1: ffffffff867cb071 (regoff.32610+0x28b8f1/0x29dc80)
> 000000007be8345b: ffffffff00000001 (0xffffffff00000001)
> 00000000c13df843: ffffed00359595a6 (0xffffed00359595a6)
> 00000000b4605b3b: 0000000000000000 ...
> 000000004ea312bc: ffff8801acacad38 (0xffff8801acacad38)
> 00000000ba27edcf: ffff8801db407b08 (0xffff8801db407b08)
> 00000000c4da381a: ffffffff8155d236 (__lock_is_held+0xb6/0x140)
> 0000000003b95f23: 0000000000000000 ...
> 000000002e48ce0a: ffff8801acacad30 (0xffff8801acacad30)
> 000000003c7d96c3: ffffffff88145240 (console_drivers+0x40/0x40)
> 000000000695e821: 0000000000000001 (0x1)
> 000000008c731dea: ffff8801acacad60 (0xffff8801acacad60)
> 000000004de0b06c: ffffffff88147088 (tk_core+0x8/0x160)
> 000000000be7004c: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000009b711dd4: 0000000041b58ab3 (0x41b58ab3)
> 00000000a287c058: ffffffff867cd428 (regoff.32610+0x28dca8/0x29dc80)
> 000000008e1fa763: ffffffff81563440 (print_irqtrace_events+0x270/0x270)
> 00000000ac598d7c: 0000000000000000 ...
> 00000000ab419328: 0000000041b58ab3 (0x41b58ab3)
> 00000000cefaff9c: ffffffff867cb071 (regoff.32610+0x28b8f1/0x29dc80)
> 00000000dda2cd9c: ffffffff8155c730 (check_noncircular+0x20/0x20)
> 0000000098a005af: 1ffff1003b680f6f (0x1ffff1003b680f6f)
> 000000000e7b265f: ffff8801db407c80 (0xffff8801db407c80)
> 00000000f43f5924: 0000000000000082 (0x82)
> 00000000dd4eb35b: ffff8801acacad30 (0xffff8801acacad30)
> 00000000ab99a3ed: 000000028156b9f5 (0x28156b9f5)
> 00000000f94e7b18: 0000000000000082 (0x82)
> 00000000f95faba3: ffffffff8163caa3 (clockevents_program_event+0x163/0x2e0)
> 00000000c4549817: ffffffff00000002 (0xffffffff00000002)
> 000000004c20956d: 0000000041b58ab3 (0x41b58ab3)
> 000000005af6eec0: ffffffff867e5800 (K512_4+0x6600/0xd09a0)
> 000000005299a101: ffffffff8156ade0 (lock_downgrade+0x980/0x980)
> 00000000feba8ccd: ffff8801db425e08 (0xffff8801db425e08)
> 00000000bed2932e: ffffed0000000001 (0xffffed0000000001)
> 0000000071765844: 0000000000000082 (0x82)
> 000000004aa4c910: 0000000000000001 (0x1)
> 00000000d6ea5715: ffffffff88147088 (tk_core+0x8/0x160)
> 000000003937f4c1: ffff88021fff8017 (0xffff88021fff8017)
> 0000000079d09ead: ffff8801acacad38 (0xffff8801acacad38)
> 000000005e306b61: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000003d0e0666: ffffed00359595a6 (0xffffed00359595a6)
> 00000000bbcd9f6b: 0000000000000000 ...
> 000000002741a546: ffff8801acacad38 (0xffff8801acacad38)
> 00000000a814471e: ffff8801db407c38 (0xffff8801db407c38)
> 000000003dc86b8a: ffffffff8155d236 (__lock_is_held+0xb6/0x140)
> 00000000d5bc6793: ffffffff867cb5da (regoff.32610+0x28be5a/0x29dc80)
> 0000000061388eb1: ffff8801acacad30 (0xffff8801acacad30)
> 00000000321c9cb2: ffffffff86b41fc0 (rcu_callback_map+0x40/0x40)
> 00000000c66de6fe: 0000000000000282 (0x282)
> 00000000f42d19db: ffff8801ac4047c0 (0xffff8801ac4047c0)
> 000000007e3d8de6: ffff8801ae929598 (0xffff8801ae929598)
> 00000000f8e2a018: ffffffffffffffff (0xffffffffffffffff)
> 00000000da55d7b0: 0000000000000000 ...
> 00000000fe6758a5: ffff8801db407c68 (0xffff8801db407c68)
> 00000000447352e3: 0000000000000282 (0x282)
> 0000000034b36d68: 0000000000000040 (0x40)
> 000000000da35fca: 0000000000000003 (0x3)
> 00000000c01f9f0f: ffffffff86a09148 (softirq_vec+0x48/0x80)
> 0000000009f27c56: 0000000000000040 (0x40)
> 000000005fcda6ab: 0000000000000009 (0x9)
> 0000000057979a77: ffffffff86a09110 (softirq_vec+0x10/0x80)
> 00000000006ab261: dffffc0000000000 (0xdffffc0000000000)
> 000000002ebf68ce: ffff8801db407e70 (0xffff8801db407e70)
> 00000000e80c9d72: ffffffff85c002d7 (__do_softirq+0x2d7/0xb85)
> 00000000e95eb5ca: ffffffff8161529f (ktime_get+0x26f/0x3a0)
> 00000000416df9b8: 1ffff1003b680f9d (0x1ffff1003b680f9d)
> 000000007bf2ec5b: 0180000000404040 (0x180000000404040)
> 0000000049284d99: 00000000fffbe7e9 (0xfffbe7e9)
> 0000000020aeee46: fffffbfff0d5927e (0xfffffbfff0d5927e)
> 0000000042f587c0: ffffed003b680fc1 (0xffffed003b680fc1)
> 00000000fda774db: ffffffff867cc978 (regoff.32610+0x28d1f8/0x29dc80)
> 00000000f0a7f757: 0000000000000009 (0x9)
> 00000000b6ae817a: ffff880100000009 (0xffff880100000009)
> 000000007bb8da11: 000001000000000a (0x1000000000a)
> 0000000094659f82: 0000008000000008 (0x8000000008)
> 0000000050297a2d: 0000000041b58ab3 (0x41b58ab3)
> 00000000b9d284c7: ffffffff867e0db0 (K512_4+0x1bb0/0xd09a0)
> 0000000017b7a3ca: ffffffff85c00000 (__irqentry_text_end+0x1f8d44/0x1f8d44)
> 00000000eff47309: ffff8801db425f98 (0xffff8801db425f98)
> 0000000078c1a5a6: ffff8801db425f18 (0xffff8801db425f18)
> 000000000799341a: ffff8801db425e98 (0xffff8801db425e98)
> 0000000082ba6ce6: ffffffff86ac8d40 (kvmapf+0x620/0x620)
> 00000000d7e61b52: ffffffff867cc978 (regoff.32610+0x28d1f8/0x29dc80)
> 0000000075f9aa27: 0000000041b58ab3 (0x41b58ab3)
> 0000000056ce97e0: ffffffff867cb071 (regoff.32610+0x28b8f1/0x29dc80)
> 0000000015342fb0: ffffffff8155c730 (check_noncircular+0x20/0x20)
> 0000000073abd406: ffff8801db407d60 (0xffff8801db407d60)
> 00000000ce096ec5: ffffffff812f140c (native_apic_msr_write+0x5c/0x80)
> 00000000ae247108: ffff8801db407da8 (0xffff8801db407da8)
> 00000000069eb41c: ffffffff868b5f20 (hpet_msi_controller+0x120/0x120)
> 00000000c60cc466: ffff8801db407d80 (0xffff8801db407d80)
> 00000000e91b033e: ffffffff812d9c14 (lapic_next_event+0x54/0x80)
> 00000000284ba28f: 0000000000000000 ...
> 000000006e38e7ff: ffff8801db41f0c0 (0xffff8801db41f0c0)
> 000000006b42ed9a: ffff8801db407db8 (0xffff8801db407db8)
> 00000000c0af09af: 0000000000000000 ...
> 00000000729acdb5: ffff8801db41f0c0 (0xffff8801db41f0c0)
> 00000000489d1a61: 0000000760a79e41 (0x760a79e41)
> 00000000a0498ef9: 0000000000000000 ...
> 00000000b3ee4371: 0000000000000082 (0x82)
> 000000003ae4a0ec: ffff8801db425d40 (0xffff8801db425d40)
> 00000000a617d99d: ffff8801db407de0 (0xffff8801db407de0)
> 00000000c02cc3ed: ffffffff816420b3 (tick_program_event+0x83/0x100)
> 000000007f1564ce: ffff8801acacad38 (0xffff8801acacad38)
> 00000000cd8c591e: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 0000000042842c25: ffffed00359595a6 (0xffffed00359595a6)
> 00000000ea70001c: 0000000000000000 ...
> 0000000058ab62a7: ffff8801acacad38 (0xffff8801acacad38)
> 000000006f99e436: ffff8801db407e40 (0xffff8801db407e40)
> 000000003aff6373: ffffffff8155d236 (__lock_is_held+0xb6/0x140)
> 00000000297a0873: ffffffff867cb5da (regoff.32610+0x28be5a/0x29dc80)
> 00000000fd07f87b: 0000000000000000 ...
> 000000008dacfdc7: ffffffff86b41fc0 (rcu_callback_map+0x40/0x40)
> 0000000003ec7588: 0000000000000082 (0x82)
> 00000000e6111014: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000005bb07863: ffffffff86b41fc0 (rcu_callback_map+0x40/0x40)
> 000000005421737c: 0000000000000000 ...
> 000000006c07de0f: 0000000000000082 (0x82)
> 0000000014c4042d: ffff8801d9ecc1c0 (0xffff8801d9ecc1c0)
> 00000000f992117a: 1ffff1003b680fe0 (0x1ffff1003b680fe0)
> 0000000065ad950f: ffff8801db407fc0 (0xffff8801db407fc0)
> 00000000b58933c6: 0000000000000000 ...
> 00000000b51025d0: ffff8801db407e88 (0xffff8801db407e88)
> 00000000202b5429: ffffffff8142fbac (irq_exit+0x1cc/0x200)
> 0000000054d8ca6b: 1ffff1003b680fd4 (0x1ffff1003b680fd4)
> 0000000067d5933b: ffff8801db407fe8 (0xffff8801db407fe8)
> 000000002aeb4440: ffffffff85a05adb (smp_apic_timer_interrupt+0x16b/0x700)
> 00000000e3d4b7b0: ffff88010000ab96 (0xffff88010000ab96)
> 00000000a3adeedd: 0000000041b58ab3 (0x41b58ab3)
> 00000000c0e524d6: ffffffff867cb270 (regoff.32610+0x28baf0/0x29dc80)
> 000000002fad6904: ffffffff85a05970
> (smp_call_function_single_interrupt+0x640/0x640)
> 00000000d7be33c0: ffff8801db407ed8 (0xffff8801db407ed8)
> 0000000091e41d6f: ffffffff85913412 (_raw_spin_lock+0x32/0x40)
> 000000002c1cc50a: ffff8801d2c10e28 (0xffff8801d2c10e28)
> 00000000232b092c: ffff8801d2c10dfc (0xffff8801d2c10dfc)
> 00000000d55e82f3: 4000000000000000 (0x4000000000000000)
> 00000000ba1537a3: ffffed003a5821bf (0xffffed003a5821bf)
> 0000000090cc6387: ffff8801d2c10db8 (0xffff8801d2c10db8)
> 000000003e8cae4d: ffff8801db407f08 (0xffff8801db407f08)
> 000000005e88ac37: ffffffff859135c2 (_raw_spin_unlock+0x22/0x30)
> 000000003dac2266: 0000000000000000 ...
> 00000000a0725703: ffff8801db407f60 (0xffff8801db407f60)
> 00000000d5fc0972: ffffffff815b30d4 (handle_edge_irq+0x2b4/0x7c0)
> 0000000054b54835: 4000000000000002 (0x4000000000000002)
> 00000000a717103b: 0000000041b58ab3 (0x41b58ab3)
> 00000000715b1d60: ffffffff867cab0d (regoff.32610+0x28b38d/0x29dc80)
> 00000000ce538599: ffffffff814d9240 (task_prio+0x40/0x40)
> 0000000021f17efa: ffff8801d2c10d80 (0xffff8801d2c10d80)
> 00000000fd268689: ffff8801b397c580 (0xffff8801b397c580)
> 000000007714082e: ffff8801d2c10d80 (0xffff8801d2c10d80)
> 0000000041ab3845: 000000000000002a (0x2a)
> 00000000de8cf816: ffff8801b397c580 (0xffff8801b397c580)
> 0000000084a7a869: 000000000000002a (0x2a)
> 0000000000276cfb: ffff8801d2c10d80 (0xffff8801d2c10d80)
> 0000000066342d63: 0000000000000082 (0x82)
> 00000000575cde78: 6b2065740fd1cfd6 (0x6b2065740fd1cfd6)
> 000000008a92520a: 0000000000000000 ...
> 000000009269d84f: 00000000696dfaad (0x696dfaad)
> 00000000160145cb: ffff8801db407fe8 (0xffff8801db407fe8)
> 0000000023dcdb63: ffffffff81004e79 (trace_hardirqs_off_thunk+0x1a/0x1c)
> 00000000a6655559: 000000005d15ef7d (0x5d15ef7d)
> 0000000031e15530: 00000000433df1d3 (0x433df1d3)
> 00000000e8cba19d: 3120646eb64f99a6 (0x3120646eb64f99a6)
> 00000000d4a9e0ef: 000000004d5f296f (0x4d5f296f)
> 000000009a7f3bd5: 6b2065740fd1cfd6 (0x6b2065740fd1cfd6)
> 000000004eec3b54: 00000000842b5386 (0x842b5386)
> 00000000b95808ba: 00000000696dfaad (0x696dfaad)
> 0000000019cbe593: 9289299531bf8cfa (0x9289299531bf8cfa)
> 00000000c85c8b61: 000000005240ad52 (0x5240ad52)
> 000000000fcb4a5a: ffff8801addd7659 (0xffff8801addd7659)
> 0000000017edbf58: ffffffff85a01d69 (apic_timer_interrupt+0xa9/0xb0)
> 00000000c48bb7c8: ffff8801addd7658 (0xffff8801addd7658)
> 00000000a8291e69: 000000005240ad52 (0x5240ad52)
> 000000005e38a0e5: 9289299531bf8cfa (0x9289299531bf8cfa)
> 000000006f25d840: 00000000696dfaad (0x696dfaad)
> 00000000f7fb63d1: 00000000842b5386 (0x842b5386)
> 00000000f73f0979: 6b20657462127d28 (0x6b20657462127d28)
> 00000000ad835b42: 6b2065740fd1cfd6 (0x6b2065740fd1cfd6)
> 000000009f26beb1: 000000005d15ef7d (0x5d15ef7d)
> 00000000d20e18e3: 00000000433df1d3 (0x433df1d3)
> 00000000bcb813f2: 3120646eb64f99a6 (0x3120646eb64f99a6)
> 000000000c3a0eba: 000000004d5f296f (0x4d5f296f)
> 00000000418459d5: 00000000a8ad14ea (0xa8ad14ea)
> 000000006ae87691: 92892995f039dbec (0x92892995f039dbec)
> 0000000062f2f319: c5b656ad57494c3e (0xc5b656ad57494c3e)
> 0000000021a9bcf6: 0000000066b00fa5 (0x66b00fa5)
> 00000000557bd7ee: 00000000c50b1f4d (0xc50b1f4d)
> 00000000869e71cb: ffffffffffffff11 (0xffffffffffffff11)
> 00000000d058265a: ffffffff8135b07e (._mainloop+0x187/0x4ca)
> 00000000b955b747: 0000000000000010 (0x10)
> 0000000061af5ebb: 0000000000000286 (0x286)
> 00000000d57247ac: ffff8801addd7700 (0xffff8801addd7700)
> 00000000e3bde88f: 0000000000000018 (0x18)
> 00000000c3f192bf: 0000000000000118 (0x118)
> 000000000da68af3: ffff8801addd78c0 (0xffff8801addd78c0)
> 00000000ad38b605: dffffc0000000000 (0xdffffc0000000000)
> 00000000c05eb6a5: ffffed0035bbaf1e (0xffffed0035bbaf1e)
> 000000000d7723e3: 1ffff10035bbaf08 (0x1ffff10035bbaf08)
> 000000008a404565: 0000000000000040 (0x40)
> 0000000019a07e22: ffff8801addd79b0 (0xffff8801addd79b0)
> 000000007c73af36: c5b656ad61707865 (0xc5b656ad61707865)
> 000000002ab623ba: 92892995b9ae0f82 (0x92892995b9ae0f82)
> 00000000d1469f85: 3120646ebec754ea (0x3120646ebec754ea)
> 0000000052617f52: 0000000000000000 ...
> 00000000108d11b4: c5b656ad79622d36 (0xc5b656ad79622d36)
> 000000008273d50a: 92892995b9ae0f82 (0x92892995b9ae0f82)
> 000000001c9b5930: 6b206574bec754ea (0x6b206574bec754ea)
> 000000003f529be3: ffff8801addd7860 (0xffff8801addd7860)
> 00000000b77a9445: ffff8801addd78c0 (0xffff8801addd78c0)
> 00000000e4b9f3c3: ffff8801b1084f81 (0xffff8801b1084f81)
> 000000005043c684: ffff8801b2c3a000 (0xffff8801b2c3a000)
> 000000001f0d19ec: 0000000000000040 (0x40)
> 00000000acc0e3e7: 0000000026f01290 (0x26f01290)
> 000000002dc94819: c5b656ad2d72c0fa (0xc5b656ad2d72c0fa)
> 00000000e10d7312: 000000005240ad52 (0x5240ad52)
> 00000000be96f359: 0000000000000014 (0x14)
> 00000000bba249ac: ffff8801addd77e8 (0xffff8801addd77e8)
> 0000000050f79306: ffffffff81a8dcb5 (memcpy+0x45/0x50)
> 00000000a3048544: ffff8801ac865880 (0xffff8801ac865880)
> 00000000eac83c2f: ffff8801addd7860 (0xffff8801addd7860)
> 000000009c95142f: ffff8801afc9a868 (0xffff8801afc9a868)
> 00000000e34aedbe: ffff8801addd7810 (0xffff8801addd7810)
> 00000000c119f274: ffffffff82417ee7 (crypto_salsa20_init+0x27/0x110)
> 0000000051f56de7: ffff8801afc9a868 (0xffff8801afc9a868)
> 00000000b87fba4a: ffff8801addd78c0 (0xffff8801addd78c0)
> 0000000035038ddf: ffff8801ac7fb540 (0xffff8801ac7fb540)
> 0000000085d16ec4: ffff8801addd79b0 (0xffff8801addd79b0)
> 000000004c97a544: ffffffff8135b621 (salsa20_asm_crypt+0x211/0x360)
> 00000000d495f872: ffff8801addd78f0 (0xffff8801addd78f0)
> 0000000086d70754: ffff8801addd7908 (0xffff8801addd7908)
> 00000000a8d028a7: ffff8801addd7860 (0xffff8801addd7860)
> 00000000de70c2b1: 0000000000000040 (0x40)
> 000000000f5c7cc2: 0000000041b58ab3 (0x41b58ab3)
> 00000000a46825c9: ffffffff867dd3b8 (regoff.32610+0x29dc38/0x29dc80)
> 0000000086c502ab: ffffffff8135b410 (._bytesatleast65+0x15/0x15)
> 000000000fe6e266: ffff880100000002 (0xffff880100000002)
> 0000000041bd50ba: c5b656ad61707865 (0xc5b656ad61707865)
> 00000000c635d776: 92892995b9ae0f82 (0x92892995b9ae0f82)
> 000000004af32476: 3120646ebec754ea (0x3120646ebec754ea)
> 0000000064f496e8: 0000000000000000 ...
> 000000006b173ccb: c5b656ad79622d36 (0xc5b656ad79622d36)
> 0000000077b8ef6f: 92892995b9ae0f82 (0x92892995b9ae0f82)
> 0000000073c35d10: 6b206574bec754ea (0x6b206574bec754ea)
> 00000000467bbcd9: ffffed0035bbaf23 (0xffffed0035bbaf23)
> 00000000a0fca9d8: ffff8801addd7e78 (0xffff8801addd7e78)
> 00000000ceab7bce: ffff8801ac7fb518 (0xffff8801ac7fb518)
> 00000000b273bb83: 0000000041b58ab3 (0x41b58ab3)
> 0000000098f0816c: ffffea0006cb0e80 (0xffffea0006cb0e80)
> 00000000e0591619: ffff8801b2c3a000 (0xffff8801b2c3a000)
> 0000000099e53a94: ffffea0006c42100 (0xffffea0006c42100)
> 000000007089286d: ffff8801b1084f81 (0xffff8801b1084f81)
> 00000000560e5219: ffff8801ac8f6e40 (0xffff8801ac8f6e40)
> 0000000011143561: 0000000000000000 ...
> 0000000019768637: 000000000000007f (0x7f)
> 000000000955ebaf: ffff8801ac7fb250 (0xffff8801ac7fb250)
> 00000000fe9bb128: 0000000000000f81 (0xf81)
> 00000000715c4967: ffff880100000080 (0xffff880100000080)
> 00000000388d20d7: 1ffff10035bbaf2b (0x1ffff10035bbaf2b)
> 00000000bb64890a: dead000000000100 (0xdead000000000100)
> 000000007b4ca19c: 0000000000000000 ...
> 00000000b6760207: ffff8801ac865880 (0xffff8801ac865880)
> 000000002bb3af76: ffff8801ac865880 (0xffff8801ac865880)
> 0000000050a8b183: ffffffe800000008 (0xffffffe800000008)
> 000000007305faf8: 0000004000000001 (0x4000000001)
> 00000000dd191805: ffffffff00000000 (0xffffffff00000000)
> 00000000e40b7776: ffff8801afc9a700 (0xffff8801afc9a700)
> 0000000001a3a1ee: ffffffff81564f3d (trace_hardirqs_on+0xd/0x10)
> 000000004ed083c2: ffff8801ac8f6e40 (0xffff8801ac8f6e40)
> 000000003a596cd5: 0000000000000020 (0x20)
> 000000008e11b93b: ffff8801addd79a0 (0xffff8801addd79a0)
> 000000004d7133e7: dffffc0000000000 (0xdffffc0000000000)
> 00000000fb673fa4: ffff8801addd79d0 (0xffff8801addd79d0)
> 00000000825eae15: ffff8801afc9a720 (0xffff8801afc9a720)
> 00000000d248af6f: 0000000000000000 ...
> 000000006f947c01: ffff8801ac7fb240 (0xffff8801ac7fb240)
> 00000000b7fcffca: ffff8801afc9a828 (0xffff8801afc9a828)
> 0000000088a89107: ffff8801addd7ae0 (0xffff8801addd7ae0)
> 00000000c1612537: ffffffff824453b6 (skcipher_recvmsg+0x8e6/0x10e0)
> 00000000c565a117: ffff8801addd7ae0 (0xffff8801addd7ae0)
> 00000000b219c63c: ffffffff824453b6 (skcipher_recvmsg+0x8e6/0x10e0)
> 00000000b77aaf0f: ffffffff825aaeb0 (dup_iter+0x260/0x260)
> 00000000c22ff6b7: 1ffff10035bbaf4f (0x1ffff10035bbaf4f)
> 0000000072940197: ffff8801ba9329a0 (0xffff8801ba9329a0)
> 00000000732e0955: 1ffff10035bbaf4b (0x1ffff10035bbaf4b)
> 00000000551c5570: ffff8801acb5a4c0 (0xffff8801acb5a4c0)
> 000000003b5b60ce: ffff8801ac7fb580 (0xffff8801ac7fb580)
> 00000000f85984c3: ffff8801addd7e98 (0xffff8801addd7e98)
> 000000005a5d2238: ffff8801addd7a78 (0xffff8801addd7a78)
> 00000000d9c705eb: ffffed0037526534 (0xffffed0037526534)
> 000000008e8c5685: ffff8801ba932980 (0xffff8801ba932980)
> 00000000ee636706: 0000000000000000 ...
> 00000000fed0ab6d: ffff8801ac7fb540 (0xffff8801ac7fb540)
> 00000000dfb6f245: 0000000000000000 ...
> 0000000018bf1efa: ffff8801addd7e78 (0xffff8801addd7e78)
> 00000000af9d28be: ffffed0035bbaf4f (0xffffed0035bbaf4f)
> 0000000054ce7fbb: ffff8801afc9a800 (0xffff8801afc9a800)
> 0000000009b4fde8: ffff8801afc9a700 (0xffff8801afc9a700)
> 0000000033db65fe: 0000000041b58ab3 (0x41b58ab3)
> 0000000095f3f4b7: ffffffff86819b78 (K512_4+0x3a978/0xd09a0)
> 00000000bc386db2: ffffffff82444ad0 (skcipher_bind+0x30/0x30)
> 0000000045eee086: ffff8801addd7e78 (0xffff8801addd7e78)
> 000000006e1fca3e: 0000000000000080 (0x80)
> 00000000fce5ec61: 0000000000000000 ...
> 0000000068459e19: ffff8801addd7aa0 (0xffff8801addd7aa0)
> 00000000eda90738: ffffffff82209af6 (selinux_socket_recvmsg+0x36/0x40)
> 00000000c036d60b: ffffffff86cabf70 (selinux_hooks+0x14f0/0x1d60)
> 00000000e68badc7: ffff8801addd7ae0 (0xffff8801addd7ae0)
> 0000000056549348: ffffffff82200011 (security_socket_recvmsg+0x91/0xc0)
> 000000004e8efe22: ffff880100000000 (0xffff880100000000)
> 00000000cd124779: ffff8801addd7e78 (0xffff8801addd7e78)
> 00000000b77193ee: ffff8801ba932980 (0xffff8801ba932980)
> 0000000094c68a1d: ffff8801addd7e98 (0xffff8801addd7e98)
> 00000000b7bccbab: 0000000000000000 ...
> 000000008890f826: ffffffff82444ad0 (skcipher_bind+0x30/0x30)
> 000000000e97debf: ffff8801addd7b20 (0xffff8801addd7b20)
> 00000000294d03fa: ffffffff84320819 (sock_recvmsg+0xc9/0x110)
> 00000000e611d534: ffff8801addd7c28 (0xffff8801addd7c28)
> 000000005c323010: ffffffff84320750 (__sock_recv_wifi_status+0x210/0x210)
> 00000000be0cd9a5: ffff8801addd7e78 (0xffff8801addd7e78)
> 000000004d4a8cb5: 0000000000000000 ...
> 00000000f358a181: 0000000020b2f000 (0x20b2f000)
> 000000008a8f5e5d: ffff8801ba932980 (0xffff8801ba932980)
> 000000006ec1caa4: ffff8801addd7db0 (0xffff8801addd7db0)
> 000000001c2c7fc9: ffffffff84329124 (___sys_recvmsg+0x2a4/0x640)
> 000000006d6e2b6b: ffff8801addd7e80 (0xffff8801addd7e80)
> 000000008731a875: 0000000020590000 (0x20590000)
> 000000006cc74658: ffff8801addd7eb0 (0xffff8801addd7eb0)
> 0000000009b65f29: ffff8801addd7ec0 (0xffff8801addd7ec0)
> 0000000003c9f3c7: ffff8801addd7cc0 (0xffff8801addd7cc0)
> 00000000a688c7b6: 0000000020b2f008 (0x20b2f008)
> 00000000ee0b9308: ffff8801addd7be0 (0xffff8801addd7be0)
> 000000004d52a663: ffff8801addd7ba0 (0xffff8801addd7ba0)
> 00000000a7be3bae: 1ffff10035bbaf70 (0x1ffff10035bbaf70)
> 0000000068966cce: 0000000000000000 ...
> 00000000f426fc56: 0000000041b58ab3 (0x41b58ab3)
> 000000008984c347: ffffffff86871110 (K512_4+0x91f10/0xd09a0)
> 000000007097e9ac: ffffffff84328e80 (___sys_sendmsg+0x8b0/0x8b0)
> 0000000078e6809c: ffff8801addd7c00 (0xffff8801addd7c00)
> 00000000f8385e77: 0000000000000000 ...
> 000000007a0a45a8: ffff8801addd7ce8 (0xffff8801addd7ce8)
> 00000000560df08c: 0000000000000282 (0x282)
> 00000000e7a1d96d: ffff8801acacad30 (0xffff8801acacad30)
> 00000000dd8dbc66: 0000000100000000 (0x100000000)
> 00000000bb5496da: 0000000000000282 (0x282)
> 00000000bd69f876: ffffffff81318f97 (__do_page_fault+0x5f7/0xc90)
> 00000000cde5732e: ffff880100000001 (0xffff880100000001)
> 000000005b57f98b: 00000000208e8000 (0x208e8000)
> 00000000c1142c1c: ffffffff867e5800 (K512_4+0x6600/0xd09a0)
> 0000000018a27b88: ffffffff8156ade0 (lock_downgrade+0x980/0x980)
> 000000005cb6c3da: ffffffff0000ab96 (0xffffffff0000ab96)
> 00000000ced8633b: dffffc0000000000 (0xdffffc0000000000)
> 0000000000aa1a89: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000002e547c68: ffff8801addd7c40 (0xffff8801addd7c40)
> 000000001ab08837: 0000000000000282 (0x282)
> 00000000a8fcfdd2: 0000000020284f81 (0x20284f81)
> 0000000099be0e97: 000000000000007f (0x7f)
> 0000000097cc47fb: 00000000203bc000 (0x203bc000)
> 00000000692d0643: 00000000000000c6 (0xc6)
> 00000000ce042ed9: ffff8801addd7d68 (0xffff8801addd7d68)
> 000000000eed2c54: ffffffff81b9afc7 (__fget_light+0x297/0x380)
> 0000000002d0659c: dffffc0000000000 (0xdffffc0000000000)
> 00000000e5b5f721: 00004000819cf2a6 (0x4000819cf2a6)
> 00000000819e03a2: 0000000041b58ab3 (0x41b58ab3)
> 000000003fc6d2b8: ffffffff867cd010 (regoff.32610+0x28d890/0x29dc80)
> 0000000036f85758: ffffffff81b9ad30 (fget_raw+0x20/0x20)
> 000000001b9e3410: 0000000041b58ab3 (0x41b58ab3)
> 000000001c2a6596: 0000000000000001 (0x1)
> 000000002f92de5c: ffffffff819cee30 (__handle_mm_fault+0x3ce0/0x3ce0)
> 0000000019e8654a: ffffffff819a00ff (vmacache_find+0x5f/0x280)
> 0000000031e719b2: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 0000000085b0795f: ffff8801ac4b86c0 (0xffff8801ac4b86c0)
> 00000000c32bbb43: ffff8801addd7f58 (0xffff8801addd7f58)
> 0000000036ecc51d: 00000000204f3f73 (0x204f3f73)
> 000000002b3705a4: 0000000000000001 (0x1)
> 00000000ba469aaa: ffff8801d9a30c58 (0xffff8801d9a30c58)
> 000000003ddede82: ffff8801addd7f58 (0xffff8801addd7f58)
> 00000000e8e797e6: ffff8801acaca4c0 (0xffff8801acaca4c0)
> 000000009f38eb60: 0000000000000000 ...
> 00000000c6535ab2: ffff8801addd7d78 (0xffff8801addd7d78)
> 00000000a3735642: ffff8801addd7d00 (0xffff8801addd7d00)
> 00000000262df3ad: ffffffff8155682a (up_read+0x1a/0x40)
> 00000000db60fa18: 0000000000000006 (0x6)
> 000000006794e7b5: ffff8801ac401cc0 (0xffff8801ac401cc0)
> 000000000a261fed: ffffffff81318d76 (__do_page_fault+0x3d6/0xc90)
> 000000001297870d: 0000000041b58ab3 (0x41b58ab3)
> 00000000eda09881: ffffffff868711b0 (K512_4+0x91fb0/0xd09a0)
> 00000000179515d6: 0000000000000002 (0x2)
> 00000000d3ca4229: 0000000000000000 ...
> 0000000001022156: 0000005500000000 (0x5500000000)
> 00000000e29c2ec9: ffff8801ac4b8768 (0xffff8801ac4b8768)
> 0000000052a5147b: 0000000000000004 (0x4)
> 000000000c777701: ffff8801addd7e38 (0xffff8801addd7e38)
> 000000003308c5ac: dffffc0000000000 (0xdffffc0000000000)
> 000000003fa9534f: ffff8801addd7df8 (0xffff8801addd7df8)
> 0000000094d03089: 0000000000000004 (0x4)
> 000000003ff08000: ffff8801addd7d80 (0xffff8801addd7d80)
> 000000000d29c6c0: ffffffff81b9b0c8 (__fdget+0x18/0x20)
> 0000000036ee4b3b: bae56c38c9082400 (0xbae56c38c9082400)
> 00000000c1ea676e: ffff8801addd7ef8 (0xffff8801addd7ef8)
> 00000000dbc5f7b4: ffff8801addd7dc8 (0xffff8801addd7dc8)
> 00000000ada856ab: ffff8801addd7e38 (0xffff8801addd7e38)
> 000000002e6f4778: dffffc0000000000 (0xdffffc0000000000)
> 00000000dbbebd56: 1ffff10035bbafbb (0x1ffff10035bbafbb)
> 00000000a33a0e3d: ffff8801ba932980 (0xffff8801ba932980)
> 00000000c8980c35: ffff8801addd7f20 (0xffff8801addd7f20)
> 000000005e3b93b0: ffffffff8432bfb2 (__sys_recvmsg+0xe2/0x210)
> 000000008eb39f97: ffffffff8432bfb2 (__sys_recvmsg+0xe2/0x210)
> 00000000e4dd53ec: 0000000000000006 (0x6)
> 00000000a2cb85f0: 0000000020b2f000 (0x20b2f000)
> 00000000b86c2ae8: 0000000041b58ab3 (0x41b58ab3)
> 0000000034bcfe37: ffffffff86871178 (K512_4+0x91f78/0xd09a0)
> 00000000ed261d74: ffffffff8432bed0 (SyS_sendmmsg+0x60/0x60)
> 00000000344403da: 0000000000000000 ...
> 00000000a0cc1b09: 0000000041b58ab3 (0x41b58ab3)
> 00000000fcfdb18f: ffffffff867cb270 (regoff.32610+0x28baf0/0x29dc80)
> 00000000f0294447: ffffffff81319630 (__do_page_fault+0xc90/0xc90)
> 00000000b46192ff: ffffffff85ffc650 (algif_type_skcipher+0x10/0xc0)
> 00000000d2796410: 1ffff10035bbafd0 (0x1ffff10035bbafd0)
> 00000000ad16cc56: ffff8801addd7f20 (0xffff8801addd7f20)
> 0000000009800666: ffff8801ba922200 (0xffff8801ba922200)
> 0000000062c8f861: fffffffffffffff7 (0xfffffffffffffff7)
> 000000004c7dc71e: ffff8801addd7ea0 (0xffff8801addd7ea0)
> 000000008dc647e0: ffff8801addd7f48 (0xffff8801addd7f48)
> 00000000f71e8041: ffffffff8432aed5 (SyS_setsockopt+0x215/0x360)
> 00000000930428e5: 0000000000000000 ...
> 0000000089d22d4a: 0000000000000010 (0x10)
> 000000007e91a186: 0000000020001f3a (0x20001f3a)
> 0000000052e75ec7: 0000000000000001 (0x1)
> 00000000f9d5292f: ffff8801addd7cc0 (0xffff8801addd7cc0)
> 00000000ab7c2675: 0000000000000000 ...
> 00000000aa894353: ffffffff00000000 (0xffffffff00000000)
> 00000000f8936fb7: 0000000000000000 ...
> 000000007e8f04db: ffff8801addd7c40 (0xffff8801addd7c40)
> 0000000013ef5b51: 0000000000000000 ...
> 00000000eacf20ec: 0000000020590000 (0x20590000)
> 000000003859ee08: 0000000000000000 ...
> 000000008df0f4bc: ffff8801addd7ef0 (0xffff8801addd7ef0)
> 00000000b120bf4d: ffffffff81564d91 (trace_hardirqs_on_caller+0x421/0x5c0)
> 000000005709167b: 0000000000000000 ...
> 000000000571639f: ffff8801addd7f48 (0xffff8801addd7f48)
> 000000001ebfae1a: 0000000000000000 ...
> 00000000cb1568db: 0000000000000004 (0x4)
> 00000000cac6e0fa: 0000000020b2f000 (0x20b2f000)
> 000000006a3c0e35: 00000000006cf050 (0x6cf050)
> 00000000c1b90944: 00000000004a2e4e (0x4a2e4e)
> 000000007fde70f3: ffff8801addd7f48 (0xffff8801addd7f48)
> 00000000ae70b3c3: ffffffff8432c10d (SyS_recvmsg+0x2d/0x50)
> 000000005dc420d6: 0000000000000000 ...
> 000000007d7e96cf: 0000000000000003 (0x3)
> 00000000ef5d224b: 0000000000007b79 (0x7b79)
> 0000000043e015fa: ffffffff85a0009b (entry_SYSCALL_64_fastpath+0x29/0xa0)
> 00000000984559b1: 00000000004a2e4e (0x4a2e4e)
> 0000000058b69a01: 00000000006cf050 (0x6cf050)
> 00000000155d6001: 0000000000000003 (0x3)
> 000000005c158093: 0000000000000000 ...
> 000000001e3f5268: 0000000000007b79 (0x7b79)
> 000000004afb5eb7: 0000000000000000 ...
> 000000001f14733d: 0000000000000246 (0x246)
> 00000000206104ac: 0000000000007b79 (0x7b79)
> 0000000016b44598: 0000000000007b79 (0x7b79)
> 000000002425a3fd: 0000000000007b79 (0x7b79)
> 00000000142803b7: ffffffffffffffda (0xffffffffffffffda)
> 00000000c6e8f055: 0000000000441689 (0x441689)
> 000000001374b1f1: 0000000000000000 ...
> 0000000093b314e6: 0000000020b2f000 (0x20b2f000)
> 000000007eba43f8: 0000000000000004 (0x4)
> 000000006bfb1dc3: 000000000000002f (0x2f)
> 00000000847ae096: 0000000000441689 (0x441689)
> 000000002e0bc771: 0000000000000033 (0x33)
> 00000000981c7725: 0000000000000246 (0x246)
> 000000001db3fc1b: 00007ffd931b3908 (0x7ffd931b3908)
> 00000000cb7f8f8e: 000000000000002b (0x2b)
>
>
> ---
> This bug is generated by a dumb bot. It may contain errors.
> See https://goo.gl/tpsmEJ for details.
> Direct all questions to [email protected].
>
> syzbot will keep track of this bug report.
> If you forgot to add the Reported-by tag, once the fix for this bug is
> merged
> into any tree, please reply to this email with:
> #syz fix: exact-commit-title
> If you want to test a patch for this bug, please reply with:
> #syz test: git://repo/address.git branch
> and provide the patch inline or as an attachment.
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a11449aa2faf11805643af581%40google.com.
> For more options, visit https://groups.google.com/d/optout.
On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
> <[email protected]> wrote:
> > Hello,
> >
> > syzbot hit the following crash on upstream commit
> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
> >
> > So far this crash happened 4 times on net-next, upstream.
> > C reproducer is attached.
> > syzkaller reproducer is attached.
> > Raw console output is attached.
> > compiler: gcc (GCC) 7.1.1 20170620
> > .config is attached.
>
>
> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>
Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
updated to not use %ebp/%rbp.
- Eric
On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
> On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>> <[email protected]> wrote:
>> > Hello,
>> >
>> > syzbot hit the following crash on upstream commit
>> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>> >
>> > So far this crash happened 4 times on net-next, upstream.
>> > C reproducer is attached.
>> > syzkaller reproducer is attached.
>> > Raw console output is attached.
>> > compiler: gcc (GCC) 7.1.1 20170620
>> > .config is attached.
>>
>>
>> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>>
>
> Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
> updated to not use %ebp/%rbp.
Ard,
This was bisected as introduced by:
commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
Author: Ard Biesheuvel <[email protected]>
Date: Fri Jan 19 12:04:34 2018 +0000
crypto: sha3-generic - rewrite KECCAK transform to help the
compiler optimize
https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
(+ Arnd)
On 12 May 2018 at 10:43, Dmitry Vyukov <[email protected]> wrote:
> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
>> On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>>> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>>> <[email protected]> wrote:
>>> > Hello,
>>> >
>>> > syzbot hit the following crash on upstream commit
>>> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>>> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>>> >
>>> > So far this crash happened 4 times on net-next, upstream.
>>> > C reproducer is attached.
>>> > syzkaller reproducer is attached.
>>> > Raw console output is attached.
>>> > compiler: gcc (GCC) 7.1.1 20170620
>>> > .config is attached.
>>>
>>>
>>> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>>>
>>
>> Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
>> updated to not use %ebp/%rbp.
>
> Ard,
>
> This was bisected as introduced by:
>
> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
> Author: Ard Biesheuvel <[email protected]>
> Date: Fri Jan 19 12:04:34 2018 +0000
>
> crypto: sha3-generic - rewrite KECCAK transform to help the
> compiler optimize
>
> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
Ouch.
I'm not an expert in x86 assembly. Could someone please check the
generated code to see what's going on? The C code changes are not that
intricate, they basically unroll a loop, replacing accesses to
'array[indirect_index[i]]' with 'array[constant]'.
As mentioned in the commit log, the speedup is more than significant
for architectures with lots of GPRs so I'd prefer fixing the patch
over reverting it (if there is anything wrong with the code in the
first place)
--
Ard.
On Sat, May 12, 2018 at 11:09 AM, Ard Biesheuvel
<[email protected]> wrote:
> (+ Arnd)
>
> On 12 May 2018 at 10:43, Dmitry Vyukov <[email protected]> wrote:
>> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
>>> On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>>>> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>>>> <[email protected]> wrote:
>>>> > Hello,
>>>> >
>>>> > syzbot hit the following crash on upstream commit
>>>> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>>>> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>>>> >
>>>> > So far this crash happened 4 times on net-next, upstream.
>>>> > C reproducer is attached.
>>>> > syzkaller reproducer is attached.
>>>> > Raw console output is attached.
>>>> > compiler: gcc (GCC) 7.1.1 20170620
>>>> > .config is attached.
>>>>
>>>>
>>>> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>>>>
>>>
>>> Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
>>> updated to not use %ebp/%rbp.
>>
>> Ard,
>>
>> This was bisected as introduced by:
>>
>> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
>> Author: Ard Biesheuvel <[email protected]>
>> Date: Fri Jan 19 12:04:34 2018 +0000
>>
>> crypto: sha3-generic - rewrite KECCAK transform to help the
>> compiler optimize
>>
>> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
>
> Ouch.
>
> I'm not an expert in x86 assembly. Could someone please check the
> generated code to see what's going on? The C code changes are not that
> intricate, they basically unroll a loop, replacing accesses to
> 'array[indirect_index[i]]' with 'array[constant]'.
>
> As mentioned in the commit log, the speedup is more than significant
> for architectures with lots of GPRs so I'd prefer fixing the patch
> over reverting it (if there is anything wrong with the code in the
> first place)
I suspect the problem is with __attribute__((__optimize__("O3"))). It
makes compiler use rbp register, which must not be used.
On 12 May 2018 at 11:50, Dmitry Vyukov <[email protected]> wrote:
> On Sat, May 12, 2018 at 11:09 AM, Ard Biesheuvel
> <[email protected]> wrote:
>> (+ Arnd)
>>
>> On 12 May 2018 at 10:43, Dmitry Vyukov <[email protected]> wrote:
>>> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
>>>> On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>>>>> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>>>>> <[email protected]> wrote:
>>>>> > Hello,
>>>>> >
>>>>> > syzbot hit the following crash on upstream commit
>>>>> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>>>>> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>>>>> >
>>>>> > So far this crash happened 4 times on net-next, upstream.
>>>>> > C reproducer is attached.
>>>>> > syzkaller reproducer is attached.
>>>>> > Raw console output is attached.
>>>>> > compiler: gcc (GCC) 7.1.1 20170620
>>>>> > .config is attached.
>>>>>
>>>>>
>>>>> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>>>>>
>>>>
>>>> Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
>>>> updated to not use %ebp/%rbp.
>>>
>>> Ard,
>>>
>>> This was bisected as introduced by:
>>>
>>> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
>>> Author: Ard Biesheuvel <[email protected]>
>>> Date: Fri Jan 19 12:04:34 2018 +0000
>>>
>>> crypto: sha3-generic - rewrite KECCAK transform to help the
>>> compiler optimize
>>>
>>> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
>>
>> Ouch.
>>
>> I'm not an expert in x86 assembly. Could someone please check the
>> generated code to see what's going on? The C code changes are not that
>> intricate, they basically unroll a loop, replacing accesses to
>> 'array[indirect_index[i]]' with 'array[constant]'.
>>
>> As mentioned in the commit log, the speedup is more than significant
>> for architectures with lots of GPRs so I'd prefer fixing the patch
>> over reverting it (if there is anything wrong with the code in the
>> first place)
>
> I suspect the problem is with __attribute__((__optimize__("O3"))). It
> makes compiler use rbp register, which must not be used.
IIRC, the additional speedup from adding that was significant but not
huge. Given that we don't use O3 anywhere else, I guess we should just
remove it.
Could you please check whether that makes the issue go away?
If so,
Acked-by: Ard Biesheuvel <[email protected]>
for any patch that removes the O3 attribute override from keccakf()
Thanks,
Ard.
On Sat, May 12, 2018 at 12:11:17PM +0200, Ard Biesheuvel wrote:
> On 12 May 2018 at 11:50, Dmitry Vyukov <[email protected]> wrote:
> > On Sat, May 12, 2018 at 11:09 AM, Ard Biesheuvel
> > <[email protected]> wrote:
> >> (+ Arnd)
> >>
> >> On 12 May 2018 at 10:43, Dmitry Vyukov <[email protected]> wrote:
> >>> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
> >>>> On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
> >>>>> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
> >>>>> <[email protected]> wrote:
> >>>>> > Hello,
> >>>>> >
> >>>>> > syzbot hit the following crash on upstream commit
> >>>>> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
> >>>>> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
> >>>>> >
> >>>>> > So far this crash happened 4 times on net-next, upstream.
> >>>>> > C reproducer is attached.
> >>>>> > syzkaller reproducer is attached.
> >>>>> > Raw console output is attached.
> >>>>> > compiler: gcc (GCC) 7.1.1 20170620
> >>>>> > .config is attached.
> >>>>>
> >>>>>
> >>>>> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
> >>>>>
> >>>>
> >>>> Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
> >>>> updated to not use %ebp/%rbp.
> >>>
> >>> Ard,
> >>>
> >>> This was bisected as introduced by:
> >>>
> >>> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
> >>> Author: Ard Biesheuvel <[email protected]>
> >>> Date: Fri Jan 19 12:04:34 2018 +0000
> >>>
> >>> crypto: sha3-generic - rewrite KECCAK transform to help the
> >>> compiler optimize
> >>>
> >>> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
> >>
> >> Ouch.
> >>
> >> I'm not an expert in x86 assembly. Could someone please check the
> >> generated code to see what's going on? The C code changes are not that
> >> intricate, they basically unroll a loop, replacing accesses to
> >> 'array[indirect_index[i]]' with 'array[constant]'.
> >>
> >> As mentioned in the commit log, the speedup is more than significant
> >> for architectures with lots of GPRs so I'd prefer fixing the patch
> >> over reverting it (if there is anything wrong with the code in the
> >> first place)
> >
> > I suspect the problem is with __attribute__((__optimize__("O3"))). It
> > makes compiler use rbp register, which must not be used.
>
> IIRC, the additional speedup from adding that was significant but not
> huge. Given that we don't use O3 anywhere else, I guess we should just
> remove it.
>
> Could you please check whether that makes the issue go away?
>
> If so,
>
> Acked-by: Ard Biesheuvel <[email protected]>
>
> for any patch that removes the O3 attribute override from keccakf()
The issue only affects CONFIG_FRAME_POINTER (which is no longer the
default on x86-64), so maybe -O3 could only be enabled for
CONFIG_FRAME_POINTER=n, in which case you'd still get the speedup with
the default ORC unwinder.
--
Josh
On Sat, May 12, 2018 at 10:43:08AM +0200, Dmitry Vyukov wrote:
> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
> > On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
> >> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
> >> <[email protected]> wrote:
> >> > Hello,
> >> >
> >> > syzbot hit the following crash on upstream commit
> >> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
> >> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
> >> >
> >> > So far this crash happened 4 times on net-next, upstream.
> >> > C reproducer is attached.
> >> > syzkaller reproducer is attached.
> >> > Raw console output is attached.
> >> > compiler: gcc (GCC) 7.1.1 20170620
> >> > .config is attached.
> >>
> >>
> >> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
> >>
> >
> > Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
> > updated to not use %ebp/%rbp.
>
> Ard,
>
> This was bisected as introduced by:
>
> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
> Author: Ard Biesheuvel <[email protected]>
> Date: Fri Jan 19 12:04:34 2018 +0000
>
> crypto: sha3-generic - rewrite KECCAK transform to help the
> compiler optimize
>
> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
Note that syzbot's original C reproducer (from Feb 1) for this actually
triggered the warning through salsa20-asm, which I've just proposed to "fix" by
https://patchwork.kernel.org/patch/10428863/. sha3-generic is apparently
another instance of the same bug, where the %rbp register is used for data.
Eric
On Sat, May 26, 2018 at 9:22 AM, Eric Biggers <[email protected]> wrote:
> On Sat, May 12, 2018 at 10:43:08AM +0200, Dmitry Vyukov wrote:
>> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
>> > On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>> >> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>> >> <[email protected]> wrote:
>> >> > Hello,
>> >> >
>> >> > syzbot hit the following crash on upstream commit
>> >> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>> >> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>> >> >
>> >> > So far this crash happened 4 times on net-next, upstream.
>> >> > C reproducer is attached.
>> >> > syzkaller reproducer is attached.
>> >> > Raw console output is attached.
>> >> > compiler: gcc (GCC) 7.1.1 20170620
>> >> > .config is attached.
>> >>
>> >>
>> >> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>> >>
>> >
>> > Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
>> > updated to not use %ebp/%rbp.
>>
>> Ard,
>>
>> This was bisected as introduced by:
>>
>> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
>> Author: Ard Biesheuvel <[email protected]>
>> Date: Fri Jan 19 12:04:34 2018 +0000
>>
>> crypto: sha3-generic - rewrite KECCAK transform to help the
>> compiler optimize
>>
>> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
>
> Note that syzbot's original C reproducer (from Feb 1) for this actually
> triggered the warning through salsa20-asm, which I've just proposed to "fix" by
> https://patchwork.kernel.org/patch/10428863/. sha3-generic is apparently
> another instance of the same bug, where the %rbp register is used for data.
Mailed "crypto: don't optimize keccakf()" to fix this.
Amusingly __optimize("O3") always lead to degraded performance as gcc does not
inline across different optimizations levels, so keccakf() wasn't inlined
into its callers and keccakf_round() wasn't inlined into keccakf().
On 8 June 2018 at 11:54, Dmitry Vyukov <[email protected]> wrote:
> On Sat, May 26, 2018 at 9:22 AM, Eric Biggers <[email protected]> wrote:
>> On Sat, May 12, 2018 at 10:43:08AM +0200, Dmitry Vyukov wrote:
>>> On Fri, Feb 2, 2018 at 11:18 PM, Eric Biggers <[email protected]> wrote:
>>> > On Fri, Feb 02, 2018 at 02:57:32PM +0100, Dmitry Vyukov wrote:
>>> >> On Fri, Feb 2, 2018 at 2:48 PM, syzbot
>>> >> <[email protected]> wrote:
>>> >> > Hello,
>>> >> >
>>> >> > syzbot hit the following crash on upstream commit
>>> >> > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000)
>>> >> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
>>> >> >
>>> >> > So far this crash happened 4 times on net-next, upstream.
>>> >> > C reproducer is attached.
>>> >> > syzkaller reproducer is attached.
>>> >> > Raw console output is attached.
>>> >> > compiler: gcc (GCC) 7.1.1 20170620
>>> >> > .config is attached.
>>> >>
>>> >>
>>> >> From suspicious frames I see salsa20_asm_crypt there, so +crypto maintainers.
>>> >>
>>> >
>>> > Looks like the x86 implementations of Salsa20 (both i586 and x86_64) need to be
>>> > updated to not use %ebp/%rbp.
>>>
>>> Ard,
>>>
>>> This was bisected as introduced by:
>>>
>>> commit 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6
>>> Author: Ard Biesheuvel <[email protected]>
>>> Date: Fri Jan 19 12:04:34 2018 +0000
>>>
>>> crypto: sha3-generic - rewrite KECCAK transform to help the
>>> compiler optimize
>>>
>>> https://gist.githubusercontent.com/dvyukov/47f93f5a0679170dddf93bc019b42f6d/raw/65beac8ddd30003bbd4e9729236dc8572094abf7/gistfile1.txt
>>
>> Note that syzbot's original C reproducer (from Feb 1) for this actually
>> triggered the warning through salsa20-asm, which I've just proposed to "fix" by
>> https://patchwork.kernel.org/patch/10428863/. sha3-generic is apparently
>> another instance of the same bug, where the %rbp register is used for data.
>
>
> Mailed "crypto: don't optimize keccakf()" to fix this.
>
> Amusingly __optimize("O3") always lead to degraded performance as gcc does not
> inline across different optimizations levels, so keccakf() wasn't inlined
> into its callers and keccakf_round() wasn't inlined into keccakf().
That does not make sense. The -O3 definitely made the code run
slightly faster on AArch64, but I don't remember the exact numbers or
the compiler version.
In any case, it wasn't an improvement worth obsessing about compared
to the 14x speedup I got on A53 from rewriting the code itself.