syzbot

 sign-in | mailing list | source | docs
🐞 Open [681] 🐞 Fixed [74] 🐞 Invalid [233] Missing Backports [47] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: refcount bug in skb_expand_head

Status: upstream: reported on 2024/06/11 09:12
Reported-by: syzbot+5548b221da2a8515ba2a@syzkaller.appspotmail.com
First crash: 7d03h, last: 7d03h
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: refcount bug in skb_expand_head net 1 636d 636d 0/27 closed as invalid on 2022/11/15 17:18

Sample crash report:
------------[ cut here ]------------
refcount_t: saturated; leaking memory.
WARNING: CPU: 0 PID: 3852 at lib/refcount.c:22 refcount_warn_saturate+0x116/0x1a0 lib/refcount.c:22
Modules linked in:
CPU: 0 PID: 3852 Comm: kworker/0:10 Not tainted 6.1.92-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: wg-crypt-wg2 wg_packet_tx_worker
RIP: 0010:refcount_warn_saturate+0x116/0x1a0 lib/refcount.c:22
Code: 0a 01 48 c7 c7 80 0a 3d 8b e8 36 3f 1a fd 0f 0b eb c5 e8 2d 40 52 fd c6 05 c3 44 27 0a 01 48 c7 c7 00 09 3d 8b e8 1a 3f 1a fd <0f> 0b eb a9 e8 11 40 52 fd c6 05 a8 44 27 0a 01 48 c7 c7 60 09 3d
RSP: 0018:ffffc90013be7730 EFLAGS: 00010246
RAX: d19bdc3c4700e000 RBX: 0000000000000001 RCX: ffff888022b6d940
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff81528ede R09: fffff5200277ce45
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88802154d234 R14: 0000000000200000 R15: ffff88807b75edc0
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fe28000 CR3: 000000000ce8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 refcount_add include/linux/refcount.h:222 [inline]
 skb_expand_head+0x318/0x390 net/core/skbuff.c:2010
 ip6_finish_output2+0x10f6/0x1530 net/ipv6/ip6_output.c:72
 __ip6_finish_output net/ipv6/ip6_output.c:201 [inline]
 ip6_finish_output+0x6a0/0xa80 net/ipv6/ip6_output.c:212
 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
 udp_tunnel6_xmit_skb+0x587/0x9c0 net/ipv6/ip6_udp_tunnel.c:109
 send6+0x6b7/0xac0 drivers/net/wireguard/socket.c:152
 wg_socket_send_skb_to_peer+0x111/0x1d0 drivers/net/wireguard/socket.c:178
 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
 wg_packet_tx_worker+0x1bb/0x810 drivers/net/wireguard/send.c:276
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/11 09:12 linux-6.1.y 88690811da69 b7d9eb04 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: refcount bug in skb_expand_head
* Struck through repros no longer work on HEAD.