Re: [syzbot] [mm?] linux-next boot error: WARNING: refcount bug in __reset_page_owner

[syzbot]

> #syz test:

Your commands are accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.

> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> next-20230609
>
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index bbec66cd1b72..ed437cbdb6ca 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -148,7 +148,7 @@ void __reset_page_owner(struct page *page, unsigned
> short order)
> return;
>
> page_owner = get_page_owner(page_ext);
> - alloc_handle = page_owner->handle;
> + alloc_handle = READ_ONCE(page_owner->handle);
>
> handle = save_stack(GFP_NOWAIT | __GFP_NOWARN);
> for (i = 0; i < (1 << order); i++) {
> @@ -159,7 +159,8 @@ void __reset_page_owner(struct page *page, unsigned
> short order)
> page_ext = page_ext_next(page_ext);
> }
> page_ext_put(page_ext);
> - stack_depot_dec_count(alloc_handle);
> + if (alloc_handle)
> + stack_depot_dec_count(alloc_handle);
> }
>
> static inline void __set_page_owner_handle(struct page_ext *page_ext,
>
> Vào Th 6, 19 thg 5, 2023 vào lúc 12:24 syzbot <
> syzbot+2a0e61...@syzkaller.appspotmail.com> đã viết:
>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: dbd91ef4e91c Add linux-next specific files for 20230519
>> git tree: linux-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=15dc2e41280000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=7c3f91bf21078a94
>> dashboard link:
>> https://syzkaller.appspot.com/bug?extid=2a0e61ee9fcd4f7fd8ef
>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU
>> Binutils for Debian) 2.35.2
>>
>> Downloadable assets:
>> disk image:
>> https://storage.googleapis.com/syzbot-assets/bf2a6fb63fa5/disk-dbd91ef4.raw.xz
>> vmlinux:
>> https://storage.googleapis.com/syzbot-assets/3f60e95ad655/vmlinux-dbd91ef4.xz
>> kernel image:
>> https://storage.googleapis.com/syzbot-assets/4097b8dec6a9/bzImage-dbd91ef4.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the
>> commit:
>> Reported-by: syzbot+2a0e61...@syzkaller.appspotmail.com
>>
>> Asymmetric key parser 'pkcs8' registered
>> Key type pkcs7_test registered
>> Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240)
>> io scheduler mq-deadline registered
>> io scheduler kyber registered
>> io scheduler bfq registered
>> input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
>> ACPI: button: Power Button [PWRF]
>> input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
>> ACPI: button: Sleep Button [SLPF]
>> ioatdma: Intel(R) QuickData Technology Driver 5.00
>> ACPI: \_SB_.LNKC: Enabled at IRQ 11
>> virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
>> ACPI: \_SB_.LNKD: Enabled at IRQ 10
>> virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
>> ACPI: \_SB_.LNKB: Enabled at IRQ 10
>> virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
>> virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
>> N_HDLC line discipline registered with maxframe=4096
>> Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
>> 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
>> 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
>> 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
>> 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
>> Non-volatile memory driver v1.3
>> Linux agpgart interface v0.103
>> ACPI: bus type drm_connector registered
>> [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
>> [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
>> Console: switching to colour frame buffer device 128x48
>> platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
>> usbcore: registered new interface driver udl
>> brd: module loaded
>> loop: module loaded
>> zram: Added device: zram0
>> null_blk: disk nullb0 created
>> null_blk: module loaded
>> Guest personality initialized and is inactive
>> VMCI host device registered (name=vmci, major=10, minor=118)
>> Initialized host personality
>> usbcore: registered new interface driver rtsx_usb
>> usbcore: registered new interface driver viperboard
>> usbcore: registered new interface driver dln2
>> usbcore: registered new interface driver pn533_usb
>> nfcsim 0.2 initialized
>> usbcore: registered new interface driver port100
>> usbcore: registered new interface driver nfcmrvl
>> Loading iSCSI transport class v2.0-870.
>> ------------[ cut here ]------------
>> refcount_t: decrement hit 0; leaking memory.
>> WARNING: CPU: 1 PID: 1 at lib/refcount.c:31
>> refcount_warn_saturate+0x1d7/0x1f0 lib/refcount.c:31
>> Modules linked in:
>> CPU: 1 PID: 1 Comm: swapper/0 Not tainted
>> 6.4.0-rc2-next-20230519-syzkaller #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 04/28/2023
>> RIP: 0010:refcount_warn_saturate+0x1d7/0x1f0 lib/refcount.c:31
>> Code: 05 cd ec 5e 0a 01 e8 f8 0f 37 fd 0f 0b e9 d3 fe ff ff e8 dc 78 6f fd
>> 48 c7 c7 a0 01 a7 8a c6 05 aa ec 5e 0a 01 e8 d9 0f 37 fd <0f> 0b e9 b4 fe
>> ff ff 48 89 ef e8 ea 92 c2 fd e9 5c fe ff ff 0f 1f
>> RSP: 0000:ffffc900000673e0 EFLAGS: 00010282
>> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
>> RDX: ffff888014e48000 RSI: ffffffff814bd507 RDI: 0000000000000001
>> RBP: ffff888141b64e24 R08: 0000000000000001 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
>> R13: 0000000000000000 R14: dffffc0000000000 R15: 00000001fd845ca9
>> FS: 0000000000000000(0000) GS:ffff8880b9900000(0000)
>> knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000000 CR3: 000000000c575000 CR4: 00000000003506e0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>> <TASK>
>> __reset_page_owner+0xf7/0x1c0 mm/page_owner.c:162
>> reset_page_owner include/linux/page_owner.h:24 [inline]
>> free_pages_prepare mm/page_alloc.c:1159 [inline]
>> __free_pages_ok+0x690/0xf30 mm/page_alloc.c:1298
>> make_alloc_exact+0x17f/0x260 mm/page_alloc.c:4753
>> vring_alloc_queue drivers/virtio/virtio_ring.c:311 [inline]
>> vring_alloc_queue+0x7f/0x110 drivers/virtio/virtio_ring.c:303
>> vring_alloc_queue_split.part.0+0x16c/0x420
>> drivers/virtio/virtio_ring.c:1078
>> vring_alloc_queue_split drivers/virtio/virtio_ring.c:1131 [inline]
>> vring_create_virtqueue_split+0x139/0x2f0 drivers/virtio/virtio_ring.c:1128
>> vring_create_virtqueue+0xdb/0x150 drivers/virtio/virtio_ring.c:2587
>> setup_vq+0x111/0x2e0 drivers/virtio/virtio_pci_legacy.c:131
>> vp_setup_vq+0xae/0x3b0 drivers/virtio/virtio_pci_common.c:189
>> vp_find_vqs_msix+0x760/0xe90 drivers/virtio/virtio_pci_common.c:328
>> vp_find_vqs+0x58/0x560 drivers/virtio/virtio_pci_common.c:405
>> virtio_find_vqs include/linux/virtio_config.h:229 [inline]
>> virtscsi_init+0x2e8/0x970 drivers/scsi/virtio_scsi.c:827
>> virtscsi_probe+0x353/0xc80 drivers/scsi/virtio_scsi.c:884
>> virtio_dev_probe+0x57b/0x870 drivers/virtio/virtio.c:305
>> call_driver_probe drivers/base/dd.c:579 [inline]
>> really_probe+0x240/0xca0 drivers/base/dd.c:658
>> __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800
>> driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
>> __driver_attach+0x271/0x570 drivers/base/dd.c:1216
>> bus_for_each_dev+0x12a/0x1c0 drivers/base/bus.c:368
>> bus_add_driver+0x2e9/0x640 drivers/base/bus.c:673
>> driver_register+0x162/0x4a0 drivers/base/driver.c:246
>> virtio_scsi_init+0x76/0x110 drivers/scsi/virtio_scsi.c:1019
>> do_one_initcall+0x105/0x630 init/main.c:1239
>> do_initcall_level init/main.c:1301 [inline]
>> do_initcalls init/main.c:1317 [inline]
>> do_basic_setup init/main.c:1336 [inline]
>> kernel_init_freeable+0x5a4/0x890 init/main.c:1553
>> kernel_init+0x1e/0x2c0 init/main.c:1444
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>>
>>
>> ---
>> This report is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzk...@googlegroups.com.
>>
>> syzbot will keep track of this issue. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>>
>> If the bug is already fixed, let syzbot know by replying with:
>> #syz fix: exact-commit-title
>>
>> If you want to change bug's subsystems, reply with:
>> #syz set subsystems: new-subsystem
>> (See the list of subsystem names on the web dashboard)
>>
>> If the bug is a duplicate of another bug, reply with:
>> #syz dup: exact-subject-of-another-report
>>
>> If you want to undo deduplication, reply with:
>> #syz undup
>>

[Anh Tuan Phan]

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git next-20230609

Vào Th 2, 12 thg 6, 2023 vào lúc 21:38 syzbot <syzbot+2a0e61...@syzkaller.appspotmail.com> đã viết:

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file mm/page_owner.c
patch: **** unexpected end of file in patch



Tested on:

commit: 53ab6975 Add linux-next specific files for 20230609
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git next-20230609

dashboard link: https://syzkaller.appspot.com/bug?extid=2a0e61ee9fcd4f7fd8ef
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=1422c4ab280000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

95][ T200] kworker/u4:2 (200) used greatest stack depth: 26752 bytes left
[ 8.159451][ T1] N_HDLC line discipline registered with maxframe=4096
[ 8.160877][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 8.166626][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 8.178932][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 8.189635][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 8.201657][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 8.216499][ T1] Non-volatile memory driver v1.3
[ 8.243582][ T1] Linux agpgart interface v0.103
[ 8.250305][ T1] ACPI: bus type drm_connector registered
[ 8.259929][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[ 8.267781][ T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
[ 8.344100][ T1] Console: switching to colour frame buffer device 128x48
[ 8.362969][ T1] platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
[ 8.364972][ T1] usbcore: registered new interface driver udl
[ 8.431700][ T1] brd: module loaded
[ 8.498013][ T1] loop: module loaded
[ 8.596621][ T1] zram: Added device: zram0
[ 8.604749][ T1] null_blk: disk nullb0 created
[ 8.605815][ T1] null_blk: module loaded
[ 8.608133][ T1] Guest personality initialized and is inactive
[ 8.610382][ T1] VMCI host device registered (name=vmci, major=10, minor=118)
[ 8.611774][ T1] Initialized host personality
[ 8.613057][ T1] usbcore: registered new interface driver rtsx_usb
[ 8.615760][ T1] usbcore: registered new interface driver viperboard
[ 8.618001][ T1] usbcore: registered new interface driver dln2
[ 8.620318][ T1] usbcore: registered new interface driver pn533_usb
[ 8.627926][ T1] nfcsim 0.2 initialized
[ 8.629540][ T1] usbcore: registered new interface driver port100
[ 8.631639][ T1] usbcore: registered new interface driver nfcmrvl
[ 8.638638][ T1] Loading iSCSI transport class v2.0-870.
[ 8.666203][ T1] ------------[ cut here ]------------
[ 8.667453][ T1] refcount_t: decrement hit 0; leaking memory.
[ 8.669823][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0x1d7/0x1f0
[ 8.671705][ T1] Modules linked in:
[ 8.672705][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-rc5-next-20230609-syzkaller-08413-g53ab6975c12d-dirty #0
[ 8.675939][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 8.679455][ T1] RIP: 0010:refcount_warn_saturate+0x1d7/0x1f0
[ 8.681568][ T1] Code: 05 b2 eb 5d 0a 01 e8 58 39 36 fd 0f 0b e9 d3 fe ff ff e8 3c bc 6e fd 48 c7 c7 20 3b a7 8a c6 05 8f eb 5d 0a 01 e8 39 39 36 fd <0f> 0b e9 b4 fe ff ff 48 89 ef e8 ba 24 c2 fd e9 5c fe ff ff 0f 1f
[ 8.686899][ T1] RSP: 0000:ffffc900000673e0 EFLAGS: 00010282
[ 8.688478][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 8.690984][ T1] RDX: ffff888015a70000 RSI: ffffffff814be627 RDI: 0000000000000001
[ 8.692311][ T1] RBP: ffff888140b3d1d4 R08: 0000000000000001 R09: 0000000000000000
[ 8.693811][ T1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
[ 8.695757][ T1] R13: 0000000000000000 R14: dffffc0000000000 R15: 00000002048bb456
[ 8.698411][ T1] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 8.700613][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.702237][ T1] CR2: ffff88823ffff000 CR3: 000000000c575000 CR4: 00000000003506f0
[ 8.703872][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 8.706764][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 8.708901][ T1] Call Trace:
[ 8.709433][ T1] <TASK>
[ 8.709944][ T1] ? __warn+0xe6/0x390
[ 8.710914][ T1] ? refcount_warn_saturate+0x1d7/0x1f0
[ 8.712528][ T1] ? report_bug+0x2da/0x500
[ 8.713271][ T1] ? handle_bug+0x3c/0x70
[ 8.714052][ T1] ? exc_invalid_op+0x18/0x50
[ 8.715048][ T1] ? asm_exc_invalid_op+0x1a/0x20
[ 8.715903][ T1] ? __warn_printk+0x187/0x310
[ 8.717525][ T1] ? refcount_warn_saturate+0x1d7/0x1f0
[ 8.718685][ T1] __reset_page_owner+0x19c/0x1e0
[ 8.719496][ T1] ? rcu_is_watching+0x12/0xb0
[ 8.720351][ T1] __free_pages_ok+0x690/0xf30
[ 8.721470][ T1] ? __split_page_owner+0xb1/0xe0
[ 8.722629][ T1] make_alloc_exact+0x17f/0x260
[ 8.723754][ T1] vring_alloc_queue+0x7f/0x110
[ 8.724607][ T1] vring_alloc_queue_split.part.0+0x16c/0x420
[ 8.725919][ T1] ? vring_interrupt+0x3d0/0x3d0
[ 8.727524][ T1] vring_create_virtqueue_split+0x139/0x2f0
[ 8.728600][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.729805][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.730826][ T1] ? virtqueue_resize+0x1730/0x1730
[ 8.731800][ T1] ? virtio_scsi_init+0x76/0x110
[ 8.732789][ T1] ? do_one_initcall+0x105/0x630
[ 8.734149][ T1] ? kernel_init_freeable+0x5a4/0x890
[ 8.735631][ T1] ? __kmem_cache_alloc_node+0x52/0x350
[ 8.736804][ T1] vring_create_virtqueue+0xdb/0x150
[ 8.738261][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.739728][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.740873][ T1] setup_vq+0x111/0x2e0
[ 8.741832][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.743367][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.744942][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.746116][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.747113][ T1] vp_setup_vq+0xae/0x3b0
[ 8.748707][ T1] ? ioread16+0x55/0xc0
[ 8.749537][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.750464][ T1] vp_find_vqs_msix+0x760/0xe90
[ 8.751907][ T1] vp_find_vqs+0x58/0x560
[ 8.753013][ T1] ? virtscsi_init+0xf5/0x970
[ 8.754734][ T1] ? rcu_is_watching+0x12/0xb0
[ 8.755904][ T1] virtscsi_init+0x2e8/0x970
[ 8.756969][ T1] ? virtscsi_ctrl_done+0x200/0x200
[ 8.758200][ T1] ? msi_get_domain_info+0x40/0x40
[ 8.759673][ T1] ? ioread8+0x54/0xc0
[ 8.760709][ T1] ? vp_get+0xf8/0x140
[ 8.761924][ T1] virtscsi_probe+0x353/0xc80
[ 8.763254][ T1] ? virtscsi_restore+0x270/0x270
[ 8.764566][ T1] ? vring_transport_features+0x4c/0xc0
[ 8.765704][ T1] virtio_dev_probe+0x57b/0x870
[ 8.766747][ T1] ? virtio_features_ok+0x250/0x250
[ 8.770924][ T1] really_probe+0x240/0xca0
[ 8.771873][ T1] __driver_probe_device+0x1df/0x4b0
[ 8.772622][ T1] driver_probe_device+0x4c/0x1a0
[ 8.773506][ T1] __driver_attach+0x271/0x570
[ 8.774330][ T1] ? __device_attach_driver+0x2e0/0x2e0
[ 8.775393][ T1] bus_for_each_dev+0x12a/0x1c0
[ 8.776147][ T1] ? bus_remove_file+0x50/0x50
[ 8.776945][ T1] bus_add_driver+0x2e9/0x640
[ 8.777991][ T1] driver_register+0x162/0x4a0
[ 8.778741][ T1] ? hpsa_init+0x80/0x80
[ 8.779544][ T1] virtio_scsi_init+0x76/0x110
[ 8.780588][ T1] do_one_initcall+0x105/0x630
[ 8.781595][ T1] ? trace_event_raw_event_initcall_level+0x200/0x200
[ 8.783589][ T1] ? parameq+0x80/0x170
[ 8.784188][ T1] ? __kmem_cache_alloc_node+0x201/0x350
[ 8.785093][ T1] ? kernel_init_freeable+0x445/0x890
[ 8.786043][ T1] kernel_init_freeable+0x5a4/0x890
[ 8.787274][ T1] ? rest_init+0x2c0/0x2c0
[ 8.788006][ T1] kernel_init+0x1e/0x2c0
[ 8.788647][ T1] ? rest_init+0x2c0/0x2c0
[ 8.789484][ T1] ret_from_fork+0x1f/0x30
[ 8.790395][ T1] </TASK>
[ 8.790882][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 8.791865][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-rc5-next-20230609-syzkaller-08413-g53ab6975c12d-dirty #0
[ 8.793865][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 8.795655][ T1] Call Trace:
[ 8.796113][ T1] <TASK>
[ 8.796635][ T1] dump_stack_lvl+0xd9/0x150
[ 8.797251][ T1] panic+0x686/0x730
[ 8.797251][ T1] ? panic_smp_self_stop+0xa0/0xa0
[ 8.797251][ T1] ? show_trace_log_lvl+0x284/0x390
[ 8.797251][ T1] ? refcount_warn_saturate+0x1d7/0x1f0
[ 8.797251][ T1] check_panic_on_warn+0xb1/0xc0
[ 8.797251][ T1] __warn+0xf2/0x390
[ 8.797251][ T1] ? refcount_warn_saturate+0x1d7/0x1f0
[ 8.797251][ T1] report_bug+0x2da/0x500
[ 8.797251][ T1] handle_bug+0x3c/0x70
[ 8.797251][ T1] exc_invalid_op+0x18/0x50
[ 8.797251][ T1] asm_exc_invalid_op+0x1a/0x20
[ 8.797251][ T1] RIP: 0010:refcount_warn_saturate+0x1d7/0x1f0
[ 8.797251][ T1] Code: 05 b2 eb 5d 0a 01 e8 58 39 36 fd 0f 0b e9 d3 fe ff ff e8 3c bc 6e fd 48 c7 c7 20 3b a7 8a c6 05 8f eb 5d 0a 01 e8 39 39 36 fd <0f> 0b e9 b4 fe ff ff 48 89 ef e8 ba 24 c2 fd e9 5c fe ff ff 0f 1f
[ 8.797251][ T1] RSP: 0000:ffffc900000673e0 EFLAGS: 00010282
[ 8.797251][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 8.797251][ T1] RDX: ffff888015a70000 RSI: ffffffff814be627 RDI: 0000000000000001
[ 8.797251][ T1] RBP: ffff888140b3d1d4 R08: 0000000000000001 R09: 0000000000000000
[ 8.797251][ T1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
[ 8.797251][ T1] R13: 0000000000000000 R14: dffffc0000000000 R15: 00000002048bb456
[ 8.797251][ T1] ? __warn_printk+0x187/0x310
[ 8.797251][ T1] __reset_page_owner+0x19c/0x1e0
[ 8.797251][ T1] ? rcu_is_watching+0x12/0xb0
[ 8.797251][ T1] __free_pages_ok+0x690/0xf30
[ 8.797251][ T1] ? __split_page_owner+0xb1/0xe0
[ 8.797251][ T1] make_alloc_exact+0x17f/0x260
[ 8.797251][ T1] vring_alloc_queue+0x7f/0x110
[ 8.797251][ T1] vring_alloc_queue_split.part.0+0x16c/0x420
[ 8.797251][ T1] ? vring_interrupt+0x3d0/0x3d0
[ 8.797251][ T1] vring_create_virtqueue_split+0x139/0x2f0
[ 8.797251][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.797251][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.797251][ T1] ? virtqueue_resize+0x1730/0x1730
[ 8.797251][ T1] ? virtio_scsi_init+0x76/0x110
[ 8.797251][ T1] ? do_one_initcall+0x105/0x630
[ 8.797251][ T1] ? kernel_init_freeable+0x5a4/0x890
[ 8.797251][ T1] ? __kmem_cache_alloc_node+0x52/0x350
[ 8.797251][ T1] vring_create_virtqueue+0xdb/0x150
[ 8.797251][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.847404][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.847404][ T1] setup_vq+0x111/0x2e0
[ 8.847404][ T1] ? vp_synchronize_vectors+0x1f0/0x1f0
[ 8.847404][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.847404][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.847404][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.847404][ T1] vp_setup_vq+0xae/0x3b0
[ 8.847404][ T1] ? ioread16+0x55/0xc0
[ 8.847404][ T1] ? virtscsi_event_done+0x280/0x280
[ 8.847404][ T1] vp_find_vqs_msix+0x760/0xe90
[ 8.847404][ T1] vp_find_vqs+0x58/0x560
[ 8.847404][ T1] ? virtscsi_init+0xf5/0x970
[ 8.847404][ T1] ? rcu_is_watching+0x12/0xb0
[ 8.847404][ T1] virtscsi_init+0x2e8/0x970
[ 8.847404][ T1] ? virtscsi_ctrl_done+0x200/0x200
[ 8.847404][ T1] ? msi_get_domain_info+0x40/0x40
[ 8.847404][ T1] ? ioread8+0x54/0xc0
[ 8.847404][ T1] ? vp_get+0xf8/0x140
[ 8.847404][ T1] virtscsi_probe+0x353/0xc80
[ 8.847404][ T1] ? virtscsi_restore+0x270/0x270
[ 8.847404][ T1] ? vring_transport_features+0x4c/0xc0
[ 8.847404][ T1] virtio_dev_probe+0x57b/0x870
[ 8.847404][ T1] ? virtio_features_ok+0x250/0x250
[ 8.847404][ T1] really_probe+0x240/0xca0
[ 8.847404][ T1] __driver_probe_device+0x1df/0x4b0
[ 8.847404][ T1] driver_probe_device+0x4c/0x1a0
[ 8.847404][ T1] __driver_attach+0x271/0x570
[ 8.847404][ T1] ? __device_attach_driver+0x2e0/0x2e0
[ 8.847404][ T1] bus_for_each_dev+0x12a/0x1c0
[ 8.847404][ T1] ? bus_remove_file+0x50/0x50
[ 8.847404][ T1] bus_add_driver+0x2e9/0x640
[ 8.847404][ T1] driver_register+0x162/0x4a0
[ 8.847404][ T1] ? hpsa_init+0x80/0x80
[ 8.847404][ T1] virtio_scsi_init+0x76/0x110
[ 8.847404][ T1] do_one_initcall+0x105/0x630
[ 8.847404][ T1] ? trace_event_raw_event_initcall_level+0x200/0x200
[ 8.847404][ T1] ? parameq+0x80/0x170
[ 8.847404][ T1] ? __kmem_cache_alloc_node+0x201/0x350
[ 8.847404][ T1] ? kernel_init_freeable+0x445/0x890
[ 8.847404][ T1] kernel_init_freeable+0x5a4/0x890
[ 8.847404][ T1] ? rest_init+0x2c0/0x2c0
[ 8.847404][ T1] kernel_init+0x1e/0x2c0
[ 8.847404][ T1] ? rest_init+0x2c0/0x2c0
[ 8.847404][ T1] ret_from_fork+0x1f/0x30
[ 8.847404][ T1] </TASK>
[ 8.847404][ T1] Kernel Offset: disabled
[ 8.847404][ T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3393257992=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 7086cdb95
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=7086cdb95114c57c35cee9db87b80d4225d8795d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230607-111512'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=7086cdb95114c57c35cee9db87b80d4225d8795d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230607-111512'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=7086cdb95114c57c35cee9db87b80d4225d8795d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230607-111512'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"7086cdb95114c57c35cee9db87b80d4225d8795d\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1551f9b3280000

Tested on:

commit: 53ab6975 Add linux-next specific files for 20230609
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git next-20230609

kernel config: https://syzkaller.appspot.com/x/.config?x=f1c7a2a1126afbb6

dashboard link: https://syzkaller.appspot.com/bug?extid=2a0e61ee9fcd4f7fd8ef
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=109401f1280000