syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1323]
Subsystems
🐞 Fixed [7152]
🐞 Invalid [18910]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING in __alloc_skb (4)

Status: upstream: reported C repro on 2025/08/27 21:55
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+5a2250fd91b28106c37b@syzkaller.appspotmail.com
First crash: 292d, last: 91d
✨ AI Jobs (4)
ID Workflow Result Correct Bug Created Started Finished Revision Error
f30afc44-a0c1-4319-a01b-577478c3ba8f assessment-security 💥 WARNING in __alloc_skb (4) 2026/06/09 20:08 2026/06/09 20:08 2026/06/09 20:11 c36c07f6c1f2230a36374cbd22235f635e8f9284 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/d0c086972798e0368ff7147f553a43092bb78933" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 * * Restart config... * * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Poison kernel stack before returning from syscalls (KSTACK_ERASE) [N/y/?] (NEW) Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 | = help: run `rustc --print target-list` for a list of built-in targets make[3]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/rust/Makefile:508: rust/core.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:1286: prepare] Error 2 make[1]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:248: __sub-make] Error 2 make: *** [Makefile:248: __sub-make] Error 2
612adac3-555e-4dd0-b315-2bb333d3fe03 assessment-security 💥 WARNING in __alloc_skb (4) 2026/06/02 20:37 2026/06/02 20:37 2026/06/02 20:40 62fe15281f5011cd203d8845b8767b10e7443aa5 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/d0c086972798e0368ff7147f553a43092bb78933" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 * * Restart config... * * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Poison kernel stack before returning from syscalls (KSTACK_ERASE) [N/y/?] (NEW) Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 | = help: run `rustc --print target-list` for a list of built-in targets make[3]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/rust/Makefile:508: rust/core.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:1286: prepare] Error 2 make[1]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:248: __sub-make] Error 2 make: *** [Makefile:248: __sub-make] Error 2
fb62b659-f3b7-46ab-a25b-549c6b871372 assessment-security 💥 WARNING in __alloc_skb (4) 2026/05/30 06:47 2026/05/30 06:47 2026/05/30 06:50 6b4a844333e83556da95d61d7f207e7ef5cd4bc6 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/d0c086972798e0368ff7147f553a43092bb78933" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 * * Restart config... * * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Poison kernel stack before returning from syscalls (KSTACK_ERASE) [N/y/?] (NEW) Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n error: error loading target specification: target-pointer-width: invalid type: string "64", expected u16 at line 8 column 32 | = help: run `rustc --print target-list` for a list of built-in targets make[3]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/rust/Makefile:508: rust/core.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:1286: prepare] Error 2 make[1]: *** [/app/workdir/cache/src/8a03cf288e3a395472ceb3e5c14de15abeb21705/Makefile:248: __sub-make] Error 2 make: *** [Makefile:248: __sub-make] Error 2
eef3fe88-ae6d-4399-a294-1014e5c8c0da assessment-security 💥 WARNING in __alloc_skb (4) 2026/05/14 08:26 2026/05/14 08:26 2026/05/14 08:27 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD Updating files: 29% (26350/90656) Updating files: 30% (27197/90656) Updating files: 31% (28104/90656) Updating files: 32% (29010/90656) Updating files: 33% (29917/90656) Updating files: 34% (30824/90656) Updating files: 35% (31730/90656) Updating files: 36% (32637/90656) Updating files: 37% (33543/90656) Updating files: 38% (34450/90656) Updating files: 39% (35356/90656) Updating files: 39% (36053/90656) Updating files: 39% (36149/90656) Updating files: 40% (36263/90656) error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_6_1_default.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_6_1_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_6_1_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_6_1_smn.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_0_default.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_0_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_0_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_0_smn.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_11_0_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_11_0_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_2_0_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_2_0_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_4_0_smn.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_4_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_4_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_7_0_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_7_0_sh_mask.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_9_0_offset.h error: unable to write file drivers/gpu/drm/amd/include/asic_reg/nbio/nbio_7_9_0_sh_mask.h fatal: cannot create directory at 'drivers/gpu/drm/amd/include/asic_reg/oss': No space left on device
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] [PATCH v2] net: skb: guard kmalloc_reserve() against oversized allocations 2 (2) 2025/09/20 20:19
[syzbot] [mm?] [usb?] WARNING in __alloc_skb (4) 2 (8) 2025/09/20 18:55
[PATCH] net: skb: guard kmalloc_reserve() against oversized allocations 2 (2) 2025/09/20 15:38
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-6-12 WARNING in __alloc_skb origin:upstream -1 C 11 56d 294d 0/1 premoderation: reported C repro on 2025/08/22 06:38
upstream WARNING in __alloc_skb (3) ppp -1 C 2 858d 858d 25/29 fixed on 2024/03/29 01:33
upstream WARNING in __alloc_skb arm-msm net -1 C error 24 1920d 1932d 20/29 fixed on 2021/04/09 19:46
linux-6.1 WARNING in __alloc_skb origin:upstream -1 C done 2 946d 946d 3/3 fixed on 2023/12/11 10:30
upstream WARNING in __alloc_skb (2) ppp -1 C done 2 929d 943d 25/29 fixed on 2024/01/20 21:18
linux-5.15 WARNING in __alloc_skb origin:upstream -1 syz 1 247d 333d 0/3 auto-obsoleted due to no activity on 2026/01/16 10:48
Last patch testing requests (11)
Created Duration User Patch Repo Result
2026/05/23 00:49 29m retest repro linux-next log
2026/03/13 09:43 24m retest repro linux-next report log
2026/03/13 09:47 20m retest repro upstream OK log
2025/12/21 05:07 31m retest repro linux-next report log
2025/12/21 04:58 24m retest repro linux-next report log
2025/10/12 04:13 25m retest repro linux-next report log
2025/09/20 18:55 25m kriish.sharma2006@gmail.com patch linux-next report log
2025/09/20 10:59 26m kriish.sharma2006@gmail.com patch linux-next OK log
2025/09/20 02:56 26m hdanton@sina.com patch linux-next OK log
2025/09/20 00:43 25m hdanton@sina.com patch linux-next report log
2025/09/19 16:04 17m kriish.sharma2006@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/ 7fa4d8dc380f report log

Sample crash report:
------------[ cut here ]------------
WARNING: mm/page_alloc.c:5124 at __alloc_frozen_pages_noprof+0x2c8/0x370 mm/page_alloc.c:5124, CPU#0: dhcpcd/5530
Modules linked in:
CPU: 0 UID: 0 PID: 5530 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 mm/page_alloc.c:5124
Code: 74 10 4c 89 e7 89 54 24 0c e8 f4 11 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 fe aa b7 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
RSP: 0018:ffffc90000007780 EFLAGS: 00010246
RAX: ffffc90000007700 RBX: 0000000000000014 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900000077e8
RBP: ffffc90000007870 R08: ffffc900000077e7 R09: 0000000000000000
R10: ffffc900000077c0 R11: fffff52000000efd R12: 0000000000000000
R13: 1ffff92000000ef4 R14: 0000000000060820 R15: dffffc0000000000
FS:  00007f4fd75a9740(0000) GS:ffff8881257c4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffebb07e018 CR3: 000000001dadc000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416
 ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4306
 __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4337
 __do_kmalloc_node mm/slub.c:4353 [inline]
 __kmalloc_node_track_caller_noprof+0x34d/0x4a0 mm/slub.c:4384
 kmalloc_reserve+0x1b8/0x290 net/core/skbuff.c:608
 __alloc_skb+0x142/0x2d0 net/core/skbuff.c:669
 __netdev_alloc_skb+0x108/0x970 net/core/skbuff.c:733
 rx_submit+0x100/0xab0 drivers/net/usb/usbnet.c:-1
 rx_alloc_submit+0xa6/0x140 drivers/net/usb/usbnet.c:1538
 usbnet_bh+0x9a5/0xd70 drivers/net/usb/usbnet.c:1607
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 bh_worker+0x2b1/0x600 kernel/workqueue.c:3579
 tasklet_action+0xc/0x70 kernel/softirq.c:854
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 do_softirq+0xec/0x180 kernel/softirq.c:480
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407
 __dev_open+0x694/0x880 net/core/dev.c:1690
 __dev_change_flags+0x1ea/0x6d0 net/core/dev.c:9549
 netif_change_flags+0x88/0x1a0 net/core/dev.c:9612
 dev_change_flags+0x130/0x260 net/core/dev_api.c:68
 devinet_ioctl+0xbb4/0x1b50 net/ipv4/devinet.c:1200
 inet_ioctl+0x3c0/0x4c0 net/ipv4/af_inet.c:1001
 sock_do_ioctl+0xd9/0x300 net/socket.c:1238
 sock_ioctl+0x576/0x790 net/socket.c:1359
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4fd76a9378
Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d
RSP: 002b:00007ffc26f40168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00007f4fd76a9378
RDX: 00007ffc26f50360 RSI: 0000000000008914 RDI: 0000000000000016
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc26f60500
R13: 00007f4fd75a96c8 R14: 0000000000000028 R15: 0000000000008914
 </TASK>

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/23 21:47 linux-next 7fa4d8dc380f bf27483f .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
2025/10/28 21:33 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in __alloc_skb
2026/02/27 09:21 upstream 3f4a08e64442 a2f13f71 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in __alloc_skb
2025/09/28 03:20 linux-next 262858079afd 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
2025/09/16 01:40 linux-next 590b221ed425 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
2025/09/06 06:37 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
2025/09/02 06:00 linux-next 7fa4d8dc380f 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
2025/08/27 06:38 linux-next 7fa4d8dc380f e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce WARNING in __alloc_skb
* Struck through repros no longer work on HEAD.