[syzbot] [udf?] KMSAN: uninit-value in udf_update_tag

[syzbot] [udf?] KMSAN: uninit-value in udf_update_tag

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    861deac3b092 Linux 6.7-rc7
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16e0171ae80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e0c7078a6b901aa3
dashboard link: https://syzkaller.appspot.com/bug?extid=d31185aa54170f7fc1f5
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17561579e80000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1277e7a5e80000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0ea60ee8ed32/disk-861deac3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d69fdc33021/vmlinux-861deac3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0158750d452/bzImage-861deac3.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f35551f8a991/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d31185aa54170f7fc1f5@syzkaller.appspotmail.com

=======================================================
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
=====================================================
BUG: KMSAN: uninit-value in crc_itu_t_byte include/linux/crc-itu-t.h:22 [inline]
BUG: KMSAN: uninit-value in crc_itu_t+0x287/0x2e0 lib/crc-itu-t.c:60
 crc_itu_t_byte include/linux/crc-itu-t.h:22 [inline]
 crc_itu_t+0x287/0x2e0 lib/crc-itu-t.c:60
 udf_update_tag+0x5c/0x2a0 fs/udf/misc.c:261
 udf_rename+0x13dd/0x16a0 fs/udf/namei.c:877
 vfs_rename+0x1a79/0x1fa0 fs/namei.c:4844
 do_renameat2+0x1571/0x1ca0 fs/namei.c:4996
 __do_sys_rename fs/namei.c:5042 [inline]
 __se_sys_rename fs/namei.c:5040 [inline]
 __x64_sys_rename+0xec/0x140 fs/namei.c:5040
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Local variable diriter created at:
 udf_rename+0xbb/0x16a0 fs/udf/namei.c:768
 vfs_rename+0x1a79/0x1fa0 fs/namei.c:4844

CPU: 0 PID: 5011 Comm: syz-executor409 Not tainted 6.7.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [udf?] KMSAN: uninit-value in udf_update_tag

[Jan Kara]

[-- Attachment #1: Type: text/plain, Size: 2622 bytes --]

On Thu 28-12-23 02:34:28, syzbot wrote:
> syzbot found the following issue on:
> 
> HEAD commit:    861deac3b092 Linux 6.7-rc7
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=16e0171ae80000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=e0c7078a6b901aa3
> dashboard link: https://syzkaller.appspot.com/bug?extid=d31185aa54170f7fc1f5
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17561579e80000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1277e7a5e80000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0ea60ee8ed32/disk-861deac3.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/6d69fdc33021/vmlinux-861deac3.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/f0158750d452/bzImage-861deac3.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/f35551f8a991/mount_0.gz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+d31185aa54170f7fc1f5@syzkaller.appspotmail.com
> 
> =======================================================
> UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
> =====================================================
> BUG: KMSAN: uninit-value in crc_itu_t_byte include/linux/crc-itu-t.h:22 [inline]
> BUG: KMSAN: uninit-value in crc_itu_t+0x287/0x2e0 lib/crc-itu-t.c:60
>  crc_itu_t_byte include/linux/crc-itu-t.h:22 [inline]
>  crc_itu_t+0x287/0x2e0 lib/crc-itu-t.c:60
>  udf_update_tag+0x5c/0x2a0 fs/udf/misc.c:261
>  udf_rename+0x13dd/0x16a0 fs/udf/namei.c:877
>  vfs_rename+0x1a79/0x1fa0 fs/namei.c:4844
>  do_renameat2+0x1571/0x1ca0 fs/namei.c:4996
>  __do_sys_rename fs/namei.c:5042 [inline]
>  __se_sys_rename fs/namei.c:5040 [inline]
>  __x64_sys_rename+0xec/0x140 fs/namei.c:5040
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x63/0x6b
> 
> Local variable diriter created at:
>  udf_rename+0xbb/0x16a0 fs/udf/namei.c:768
>  vfs_rename+0x1a79/0x1fa0 fs/namei.c:4844
> 
> CPU: 0 PID: 5011 Comm: syz-executor409 Not tainted 6.7.0-rc7-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
> =====================================================
> 

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 6ba59ff4227927d3a8530fc2973b80e94b54d58f

									Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[-- Attachment #2: 0001-udf-Fix-bogus-checksum-computation-in-udf_rename.patch --]
[-- Type: text/x-patch, Size: 1646 bytes --]

From 1657db149c4c596cf1b2451b73f72db94b612800 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Mon, 17 Jun 2024 12:57:50 +0200
Subject: [PATCH] udf: Fix bogus checksum computation in udf_rename()

Syzbot reports uninitialized memory access in udf_rename() when updating
checksum of '..' directory entry of a moved directory. This is indeed
true as we pass on-stack diriter.fi to the udf_update_tag() and because
that has only struct fileIdentDesc included in it and not the impUse or
name fields, the checksumming function is going to checksum random stack
contents beyond the end of the structure. This is actually harmless
because the following udf_fiiter_write_fi() will recompute the checksum
from on-disk buffers where everything is properly included. So all that
is needed is just removing the bogus calculation.

Fixes: e9109a92d2a9 ("udf: Convert udf_rename() to new directory iteration code")
Link: https://lore.kernel.org/all/000000000000cf405f060d8f75a9@google.com/T/
Reported-by: syzbot+d31185aa54170f7fc1f5@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/udf/namei.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 1308109fd42d..78a603129dd5 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -876,8 +876,6 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
 	if (has_diriter) {
 		diriter.fi.icb.extLocation =
 					cpu_to_lelb(UDF_I(new_dir)->i_location);
-		udf_update_tag((char *)&diriter.fi,
-			       udf_dir_entry_len(&diriter.fi));
 		udf_fiiter_write_fi(&diriter, NULL);
 		udf_fiiter_release(&diriter);
 	}
-- 
2.35.3

Re: [syzbot] [udf?] KMSAN: uninit-value in udf_update_tag

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

][    T1] mpls_gso: MPLS GSO support
[   46.495161][    T1] IPI shorthand broadcast: enabled
[   47.945988][    T1] sched_clock: Marking stable (47900060195, 37888241)->(47941283984, -3335548)
[   48.918291][    T1] Timer migration: 1 hierarchy levels; 8 children per group; 0 crossnode level
[   49.239698][    T1] registered taskstats version 1
[   49.313566][    T1] Loading compiled-in X.509 certificates
[   49.357054][    T1] Loaded X.509 cert 'Build time autogenerated kernel key: 02861f0ad196e4ccf5027727c19e24903aa3308e'
[   49.597875][    T1] zswap: loaded using pool lzo/zsmalloc
[   49.611087][    T1] Demotion targets for Node 0: null
[   49.616536][    T1] Demotion targets for Node 1: null
[   49.623550][    T1] Key type .fscrypt registered
[   49.629834][    T1] Key type fscrypt-provisioning registered
[   49.637187][    T1] kAFS: Red Hat AFS client v0.1 registering.
[   49.668354][    T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[   49.695115][    T1] Key type encrypted registered
[   49.700255][    T1] AppArmor: AppArmor sha256 policy hashing enabled
[   49.707007][    T1] ima: No TPM chip found, activating TPM-bypass!
[   49.714081][    T1] Loading compiled-in module X.509 certificates
[   49.754830][    T1] Loaded X.509 cert 'Build time autogenerated kernel key: 02861f0ad196e4ccf5027727c19e24903aa3308e'
[   49.768389][    T1] ima: Allocated hash algorithm: sha256
[   49.774425][    T1] ima: No architecture policies found
[   49.780963][    T1] evm: Initialising EVM extended attributes:
[   49.787003][    T1] evm: security.selinux (disabled)
[   49.792239][    T1] evm: security.SMACK64 (disabled)
[   49.797413][    T1] evm: security.SMACK64EXEC (disabled)
[   49.802981][    T1] evm: security.SMACK64TRANSMUTE (disabled)
[   49.809016][    T1] evm: security.SMACK64MMAP (disabled)
[   49.814639][    T1] evm: security.apparmor
[   49.819013][    T1] evm: security.ima
[   49.823162][    T1] evm: security.capability
[   49.827628][    T1] evm: HMAC attrs: 0x1
[   49.836741][    T1] PM:   Magic number: 12:902:765
[   49.843812][    T1] tty ptyp1: hash matches
[   49.849855][    T1] printk: legacy console [netcon0] enabled
[   49.855889][    T1] netconsole: network logging started
[   49.863365][    T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[   49.872448][    T1] rdma_rxe: loaded
[   49.878540][    T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   49.899504][    T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   49.917084][    T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[   49.925983][    T1] clk: Disabling unused clocks
[   49.931082][    T1] ALSA device list:
[   49.934975][    T1]   #0: Dummy 1
[   49.938653][    T1]   #1: Loopback 1
[   49.942572][    T1]   #2: Virtual MIDI Card 1
[   49.953506][    T1] md: Waiting for all devices to be available before autodetect
[   49.953939][  T780] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   49.961362][    T1] md: If you don't use raid, use raid=noautodetect
[   49.961430][    T1] md: Autodetecting RAID arrays.
[   49.961470][    T1] md: autorun ...
[   49.961510][    T1] md: ... autorun DONE.
[   49.971152][  T780] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   50.054771][    T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[   50.068782][    T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[   50.080603][    T1] devtmpfs: mounted
[   50.343600][    T1] Freeing unused kernel image (initmem) memory: 36920K
[   50.355761][    T1] Write protecting the kernel read-only data: 260096k
[   50.404101][    T1] Freeing unused kernel image (rodata/data gap) memory: 1876K
[   52.057623][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   52.067985][    T1] x86/mm: Checking user space page tables
[   53.575965][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   53.585097][    T1] Failed to set sysctl parameter 'kernel.hung_task_all_cpu_backtrace=1': parameter not found
[   53.606359][    T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[   53.618619][    T1] Run /sbin/init as init process
[   55.234149][ T4444] mount (4444) used greatest stack depth: 8144 bytes left
[   55.320581][ T4445] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: none.
mount: mounting smackfs on /sys/fs/smackfs failed: No such file or directory
mount: mounting selinuxfs on /sys/fs/selinux failed: No such file or directory
[   55.667884][ T4449] modprobe (4449) used greatest stack depth: 8080 bytes left
[   55.689620][ T4448] mount (4448) used greatest stack depth: 5568 bytes left
Starting syslogd: OK
Starting acpid: OK
Starting klogd: OK
Running sysctl: OK
Populating /dev using udev: [   59.547215][ T4478] udevd[4478]: starting version 3.2.11
[   63.118863][ T4480] udevd[4480]: starting eudev-3.2.11
[   63.131754][ T4478] udevd (4478) used greatest stack depth: 5216 bytes left
done
Starting system message bus: done
Starting iptables: OK
Starting network: OK
Starting dhcpcd...
dhcpcd-9.4.1 starting
dev: loaded udev
DUID 00:04:98:24:4c:28:99:7c:d9:70:fe:51:ca:fe:56:33:2c:7d
forked to background, child pid 4692
[  110.662197][ T4693] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.687472][ T4693] eql: remember to turn off Van-Jacobson compression on your slave devices
[  111.699849][  T780] cfg80211: failed to load regulatory.db
Starting sshd: OK


syzkaller

syzkaller login: [  113.995752][    C0] =====================================================
[  114.003140][    C0] BUG: KMSAN: uninit-value in receive_buf+0x25e3/0x5fd0
[  114.010578][    C0]  receive_buf+0x25e3/0x5fd0
[  114.015335][    C0]  virtnet_poll+0xd1c/0x23c0
[  114.020289][    C0]  __napi_poll+0xe7/0x980
[  114.024799][    C0]  net_rx_action+0x82a/0x1850
[  114.029799][    C0]  handle_softirqs+0x1ce/0x800
[  114.034808][    C0]  __irq_exit_rcu+0x68/0x120
[  114.039610][    C0]  irq_exit_rcu+0x12/0x20
[  114.044101][    C0]  common_interrupt+0x94/0xa0
[  114.048999][    C0]  asm_common_interrupt+0x2b/0x40
[  114.054181][    C0]  acpi_safe_halt+0x25/0x30
[  114.058877][    C0]  acpi_idle_do_entry+0x22/0x40
[  114.063885][    C0]  acpi_idle_enter+0xa1/0xc0
[  114.068670][    C0]  cpuidle_enter_state+0xcb/0x250
[  114.073847][    C0]  cpuidle_enter+0x7f/0xf0
[  114.078553][    C0]  do_idle+0x551/0x750
[  114.082755][    C0]  cpu_startup_entry+0x65/0x80
[  114.087599][    C0]  rest_init+0x1e8/0x260
[  114.092032][    C0]  start_kernel+0x92c/0xa70
[  114.096678][    C0]  x86_64_start_reservations+0x2e/0x30
[  114.102462][    C0]  x86_64_start_kernel+0x98/0xa0
[  114.107575][    C0]  common_startup_64+0x12c/0x137
[  114.112751][    C0] 
[  114.115148][    C0] Uninit was created at:
[  114.119660][    C0]  __alloc_pages_noprof+0x9d6/0xe70
[  114.125021][    C0]  alloc_pages_mpol_noprof+0x299/0x990
[  114.130803][    C0]  alloc_pages_noprof+0x1bf/0x1e0
[  114.136127][    C0]  skb_page_frag_refill+0x2bf/0x7c0
[  114.141580][    C0]  virtnet_rq_alloc+0x43/0xbb0
[  114.146609][    C0]  try_fill_recv+0x3f0/0x2f50
[  114.151581][    C0]  virtnet_open+0x1cc/0xb00
[  114.156245][    C0]  __dev_open+0x546/0x6f0
[  114.160795][    C0]  __dev_change_flags+0x309/0x9a0
[  114.165983][    C0]  dev_change_flags+0x8e/0x1d0
[  114.170953][    C0]  devinet_ioctl+0x13ec/0x22c0
[  114.175904][    C0]  inet_ioctl+0x4bd/0x6d0
[  114.180437][    C0]  sock_do_ioctl+0xb7/0x540
[  114.185091][    C0]  sock_ioctl+0x727/0xd70
[  114.189602][    C0]  __se_sys_ioctl+0x261/0x450
[  114.194696][    C0]  __x64_sys_ioctl+0x96/0xe0
[  114.199487][    C0]  x64_sys_call+0x18c0/0x3b90
[  114.204368][    C0]  do_syscall_64+0xcd/0x1e0
[  114.209064][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.215133][    C0] 
[  114.217511][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.10.0-rc4-syzkaller-dirty #0
[  114.226738][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  114.236984][    C0] =====================================================
[  114.244114][    C0] Disabling lock debugging due to kernel taint
[  114.250782][    C0] Kernel panic - not syncing: kmsan.panic set ...
[  114.257250][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B              6.10.0-rc4-syzkaller-dirty #0
[  114.267410][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  114.277561][    C0] Call Trace:
[  114.280892][    C0]  <IRQ>
[  114.283786][    C0]  dump_stack_lvl+0x216/0x2d0
[  114.288571][    C0]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  114.294499][    C0]  dump_stack+0x1e/0x30
[  114.298749][    C0]  panic+0x4e2/0xcd0
[  114.302817][    C0]  ? kmsan_get_metadata+0xb1/0x1d0
[  114.308066][    C0]  kmsan_report+0x2d5/0x2e0
[  114.312721][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.318200][    C0]  ? __msan_warning+0x95/0x120
[  114.323067][    C0]  ? receive_buf+0x25e3/0x5fd0
[  114.327937][    C0]  ? virtnet_poll+0xd1c/0x23c0
[  114.332904][    C0]  ? __napi_poll+0xe7/0x980
[  114.337566][    C0]  ? net_rx_action+0x82a/0x1850
[  114.342539][    C0]  ? handle_softirqs+0x1ce/0x800
[  114.347687][    C0]  ? __irq_exit_rcu+0x68/0x120
[  114.352577][    C0]  ? irq_exit_rcu+0x12/0x20
[  114.357170][    C0]  ? common_interrupt+0x94/0xa0
[  114.362308][    C0]  ? asm_common_interrupt+0x2b/0x40
[  114.367636][    C0]  ? acpi_safe_halt+0x25/0x30
[  114.372535][    C0]  ? acpi_idle_do_entry+0x22/0x40
[  114.377754][    C0]  ? acpi_idle_enter+0xa1/0xc0
[  114.382617][    C0]  ? cpuidle_enter_state+0xcb/0x250
[  114.387914][    C0]  ? cpuidle_enter+0x7f/0xf0
[  114.392631][    C0]  ? do_idle+0x551/0x750
[  114.396963][    C0]  ? cpu_startup_entry+0x65/0x80
[  114.401979][    C0]  ? rest_init+0x1e8/0x260
[  114.406488][    C0]  ? start_kernel+0x92c/0xa70
[  114.411277][    C0]  ? x86_64_start_reservations+0x2e/0x30
[  114.417062][    C0]  ? x86_64_start_kernel+0x98/0xa0
[  114.422838][    C0]  ? common_startup_64+0x12c/0x137
[  114.428096][    C0]  ? kmsan_internal_memmove_metadata+0x17b/0x230
[  114.434850][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.440427][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.446050][    C0]  ? page_to_skb+0xdae/0x1620
[  114.450931][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.456277][    C0]  __msan_warning+0x95/0x120
[  114.460988][    C0]  receive_buf+0x25e3/0x5fd0
[  114.465686][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.471013][    C0]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  114.477029][    C0]  virtnet_poll+0xd1c/0x23c0
[  114.481755][    C0]  ? __pfx_virtnet_poll+0x10/0x10
[  114.486892][    C0]  __napi_poll+0xe7/0x980
[  114.491329][    C0]  ? kmsan_get_metadata+0x146/0x1d0
[  114.496652][    C0]  net_rx_action+0x82a/0x1850
[  114.501454][    C0]  ? sched_clock_cpu+0x55/0x870
[  114.506415][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  114.511641][    C0]  handle_softirqs+0x1ce/0x800
[  114.516691][    C0]  __irq_exit_rcu+0x68/0x120
[  114.521462][    C0]  irq_exit_rcu+0x12/0x20
[  114.525906][    C0]  common_interrupt+0x94/0xa0
[  114.530773][    C0]  </IRQ>
[  114.533771][    C0]  <TASK>
[  114.536758][    C0]  asm_common_interrupt+0x2b/0x40
[  114.542185][    C0] RIP: 0010:acpi_safe_halt+0x25/0x30
[  114.547620][    C0] Code: 90 90 90 90 90 55 48 89 e5 65 48 8b 04 25 80 5e 0a 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 6b 58 44 00 f3 0f 1e fa fb f4 <fa> 5d c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90
[  114.567621][    C0] RSP: 0018:ffffffff90e03ce8 EFLAGS: 00000246
[  114.573874][    C0] RAX: ffffffff90e2bdc0 RBX: ffffffff91286eb0 RCX: 0000000000000001
[  114.581921][    C0] RDX: ffff888103176464 RSI: ffffffff91286eb0 RDI: ffff888103176464
[  114.589991][    C0] RBP: ffffffff90e03ce8 R08: ffffea000000000f R09: 00000000000000ff
[  114.598071][    C0] R10: ffff88823f173dc2 R11: ffffffff8f790610 R12: ffff888106278400
[  114.606347][    C0] R13: ffffffff91286f30 R14: 0000000000000001 R15: 0000000000000001
[  114.614502][    C0]  ? __pfx_acpi_idle_enter+0x10/0x10
[  114.620219][    C0]  acpi_idle_do_entry+0x22/0x40
[  114.625320][    C0]  acpi_idle_enter+0xa1/0xc0
[  114.630012][    C0]  cpuidle_enter_state+0xcb/0x250
[  114.635136][    C0]  cpuidle_enter+0x7f/0xf0
[  114.639660][    C0]  do_idle+0x551/0x750
[  114.643814][    C0]  cpu_startup_entry+0x65/0x80
[  114.648680][    C0]  rest_init+0x1e8/0x260
[  114.653022][    C0]  start_kernel+0x92c/0xa70
[  114.657789][    C0]  x86_64_start_reservations+0x2e/0x30
[  114.663371][    C0]  x86_64_start_kernel+0x98/0xa0
[  114.668439][    C0]  common_startup_64+0x12c/0x137
[  114.673688][    C0]  </TASK>
[  114.677305][    C0] Kernel Offset: disabled
[  114.681725][    C0] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build891887690=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at ca620dd8f9
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=ca620dd8f97f5b3a9134b687b5584203019518fb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240405-142321'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=ca620dd8f97f5b3a9134b687b5584203019518fb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240405-142321'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=ca620dd8f97f5b3a9134b687b5584203019518fb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240405-142321'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"ca620dd8f97f5b3a9134b687b5584203019518fb\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=17bcf6da980000


Tested on:

commit:         6ba59ff4 Linux 6.10-rc4
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=95d734ed31cad8a0
dashboard link: https://syzkaller.appspot.com/bug?extid=d31185aa54170f7fc1f5
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11bfceda980000