On Wed, Jul 27, 2022 at 01:26:49PM +0530, Harshit Mogalapalli wrote: > Hi, > > We have seen a WARNING message while fuzzing with syzkaller. > > > Kernel 5.15.54 on an x86_64 > > localhost login: [ 104.557712] ------------[ cut here ]------------ > [ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358 > __alloc_pages+0x38a/0x410 > [ 104.559584] Modules linked in: > [ 104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1 > [ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.11.0-2.el7 04/01/2014 > [ 104.562190] RIP: 0010:__alloc_pages+0x38a/0x410 > [ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00 > 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f> > 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff > [ 104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246 > [ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX: > dffffc0000000000 > [ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI: > 0000000000040cc0 > [ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09: > 0000000000000000 > [ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12: > 0000000000000001 > [ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15: > 0000000000000000 > [ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000) > knlGS:0000000000000000 > [ 104.572330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4: > 00000000000006e0 > [ 104.574149] Call Trace: > [ 104.574503] <TASK> > [ 104.574838] ? __sanitizer_cov_trace_cmp4+0x25/0x90 > [ 104.575535] ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0 > [ 104.576391] ? bpf_ksym_find+0x171/0x1c0 > [ 104.576985] ? selinux_socket_sendmsg+0x207/0x2d0 > [ 104.577938] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90 > [ 104.578739] alloc_pages+0x191/0x3f0 > [ 104.579258] kmalloc_order+0x34/0xb0 > [ 104.579794] kmalloc_order_trace+0x19/0xa0 > [ 104.580375] sco_sock_sendmsg+0x10f/0x300 > [ 104.581228] ? security_socket_sendmsg+0x8e/0xc0 > > > I have attached the report and the reproducer. A similar warning is seen > on some testing previously. > > Ref: https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@xxxxxxxxxx/ > > Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by > memcpy_from_msg()") is backported to LTS. So we have this bug on LTS > branches. > > The Fix commit is not backported to LTS. > Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg > with bt_skb_sendmsg") > > I have tried backporting onto LTS locally. > > Can you please backport the following commits to these branches. > 4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7) > > 1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream > ("Bluetooth: Add bt_skb_sendmsg helper") > 2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream > ("Bluetooth: Add bt_skb_sendmmsg helper") > 3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream > ("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg") > 4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream > ("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg") > 5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream > ("Bluetooth: Fix passing NULL to PTR_ERR") > 6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream > ("Bluetooth: SCO: Fix sco_send_frame returning > skb->len") > 7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream > ("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks") > > > Notes: > 3 is the fix for the WARNING. > 1,2 are prerequisites for applying 3. At this stage the WARNING is fixed. > 4,5,6,7 are necessary as they are fixing newly introduced commits by us. > > This is a clean cherry-pick series(7 commits) on all mentioned branches(LTS > 4.14->5.15) > > I have tested all mentioned LTS branches with the reproducer(only) and the > WARNING is fixed after applying these 7 patches. All now queued up, thanks. greg k-h
