[syzbot] [input?] [mm?] WARNING in get_taint
From: syzbot
Date: Wed Jul 24 2024 - 05:45:52 EST
Hello,
syzbot found the following issue on:
HEAD commit: 933069701c1b Merge tag '6.11-rc-smb3-server-fixes' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16a3dcb1980000
kernel config: https://syzkaller.appspot.com/x/.config?x=e5bbfd9a8c60696e
dashboard link: https://syzkaller.appspot.com/bug?extid=a34cc64ce2f703da7c62
compiler: arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=119babfd980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12c02411980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/8ead8862021c/non_bootable_disk-93306970.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/662be7a678a5/vmlinux-93306970.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1fc4540c602b/zImage-93306970.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a34cc64ce2f703da7c62@xxxxxxxxxxxxxxxxxxxxxxxxx
WARNING: CPU: 0 PID: 3006 at mm/page_alloc.c:4672 __alloc_pages_noprof+0xfbc/0x1170 mm/page_alloc.c:4672
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 0 UID: 0 PID: 3006 Comm: syz-executor872 Not tainted 6.10.0-syzkaller #0
Hardware name: ARM-Versatile Express
Call trace:
[<818ef10c>] (dump_backtrace) from [<818ef208>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257)
r7:00000000 r6:82622804 r5:00000000 r4:81feb1a4
[<818ef1f0>] (show_stack) from [<8190c848>] (__dump_stack lib/dump_stack.c:93 [inline])
[<818ef1f0>] (show_stack) from [<8190c848>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:119)
[<8190c7f4>] (dump_stack_lvl) from [<8190c888>] (dump_stack+0x18/0x1c lib/dump_stack.c:128)
r5:00000000 r4:82863d0c
[<8190c870>] (dump_stack) from [<818efcb0>] (panic+0x120/0x358 kernel/panic.c:348)
[<818efb90>] (panic) from [<80241f4c>] (check_panic_on_warn kernel/panic.c:241 [inline])
[<818efb90>] (panic) from [<80241f4c>] (get_taint+0x0/0x1c kernel/panic.c:236)
r3:8260c5c4 r2:00000001 r1:81fd3dfc r0:81fdb810
r7:804b3e38
[<80241ed8>] (check_panic_on_warn) from [<802420a0>] (__warn+0x7c/0x180 kernel/panic.c:735)
[<80242024>] (__warn) from [<8024231c>] (warn_slowpath_fmt+0x178/0x1f4 kernel/panic.c:760)
r8:00000009 r7:8200455c r6:df979c24 r5:841c3c00 r4:00000000
[<802421a8>] (warn_slowpath_fmt) from [<804b3e38>] (__alloc_pages_noprof+0xfbc/0x1170 mm/page_alloc.c:4672)
r10:00000014 r9:840b0204 r8:ffffffff r7:841c3c00 r6:00000dc0 r5:00000000
r4:00000000
[<804b2e7c>] (__alloc_pages_noprof) from [<804b8f38>] (__alloc_pages_node_noprof include/linux/gfp.h:269 [inline])
[<804b2e7c>] (__alloc_pages_noprof) from [<804b8f38>] (alloc_pages_node_noprof include/linux/gfp.h:296 [inline])
[<804b2e7c>] (__alloc_pages_noprof) from [<804b8f38>] (___kmalloc_large_node+0x50/0xac mm/slub.c:4103)
r10:841c3c00 r9:840b0204 r8:ffffffff r7:804c0de8 r6:00000dc0 r5:00000000
r4:00000014
[<804b8ee8>] (___kmalloc_large_node) from [<804b9b10>] (__kmalloc_large_node_noprof+0x24/0x114 mm/slub.c:4130)
r7:804c0de8 r6:00000dc0 r5:ffffffff r4:80000002
[<804b9aec>] (__kmalloc_large_node_noprof) from [<804c0de8>] (__do_kmalloc_node mm/slub.c:4146 [inline])
[<804b9aec>] (__kmalloc_large_node_noprof) from [<804c0de8>] (__kmalloc_noprof+0x324/0x458 mm/slub.c:4170)
r10:841c3c00 r9:840b0204 r8:841c3c00 r7:00000dc0 r6:84191400 r5:ffffffff
r4:80000002
[<804c0ac4>] (__kmalloc_noprof) from [<80f696ec>] (kmalloc_noprof include/linux/slab.h:685 [inline])
[<804c0ac4>] (__kmalloc_noprof) from [<80f696ec>] (kzalloc_noprof include/linux/slab.h:807 [inline])
[<804c0ac4>] (__kmalloc_noprof) from [<80f696ec>] (input_mt_init_slots+0x60/0x1f0 drivers/input/input-mt.c:50)
r10:841c3c00 r9:840b0204 r8:00000000 r7:00000000 r6:84191400 r5:00000000
r4:80000002
[<80f6968c>] (input_mt_init_slots) from [<80f98f28>] (uinput_create_device drivers/input/misc/uinput.c:328 [inline])
[<80f6968c>] (input_mt_init_slots) from [<80f98f28>] (uinput_ioctl_handler+0x9c0/0xc54 drivers/input/misc/uinput.c:904)
r8:00000000 r7:00000000 r6:840b0200 r5:00000000 r4:84191400
[<80f98568>] (uinput_ioctl_handler) from [<80f991d0>] (uinput_ioctl+0x14/0x18 drivers/input/misc/uinput.c:1075)
r9:00000003 r8:83f446c0 r7:00000000 r6:83f446c0 r5:00000000 r4:00005501
[<80f991bc>] (uinput_ioctl) from [<8051a210>] (vfs_ioctl fs/ioctl.c:51 [inline])
[<80f991bc>] (uinput_ioctl) from [<8051a210>] (do_vfs_ioctl fs/ioctl.c:861 [inline])
[<80f991bc>] (uinput_ioctl) from [<8051a210>] (__do_sys_ioctl fs/ioctl.c:905 [inline])
[<80f991bc>] (uinput_ioctl) from [<8051a210>] (sys_ioctl+0x134/0xda4 fs/ioctl.c:893)
[<8051a0dc>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdf979fa8 to 0xdf979ff0)
9fa0: ffffffff 00000000 00000003 00005501 00000000 00000000
9fc0: ffffffff 00000000 0008e050 00000036 7ef58e0c 00000000 000f4240 00000000
9fe0: 7ef58c70 7ef58c60 00010abc 0002ec20
r10:00000036 r9:841c3c00 r8:8020029c r7:00000036 r6:0008e050 r5:00000000
r4:ffffffff
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup