WARNING: kernel stack regs has bad 'bp' value (2)

[syzbot]

Hello,

syzkaller hit the following crash on
1d3b78bbc6e983fabb3fbf91b76339bf66e4a12c
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
C reproducer is attached
syzkaller reproducer is attached. See https://goo.gl/kgGztJ
for information about syzkaller reproducers


WARNING: kernel stack regs at ffff8801c1e5f468 in syzkaller196611:6199 has
bad 'bp' value 0000000000000001
unwind stack type:0 next_sp: (null) mask:0x6 graph_idx:0
ffff8801db4075a8: ffff8801db407630 (0xffff8801db407630)
ffff8801db4075b0: ffffffff8128a84e (__save_stack_trace+0x6e/0xd0)
ffff8801db4075b8: 0000000000000000 ...
ffff8801db4075c0: ffff8801c1e58000 (0xffff8801c1e58000)
ffff8801db4075c8: ffff8801c1e60000 (0xffff8801c1e60000)
ffff8801db4075d0: 0000000000000000 ...
ffff8801db4075d8: 0000000000000006 (0x6)
ffff8801db4075e0: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db4075e8: 0000010100000000 (0x10100000000)
ffff8801db4075f0: 0000000000000000 ...
ffff8801db4075f8: ffff8801db4075a8 (0xffff8801db4075a8)
ffff8801db407600: ffffffff8134ff7d (__twofish_enc_blk_3way+0x1b1d/0x1b30)
ffff8801db407608: ffff8801c1e5f468 (0xffff8801c1e5f468)
ffff8801db407610: 0000000001000000 (0x1000000)
ffff8801db407618: ffff8801c1d46700 (0xffff8801c1d46700)
ffff8801db407620: ffff8801c1d46740 (0xffff8801c1d46740)
ffff8801db407628: ffffffff8148b046 (put_pid+0x176/0x1f0)
ffff8801db407630: ffff8801db407640 (0xffff8801db407640)
ffff8801db407638: ffffffff8128a8ca (save_stack_trace+0x1a/0x20)
ffff8801db407640: ffff8801db407870 (0xffff8801db407870)
ffff8801db407648: ffffffff81a659d3 (save_stack+0x43/0xd0)
ffff8801db407650: 000000400000000b (0x400000000b)
ffff8801db407658: ffff8801db407668 (0xffff8801db407668)
ffff8801db407660: ffffffff00000000 (0xffffffff00000000)
ffff8801db407668: ffffffff81a659d3 (save_stack+0x43/0xd0)
ffff8801db407670: ffffffff81a662e1 (kasan_slab_free+0x71/0xc0)
ffff8801db407678: ffffffff81a63417 (kmem_cache_free+0x77/0x280)
ffff8801db407680: ffffffff8148b046 (put_pid+0x176/0x1f0)
ffff8801db407688: ffffffff8148b0d6 (delayed_put_pid+0x16/0x20)
ffff8801db407690: ffffffff815db404 (rcu_process_callbacks+0xd74/0x17d0)
ffff8801db407698: ffffffff85143f7d (__do_softirq+0x29d/0xbb2)
ffff8801db4076a0: ffffffff814278c3 (irq_exit+0x1d3/0x210)
ffff8801db4076a8: ffffffff851424fb (smp_apic_timer_interrupt+0x16b/0x700)
ffff8801db4076b0: ffffffff8513e77d (apic_timer_interrupt+0x9d/0xb0)
ffff8801db4076b8: ffffffff8134ff7d (__twofish_enc_blk_3way+0x1b1d/0x1b30)
ffff8801db4076c0: ffffffff85b24df8 (K512_4+0x6378/0xb97f0)
ffff8801db4076c8: ffffffff8154e1d0 (check_noncircular+0x20/0x20)
ffff8801db4076d0: ffffffff85f446c0 (rcu_bh_lock_map+0x60/0x60)
ffff8801db4076d8: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db4076e0: 0000000041b58ab3 (0x41b58ab3)
ffff8801db4076e8: ffffffff85b24df8 (K512_4+0x6378/0xb97f0)
ffff8801db4076f0: ffffffff8154e1d0 (check_noncircular+0x20/0x20)
ffff8801db4076f8: 0000000000000000 ...
ffff8801db407700: 0000000000000003 (0x3)
ffff8801db407708: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407710: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407718: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801db407720: ffff8801db407768 (0xffff8801db407768)
ffff8801db407728: ffffffff8155a692 (mark_held_locks+0xb2/0x100)
ffff8801db407730: 0000000000000001 (0x1)
ffff8801db407738: ffff880100000002 (0xffff880100000002)
ffff8801db407740: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407748: ffffffff8513cd41 (_raw_spin_unlock_irqrestore+0x31/0xba)
ffff8801db407750: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407758: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407760: ffffffff85f47e00 (rcu_bh_varname+0x60/0x60)
ffff8801db407768: ffff8801db407788 (0xffff8801db407788)
ffff8801db407770: ffffffff8155a87e (trace_hardirqs_on_caller+0x19e/0x5c0)
ffff8801db407778: 0000000000000286 (0x286)
ffff8801db407780: ffffffff85f47e00 (rcu_bh_varname+0x60/0x60)
ffff8801db407788: ffff8801db407798 (0xffff8801db407798)
ffff8801db407790: ffffffff8155acad (trace_hardirqs_on+0xd/0x10)
ffff8801db407798: ffff8801db4077b8 (0xffff8801db4077b8)
ffff8801db4077a0: 0000000000000286 (0x286)
ffff8801db4077a8: 0000000000000002 (0x2)
ffff8801db4077b0: ffffffff85f47e50 (rcu_sched_state+0x50/0x1720)
ffff8801db4077b8: ffff8801db407980 (0xffff8801db407980)
ffff8801db4077c0: ffffffff815d1cd7 (rcu_report_qs_rnp+0x2f7/0x880)
ffff8801db4077c8: ffffffff8154ee5c (__lock_is_held+0xbc/0x140)
ffff8801db4077d0: ffffffff383c9d10 (0xffffffff383c9d10)
ffff8801db4077d8: 1ffff1003b680eff (0x1ffff1003b680eff)
ffff8801db4077e0: ffffffff85f47e00 (rcu_bh_varname+0x60/0x60)
ffff8801db4077e8: 0000000000000286 (0x286)
ffff8801db4077f0: 0000000000000fd1 (0xfd1)
ffff8801db4077f8: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407800: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407808: ffffffff85b0cf08 (regoff.32280+0x257c88/0x267a00)
ffff8801db407810: ffffffff815591b0 (print_usage_bug+0x3f0/0x3f0)
ffff8801db407818: 0000000000000086 (0x86)
ffff8801db407820: ffffffff85f47e18 (rcu_sched_state+0x18/0x1720)
ffff8801db407828: 0000000000000086 (0x86)
ffff8801db407830: ffff8801c1e4e8f8 (0xffff8801c1e4e8f8)
ffff8801db407838: ffff8801c1d46700 (0xffff8801c1d46700)
ffff8801db407840: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407848: ffff8801db407898 (0xffff8801db407898)
ffff8801db407850: ffffffff8155b6a8 (debug_check_no_locks_freed+0x268/0x3d0)
ffff8801db407858: ffffffff81562455 (lock_acquire+0x1d5/0x580)
ffff8801db407860: 0000000000000000 ...
ffff8801db407868: ffff8801db079980 (0xffff8801db079980)
ffff8801db407870: ffff8801db407898 (0xffff8801db407898)
ffff8801db407878: ffffffff81a662e1 (kasan_slab_free+0x71/0xc0)
ffff8801db407880: ffff8801c1d46700 (0xffff8801c1d46700)
ffff8801db407888: ffff8801db079980 (0xffff8801db079980)
ffff8801db407890: 0000000000000286 (0x286)
ffff8801db407898: ffff8801db4078c8 (0xffff8801db4078c8)
ffff8801db4078a0: ffffffff81a63417 (kmem_cache_free+0x77/0x280)
ffff8801db4078a8: ffff8801c1d46700 (0xffff8801c1d46700)
ffff8801db4078b0: 1ffff1003b680f1c (0x1ffff1003b680f1c)
ffff8801db4078b8: 1ffff1003b680f20 (0x1ffff1003b680f20)
ffff8801db4078c0: ffff8801db407940 (0xffff8801db407940)
ffff8801db4078c8: ffff8801db407968 (0xffff8801db407968)
ffff8801db4078d0: ffffffff8148b046 (put_pid+0x176/0x1f0)
ffff8801db4078d8: 0000000000000fd1 (0xfd1)
ffff8801db4078e0: 0000000041b58ab3 (0x41b58ab3)
ffff8801db4078e8: ffffffff85b0b10a (regoff.32280+0x255e8a/0x267a00)
ffff8801db4078f0: ffffffff8148aed0 (task_active_pid_ns+0xd0/0xd0)
ffff8801db4078f8: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407900: ffff880100000001 (0xffff880100000001)
ffff8801db407908: ffff8801db407950 (0xffff8801db407950)
ffff8801db407910: 0000000000000000 ...
ffff8801db407918: 0000000000000fd0 (0xfd0)
ffff8801db407920: ffffffff00000002 (0xffffffff00000002)
ffff8801db407928: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407930: ffffffff815db7ef (rcu_process_callbacks+0x115f/0x17d0)
ffff8801db407938: ffffffff85f47e00 (rcu_bh_varname+0x60/0x60)
ffff8801db407940: ffff8801c1d46720 (0xffff8801c1d46720)
ffff8801db407948: ffffffff8148b0c0 (put_pid+0x1f0/0x1f0)
ffff8801db407950: ffff8801c1d46728 (0xffff8801c1d46728)
ffff8801db407958: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407960: ffff8801db407c58 (0xffff8801db407c58)
ffff8801db407968: ffff8801db407980 (0xffff8801db407980)
ffff8801db407970: ffffffff8148b0d6 (delayed_put_pid+0x16/0x20)
ffff8801db407978: ffff8801c1d46720 (0xffff8801c1d46720)
ffff8801db407980: ffff8801db407c80 (0xffff8801db407c80)
ffff8801db407988: ffffffff815db404 (rcu_process_callbacks+0xd74/0x17d0)
ffff8801db407990: ffff8801db407c28 (0xffff8801db407c28)
ffff8801db407998: ffff8801db407c30 (0xffff8801db407c30)
ffff8801db4079a0: ffff8801db4269c0 (0xffff8801db4269c0)
ffff8801db4079a8: ffffffff85f47e00 (rcu_bh_varname+0x60/0x60)
ffff8801db4079b0: ffffffff85ecb548 (pv_irq_ops+0x8/0x30)
ffff8801db4079b8: ffff8801db426a70 (0xffff8801db426a70)
ffff8801db4079c0: ffff8801db407a58 (0xffff8801db407a58)
ffff8801db4079c8: ffffed003b680f4b (0xffffed003b680f4b)
ffff8801db4079d0: ffffed003b680f85 (0xffffed003b680f85)
ffff8801db4079d8: 000000000000000a (0xa)
ffff8801db4079e0: 1ffff1003b680f3f (0x1ffff1003b680f3f)
ffff8801db4079e8: ffff8801db4269f8 (0xffff8801db4269f8)
ffff8801db4079f0: ffff8801db407c18 (0xffff8801db407c18)
ffff8801db4079f8: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407a00: ffffffff85b274c8 (K512_4+0x8a48/0xb97f0)
ffff8801db407a08: ffffffff815da690 (note_gp_changes+0x650/0x650)
ffff8801db407a10: 0000000000000000 ...
ffff8801db407a18: ffff8801db41d690 (0xffff8801db41d690)
ffff8801db407a20: ffff8801cca17e10 (0xffff8801cca17e10)
ffff8801db407a28: ffff8801db407a78 (0xffff8801db407a78)
ffff8801db407a30: ffffffff85101ab9 (timerqueue_add+0x1e9/0x280)
ffff8801db407a38: ffff8801db41dc98 (0xffff8801db41dc98)
ffff8801db407a40: ffff8801db41d690 (0xffff8801db41d690)
ffff8801db407a48: ffffed003b683b93 (0xffffed003b683b93)
ffff8801db407a50: ffff8801db41d680 (0xffff8801db41d680)
ffff8801db407a58: 1ffff1003b680f52 (0x1ffff1003b680f52)
ffff8801db407a60: ffff8801db41dc80 (0xffff8801db41dc80)
ffff8801db407a68: ffff8801db41d5c0 (0xffff8801db41d5c0)
ffff8801db407a70: 0000000000000001 (0x1)
ffff8801db407a78: ffff8801db407b58 (0xffff8801db407b58)
ffff8801db407a80: ffffffff816018b2 (enqueue_hrtimer+0x162/0x490)
ffff8801db407a88: 1ffff1003b680f65 (0x1ffff1003b680f65)
ffff8801db407a90: 0000000000000001 (0x1)
ffff8801db407a98: ffff880100000001 (0xffff880100000001)
ffff8801db407aa0: ffffffff8747fbc8 (tk_core+0x8/0x160)
ffff8801db407aa8: ffff8801db407b48 (0xffff8801db407b48)
ffff8801db407ab0: ffff8801db407af0 (0xffff8801db407af0)
ffff8801db407ab8: ffffffff8154ec09 (find_held_lock+0x39/0x1d0)
ffff8801db407ac0: ffff880100000002 (0xffff880100000002)
ffff8801db407ac8: 1ffff1003b680f65 (0x1ffff1003b680f65)
ffff8801db407ad0: ffff8801db407b48 (0xffff8801db407b48)
ffff8801db407ad8: ffff8801db407c48 (0xffff8801db407c48)
ffff8801db407ae0: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407ae8: ffffffff85b24df8 (K512_4+0x6378/0xb97f0)
ffff8801db407af0: ffffffff8154e1d0 (check_noncircular+0x20/0x20)
ffff8801db407af8: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407b00: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407b08: ffffffff85b0cf08 (regoff.32280+0x257c88/0x267a00)
ffff8801db407b10: ffffffff815591b0 (print_usage_bug+0x3f0/0x3f0)
ffff8801db407b18: 0000000000000000 ...
ffff8801db407b20: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407b28: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407b30: ffffffff85b25028 (K512_4+0x65a8/0xb97f0)
ffff8801db407b38: ffffffff815614e0 (lock_downgrade+0x980/0x980)
ffff8801db407b40: 0000000000000001 (0x1)
ffff8801db407b48: ffff880100000001 (0xffff880100000001)
ffff8801db407b50: ffffffff81562455 (lock_acquire+0x1d5/0x580)
ffff8801db407b58: 0000000000000000 ...
ffff8801db407b60: ffffffff81632a83 (clockevents_program_event+0x163/0x2e0)
ffff8801db407b68: 0000000000000000 ...
ffff8801db407b70: 0000000000000086 (0x86)
ffff8801db407b78: 0000000723b799ec (0x723b799ec)
ffff8801db407b80: ffffffff815614e0 (lock_downgrade+0x980/0x980)
ffff8801db407b88: fffffbfff0c1d590 (0xfffffbfff0c1d590)
ffff8801db407b90: 0000000000000086 (0x86)
ffff8801db407b98: 00000000db407be8 (0xdb407be8)
ffff8801db407ba0: ffffffff8747fbc8 (tk_core+0x8/0x160)
ffff8801db407ba8: ffff88021fff8017 (0xffff88021fff8017)
ffff8801db407bb0: ffff88021fff800f (0xffff88021fff800f)
ffff8801db407bb8: ffffed0043fff003 (0xffffed0043fff003)
ffff8801db407bc0: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801db407bc8: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407bd0: ffffed00383c9d10 (0xffffed00383c9d10)
ffff8801db407bd8: ffffffff85f44600 (rcu_callback_map+0x60/0x60)
ffff8801db407be0: 0000000000000000 ...
ffff8801db407be8: ffff8801db407c38 (0xffff8801db407c38)
ffff8801db407bf0: ffffffff8154ee5c (__lock_is_held+0xbc/0x140)
ffff8801db407bf8: ffffffff85b0b10a (regoff.32280+0x255e8a/0x267a00)
ffff8801db407c00: ffff8801c1e4e880 (0xffff8801c1e4e880)
ffff8801db407c08: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801db407c10: 0000000000000286 (0x286)
ffff8801db407c18: ffff8801c1fc57d0 (0xffff8801c1fc57d0)
ffff8801db407c20: ffff8801c1fc57d0 (0xffff8801c1fc57d0)
ffff8801db407c28: ffffffffffffffff (0xffffffffffffffff)
ffff8801db407c30: 0000000000000000 ...
ffff8801db407c38: ffff8801db407c68 (0xffff8801db407c68)
ffff8801db407c40: 0000000000000286 (0x286)
ffff8801db407c48: 0000000000000040 (0x40)
ffff8801db407c50: 0000000000000003 (0x3)
ffff8801db407c58: ffffffff85e09148 (softirq_vec+0x48/0x80)
ffff8801db407c60: 0000000000000040 (0x40)
ffff8801db407c68: 0000000000000009 (0x9)
ffff8801db407c70: ffffffff85e09110 (softirq_vec+0x10/0x80)
ffff8801db407c78: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407c80: ffff8801db407e70 (0xffff8801db407e70)
ffff8801db407c88: ffffffff85143f7d (__do_softirq+0x29d/0xbb2)
ffff8801db407c90: 0080000000000017 (0x80000000000017)
ffff8801db407c98: 1ffff1003b680f9d (0x1ffff1003b680f9d)
ffff8801db407ca0: 01fffbff00404040 (0x1fffbff00404040)
ffff8801db407ca8: 00000000fffbe3ea (0xfffbe3ea)
ffff8801db407cb0: ffffffff85b0c458 (regoff.32280+0x2571d8/0x267a00)
ffff8801db407cb8: ffffed003b680fc1 (0xffffed003b680fc1)
ffff8801db407cc0: ffff8801db407dd0 (0xffff8801db407dd0)
ffff8801db407cc8: 0000000000000009 (0x9)
ffff8801db407cd0: 0000000000000009 (0x9)
ffff8801db407cd8: 000001020000000a (0x1020000000a)
ffff8801db407ce0: 0000008000000008 (0x8000000008)
ffff8801db407ce8: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407cf0: ffffffff85b20628 (K512_4+0x1ba8/0xb97f0)
ffff8801db407cf8: ffffffff85143ce0 (__irqentry_text_end+0x4/0x4)
ffff8801db407d00: ffff8801db41d6e8 (0xffff8801db41d6e8)
ffff8801db407d08: ffffffff85ecaea0 (kvmapf+0x620/0x620)
ffff8801db407d10: ffffffff85b0c458 (regoff.32280+0x2571d8/0x267a00)
ffff8801db407d18: ffffffff8160f7d0 (do_timer+0x50/0x50)
ffff8801db407d20: ffff8801db407e18 (0xffff8801db407e18)
ffff8801db407d28: 0000000000006278 (0x6278)
ffff8801db407d30: ffff8801db407d50 (0xffff8801db407d50)
ffff8801db407d38: ffffffff812eba1c (native_apic_msr_write+0x5c/0x80)
ffff8801db407d40: ffffffff81570af0 (do_raw_spin_trylock+0x190/0x190)
ffff8801db407d48: ffffffff85bddf20 (hpet_msi_controller+0x120/0x120)
ffff8801db407d50: ffff8801db407d70 (0xffff8801db407d70)
ffff8801db407d58: ffffffff812d3524 (lapic_next_event+0x54/0x80)
ffff8801db407d60: 0000000000000000 ...
ffff8801db407d68: ffff8801db416880 (0xffff8801db416880)
ffff8801db407d70: ffff8801db407da8 (0xffff8801db407da8)
ffff8801db407d78: ffffffff81632a28 (clockevents_program_event+0x108/0x2e0)
ffff8801db407d80: ffff8801db416880 (0xffff8801db416880)
ffff8801db407d88: 0000000000000000 ...
ffff8801db407d98: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407da0: 0000000723c6c440 (0x723c6c440)
ffff8801db407da8: ffff8801db407dd0 (0xffff8801db407dd0)
ffff8801db407db0: ffffffff81638093 (tick_program_event+0x83/0x100)
ffff8801db407db8: ffff8801db41d6d8 (0xffff8801db41d6d8)
ffff8801db407dc0: ffff8801db41d5c0 (0xffff8801db41d5c0)
ffff8801db407dc8: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801db407dd0: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407dd8: ffffed00383c9d10 (0xffffed00383c9d10)
ffff8801db407de0: ffffffff85f44600 (rcu_callback_map+0x60/0x60)
ffff8801db407de8: 0000000000000000 ...
ffff8801db407df0: ffff8801db407e40 (0xffff8801db407e40)
ffff8801db407df8: ffffffff8154ee5c (__lock_is_held+0xbc/0x140)
ffff8801db407e00: ffffffff85b0b10a (regoff.32280+0x255e8a/0x267a00)
ffff8801db407e08: 0000000000000000 ...
ffff8801db407e10: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801db407e18: 0000000000000086 (0x86)
ffff8801db407e20: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801db407e28: ffffffff85f44600 (rcu_callback_map+0x60/0x60)
ffff8801db407e30: 0000000000000000 ...
ffff8801db407e40: 0000000000000086 (0x86)
ffff8801db407e48: ffff8801da33a1c0 (0xffff8801da33a1c0)
ffff8801db407e50: 1ffff1003b680fe0 (0x1ffff1003b680fe0)
ffff8801db407e58: ffff8801db407fc0 (0xffff8801db407fc0)
ffff8801db407e60: 0000000000000000 ...
ffff8801db407e70: ffff8801db407e88 (0xffff8801db407e88)
ffff8801db407e78: ffffffff814278c3 (irq_exit+0x1d3/0x210)
ffff8801db407e80: 1ffff1003b680fd4 (0x1ffff1003b680fd4)
ffff8801db407e88: ffff8801db407fe8 (0xffff8801db407fe8)
ffff8801db407e90: ffffffff851424fb (smp_apic_timer_interrupt+0x16b/0x700)
ffff8801db407e98: ffffffff85141e74
(smp_call_function_single_interrupt+0x124/0x640)
ffff8801db407ea0: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407ea8: ffffffff85b0ada0 (regoff.32280+0x255b20/0x267a00)
ffff8801db407eb0: ffffffff85142390
(smp_call_function_single_interrupt+0x640/0x640)
ffff8801db407eb8: 0000000000000001 (0x1)
ffff8801db407ec0: ffff8801db407ee0 (0xffff8801db407ee0)
ffff8801db407ec8: ffffffff8513c102 (_raw_spin_lock+0x32/0x40)
ffff8801db407ed0: ffff8801d311e0a8 (0xffff8801d311e0a8)
ffff8801db407ed8: ffff8801d311e07c (0xffff8801d311e07c)
ffff8801db407ee0: dffffc0000000000 (0xdffffc0000000000)
ffff8801db407ee8: ffffed003a623c0f (0xffffed003a623c0f)
ffff8801db407ef0: ffff8801d311e038 (0xffff8801d311e038)
ffff8801db407ef8: ffff8801db407f10 (0xffff8801db407f10)
ffff8801db407f00: 0000000000000000 ...
ffff8801db407f08: ffff8801d311e000 (0xffff8801d311e000)
ffff8801db407f10: ffff8801db407f68 (0xffff8801db407f68)
ffff8801db407f18: ffffffff815aa164 (handle_edge_irq+0x2b4/0x7c0)
ffff8801db407f20: 0000000041b58ab3 (0x41b58ab3)
ffff8801db407f28: ffffffff85b0a63d (regoff.32280+0x2553bd/0x267a00)
ffff8801db407f30: ffffffff814ce450 (task_prio+0x40/0x40)
ffff8801db407f38: ffffed003a623c0e (0xffffed003a623c0e)
ffff8801db407f40: ffff8801d311e000 (0xffff8801d311e000)
ffff8801db407f48: ffff8801cd7760c0 (0xffff8801cd7760c0)
ffff8801db407f50: ffff8801d311e000 (0xffff8801d311e000)
ffff8801db407f58: 0000000000000028 (0x28)
ffff8801db407f60: 0000000000000000 ...
ffff8801db407f68: 0000000000000086 (0x86)
ffff8801db407f70: 0000000000000086 (0x86)
ffff8801db407f78: 333bb3d438dcd786 (0x333bb3d438dcd786)
ffff8801db407f80: 0000000000000000 ...
ffff8801db407f88: 0000000046b97555 (0x46b97555)
ffff8801db407f90: ffff8801db407fe8 (0xffff8801db407fe8)
ffff8801db407f98: ffffffff81004de9 (trace_hardirqs_off_thunk+0x1a/0x1c)
ffff8801db407fa0: 000000004ed64506 (0x4ed64506)
ffff8801db407fa8: e8c082be4bfea825 (0xe8c082be4bfea825)
ffff8801db407fb0: af1652fe48a8706a (0xaf1652fe48a8706a)
ffff8801db407fb8: 8972b301c9252aa5 (0x8972b301c9252aa5)
ffff8801db407fc0: 333bb3d438dcd786 (0x333bb3d438dcd786)
ffff8801db407fc8: 000000006922310d (0x6922310d)
ffff8801db407fd0: 0000000046b97555 (0x46b97555)
ffff8801db407fd8: 0000000024c0258e (0x24c0258e)
ffff8801db407fe0: 00000000df34cc19 (0xdf34cc19)
ffff8801db407fe8: ffff8801c1e5f469 (0xffff8801c1e5f469)
ffff8801db407ff0: ffffffff8513e77d (apic_timer_interrupt+0x9d/0xb0)
ffff8801db407ff8: ffff8801c1e5f468 (0xffff8801c1e5f468)
ffff8801c1e5f468: 00000000df34cc19 (0xdf34cc19)
ffff8801c1e5f470: 0000000024c0258e (0x24c0258e)
ffff8801c1e5f478: 0000000046b97555 (0x46b97555)
ffff8801c1e5f480: 000000006922310d (0x6922310d)
ffff8801c1e5f488: 0000000000000001 (0x1)
ffff8801c1e5f490: 333bb3d438dcd786 (0x333bb3d438dcd786)
ffff8801c1e5f498: 000000004ed64506 (0x4ed64506)
ffff8801c1e5f4a0: e8c082be4bfea825 (0xe8c082be4bfea825)
ffff8801c1e5f4a8: af1652fe48a8706a (0xaf1652fe48a8706a)
ffff8801c1e5f4b0: 8972b301c9252aa5 (0x8972b301c9252aa5)
ffff8801c1e5f4b8: b60614c6fe4e67c9 (0xb60614c6fe4e67c9)
ffff8801c1e5f4c0: 2ffc30881f28a38d (0x2ffc30881f28a38d)
ffff8801c1e5f4c8: ffff8801b6c84f0c (0xffff8801b6c84f0c)
ffff8801c1e5f4d0: 0000000000000050 (0x50)
ffff8801c1e5f4d8: ffff8801c1dd1140 (0xffff8801c1dd1140)
ffff8801c1e5f4e0: ffffffffffffff11 (0xffffffffffffff11)
ffff8801c1e5f4e8: ffffffff8134ff7d (__twofish_enc_blk_3way+0x1b1d/0x1b30)
ffff8801c1e5f4f0: 0000000000000010 (0x10)
ffff8801c1e5f4f8: 0000000000000282 (0x282)
ffff8801c1e5f500: ffff8801c1e5f518 (0xffff8801c1e5f518)
ffff8801c1e5f508: 0000000000000018 (0x18)
ffff8801c1e5f510: 0000000000000001 (0x1)
ffff8801c1e5f518: ffff8801c1e5f590 (0xffff8801c1e5f590)
ffff8801c1e5f520: ffff8801c1e5f620 (0xffff8801c1e5f620)
ffff8801c1e5f528: 0000000000000003 (0x3)
ffff8801c1e5f530: ffff8801b6c84f0c (0xffff8801b6c84f0c)
ffff8801c1e5f538: 0000000000000000 ...
ffff8801c1e5f540: ffff8801c1e5f6d0 (0xffff8801c1e5f6d0)
ffff8801c1e5f548: ffffffff81352412 (twofish_enc_blk_ctr_3way+0x352/0x4a0)
ffff8801c1e5f550: 0000000000000000 ...
ffff8801c1e5f558: ffff8801c1dd1140 (0xffff8801c1dd1140)
ffff8801c1e5f560: 1ffff100383cbeae (0x1ffff100383cbeae)
ffff8801c1e5f568: 0000000000000002 (0x2)
ffff8801c1e5f570: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5f578: ffffffff85b1cba6 (regoff.32280+0x267926/0x267a00)
ffff8801c1e5f580: ffffffff813520c0 (twofish_enc_blk_ctr+0x300/0x300)
ffff8801c1e5f588: ffff8801c1e5f8d8 (0xffff8801c1e5f8d8)
ffff8801c1e5f590: 0000000000000000 ...
ffff8801c1e5f5a8: 0100000000000000 (0x100000000000000)
ffff8801c1e5f5b0: 0000000000000000 ...
ffff8801c1e5f5b8: 0200000000000000 (0x200000000000000)
ffff8801c1e5f5c0: ffff8801c1e5f618 (0xffff8801c1e5f618)
ffff8801c1e5f5c8: ffffffff8259e71c (depot_save_stack+0x12c/0x490)
ffff8801c1e5f5d0: ffff8801014000c0 (0xffff8801014000c0)
ffff8801c1e5f5d8: ffff8801c1d73d40 (0xffff8801c1d73d40)
ffff8801c1e5f5e0: ffff8801c1e5f790 (0xffff8801c1e5f790)
ffff8801c1e5f5e8: ffff8801c1e5f8d8 (0xffff8801c1e5f8d8)
ffff8801c1e5f5f0: 0000000000000030 (0x30)
ffff8801c1e5f5f8: ffff8801c1e5f640 (0xffff8801c1e5f640)
ffff8801c1e5f600: 0000000000000030 (0x30)
ffff8801c1e5f608: ffff8801c1e90030 (0xffff8801c1e90030)
ffff8801c1e5f610: ffff8801b6c84f3c (0xffff8801b6c84f3c)
ffff8801c1e5f618: 000000000000001f (0x1f)
ffff8801c1e5f620: ffff8801c1e5f860 (0xffff8801c1e5f860)
ffff8801c1e5f628: ffffffff81334a3d (glue_ctr_crypt_128bit+0x4ed/0xc20)
ffff8801c1e5f630: ffff8801c1e5f860 (0xffff8801c1e5f860)
ffff8801c1e5f638: ffffffff81334a3d (glue_ctr_crypt_128bit+0x4ed/0xc20)
ffff8801c1e5f640: ffffffff81a659d3 (save_stack+0x43/0xd0)
ffff8801c1e5f648: 1ffff100383cbed6 (0x1ffff100383cbed6)
ffff8801c1e5f650: ffffffff852860a4 (twofish_ctr+0x4/0x60)
ffff8801c1e5f658: 0007ffff84159d02 (0x7ffff84159d02)
ffff8801c1e5f660: ffffffff852860c0 (twofish_ctr+0x20/0x60)
ffff8801c1e5f668: ffff8801c1e5f8d8 (0xffff8801c1e5f8d8)
ffff8801c1e5f670: ffffed00383cbeda (0xffffed00383cbeda)
ffff8801c1e5f678: ffff8801c1e5f790 (0xffff8801c1e5f790)
ffff8801c1e5f680: ffff8801c1dd1140 (0xffff8801c1dd1140)
ffff8801c1e5f688: ffff8801c1e5f6d0 (0xffff8801c1e5f6d0)
ffff8801c1e5f690: fffffbfff0a50c18 (0xfffffbfff0a50c18)
ffff8801c1e5f698: ffffffff852860a0 (twofish_enc_xts+0x60/0x60)
ffff8801c1e5f6a0: ffffffff852860b0 (twofish_ctr+0x10/0x60)
ffff8801c1e5f6a8: ffff880100000001 (0xffff880100000001)
ffff8801c1e5f6b0: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5f6b8: ffffffff85b1c8a0 (regoff.32280+0x267620/0x267a00)
ffff8801c1e5f6c0: ffffffff81334550 (glue_ecb_crypt_128bit+0x5c0/0x5c0)
ffff8801c1e5f6c8: ffff8801c1e5f740 (0xffff8801c1e5f740)
ffff8801c1e5f6d0: 0000000000000003 (0x3)
ffff8801c1e5f6d8: 0000000000000000 ...
ffff8801c1e5f6e0: ffffffff8747dd60 (console_drivers+0x40/0x40)
ffff8801c1e5f6e8: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5f6f0: ffffffff85b24df8 (K512_4+0x6378/0xb97f0)
ffff8801c1e5f6f8: ffffffff8154e1d0 (check_noncircular+0x20/0x20)
ffff8801c1e5f700: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5f708: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5f710: ffffffff85b0cf08 (regoff.32280+0x257c88/0x267a00)
ffff8801c1e5f718: ffffffff815591b0 (print_usage_bug+0x3f0/0x3f0)
ffff8801c1e5f720: ffffed00383c9d10 (0xffffed00383c9d10)
ffff8801c1e5f728: ffffffff85f44600 (rcu_callback_map+0x60/0x60)
ffff8801c1e5f730: 0000000000000000 ...
ffff8801c1e5f738: ffff8801c1e5f788 (0xffff8801c1e5f788)
ffff8801c1e5f740: ffffffff8154ee5c (__lock_is_held+0xbc/0x140)
ffff8801c1e5f748: ffff8801c1e5f9b8 (0xffff8801c1e5f9b8)
ffff8801c1e5f750: ffffffff8239da22 (af_alg_pull_tsgl+0x8c2/0xc20)
ffff8801c1e5f758: ffff8801c1e4e888 (0xffff8801c1e4e888)
ffff8801c1e5f760: ffff8801c1e5f910 (0xffff8801c1e5f910)
ffff8801c1e5f768: 1ffff100383cbefe (0x1ffff100383cbefe)
ffff8801c1e5f770: ffff8801c1e6cd00 (0xffff8801c1e6cd00)
ffff8801c1e5f778: 0000000100000bf4 (0x100000bf4)
ffff8801c1e5f780: ffff8801c1e5f890 (0xffff8801c1e5f890)
ffff8801c1e5f788: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5f790: ffffea000707a400 (0xffffea000707a400)
ffff8801c1e5f798: ffff8801c1e90000 (0xffff8801c1e90000)
ffff8801c1e5f7a0: ffffea0006db2100 (0xffffea0006db2100)
ffff8801c1e5f7a8: ffff8801b6c84f0c (0xffff8801b6c84f0c)
ffff8801c1e5f7b0: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5f7b8: 0000000000000000 ...
ffff8801c1e5f7c0: ffff88010000004f (0xffff88010000004f)
ffff8801c1e5f7c8: ffff8801c1dcf690 (0xffff8801c1dcf690)
ffff8801c1e5f7d0: ffffed0000000f0c (0xffffed0000000f0c)
ffff8801c1e5f7d8: ffffea000000004f (0xffffea000000004f)
ffff8801c1e5f7e0: 0000000000000000 ...
ffff8801c1e5f7f0: ffff8801c1d73d40 (0xffff8801c1d73d40)
ffff8801c1e5f7f8: fffffff800000010 (0xfffffff800000010)
ffff8801c1e5f800: 0000000100000010 (0x100000010)
ffff8801c1e5f808: ffff880100000000 (0xffff880100000000)
ffff8801c1e5f810: ffff880100000001 (0xffff880100000001)
ffff8801c1e5f818: 0000000000000286 (0x286)
ffff8801c1e5f820: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5f828: ffffffff85f44600 (rcu_callback_map+0x60/0x60)
ffff8801c1e5f830: ffff8801c1e5f8d8 (0xffff8801c1e5f8d8)
ffff8801c1e5f838: ffff8801c1e5f878 (0xffff8801c1e5f878)
ffff8801c1e5f840: ffff8801c1dcf690 (0xffff8801c1dcf690)
ffff8801c1e5f848: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5f850: 000000000000004f (0x4f)
ffff8801c1e5f858: ffff8801c1d73d40 (0xffff8801c1d73d40)
ffff8801c1e5f860: ffff8801c1e5f898 (0xffff8801c1e5f898)
ffff8801c1e5f868: ffffffff813c41f4 (ctr_crypt+0x34/0x40)
ffff8801c1e5f870: ffffffff813c41f4 (ctr_crypt+0x34/0x40)
ffff8801c1e5f878: ffff8801c1dcf9d0 (0xffff8801c1dcf9d0)
ffff8801c1e5f880: 1ffff100383cbf17 (0x1ffff100383cbf17)
ffff8801c1e5f888: ffff8801c1e5f8d8 (0xffff8801c1e5f8d8)
ffff8801c1e5f890: ffffffff813c41c0 (twofish_enc_blk_3way+0x30/0x30)
ffff8801c1e5f898: ffff8801c1e5f940 (0xffff8801c1e5f940)
ffff8801c1e5f8a0: ffffffff823be261 (__ablk_encrypt+0x1d1/0x2d0)
ffff8801c1e5f8a8: ffff8801c1dcf960 (0xffff8801c1dcf960)
ffff8801c1e5f8b0: 0000000000000000 ...
ffff8801c1e5f8b8: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5f8c0: ffffffff85b4425b (K512_4+0x257db/0xb97f0)
ffff8801c1e5f8c8: ffffffff823be090 (ablk_set_key+0x1a0/0x1a0)
ffff8801c1e5f8d0: dead000000000100 (0xdead000000000100)
ffff8801c1e5f8d8: ffff8801c1dd1100 (0xffff8801c1dd1100)
ffff8801c1e5f8e0: ffff8801c1d73d40 (0xffff8801c1d73d40)
ffff8801c1e5f8e8: 0000000000000000 ...
ffff8801c1e5f8f0: 1ffff100383cbf26 (0x1ffff100383cbf26)
ffff8801c1e5f8f8: 0000000000000020 (0x20)
ffff8801c1e5f900: ffff8801c1e6cd00 (0xffff8801c1e6cd00)
ffff8801c1e5f908: 1ffff100383cbf2a (0x1ffff100383cbf2a)
ffff8801c1e5f910: ffff8801c1e5f990 (0xffff8801c1e5f990)
ffff8801c1e5f918: ffff8801c1dcf9d0 (0xffff8801c1dcf9d0)
ffff8801c1e5f920: ffff8801b7a3ee80 (0xffff8801b7a3ee80)
ffff8801c1e5f928: ffffffff823be360 (__ablk_encrypt+0x2d0/0x2d0)
ffff8801c1e5f930: ffff8801c1dcf9d0 (0xffff8801c1dcf9d0)
ffff8801c1e5f938: 000000000000004f (0x4f)
ffff8801c1e5f940: ffff8801c1e5f970 (0xffff8801c1e5f970)
ffff8801c1e5f948: ffffffff823be59e (ablk_encrypt+0x23e/0x2c0)
ffff8801c1e5f950: ffff8801c1dcf980 (0xffff8801c1dcf980)
ffff8801c1e5f958: ffff8801c1d73d40 (0xffff8801c1d73d40)
ffff8801c1e5f960: ffffffff823be360 (__ablk_encrypt+0x2d0/0x2d0)
ffff8801c1e5f968: ffff8801c1dcf9d0 (0xffff8801c1dcf9d0)
ffff8801c1e5f970: ffff8801c1e5f9b8 (0xffff8801c1e5f9b8)
ffff8801c1e5f978: ffffffff82261212 (skcipher_encrypt_ablkcipher+0x312/0x420)
ffff8801c1e5f980: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5f988: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5f990: ffff8801c1dcf680 (0xffff8801c1dcf680)
ffff8801c1e5f998: ffff8801c239b320 (0xffff8801c239b320)
ffff8801c1e5f9a0: ffff8801c1dcf980 (0xffff8801c1dcf980)
ffff8801c1e5f9a8: ffff8801c1e6cd00 (0xffff8801c1e6cd00)
ffff8801c1e5f9b0: dffffc0000000000 (0xdffffc0000000000)
ffff8801c1e5f9b8: ffff8801c1e5fac8 (0xffff8801c1e5fac8)
ffff8801c1e5f9c0: ffffffff823a4c54 (skcipher_recvmsg+0xa44/0xf30)
ffff8801c1e5f9c8: 1ffff100383cbf45 (0x1ffff100383cbf45)
ffff8801c1e5f9d0: ffff8801c446e620 (0xffff8801c446e620)
ffff8801c1e5f9d8: 1ffff100383cbf48 (0x1ffff100383cbf48)
ffff8801c1e5f9e0: ffff8801c1e6cd00 (0xffff8801c1e6cd00)
ffff8801c1e5f9e8: ffff8801c1e5fa00 (0xffff8801c1e5fa00)
ffff8801c1e5f9f0: ffff8801c1e5fe98 (0xffff8801c1e5fe98)
ffff8801c1e5f9f8: ffffed003888dcc4 (0xffffed003888dcc4)
ffff8801c1e5fa00: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fa08: 0000000000000000 ...
ffff8801c1e5fa10: ffff8801c1e5fa60 (0xffff8801c1e5fa60)
ffff8801c1e5fa18: ffff8801c1c8ad00 (0xffff8801c1c8ad00)
ffff8801c1e5fa20: ffff8801c1e5fe78 (0xffff8801c1e5fe78)
ffff8801c1e5fa28: ffffed00383cbf4c (0xffffed00383cbf4c)
ffff8801c1e5fa30: ffff8801c222b6c0 (0xffff8801c222b6c0)
ffff8801c1e5fa38: ffff8801c239b300 (0xffff8801c239b300)
ffff8801c1e5fa40: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5fa48: ffffffff85b57250 (K512_4+0x387d0/0xb97f0)
ffff8801c1e5fa50: ffffffff823a4210 (skcipher_sendpage_nokey+0xa0/0xa0)
ffff8801c1e5fa58: ffff8801c1e6cd88 (0xffff8801c1e6cd88)
ffff8801c1e5fa60: 000000000000004f (0x4f)
ffff8801c1e5fa68: ffff8801c1e6cd00 (0xffff8801c1e6cd00)
ffff8801c1e5fa70: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fa78: 0000000000000000 ...
ffff8801c1e5fa80: ffff8801c1e6d198 (0xffff8801c1e6d198)
ffff8801c1e5fa88: 0000000000000000 ...
ffff8801c1e5fa90: ffff8801c1e5fac8 (0xffff8801c1e5fac8)
ffff8801c1e5fa98: ffffffff823a3fd1 (skcipher_check_key.isra.4+0x61/0x200)
ffff8801c1e5faa0: 0000000000000000 ...
ffff8801c1e5faa8: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fab0: ffff8801c1e5fe78 (0xffff8801c1e5fe78)
ffff8801c1e5fab8: 000000000000004f (0x4f)
ffff8801c1e5fac0: 0000000000000000 ...
ffff8801c1e5fac8: ffff8801c1e5fb00 (0xffff8801c1e5fb00)
ffff8801c1e5fad0: ffffffff823a51a0 (skcipher_recvmsg_nokey+0x60/0x80)
ffff8801c1e5fad8: ffff8801c1e5fe78 (0xffff8801c1e5fe78)
ffff8801c1e5fae0: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fae8: ffff8801c1e5fe98 (0xffff8801c1e5fe98)
ffff8801c1e5faf0: 0000000000000000 ...
ffff8801c1e5faf8: ffffffff823a5140 (skcipher_recvmsg+0xf30/0xf30)
ffff8801c1e5fb00: ffff8801c1e5fb40 (0xffff8801c1e5fb40)
ffff8801c1e5fb08: ffffffff84149489 (sock_recvmsg+0xc9/0x110)
ffff8801c1e5fb10: ffff8801cd89d418 (0xffff8801cd89d418)
ffff8801c1e5fb18: ffffffff841493c0 (__sock_recv_wifi_status+0x210/0x210)
ffff8801c1e5fb20: ffff8801c1e5fe78 (0xffff8801c1e5fe78)
ffff8801c1e5fb28: 0000000000000000 ...
ffff8801c1e5fb30: 000000002027e000 (0x2027e000)
ffff8801c1e5fb38: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fb40: ffff8801c1e5fdb0 (0xffff8801c1e5fdb0)
ffff8801c1e5fb48: ffffffff84152aeb (___sys_recvmsg+0x29b/0x630)
ffff8801c1e5fb50: ffff8801c1e5fe80 (0xffff8801c1e5fe80)
ffff8801c1e5fb58: 0000000020284000 (0x20284000)
ffff8801c1e5fb60: ffff8801c1e5feb0 (0xffff8801c1e5feb0)
ffff8801c1e5fb68: ffff8801c1e5fec0 (0xffff8801c1e5fec0)
ffff8801c1e5fb70: ffff8801c1e5fce0 (0xffff8801c1e5fce0)
ffff8801c1e5fb78: 000000002027e008 (0x2027e008)
ffff8801c1e5fb80: ffff8801c1e5fc00 (0xffff8801c1e5fc00)
ffff8801c1e5fb88: ffff8801c1e5fbc0 (0xffff8801c1e5fbc0)
ffff8801c1e5fb90: 1ffff100383cbf74 (0x1ffff100383cbf74)
ffff8801c1e5fb98: 0000000000000000 ...
ffff8801c1e5fba0: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5fba8: ffffffff85baa468 (K512_4+0x8b9e8/0xb97f0)
ffff8801c1e5fbb0: ffffffff84152850 (___sys_sendmsg+0x8a0/0x8a0)
ffff8801c1e5fbb8: 0000000000000000 ...
ffff8801c1e5fbd0: ffffffff86949ec8 (lock_chains+0x628/0x200020)
ffff8801c1e5fbd8: ffff8801c1f7dd40 (0xffff8801c1f7dd40)
ffff8801c1e5fbe0: 0000000000000000 ...
ffff8801c1e5fc00: 0000000020284000 (0x20284000)
ffff8801c1e5fc08: 0000000000000000 ...
ffff8801c1e5fc18: 1ffff100383cbf8c (0x1ffff100383cbf8c)
ffff8801c1e5fc20: ffff8801cd89d3c0 (0xffff8801cd89d3c0)
ffff8801c1e5fc28: 0000000000000066 (0x66)
ffff8801c1e5fc30: ffff8801c1e5fd40 (0xffff8801c1e5fd40)
ffff8801c1e5fc38: 1ffff100383cbf90 (0x1ffff100383cbf90)
ffff8801c1e5fc40: 0000000020043f18 (0x20043f18)
ffff8801c1e5fc48: 0000000000000000 ...
ffff8801c1e5fc50: 0000000020284f0c (0x20284f0c)
ffff8801c1e5fc58: 000000000000004f (0x4f)
ffff8801c1e5fc60: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5fc68: ffffffff85b0caf0 (regoff.32280+0x257870/0x267a00)
ffff8801c1e5fc70: ffffffff81b64e30 (fget_raw+0x20/0x20)
ffff8801c1e5fc78: ffff8801db425b58 (0xffff8801db425b58)
ffff8801c1e5fc80: ffff880100000002 (0xffff880100000002)
ffff8801c1e5fc88: ffff8801c1e5fcc8 (0xffff8801c1e5fcc8)
ffff8801c1e5fc90: ffffffff8154ec09 (find_held_lock+0x39/0x1d0)
ffff8801c1e5fc98: 0000000000000001 (0x1)
ffff8801c1e5fca0: 1ffff100383cbfa0 (0x1ffff100383cbfa0)
ffff8801c1e5fca8: ffff8801c1e5fd20 (0xffff8801c1e5fd20)
ffff8801c1e5fcb0: ffff8801c1e5fe20 (0xffff8801c1e5fe20)
ffff8801c1e5fcb8: ffff8801db425b58 (0xffff8801db425b58)
ffff8801c1e5fcc0: ffffffff8747dd60 (console_drivers+0x40/0x40)
ffff8801c1e5fcc8: ffff8801c1e5fe48 (0xffff8801c1e5fe48)
ffff8801c1e5fcd0: 0000000000000086 (0x86)
ffff8801c1e5fcd8: ffff8801c1e4e880 (0xffff8801c1e4e880)
ffff8801c1e5fce0: ffffffff00000001 (0xffffffff00000001)
ffff8801c1e5fce8: ffff880100000001 (0xffff880100000001)
ffff8801c1e5fcf0: 0000000000000086 (0x86)
ffff8801c1e5fcf8: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5fd00: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5fd08: ffffffff85b25028 (K512_4+0x65a8/0xb97f0)
ffff8801c1e5fd10: ffffffff815614e0 (lock_downgrade+0x980/0x980)
ffff8801c1e5fd18: 1ffff100383cbfb3 (0x1ffff100383cbfb3)
ffff8801c1e5fd20: 0000000000000000 ...
ffff8801c1e5fd30: 0000000000000001 (0x1)
ffff8801c1e5fd38: ffff8801c1e5fe60 (0xffff8801c1e5fe60)
ffff8801c1e5fd40: 0000000000000066 (0x66)
ffff8801c1e5fd48: ffff8801c1e5fe38 (0xffff8801c1e5fe38)
ffff8801c1e5fd50: dffffc0000000000 (0xdffffc0000000000)
ffff8801c1e5fd58: ffff8801c1e5fdf8 (0xffff8801c1e5fdf8)
ffff8801c1e5fd60: 0000000000000066 (0x66)
ffff8801c1e5fd68: ffff8801c1e5fd80 (0xffff8801c1e5fd80)
ffff8801c1e5fd70: ffffffff81b651d8 (__fdget+0x18/0x20)
ffff8801c1e5fd78: 0000000000000066 (0x66)
ffff8801c1e5fd80: ffff8801c1e5fef8 (0xffff8801c1e5fef8)
ffff8801c1e5fd88: ffff8801c1e5fdc8 (0xffff8801c1e5fdc8)
ffff8801c1e5fd90: ffff8801c1e5fe38 (0xffff8801c1e5fe38)
ffff8801c1e5fd98: dffffc0000000000 (0xdffffc0000000000)
ffff8801c1e5fda0: 1ffff100383cbfbb (0x1ffff100383cbfbb)
ffff8801c1e5fda8: ffff8801c446e600 (0xffff8801c446e600)
ffff8801c1e5fdb0: ffff8801c1e5ff20 (0xffff8801c1e5ff20)
ffff8801c1e5fdb8: ffffffff841558c2 (__sys_recvmsg+0xe2/0x210)
ffff8801c1e5fdc0: ffffffff841558c2 (__sys_recvmsg+0xe2/0x210)
ffff8801c1e5fdc8: 0000000085b0b10a (0x85b0b10a)
ffff8801c1e5fdd0: 000000002027e000 (0x2027e000)
ffff8801c1e5fdd8: 0000000041b58ab3 (0x41b58ab3)
ffff8801c1e5fde0: ffffffff85baa4d0 (K512_4+0x8ba50/0xb97f0)
ffff8801c1e5fde8: ffffffff841557e0 (SyS_sendmmsg+0x60/0x60)
ffff8801c1e5fdf0: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5fdf8: ffffffff00000001 (0xffffffff00000001)
ffff8801c1e5fe00: 1ffff100383cbfd4 (0x1ffff100383cbfd4)
ffff8801c1e5fe08: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5fe10: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5fe18: ffff8801c1e5fe38 (0xffff8801c1e5fe38)
ffff8801c1e5fe20: ffffffff8155ab01 (trace_hardirqs_on_caller+0x421/0x5c0)
ffff8801c1e5fe28: ffff8801db425b40 (0xffff8801db425b40)
ffff8801c1e5fe30: ffff8801cd8e4200 (0xffff8801cd8e4200)
ffff8801c1e5fe38: ffff8801fffffff7 (0xffff8801fffffff7)
ffff8801c1e5fe40: 0000000000000086 (0x86)
ffff8801c1e5fe48: ffff8801c1e4e000 (0xffff8801c1e4e000)
ffff8801c1e5fe50: ffff8801c1e5fee0 (0xffff8801c1e5fee0)
ffff8801c1e5fe58: ffff8801c1e5fe70 (0xffff8801c1e5fe70)
ffff8801c1e5fe60: ffffffff81564c17 (lockdep_sys_exit+0x47/0xf0)
ffff8801c1e5fe68: 1ffff100383cbfd0 (0x1ffff100383cbfd0)
ffff8801c1e5fe70: ffff8801c1e5ff48 (0xffff8801c1e5ff48)
ffff8801c1e5fe78: ffff8801c1e5fce0 (0xffff8801c1e5fce0)
ffff8801c1e5fe80: 0000000000000000 ...
ffff8801c1e5fe88: ffffffff00000000 (0xffffffff00000000)
ffff8801c1e5fe90: 0000000000000000 ...
ffff8801c1e5fea0: ffff8801c1e5fc60 (0xffff8801c1e5fc60)
ffff8801c1e5fea8: 0000000000000000 ...
ffff8801c1e5feb0: 0000000020284000 (0x20284000)
ffff8801c1e5feb8: 0000000000000000 ...
ffff8801c1e5fec0: 00007fc300000000 (0x7fc300000000)
ffff8801c1e5fec8: 0000000000000000 ...
ffff8801c1e5fed0: ffff8801c1e5fef0 (0xffff8801c1e5fef0)
ffff8801c1e5fed8: ffffffff8155ab01 (trace_hardirqs_on_caller+0x421/0x5c0)
ffff8801c1e5fee0: 0000000000000000 ...
ffff8801c1e5fef0: ffff8801c1e5ff48 (0xffff8801c1e5ff48)
ffff8801c1e5fef8: 0000000000000000 ...
ffff8801c1e5ff00: 0000000000000066 (0x66)
ffff8801c1e5ff08: 000000002027e000 (0x2027e000)
ffff8801c1e5ff10: 00007fc39e16c9c0 (0x7fc39e16c9c0)
ffff8801c1e5ff18: 0000000000000000 ...
ffff8801c1e5ff20: ffff8801c1e5ff48 (0xffff8801c1e5ff48)
ffff8801c1e5ff28: ffffffff84155a1d (SyS_recvmsg+0x2d/0x50)
ffff8801c1e5ff30: 0000000000000000 ...
ffff8801c1e5ff40: 00007ffcea86c64f (0x7ffcea86c64f)
ffff8801c1e5ff48: 0000000000000000 ...
ffff8801c1e5ff50: ffffffff8513ce81 (entry_SYSCALL_64_fastpath+0x1f/0x96)
ffff8801c1e5ff58: 0000000000000000 ...
ffff8801c1e5ff60: 00007fc39e16c9c0 (0x7fc39e16c9c0)
ffff8801c1e5ff68: 00007ffcea86c64f (0x7ffcea86c64f)
ffff8801c1e5ff70: 0000000000000000 ...
ffff8801c1e5ff78: 0000000000000086 (0x86)
ffff8801c1e5ff80: 0000000000000000 ...
ffff8801c1e5ff88: 0000000000000202 (0x202)
ffff8801c1e5ff90: 00007fc39e16c700 (0x7fc39e16c700)
ffff8801c1e5ff98: 00007fc39e16c700 (0x7fc39e16c700)
ffff8801c1e5ffa0: 00007fc39e16c700 (0x7fc39e16c700)
ffff8801c1e5ffa8: ffffffffffffffda (0xffffffffffffffda)
ffff8801c1e5ffb0: 000000000044ad19 (0x44ad19)
ffff8801c1e5ffb8: 0000000000000000 ...
ffff8801c1e5ffc0: 000000002027e000 (0x2027e000)
ffff8801c1e5ffc8: 0000000000000066 (0x66)
ffff8801c1e5ffd0: 000000000000002f (0x2f)
ffff8801c1e5ffd8: 000000000044ad19 (0x44ad19)
ffff8801c1e5ffe0: 0000000000000033 (0x33)
ffff8801c1e5ffe8: 0000000000000202 (0x202)
ffff8801c1e5fff0: 00007fc39e16bdc8 (0x7fc39e16bdc8)
ffff8801c1e5fff8: 000000000000002b (0x2b)


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>

syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.

[Eric Biggers]

On Tue, Nov 28, 2017 at 10:36:01AM -0800, syzbot wrote:
> WARNING: kernel stack regs at ffff8801c1e5f468 in syzkaller196611:6199 has
> bad 'bp' value 0000000000000001
> unwind stack type:0 next_sp: (null) mask:0x6 graph_idx:0
> ffff8801db4075a8: ffff8801db407630 (0xffff8801db407630)
> ffff8801db4075b0: ffffffff8128a84e (__save_stack_trace+0x6e/0xd0)
> ffff8801db4075b8: 0000000000000000 ...
> ffff8801db4075c0: ffff8801c1e58000 (0xffff8801c1e58000)
> ffff8801db4075c8: ffff8801c1e60000 (0xffff8801c1e60000)
> ffff8801db4075d0: 0000000000000000 ...
> ffff8801db4075d8: 0000000000000006 (0x6)
> ffff8801db4075e0: ffff8801c1e4e000 (0xffff8801c1e4e000)
> ffff8801db4075e8: 0000010100000000 (0x10100000000)
> ffff8801db4075f0: 0000000000000000 ...
> ffff8801db4075f8: ffff8801db4075a8 (0xffff8801db4075a8)
> ffff8801db407600: ffffffff8134ff7d (__twofish_enc_blk_3way+0x1b1d/0x1b30)

Looks like the x86_64 "3 way" version of Twofish (twofish-x86_64-asm_64-3way.S)
needs to be updated to not use %rbp.

Eric

[Eric Biggers]

From: Eric Biggers <ebig...@google.com>

Using %rbp as a temporary register breaks frame pointer convention and
breaks stack traces when unwinding from an interrupt in the crypto code.

In twofish-3way, we can't simply replace %rbp with another register
because there are none available. Instead, we use the stack to hold the
values that %rbp, %r11, and %r12 were holding previously. Each of these
values represents the half of the output from the previous Feistel round
that is being passed on unchanged to the following round. They are only
used once per round, when they are exchanged with %rax, %rbx, and %rcx.

As a result, we free up 3 registers (one per block) and can reassign
them so that %rbp is not used, and additionally %r14 and %r15 are not
used so they do not need to be saved/restored.

There may be a small overhead caused by replacing 'xchg REG, REG' with
the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
round. But, counterintuitively, when I tested "ctr-twofish-3way" on a
Haswell processor, the new version was actually about 2% faster.
(Perhaps 'xchg' is not as well optimized as plain moves.)

Reported-by: syzbot <syzk...@googlegroups.com>
Signed-off-by: Eric Biggers <ebig...@google.com>
---
arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 112 ++++++++++++++-------------
1 file changed, 60 insertions(+), 52 deletions(-)

diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
index 1c3b7ceb36d2..e7273a606a07 100644
--- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
+++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
@@ -55,29 +55,31 @@
#define RAB1bl %bl
#define RAB2bl %cl

+#define CD0 0x0(%rsp)
+#define CD1 0x8(%rsp)
+#define CD2 0x10(%rsp)
+
+# used only before/after all rounds
#define RCD0 %r8
#define RCD1 %r9
#define RCD2 %r10

-#define RCD0d %r8d
-#define RCD1d %r9d
-#define RCD2d %r10d
-
-#define RX0 %rbp
-#define RX1 %r11
-#define RX2 %r12
+# used only during rounds
+#define RX0 %r8
+#define RX1 %r9
+#define RX2 %r10

-#define RX0d %ebp
-#define RX1d %r11d
-#define RX2d %r12d
+#define RX0d %r8d
+#define RX1d %r9d
+#define RX2d %r10d

-#define RY0 %r13
-#define RY1 %r14
-#define RY2 %r15
+#define RY0 %r11
+#define RY1 %r12
+#define RY2 %r13

-#define RY0d %r13d
-#define RY1d %r14d
-#define RY2d %r15d
+#define RY0d %r11d
+#define RY1d %r12d
+#define RY2d %r13d

#define RT0 %rdx
#define RT1 %rsi
@@ -85,6 +87,8 @@
#define RT0d %edx
#define RT1d %esi

+#define RT1bl %sil
+
#define do16bit_ror(rot, op1, op2, T0, T1, tmp1, tmp2, ab, dst) \
movzbl ab ## bl, tmp2 ## d; \
movzbl ab ## bh, tmp1 ## d; \
@@ -92,6 +96,11 @@
op1##l T0(CTX, tmp2, 4), dst ## d; \
op2##l T1(CTX, tmp1, 4), dst ## d;

+#define swap_ab_with_cd(ab, cd, tmp) \
+ movq cd, tmp; \
+ movq ab, cd; \
+ movq tmp, ab;
+
/*
* Combined G1 & G2 function. Reordered with help of rotates to have moves
* at begining.
@@ -110,15 +119,15 @@
/* G1,2 && G2,2 */ \
do16bit_ror(32, xor, xor, Tx2, Tx3, RT0, RT1, ab ## 0, x ## 0); \
do16bit_ror(16, xor, xor, Ty3, Ty0, RT0, RT1, ab ## 0, y ## 0); \
- xchgq cd ## 0, ab ## 0; \
+ swap_ab_with_cd(ab ## 0, cd ## 0, RT0); \
\
do16bit_ror(32, xor, xor, Tx2, Tx3, RT0, RT1, ab ## 1, x ## 1); \
do16bit_ror(16, xor, xor, Ty3, Ty0, RT0, RT1, ab ## 1, y ## 1); \
- xchgq cd ## 1, ab ## 1; \
+ swap_ab_with_cd(ab ## 1, cd ## 1, RT0); \
\
do16bit_ror(32, xor, xor, Tx2, Tx3, RT0, RT1, ab ## 2, x ## 2); \
do16bit_ror(16, xor, xor, Ty3, Ty0, RT0, RT1, ab ## 2, y ## 2); \
- xchgq cd ## 2, ab ## 2;
+ swap_ab_with_cd(ab ## 2, cd ## 2, RT0);

#define enc_round_end(ab, x, y, n) \
addl y ## d, x ## d; \
@@ -168,6 +177,16 @@
decrypt_round3(ba, dc, (n*2)+1); \
decrypt_round3(ba, dc, (n*2));

+#define push_cd() \
+ pushq RCD2; \
+ pushq RCD1; \
+ pushq RCD0;
+
+#define pop_cd() \
+ popq RCD0; \
+ popq RCD1; \
+ popq RCD2;
+
#define inpack3(in, n, xy, m) \
movq 4*(n)(in), xy ## 0; \
xorq w+4*m(CTX), xy ## 0; \
@@ -223,11 +242,8 @@ ENTRY(__twofish_enc_blk_3way)
* %rdx: src, RIO
* %rcx: bool, if true: xor output
*/
- pushq %r15;
- pushq %r14;
pushq %r13;
pushq %r12;
- pushq %rbp;
pushq %rbx;

pushq %rcx; /* bool xor */
@@ -235,40 +251,36 @@ ENTRY(__twofish_enc_blk_3way)

inpack_enc3();

- encrypt_cycle3(RAB, RCD, 0);
- encrypt_cycle3(RAB, RCD, 1);
- encrypt_cycle3(RAB, RCD, 2);
- encrypt_cycle3(RAB, RCD, 3);
- encrypt_cycle3(RAB, RCD, 4);
- encrypt_cycle3(RAB, RCD, 5);
- encrypt_cycle3(RAB, RCD, 6);
- encrypt_cycle3(RAB, RCD, 7);
+ push_cd();
+ encrypt_cycle3(RAB, CD, 0);
+ encrypt_cycle3(RAB, CD, 1);
+ encrypt_cycle3(RAB, CD, 2);
+ encrypt_cycle3(RAB, CD, 3);
+ encrypt_cycle3(RAB, CD, 4);
+ encrypt_cycle3(RAB, CD, 5);
+ encrypt_cycle3(RAB, CD, 6);
+ encrypt_cycle3(RAB, CD, 7);
+ pop_cd();

popq RIO; /* dst */
- popq %rbp; /* bool xor */
+ popq RT1; /* bool xor */

- testb %bpl, %bpl;
+ testb RT1bl, RT1bl;
jnz .L__enc_xor3;

outunpack_enc3(mov);

popq %rbx;
- popq %rbp;
popq %r12;
popq %r13;
- popq %r14;
- popq %r15;
ret;

.L__enc_xor3:
outunpack_enc3(xor);

popq %rbx;
- popq %rbp;
popq %r12;
popq %r13;
- popq %r14;
- popq %r15;
ret;
ENDPROC(__twofish_enc_blk_3way)

@@ -278,35 +290,31 @@ ENTRY(twofish_dec_blk_3way)
* %rsi: dst
* %rdx: src, RIO
*/
- pushq %r15;
- pushq %r14;
pushq %r13;
pushq %r12;
- pushq %rbp;
pushq %rbx;

pushq %rsi; /* dst */

inpack_dec3();

- decrypt_cycle3(RAB, RCD, 7);
- decrypt_cycle3(RAB, RCD, 6);
- decrypt_cycle3(RAB, RCD, 5);
- decrypt_cycle3(RAB, RCD, 4);
- decrypt_cycle3(RAB, RCD, 3);
- decrypt_cycle3(RAB, RCD, 2);
- decrypt_cycle3(RAB, RCD, 1);
- decrypt_cycle3(RAB, RCD, 0);
+ push_cd();
+ decrypt_cycle3(RAB, CD, 7);
+ decrypt_cycle3(RAB, CD, 6);
+ decrypt_cycle3(RAB, CD, 5);
+ decrypt_cycle3(RAB, CD, 4);
+ decrypt_cycle3(RAB, CD, 3);
+ decrypt_cycle3(RAB, CD, 2);
+ decrypt_cycle3(RAB, CD, 1);
+ decrypt_cycle3(RAB, CD, 0);
+ pop_cd();

popq RIO; /* dst */

outunpack_dec3();

popq %rbx;
- popq %rbp;
popq %r12;
popq %r13;
- popq %r14;
- popq %r15;
ret;
ENDPROC(twofish_dec_blk_3way)
--
2.15.1.504.g5279b80103-goog

[Ingo Molnar]

* Eric Biggers <ebig...@gmail.com> wrote:

> There may be a small overhead caused by replacing 'xchg REG, REG' with
> the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
> round. But, counterintuitively, when I tested "ctr-twofish-3way" on a
> Haswell processor, the new version was actually about 2% faster.
> (Perhaps 'xchg' is not as well optimized as plain moves.)

XCHG has implicit LOCK semantics on all x86 CPUs, so that's not a surprising
result I think.

Thanks,

Ingo

[Juergen Gross]

Exchanging 2 registers can be done without memory access via:

xor reg1, reg2
xor reg2, reg1
xor reg1, reg2


Juergen

[David Laight]

From: Juergen Gross
> Sent: 19 December 2017 08:05
..

>
> Exchanging 2 registers can be done without memory access via:
>
> xor reg1, reg2
> xor reg2, reg1
> xor reg1, reg2

That'll generate horrid data dependencies.
ISTR that there are some optimisations for the stack,
so even 'push reg1', 'mov reg2,reg1', 'pop reg2' might
be faster than the above.

David

[Ingo Molnar]

Correction: I think XCHG only implies LOCK if there's a memory operand involved -
register-register XCHG should not imply any barriers.

So the result is indeed unintuitive.

Thanks,

Ingo

[Josh Poimboeuf]

On Mon, Dec 18, 2017 at 04:40:26PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebig...@google.com>
>
> Using %rbp as a temporary register breaks frame pointer convention and
> breaks stack traces when unwinding from an interrupt in the crypto code.
>
> In twofish-3way, we can't simply replace %rbp with another register
> because there are none available. Instead, we use the stack to hold the
> values that %rbp, %r11, and %r12 were holding previously. Each of these
> values represents the half of the output from the previous Feistel round
> that is being passed on unchanged to the following round. They are only
> used once per round, when they are exchanged with %rax, %rbx, and %rcx.
>
> As a result, we free up 3 registers (one per block) and can reassign
> them so that %rbp is not used, and additionally %r14 and %r15 are not
> used so they do not need to be saved/restored.
>
> There may be a small overhead caused by replacing 'xchg REG, REG' with
> the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
> round. But, counterintuitively, when I tested "ctr-twofish-3way" on a
> Haswell processor, the new version was actually about 2% faster.
> (Perhaps 'xchg' is not as well optimized as plain moves.)
>
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Biggers <ebig...@google.com>

Thanks a lot for fixing this!

Reviewed-by: Josh Poimboeuf <jpoi...@redhat.com>

--
Josh

[Dmitry Vyukov]

This is what is supposed to be fixed with "crypto: x86/twofish-3way -
Fix %rbp usage", right? Was it merged anywhere?
This is one of top crashers with 15K crashes.

[Herbert Xu]

On Mon, Dec 18, 2017 at 04:40:26PM -0800, Eric Biggers wrote:

> From: Eric Biggers <ebig...@google.com>
>
> Using %rbp as a temporary register breaks frame pointer convention and
> breaks stack traces when unwinding from an interrupt in the crypto code.
>
> In twofish-3way, we can't simply replace %rbp with another register
> because there are none available. Instead, we use the stack to hold the
> values that %rbp, %r11, and %r12 were holding previously. Each of these
> values represents the half of the output from the previous Feistel round
> that is being passed on unchanged to the following round. They are only
> used once per round, when they are exchanged with %rax, %rbx, and %rcx.
>
> As a result, we free up 3 registers (one per block) and can reassign
> them so that %rbp is not used, and additionally %r14 and %r15 are not
> used so they do not need to be saved/restored.
>
> There may be a small overhead caused by replacing 'xchg REG, REG' with
> the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
> round. But, counterintuitively, when I tested "ctr-twofish-3way" on a
> Haswell processor, the new version was actually about 2% faster.
> (Perhaps 'xchg' is not as well optimized as plain moves.)
>
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Biggers <ebig...@google.com>

Patch applied. Thanks.
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[Dmitry Vyukov]

#syz fix: crypto: x86/twofish-3way - Fix %rbp usage