[v6.1] WARNING in raw_alloc_io_data
0 views
Skip to first unread message
syzbot
Oct 29, 2025, 3:52:28 PM (2 days ago) Oct 29
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16959c92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=3371074dd5c102b0ca09
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+337107...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6739 at mm/page_alloc.c:5590 __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
Modules linked in:
CPU: 1 PID: 6739 Comm: syz.0.502 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
lr : __alloc_pages+0xac/0x53c mm/page_alloc.c:5584
sp : ffff8000211f7820
x29: ffff8000211f78e0 x28: dfff800000000000 x27: ffff8000211f7840
x26: 1fffe0001b3e36f0 x25: dfff800000000000 x24: ffff70000423ef08
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000040cc0
x20: 0000000000000000 x19: 0000000000000013 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d10fc x15: 0000000020000080
x14: 00000000c0085508 x13: 1ffff00002a180b1 x12: 0000000000000005
x11: 1ffff0000423ef0c x10: 0000000000000000 x9 : 0000000000000001
x8 : ffff800017a8a000 x7 : 0000000000000000 x6 : ffff8000211f7ae8
x5 : ffff8000211f7ae8 x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xa8/0x1e0 mm/slab_common.c:1077
__do_kmalloc_node mm/slab_common.c:924 [inline]
__kmalloc+0x140/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
raw_alloc_io_data+0x1cc/0x298 drivers/usb/gadget/legacy/raw_gadget.c:626
raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:730 [inline]
raw_ioctl+0x974/0x31f4 drivers/usb/gadget/legacy/raw_gadget.c:1268
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 478
hardirqs last enabled at (477): [<ffff8000088d82a8>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (478): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (454): [<ffff8000080309e0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (452): [<ffff8000080309ac>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16959c92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=3371074dd5c102b0ca09
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+337107...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6739 at mm/page_alloc.c:5590 __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
Modules linked in:
CPU: 1 PID: 6739 Comm: syz.0.502 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
lr : __alloc_pages+0xac/0x53c mm/page_alloc.c:5584
sp : ffff8000211f7820
x29: ffff8000211f78e0 x28: dfff800000000000 x27: ffff8000211f7840
x26: 1fffe0001b3e36f0 x25: dfff800000000000 x24: ffff70000423ef08
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000040cc0
x20: 0000000000000000 x19: 0000000000000013 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d10fc x15: 0000000020000080
x14: 00000000c0085508 x13: 1ffff00002a180b1 x12: 0000000000000005
x11: 1ffff0000423ef0c x10: 0000000000000000 x9 : 0000000000000001
x8 : ffff800017a8a000 x7 : 0000000000000000 x6 : ffff8000211f7ae8
x5 : ffff8000211f7ae8 x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xa8/0x1e0 mm/slab_common.c:1077
__do_kmalloc_node mm/slab_common.c:924 [inline]
__kmalloc+0x140/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
raw_alloc_io_data+0x1cc/0x298 drivers/usb/gadget/legacy/raw_gadget.c:626
raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:730 [inline]
raw_ioctl+0x974/0x31f4 drivers/usb/gadget/legacy/raw_gadget.c:1268
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 478
hardirqs last enabled at (477): [<ffff8000088d82a8>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (478): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (454): [<ffff8000080309e0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (452): [<ffff8000080309ac>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 29, 2025, 10:34:27 PM (2 days ago) Oct 29
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13da5f34580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178befe2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+337107...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4496 at mm/page_alloc.c:5590 __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
Modules linked in:
CPU: 0 PID: 4496 Comm: syz.0.17 Not tainted syzkaller #0
x29: ffff800020e678e0 x28: dfff800000000000 x27: ffff800020e67840
x26: 1fffe0001a2816f0 x25: dfff800000000000 x24: ffff7000041ccf08
x8 : ffff800017a8a000 x7 : 0000000000000000 x6 : ffff800020e67ae8
x5 : ffff800020e67ae8 x4 : 0000000000000000 x3 : 0000000000000020
hardirqs last enabled at (1761): [<ffff8000088d82a8>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (1762): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1702): [<ffff8000080309e0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1700): [<ffff8000080309ac>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=3371074dd5c102b0ca09
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16bf3e7c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3371074dd5c102b0ca09
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178befe2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+337107...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 4496 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
lr : __alloc_pages+0xac/0x53c mm/page_alloc.c:5584
sp : ffff800020e67820
pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
lr : __alloc_pages+0xac/0x53c mm/page_alloc.c:5584
x29: ffff800020e678e0 x28: dfff800000000000 x27: ffff800020e67840
x26: 1fffe0001a2816f0 x25: dfff800000000000 x24: ffff7000041ccf08
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000040cc0
x20: 0000000000000000 x19: 0000000000000013 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d10fc x15: 0000000020000080
x14: 00000000c0085508 x13: 1ffff00002a180b1 x12: 0000000000000005
x11: 1ffff000041ccf0c x10: 0000000000000000 x9 : 0000000000000001
x20: 0000000000000000 x19: 0000000000000013 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d10fc x15: 0000000020000080
x14: 00000000c0085508 x13: 1ffff00002a180b1 x12: 0000000000000005
x8 : ffff800017a8a000 x7 : 0000000000000000 x6 : ffff800020e67ae8
x5 : ffff800020e67ae8 x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xa8/0x1e0 mm/slab_common.c:1077
__do_kmalloc_node mm/slab_common.c:924 [inline]
__kmalloc+0x140/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
raw_alloc_io_data+0x1cc/0x298 drivers/usb/gadget/legacy/raw_gadget.c:626
raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:730 [inline]
raw_ioctl+0x974/0x31f4 drivers/usb/gadget/legacy/raw_gadget.c:1268
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1762
Call trace:
__alloc_pages+0xd0/0x53c mm/page_alloc.c:5590
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xa8/0x1e0 mm/slab_common.c:1077
__do_kmalloc_node mm/slab_common.c:924 [inline]
__kmalloc+0x140/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
raw_alloc_io_data+0x1cc/0x298 drivers/usb/gadget/legacy/raw_gadget.c:626
raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:730 [inline]
raw_ioctl+0x974/0x31f4 drivers/usb/gadget/legacy/raw_gadget.c:1268
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
hardirqs last enabled at (1761): [<ffff8000088d82a8>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (1762): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1702): [<ffff8000080309e0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1700): [<ffff8000080309ac>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages