* usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
@ 2017-09-21 15:38 Andrey Konovalov
2017-09-22 9:35 ` Takashi Iwai
0 siblings, 1 reply; 7+ messages in thread
From: Andrey Konovalov @ 2017-09-21 15:38 UTC (permalink / raw)
To: Jaroslav Kysela, Takashi Iwai, Markus Elfring, alsa-devel, LKML
Cc: Dmitry Vyukov, Kostya Serebryany, syzkaller
Hi!
I've got the following report while fuzzing the kernel with syzkaller.
On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
__alloc_pages_slowpath+0x1ef2/0x2d70
Modules linked in:
CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
4.14.0-rc1-42251-gebb2c2437d80 #215
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: usb_hub_wq hub_event
task: ffff8800643c18c0 task.stack: ffff88006b658000
RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
Call Trace:
__alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
alloc_pages ./include/linux/gfp.h:505
__get_free_pages+0x14/0x50 mm/page_alloc.c:4248
usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
us122l_start+0xb0/0x250 sound/usb/usx2y/us122l.c:355
us122l_create_card sound/usb/usx2y/us122l.c:502
us122l_usb_probe sound/usb/usx2y/us122l.c:588
snd_us122l_probe+0xa62/0x15d0 sound/usb/usx2y/us122l.c:623
usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26e/0x3d0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932
generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174
usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26e/0x3d0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457
hub_port_connect drivers/usb/core/hub.c:4903
hub_port_connect_change drivers/usb/core/hub.c:5009
port_event drivers/usb/core/hub.c:5115
hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195
process_one_work+0xc7f/0x1db0 kernel/workqueue.c:2119
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
kthread+0x3a1/0x470 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
Code: be 47 00 00 00 48 c7 c7 20 42 8b 85 c6 05 5e 35 99 05 01 e8 91
1f cb ff 48 8b 8d d8 f8 ff ff 44 8b 9d 50 f9 ff ff e9 57 fc ff ff <0f>
ff e9 79 e3 ff ff 0f ff c7 85 e8 f8 ff ff 00 00 00 00 89 d8
---[ end trace 78800971cbd5f94f ]---
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
2017-09-21 15:38 usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath Andrey Konovalov
@ 2017-09-22 9:35 ` Takashi Iwai
0 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2017-09-22 9:35 UTC (permalink / raw)
To: Andrey Konovalov
Cc: Jaroslav Kysela, Takashi Iwai, Markus Elfring, alsa-devel, LKML,
Kostya Serebryany, syzkaller, Dmitry Vyukov
On Thu, 21 Sep 2017 17:38:53 +0200,
Andrey Konovalov wrote:
>
> Hi!
>
> I've got the following report while fuzzing the kernel with syzkaller.
>
> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> __alloc_pages_slowpath+0x1ef2/0x2d70
> Modules linked in:
> CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> 4.14.0-rc1-42251-gebb2c2437d80 #215
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> Workqueue: usb_hub_wq hub_event
> task: ffff8800643c18c0 task.stack: ffff88006b658000
> RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
> RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
> RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
> RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
> RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
> RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
> R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
> R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
> FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
> Call Trace:
> __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
> alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
> alloc_pages ./include/linux/gfp.h:505
> __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
> usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
The warning itself should be harmless, indicating only that the driver
tries to allocate too high-order memory pages. The error path handles
the allocation error gracefully, so basically we can suppress the
warning by adding __GFP_NOWARN, in addition to a sanity check in the
caller side.
I've been traveling and will be traveling again in the next week, so
I'll cook up once after back to work again.
thanks,
Takashi
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
@ 2017-09-22 9:35 ` Takashi Iwai
0 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2017-09-22 9:35 UTC (permalink / raw)
To: Andrey Konovalov
Cc: alsa-devel, LKML, Takashi Iwai, Kostya Serebryany, syzkaller,
Markus Elfring, Dmitry Vyukov
On Thu, 21 Sep 2017 17:38:53 +0200,
Andrey Konovalov wrote:
>
> Hi!
>
> I've got the following report while fuzzing the kernel with syzkaller.
>
> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> __alloc_pages_slowpath+0x1ef2/0x2d70
> Modules linked in:
> CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> 4.14.0-rc1-42251-gebb2c2437d80 #215
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> Workqueue: usb_hub_wq hub_event
> task: ffff8800643c18c0 task.stack: ffff88006b658000
> RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
> RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
> RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
> RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
> RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
> RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
> R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
> R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
> FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
> Call Trace:
> __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
> alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
> alloc_pages ./include/linux/gfp.h:505
> __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
> usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
The warning itself should be harmless, indicating only that the driver
tries to allocate too high-order memory pages. The error path handles
the allocation error gracefully, so basically we can suppress the
warning by adding __GFP_NOWARN, in addition to a sanity check in the
caller side.
I've been traveling and will be traveling again in the next week, so
I'll cook up once after back to work again.
thanks,
Takashi
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
2017-09-22 9:35 ` Takashi Iwai
@ 2017-10-02 12:14 ` Takashi Iwai
-1 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2017-10-02 12:14 UTC (permalink / raw)
To: Andrey Konovalov
Cc: alsa-devel, Dmitry Vyukov, Kostya Serebryany, syzkaller,
Jaroslav Kysela, Markus Elfring, LKML
On Fri, 22 Sep 2017 11:35:49 +0200,
Takashi Iwai wrote:
>
> On Thu, 21 Sep 2017 17:38:53 +0200,
> Andrey Konovalov wrote:
> >
> > Hi!
> >
> > I've got the following report while fuzzing the kernel with syzkaller.
> >
> > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
> >
> > ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> > __alloc_pages_slowpath+0x1ef2/0x2d70
> > Modules linked in:
> > CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> > 4.14.0-rc1-42251-gebb2c2437d80 #215
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> > Workqueue: usb_hub_wq hub_event
> > task: ffff8800643c18c0 task.stack: ffff88006b658000
> > RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
> > RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
> > RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
> > RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
> > RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
> > RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
> > RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
> > R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
> > R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
> > FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
> > Call Trace:
> > __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
> > alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
> > alloc_pages ./include/linux/gfp.h:505
> > __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
> > usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
>
> The warning itself should be harmless, indicating only that the driver
> tries to allocate too high-order memory pages. The error path handles
> the allocation error gracefully, so basically we can suppress the
> warning by adding __GFP_NOWARN, in addition to a sanity check in the
> caller side.
>
> I've been traveling and will be traveling again in the next week, so
> I'll cook up once after back to work again.
Andrey, could you check the patch below? It should suppress the
spurious warnings.
thanks,
Takashi
-- 8< --
From: Takashi Iwai <tiwai@suse.de>
Subject: [PATCH] ALSA: usx2y: Suppress kernel warning at page allocation
failures
The usx2y driver allocates the stream read/write buffers in continuous
pages depending on the stream setup, and this may spew the kernel
warning messages with a stack trace like:
WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
__alloc_pages_slowpath+0x1ef2/0x2d70
Modules linked in:
CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
....
It may confuse user as if it were any serious error, although this is
no fatal error and the driver handles the error case gracefully.
Since the driver has already some sanity check of the given size (128
and 256 pages), it can't pass any crazy value. So it's merely page
fragmentation.
This patch adds __GFP_NOWARN to each caller for suppressing such
kernel warnings. The original issue was spotted by syzkaller.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/usb/usx2y/usb_stream.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
index 4dab49080700..e229abd21652 100644
--- a/sound/usb/usx2y/usb_stream.c
+++ b/sound/usb/usx2y/usb_stream.c
@@ -191,7 +191,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
}
pg = get_order(read_size);
- sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
+ sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
+ __GFP_NOWARN, pg);
if (!sk->s) {
snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
goto out;
@@ -211,7 +212,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
pg = get_order(write_size);
sk->write_page =
- (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
+ (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
+ __GFP_NOWARN, pg);
if (!sk->write_page) {
snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
usb_stream_free(sk);
--
2.14.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
@ 2017-10-02 12:14 ` Takashi Iwai
0 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2017-10-02 12:14 UTC (permalink / raw)
To: Andrey Konovalov
Cc: alsa-devel, Dmitry Vyukov, Kostya Serebryany, syzkaller,
Jaroslav Kysela, Markus Elfring, LKML
On Fri, 22 Sep 2017 11:35:49 +0200,
Takashi Iwai wrote:
>
> On Thu, 21 Sep 2017 17:38:53 +0200,
> Andrey Konovalov wrote:
> >
> > Hi!
> >
> > I've got the following report while fuzzing the kernel with syzkaller.
> >
> > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
> >
> > ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> > __alloc_pages_slowpath+0x1ef2/0x2d70
> > Modules linked in:
> > CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> > 4.14.0-rc1-42251-gebb2c2437d80 #215
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> > Workqueue: usb_hub_wq hub_event
> > task: ffff8800643c18c0 task.stack: ffff88006b658000
> > RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
> > RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
> > RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
> > RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
> > RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
> > RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
> > RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
> > R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
> > R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
> > FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
> > Call Trace:
> > __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
> > alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
> > alloc_pages ./include/linux/gfp.h:505
> > __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
> > usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
>
> The warning itself should be harmless, indicating only that the driver
> tries to allocate too high-order memory pages. The error path handles
> the allocation error gracefully, so basically we can suppress the
> warning by adding __GFP_NOWARN, in addition to a sanity check in the
> caller side.
>
> I've been traveling and will be traveling again in the next week, so
> I'll cook up once after back to work again.
Andrey, could you check the patch below? It should suppress the
spurious warnings.
thanks,
Takashi
-- 8< --
From: Takashi Iwai <tiwai@suse.de>
Subject: [PATCH] ALSA: usx2y: Suppress kernel warning at page allocation
failures
The usx2y driver allocates the stream read/write buffers in continuous
pages depending on the stream setup, and this may spew the kernel
warning messages with a stack trace like:
WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
__alloc_pages_slowpath+0x1ef2/0x2d70
Modules linked in:
CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
....
It may confuse user as if it were any serious error, although this is
no fatal error and the driver handles the error case gracefully.
Since the driver has already some sanity check of the given size (128
and 256 pages), it can't pass any crazy value. So it's merely page
fragmentation.
This patch adds __GFP_NOWARN to each caller for suppressing such
kernel warnings. The original issue was spotted by syzkaller.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/usb/usx2y/usb_stream.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
index 4dab49080700..e229abd21652 100644
--- a/sound/usb/usx2y/usb_stream.c
+++ b/sound/usb/usx2y/usb_stream.c
@@ -191,7 +191,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
}
pg = get_order(read_size);
- sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
+ sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
+ __GFP_NOWARN, pg);
if (!sk->s) {
snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
goto out;
@@ -211,7 +212,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
pg = get_order(write_size);
sk->write_page =
- (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
+ (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
+ __GFP_NOWARN, pg);
if (!sk->write_page) {
snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
usb_stream_free(sk);
--
2.14.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
2017-10-02 12:14 ` Takashi Iwai
(?)
@ 2017-10-02 14:34 ` Andrey Konovalov
2017-10-02 16:11 ` Takashi Iwai
-1 siblings, 1 reply; 7+ messages in thread
From: Andrey Konovalov @ 2017-10-02 14:34 UTC (permalink / raw)
To: Takashi Iwai
Cc: alsa-devel, Dmitry Vyukov, Kostya Serebryany, syzkaller,
Jaroslav Kysela, Markus Elfring, LKML
On Mon, Oct 2, 2017 at 2:14 PM, Takashi Iwai <tiwai@suse.de> wrote:
> On Fri, 22 Sep 2017 11:35:49 +0200,
> Takashi Iwai wrote:
>>
>> On Thu, 21 Sep 2017 17:38:53 +0200,
>> Andrey Konovalov wrote:
>> >
>> > Hi!
>> >
>> > I've got the following report while fuzzing the kernel with syzkaller.
>> >
>> > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>> >
>> > ------------[ cut here ]------------
>> > WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
>> > __alloc_pages_slowpath+0x1ef2/0x2d70
>> > Modules linked in:
>> > CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
>> > 4.14.0-rc1-42251-gebb2c2437d80 #215
>> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>> > Workqueue: usb_hub_wq hub_event
>> > task: ffff8800643c18c0 task.stack: ffff88006b658000
>> > RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
>> > RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
>> > RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
>> > RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
>> > RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
>> > RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
>> > RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
>> > R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
>> > R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
>> > FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
>> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> > CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
>> > Call Trace:
>> > __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
>> > alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
>> > alloc_pages ./include/linux/gfp.h:505
>> > __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
>> > usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
>>
>> The warning itself should be harmless, indicating only that the driver
>> tries to allocate too high-order memory pages. The error path handles
>> the allocation error gracefully, so basically we can suppress the
>> warning by adding __GFP_NOWARN, in addition to a sanity check in the
>> caller side.
>>
>> I've been traveling and will be traveling again in the next week, so
>> I'll cook up once after back to work again.
>
> Andrey, could you check the patch below? It should suppress the
> spurious warnings.
Hi Takashi,
Your patch fixes the report triggered by my reproducer.
Thanks!
Tested-by: Andrey Konovalov <andreyknvl@google.com>
>
>
> thanks,
>
> Takashi
>
> -- 8< --
> From: Takashi Iwai <tiwai@suse.de>
> Subject: [PATCH] ALSA: usx2y: Suppress kernel warning at page allocation
> failures
>
> The usx2y driver allocates the stream read/write buffers in continuous
> pages depending on the stream setup, and this may spew the kernel
> warning messages with a stack trace like:
> WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> __alloc_pages_slowpath+0x1ef2/0x2d70
> Modules linked in:
> CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> ....
>
> It may confuse user as if it were any serious error, although this is
> no fatal error and the driver handles the error case gracefully.
> Since the driver has already some sanity check of the given size (128
> and 256 pages), it can't pass any crazy value. So it's merely page
> fragmentation.
>
> This patch adds __GFP_NOWARN to each caller for suppressing such
> kernel warnings. The original issue was spotted by syzkaller.
>
> Reported-by: Andrey Konovalov <andreyknvl@google.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> ---
> sound/usb/usx2y/usb_stream.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
> index 4dab49080700..e229abd21652 100644
> --- a/sound/usb/usx2y/usb_stream.c
> +++ b/sound/usb/usx2y/usb_stream.c
> @@ -191,7 +191,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
> }
>
> pg = get_order(read_size);
> - sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
> + sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
> + __GFP_NOWARN, pg);
> if (!sk->s) {
> snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
> goto out;
> @@ -211,7 +212,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
> pg = get_order(write_size);
>
> sk->write_page =
> - (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
> + (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
> + __GFP_NOWARN, pg);
> if (!sk->write_page) {
> snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
> usb_stream_free(sk);
> --
> 2.14.1
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath
2017-10-02 14:34 ` Andrey Konovalov
@ 2017-10-02 16:11 ` Takashi Iwai
0 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2017-10-02 16:11 UTC (permalink / raw)
To: Andrey Konovalov
Cc: alsa-devel, Dmitry Vyukov, Kostya Serebryany, syzkaller,
Jaroslav Kysela, Markus Elfring, LKML
On Mon, 02 Oct 2017 16:34:57 +0200,
Andrey Konovalov wrote:
>
> On Mon, Oct 2, 2017 at 2:14 PM, Takashi Iwai <tiwai@suse.de> wrote:
> > On Fri, 22 Sep 2017 11:35:49 +0200,
> > Takashi Iwai wrote:
> >>
> >> On Thu, 21 Sep 2017 17:38:53 +0200,
> >> Andrey Konovalov wrote:
> >> >
> >> > Hi!
> >> >
> >> > I've got the following report while fuzzing the kernel with syzkaller.
> >> >
> >> > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
> >> >
> >> > ------------[ cut here ]------------
> >> > WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
> >> > __alloc_pages_slowpath+0x1ef2/0x2d70
> >> > Modules linked in:
> >> > CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
> >> > 4.14.0-rc1-42251-gebb2c2437d80 #215
> >> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> >> > Workqueue: usb_hub_wq hub_event
> >> > task: ffff8800643c18c0 task.stack: ffff88006b658000
> >> > RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
> >> > RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
> >> > RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
> >> > RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
> >> > RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
> >> > RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
> >> > RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
> >> > R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
> >> > R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
> >> > FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
> >> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >> > CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
> >> > Call Trace:
> >> > __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
> >> > alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
> >> > alloc_pages ./include/linux/gfp.h:505
> >> > __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
> >> > usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214
> >>
> >> The warning itself should be harmless, indicating only that the driver
> >> tries to allocate too high-order memory pages. The error path handles
> >> the allocation error gracefully, so basically we can suppress the
> >> warning by adding __GFP_NOWARN, in addition to a sanity check in the
> >> caller side.
> >>
> >> I've been traveling and will be traveling again in the next week, so
> >> I'll cook up once after back to work again.
> >
> > Andrey, could you check the patch below? It should suppress the
> > spurious warnings.
>
> Hi Takashi,
>
> Your patch fixes the report triggered by my reproducer.
>
> Thanks!
>
> Tested-by: Andrey Konovalov <andreyknvl@google.com>
Great, queued to for-linus branch now.
Thanks!
Takashi
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-10-02 16:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-21 15:38 usb/sound/usx2y: warning in usb_stream_new/__alloc_pages_slowpath Andrey Konovalov
2017-09-22 9:35 ` [alsa-devel] " Takashi Iwai
2017-09-22 9:35 ` Takashi Iwai
2017-10-02 12:14 ` [alsa-devel] " Takashi Iwai
2017-10-02 12:14 ` Takashi Iwai
2017-10-02 14:34 ` Andrey Konovalov
2017-10-02 16:11 ` Takashi Iwai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.