Hello,
syzbot tried to test the proposed patch but the build/boot failed:
ntention.
[ 1.629526][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88823bc00000-0xffff88823be00000
[ 1.631105][ T0] random: crng init done
[ 1.632812][ T0] Console: colour VGA+ 80x25
[ 1.633604][ T0] printk: console [ttyS0] enabled
[ 1.633604][ T0] printk: console [ttyS0] enabled
[ 1.635134][ T0] printk: bootconsole [earlyser0] disabled
[ 1.635134][ T0] printk: bootconsole [earlyser0] disabled
[ 1.637076][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[ 1.638448][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8
[ 1.639228][ T0] ... MAX_LOCK_DEPTH: 48
[ 1.640056][ T0] ... MAX_LOCKDEP_KEYS: 8192
[ 1.640818][ T0] ... CLASSHASH_SIZE: 4096
[ 1.641625][ T0] ... MAX_LOCKDEP_ENTRIES: 131072
[ 1.642475][ T0] ... MAX_LOCKDEP_CHAINS: 262144
[ 1.643421][ T0] ... CHAINHASH_SIZE: 131072
[ 1.644827][ T0] memory used by lock dependency info: 20657 kB
[ 1.646136][ T0] memory used for stack traces: 8320 kB
[ 1.647227][ T0] per task-struct memory footprint: 1920 bytes
[ 1.648257][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl
[ 1.650226][ T0] ACPI: Core revision 20220331
[ 1.651626][ T0] APIC: Switch to symmetric I/O mode setup
[ 1.659092][ T0] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1
[ 1.661217][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1fb6d54cfe9, max_idle_ns: 440795226702 ns
[ 1.663734][ T0] Calibrating delay loop (skipped) preset value.. 4400.34 BogoMIPS (lpj=22001720)
[ 1.665174][ T0] pid_max: default: 32768 minimum: 301
[ 1.666533][ T0] LSM: Security Framework initializing
[ 1.667607][ T0] landlock: Up and running.
[ 1.668368][ T0] Yama: becoming mindful.
[ 1.669112][ T0] TOMOYO Linux initialized
[ 1.670037][ T0] AppArmor: AppArmor initialized
[ 1.671096][ T0] LSM support for eBPF active
[ 1.677595][ T0] Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, vmalloc hugepage)
[ 1.681197][ T0] Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage)
[ 1.682736][ T0] Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc)
[ 1.683799][ T0] Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc)
[ 1.688970][ T0] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8
[ 1.690176][ T0] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4
[ 1.691234][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 1.693782][ T0] Spectre V2 : Mitigation: IBRS
[ 1.694640][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 1.695941][ T0] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[ 1.697086][ T0] RETBleed: Mitigation: IBRS
[ 1.697947][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[ 1.699622][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[ 1.700977][ T0] MDS: Mitigation: Clear CPU buffers
[ 1.702597][ T0] TAA: Mitigation: Clear CPU buffers
[ 1.703734][ T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
[ 1.707472][ T0] Freeing SMP alternatives memory: 112K
[ 1.830860][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.20GHz (family: 0x6, model: 0x4f, stepping: 0x0)
[ 1.833719][ T1] cblist_init_generic: Setting adjustable number of callback queues.
[ 1.833719][ T1] cblist_init_generic: Setting shift to 1 and lim to 1.
[ 1.833719][ T1] cblist_init_generic: Setting shift to 1 and lim to 1.
[ 1.833719][ T1] Running RCU-tasks wait API self tests
[ 1.934199][ T1] Performance Events: unsupported p6 CPU model 79 no PMU driver, software events only.
[ 1.936520][ T1] rcu: Hierarchical SRCU implementation.
[ 1.937357][ T1] rcu: Max phase no-delay instances is 1000.
[ 1.942741][ T1] NMI watchdog: Perf NMI watchdog permanently disabled
[ 1.944418][ T1] smp: Bringing up secondary CPUs ...
[ 1.946589][ T1] x86: Booting SMP configuration:
[ 1.947387][ T1] .... node #0, CPUs: #1
[ 1.949721][ T1] MDS CPU bug present and SMT on, data leak possible. See
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
[ 1.949721][ T1] TAA CPU bug present and SMT on, data leak possible. See
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.
[ 1.953848][ T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.
[ 1.956688][ T1] smp: Brought up 2 nodes, 2 CPUs
[ 1.957513][ T1] smpboot: Max logical packages: 1
[ 1.958215][ T1] smpboot: Total of 2 processors activated (8800.68 BogoMIPS)
[ 1.973844][ T13] Callback from call_rcu_tasks_trace() invoked.
[ 1.996866][ T1] allocated 134217728 bytes of page_ext
[ 1.997960][ T1] Node 0, zone DMA: page owner found early allocated 0 pages
[ 2.019187][ T1] Node 0, zone DMA32: page owner found early allocated 19964 pages
[ 2.034080][ T1] Node 0, zone Normal: page owner found early allocated 228 pages
[ 2.050560][ T1] Node 1, zone Normal: page owner found early allocated 19163 pages
[ 2.054342][ T1] devtmpfs: initialized
[ 2.055856][ T1] x86/mm: Memory block size: 128MB
[ 2.098500][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 2.098500][ T1] futex hash table entries: 512 (order: 4, 65536 bytes, vmalloc)
[ 2.103739][ T1] PM: RTC time: 08:57:45, date: 2022-09-12
[ 2.116264][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 2.123042][ T1] audit: initializing netlink subsys (disabled)
[ 2.126270][ T1] thermal_sys: Registered thermal governor 'step_wise'
[ 2.126289][ T1] thermal_sys: Registered thermal governor 'user_space'
[ 2.133821][ T27] audit: type=2000 audit(1662973065.375:1): state=initialized audit_enabled=0 res=1
[ 2.136564][ T1] cpuidle: using governor menu
[ 2.136564][ T1] NET: Registered PF_QIPCRTR protocol family
[ 2.137855][ T1] PCI: Using configuration type 1 for base access
[ 2.154019][ T12] Callback from call_rcu_tasks() invoked.
[ 2.335059][ T1] WARNING: workqueue cpumask: online intersect > possible intersect
[ 2.354203][ T1] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
[ 2.356191][ T1] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
[ 2.357616][ T1] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
[ 2.359237][ T1] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
[ 2.371228][ T26] ==================================================================
[ 2.372691][ T26] BUG: KASAN: slab-out-of-bounds in _find_next_bit+0x122/0x140
[ 2.373719][ T26] Read of size 8 at addr ffff8880178c27b8 by task kworker/1:1/26
[ 2.373719][ T26]
[ 2.373719][ T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.0.0-rc4-next-20220909-syzkaller-06877-g9a82ccda91ed #0
[ 2.383853][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 2.383853][ T26] Workqueue: events pcpu_balance_workfn
[ 2.383853][ T26] Call Trace:
[ 2.383853][ T26] <TASK>
[ 2.383853][ T26] dump_stack_lvl+0xcd/0x134
[ 2.383853][ T26] print_report+0x164/0x463
[ 2.383853][ T26] ? __phys_addr+0xc4/0x140
[ 2.383853][ T26] ? _find_next_bit+0x122/0x140
[ 2.383853][ T26] kasan_report+0xbb/0x1f0
[ 2.383853][ T26] ? _find_next_bit+0x122/0x140
[ 2.383853][ T26] _find_next_bit+0x122/0x140
[ 2.394119][ T26] pcpu_balance_workfn+0x6c0/0xea0
[ 2.394119][ T26] process_one_work+0x991/0x1610
[ 2.394119][ T26] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2.394119][ T26] ? rwlock_bug.part.0+0x90/0x90
[ 2.394119][ T26] ? _raw_spin_lock_irq+0x41/0x50
[ 2.394119][ T26] worker_thread+0x665/0x1080
[ 2.394119][ T26] ? __kthread_parkme+0x15f/0x220
[ 2.394119][ T26] ? process_one_work+0x1610/0x1610
[ 2.394119][ T26] kthread+0x2e4/0x3a0
[ 2.394119][ T26] ? kthread_complete_and_exit+0x40/0x40
[ 2.394119][ T26] ret_from_fork+0x1f/0x30
[ 2.394119][ T26] </TASK>
[ 2.394119][ T26]
[ 2.394119][ T26] Allocated by task 26:
[ 2.394119][ T26] kasan_save_stack+0x1e/0x40
[ 2.394119][ T26] kasan_set_track+0x21/0x30
[ 2.394119][ T26] __kasan_kmalloc+0xa1/0xb0
[ 2.394119][ T26] __kmalloc+0x54/0xc0
[ 2.394119][ T26] pcpu_mem_zalloc+0x70/0xa0
[ 2.394119][ T26] pcpu_create_chunk+0x23/0x930
[ 2.394119][ T26] pcpu_balance_workfn+0xc4e/0xea0
[ 2.394119][ T26] process_one_work+0x991/0x1610
[ 2.394119][ T26] worker_thread+0x665/0x1080
[ 2.394119][ T26] kthread+0x2e4/0x3a0
[ 2.394119][ T26] ret_from_fork+0x1f/0x30
[ 2.394119][ T26]
[ 2.394119][ T26] The buggy address belongs to the object at ffff8880178c2700
[ 2.394119][ T26] which belongs to the cache kmalloc-192 of size 192
[ 2.394119][ T26] The buggy address is located 184 bytes inside of
[ 2.394119][ T26] 192-byte region [ffff8880178c2700, ffff8880178c27c0)
[ 2.394119][ T26]
[ 2.394119][ T26] The buggy address belongs to the physical page:
[ 2.394119][ T26] page:ffffea00005e3080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178c2
[ 2.394119][ T26] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 2.394119][ T26] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888011841a00
[ 2.394119][ T26] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2.394119][ T26] page dumped because: kasan: bad access detected
[ 2.394119][ T26] page_owner tracks the page as allocated
[ 2.394119][ T26] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 2334232000, free_ts 0
[ 2.394119][ T26] get_page_from_freelist+0x109b/0x2ce0
[ 2.394119][ T26] __alloc_pages+0x1c7/0x510
[ 2.394119][ T26] alloc_page_interleave+0x1e/0x200
[ 2.394119][ T26] alloc_pages+0x22f/0x270
[ 2.394119][ T26] allocate_slab+0x213/0x300
[ 2.394119][ T26] ___slab_alloc+0xad0/0x1440
[ 2.394119][ T26] __slab_alloc.constprop.0+0x4d/0xa0
[ 2.394119][ T26] __kmem_cache_alloc_node+0x18a/0x3d0
[ 2.394119][ T26] kmalloc_trace+0x22/0x60
[ 2.394119][ T26] call_usermodehelper_setup+0x97/0x340
[ 2.394119][ T26] kobject_uevent_env+0xee6/0x1640
[ 2.394119][ T26] param_sysfs_init+0x367/0x43b
[ 2.394119][ T26] do_one_initcall+0xfe/0x650
[ 2.394119][ T26] kernel_init_freeable+0x6ff/0x788
[ 2.394119][ T26] kernel_init+0x1a/0x1d0
[ 2.394119][ T26] ret_from_fork+0x1f/0x30
[ 2.394119][ T26] page_owner free stack trace missing
[ 2.394119][ T26]
[ 2.394119][ T26] Memory state around the buggy address:
[ 2.394119][ T26] ffff8880178c2680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2.394119][ T26] ffff8880178c2700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2.394119][ T26] >ffff8880178c2780: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 2.394119][ T26] ^
[ 2.394119][ T26] ffff8880178c2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2.394119][ T26] ffff8880178c2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2.394119][ T26] ==================================================================
[ 2.394119][ T26] Kernel panic - not syncing: panic_on_warn set ...
[ 2.394119][ T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.0.0-rc4-next-20220909-syzkaller-06877-g9a82ccda91ed #0
[ 2.394119][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 2.394119][ T26] Workqueue: events pcpu_balance_workfn
[ 2.394119][ T26] Call Trace:
[ 2.394119][ T26] <TASK>
[ 2.394119][ T26] dump_stack_lvl+0xcd/0x134
[ 2.394119][ T26] panic+0x2c8/0x622
[ 2.394119][ T26] ? panic_print_sys_info.part.0+0x110/0x110
[ 2.394119][ T26] end_report.part.0+0x3f/0x7c
[ 2.394119][ T26] ? _find_next_bit+0x122/0x140
[ 2.394119][ T26] kasan_report.cold+0xa/0xf
[ 2.394119][ T26] ? _find_next_bit+0x122/0x140
[ 2.394119][ T26] _find_next_bit+0x122/0x140
[ 2.394119][ T26] pcpu_balance_workfn+0x6c0/0xea0
[ 2.394119][ T26] process_one_work+0x991/0x1610
[ 2.394119][ T26] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2.394119][ T26] ? rwlock_bug.part.0+0x90/0x90
[ 2.394119][ T26] ? _raw_spin_lock_irq+0x41/0x50
[ 2.394119][ T26] worker_thread+0x665/0x1080
[ 2.394119][ T26] ? __kthread_parkme+0x15f/0x220
[ 2.394119][ T26] ? process_one_work+0x1610/0x1610
[ 2.394119][ T26] kthread+0x2e4/0x3a0
[ 2.394119][ T26] ? kthread_complete_and_exit+0x40/0x40
[ 2.394119][ T26] ret_from_fork+0x1f/0x30
[ 2.394119][ T26] </TASK>
[ 2.394119][ T26] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="
https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="
sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/linux/gopath/src/
github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build833528393=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 28811d0ac
nothing to commit, working tree clean
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X
github.com/google/syzkaller/prog.GitRevision=28811d0ac5274e8b3730fcf2ad0634d723fcd878 -X '
github.com/google/syzkaller/prog.gitRevisionDate=20220903-151243'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer
github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X
github.com/google/syzkaller/prog.GitRevision=28811d0ac5274e8b3730fcf2ad0634d723fcd878 -X '
github.com/google/syzkaller/prog.gitRevisionDate=20220903-151243'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog
github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X
github.com/google/syzkaller/prog.GitRevision=28811d0ac5274e8b3730fcf2ad0634d723fcd878 -X '
github.com/google/syzkaller/prog.gitRevisionDate=20220903-151243'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress
github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"28811d0ac5274e8b3730fcf2ad0634d723fcd878\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1741edaf080000
Tested on:
commit: 9a82ccda Add linux-next specific files for 20220909
git tree: linux-next
kernel config:
https://syzkaller.appspot.com/x/.config?x=a880996938a4f81c
Note: no patches were applied.