All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alan Stern <stern@rowland.harvard.edu>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Vegard Nossum <vegard.nossum@oracle.com>,
	<chunfeng.yun@mediatek.com>, <geert@linux-m68k.org>,
	USB list <linux-usb@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	syzkaller <syzkaller@googlegroups.com>,
	Kostya Serebryany <kcc@google.com>,
	Alexander Potapenko <glider@google.com>
Subject: Re: usb: memory allocation WARNING in hcd_buffer_alloc
Date: Tue, 5 Jul 2016 11:42:02 -0400 (EDT)	[thread overview]
Message-ID: <Pine.LNX.4.44L0.1607051138130.1549-100000@iolanthe.rowland.org> (raw)
In-Reply-To: <CACT4Y+YakBa6x9o7r93VwFtcLYpcti-CanLmJ1=fA0rRWg1oZQ@mail.gmail.com>

On Tue, 5 Jul 2016, Dmitry Vyukov wrote:

> Hello,
> 
> The following program trigger the following WARNING:
> 
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 6263 at mm/page_alloc.c:3584[<     inline     >]
> __alloc_pages_slowpath mm/page_alloc.c:3584
> WARNING: CPU: 0 PID: 6263 at mm/page_alloc.c:3584[<      none      >]
> __alloc_pages_nodemask+0x1731/0x2350 mm/page_alloc.c:3854
> Modules linked in:
> CPU: 0 PID: 6263 Comm: a.out Not tainted 4.7.0-rc5+ #28
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>  ffffffff880b58e0 ffff88006ad3f778 ffffffff82cc01af ffffffff86cf92c0
>  fffffbfff1016b1c 0000000000000000 0000000000000000 ffffffff86cf92c0
>  ffffffff816b7881 0000000000000009 ffff88006ad3f7c0 ffffffff8136d17f
> Call Trace:
>  [<     inline     >] __dump_stack lib/dump_stack.c:15
>  [<ffffffff82cc01af>] dump_stack+0x12e/0x18f lib/dump_stack.c:51
>  [<ffffffff8136d17f>] __warn+0x19f/0x1e0 kernel/panic.c:516
>  [<ffffffff8136d38c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:551
>  [<     inline     >] __alloc_pages_slowpath mm/page_alloc.c:3584
>  [<ffffffff816b7881>] __alloc_pages_nodemask+0x1731/0x2350 mm/page_alloc.c:3854
>  [<     inline     >] __alloc_pages include/linux/gfp.h:432
>  [<     inline     >] __alloc_pages_node include/linux/gfp.h:445
>  [<     inline     >] alloc_pages_node include/linux/gfp.h:459
>  [<ffffffff8120b28f>] dma_generic_alloc_coherent+0xff/0x250
> arch/x86/kernel/pci-dma.c:102
>  [<     inline     >] dma_alloc_attrs include/linux/dma-mapping.h:374
>  [<     inline     >] dma_alloc_coherent include/linux/dma-mapping.h:401
>  [<ffffffff84699f1d>] hcd_buffer_alloc+0x1dd/0x400 drivers/usb/core/buffer.c:140
>  [<ffffffff8465a670>] usb_alloc_coherent+0x60/0x80 drivers/usb/core/usb.c:740
>  [<ffffffff846a12ba>] usbdev_mmap+0x19a/0x650 drivers/usb/core/devio.c:244
>  [<ffffffff8175ae2f>] mmap_region+0x87f/0xfe0 mm/mmap.c:1507
>  [<ffffffff8175bf2d>] do_mmap+0x99d/0xbf0 mm/mmap.c:1286
>  [<     inline     >] do_mmap_pgoff include/linux/mm.h:2005
>  [<ffffffff81701e66>] vm_mmap_pgoff+0x156/0x1a0 mm/util.c:302
>  [<     inline     >] SYSC_mmap_pgoff mm/mmap.c:1336
>  [<ffffffff81754dea>] SyS_mmap_pgoff+0x34a/0x580 mm/mmap.c:1294
>  [<     inline     >] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95
>  [<ffffffff81208ff6>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
>  [<ffffffff86a94e00>] entry_SYSCALL_64_fastpath+0x23/0xc1
> arch/x86/entry/entry_64.S:207
> ---[ end trace 94402e12bc6578e5 ]---
> 
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include <pthread.h>
> #include <stdint.h>
> #include <string.h>
> #include <sys/syscall.h>
> #include <unistd.h>
> #include <sys/mman.h>
> 
> int main()
> {
>   int fd = open("/dev/bus/usb/001/001", 0x800ul, 0);
>   mmap((void*)0x201c4000ul, 0xc00000ul, 0x3ul, 0x20012ul, fd, 0x0ul);
>   return 0;
> }
> 
> On commit 1a0a02d1efa066001fd315c1b4df583d939fa2c4 (Jun 30).

This is an attempt to allocate 12 MB of coherent memory.  As far as I 
can tell, the WARNING refers to invalid bits set in the gfp_mask.

However the original allocation comes from usbdev_mmap() in 
drivers/usb/core/devio.c:

	mem = usb_alloc_coherent(ps->dev, size, GFP_USER, &dma_handle);

I don't see how that ends up causing the WARNING.

Alan Stern

  reply	other threads:[~2016-07-05 15:42 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-05 12:13 usb: memory allocation WARNING in hcd_buffer_alloc Dmitry Vyukov
2016-07-05 15:42 ` Alan Stern [this message]
2016-07-05 15:58   ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.44L0.1607051138130.1549-100000@iolanthe.rowland.org \
    --to=stern@rowland.harvard.edu \
    --cc=chunfeng.yun@mediatek.com \
    --cc=dvyukov@google.com \
    --cc=geert@linux-m68k.org \
    --cc=glider@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kcc@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    --cc=vegard.nossum@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.