syzbot

 sign-in | mailing list | source | docs
🐞 Open [1159] 🐞 Fixed [4315] 🐞 Invalid [9651] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in pskb_expand_head

Status: upstream: reported C repro on 2021/01/24 20:51
Reported-by: syzbot+a1c17e56a8a62294c714@syzkaller.appspotmail.com
Fix commit: dbae2b062824 net: skb: introduce and use a single page frag cache
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 741d, last: 91d

Cause bisection: introduced by (bisect log) :
commit 3226b158e67cfaa677fd180152bfb28989cb2fac
Author: Eric Dumazet <edumazet@google.com>
Date: Wed Jan 13 16:18:19 2021 +0000

  net: avoid 32 x truesize under-estimation for tiny skbs

Crash: WARNING in pskb_expand_head (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit dbae2b062824fc2d35ae2d5df2f500626c758e80
Author: Paolo Abeni <pabeni@redhat.com>
Date: Wed Sep 28 08:43:09 2022 +0000

  net: skb: introduce and use a single page frag cache


Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3612 at mm/page_alloc.c:5491 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5491
Modules linked in:
CPU: 0 PID: 3612 Comm: syz-executor281 Not tainted 6.0.0-rc5-syzkaller-00025-g3245cb65fd91 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5491
Code: 5c 24 04 0f 85 f3 00 00 00 44 89 e1 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cc 41 89 cc e9 e3 00 00 00 c6 05 26 e8 40 0c 01 <0f> 0b 83 fb 0a 0f 86 c8 fd ff ff 31 db 48 c7 44 24 20 0e 36 e0 45
RSP: 0018:ffffc900039bf780 EFLAGS: 00010246
RAX: ffffc900039bf7e0 RBX: 0000000000000012 RCX: 0000000000000000
RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc900039bf808
RBP: ffffc900039bf8a0 R08: dffffc0000000000 R09: ffffc900039bf7e0
R10: fffff52000737f01 R11: 1ffff92000737efc R12: 0000000000060a20
R13: 1ffff92000737ef8 R14: dffffc0000000000 R15: 1ffff92000737ef4
FS:  0000555556eef300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055cad5d1d600 CR3: 000000001e90c000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __alloc_pages_node include/linux/gfp.h:243 [inline]
 alloc_pages_node include/linux/gfp.h:266 [inline]
 kmalloc_large_node+0x7c/0x180 mm/slub.c:4438
 __kmalloc_node_track_caller+0x2f0/0x3f0 mm/slub.c:4941
 kmalloc_reserve net/core/skbuff.c:370 [inline]
 pskb_expand_head+0x2ea/0x1280 net/core/skbuff.c:1729
 __skb_grow include/linux/skbuff.h:3038 [inline]
 tun_napi_alloc_frags+0x1af/0xb60 drivers/net/tun.c:1472
 tun_get_user+0x9ca/0x2540 drivers/net/tun.c:1826
 tun_chr_write_iter+0x10a/0x1e0 drivers/net/tun.c:2025
 call_write_iter include/linux/fs.h:2187 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x7b5/0xbb0 fs/read_write.c:578
 ksys_write+0x19b/0x2c0 fs/read_write.c:631
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f79544f2609
Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe714d79f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f79544f2609
RDX: 000000002000032a RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00007ffe714d7a10 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00007ffe714d7a30 R14: 0000000000000003 R15: 0000000000000000
 </TASK>

Crashes (222):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-smack-root 2022/09/16 04:16 upstream 3245cb65fd91 dd9a85ff .config strace log report syz C [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/07/27 16:26 upstream 39c3c396f813 da9d0366 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/07/21 06:01 upstream 353f7988dd84 88cb1383 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/07/08 12:42 upstream e8a4e1c1bb69 bff65f44 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/07/07 13:32 upstream 9f09069cde34 bff65f44 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/05/24 08:12 upstream 1e57930e9f40 e7f9308d .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/09/30 10:08 net 511cce163b75 1d385642 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/06/16 00:15 net d7dd6eccfbc9 1719ee24 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/06/07 06:16 net c76acfb7e19d c8857892 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-bpf-kasan-gce 2022/02/23 07:44 bpf 8940e6b669ca 6e821dbf .config console log report syz C WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/02/23 07:44 net ef527f968ae0 6e821dbf .config console log report syz C WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/09/30 09:02 net-next 510bbf82f8dc 1d385642 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/06/16 00:03 net-next 6ac6dc746d70 1719ee24 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/06/07 06:16 net-next 58f9d52ff689 c8857892 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/02/24 20:49 net-next fee62ea77204 b28851a4 .config console log report syz C WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/02/23 07:44 net-next ee8f97efa7a5 6e821dbf .config console log report syz C WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2022/02/23 07:43 bpf-next e5313968c41b 6e821dbf .config console log report syz C WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2021/01/20 21:48 bpf-next 7d68e3828842 d4f4eca5 .config console log report syz C WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/09/06 05:04 linux-next e47eb90a0a9a 9dcd38fc .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/08/29 22:13 linux-next b27a3ca08ba7 5b44472d .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/07/05 09:38 linux-next cb71b93c2dc3 bff65f44 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/07/04 09:41 linux-next cb71b93c2dc3 1434eec0 .config strace log report syz C WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/10/08 23:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 aea5da89 .config console log report syz [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/09/23 18:07 upstream bf682942cd26 0042f2b4 .config strace log report syz C [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/10/01 14:43 upstream ffb4d94b4314 feb56351 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/09/05 18:19 upstream 7e18e42e4b28 922294ab .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/08/27 20:55 upstream e022620b5d05 07177916 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/08/10 03:27 upstream 200e340f2196 c2a623d6 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/08/04 16:18 upstream 200e340f2196 1c9013ac .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/08/01 22:52 upstream 3d7cb6b04c3f fef302b1 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/08/01 18:37 upstream 3d7cb6b04c3f fef302b1 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/06/22 16:11 upstream ca1fdab7fd27 0fc5c330 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/06/21 15:48 upstream 78ca55889a54 0fc5c330 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/06/18 21:37 upstream 4b35035bcf80 8f633d84 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/06/15 00:29 upstream 24625f7d91fb 127d1faf .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/04/26 01:01 upstream d615b5416f8a 152baedd .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/04/25 05:46 upstream 5206548f6e67 131df97d .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/04/14 04:12 upstream a19944809fe9 b17b2923 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/03/21 23:18 upstream f443e374ae13 e2d91b1d .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/03/16 01:13 upstream 56e337f2cf13 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/03/14 21:33 upstream 09688c0166e7 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2022/03/13 10:48 upstream aad611a868d1 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-upstream-kasan-gce-root 2022/03/13 06:28 upstream aad611a868d1 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-qemu-upstream-386 2022/06/17 04:35 upstream 48a23ec6ff2b 1719ee24 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/09/21 06:29 net da847246ab80 c4b8ccfd .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/09/10 01:10 net 64ae13ed4784 356d8217 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-bpf-kasan-gce 2022/09/02 12:46 bpf 8a7d61bdc2fa a805568e .config console log report info WARNING in pskb_expand_head
ci-upstream-bpf-kasan-gce 2022/08/27 02:16 bpf 2e085ec0e2d7 07177916 .config console log report info WARNING in pskb_expand_head
ci-upstream-bpf-kasan-gce 2022/08/03 12:20 bpf 9fe2e6f39606 1c9013ac .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/07/24 16:20 net 4d8f24eeedc5 22343af4 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/07/15 08:42 net db886979683a 5d921b08 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/07/07 13:23 net 07266d066301 bff65f44 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-this-kasan-gce 2022/05/27 13:35 net 4548ad7287c4 116e7a7b .config console log report info WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/09/29 13:36 net-next d49e265b66d9 1d385642 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/09/21 14:46 net-next c29b06821590 380f82fb .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2022/08/25 11:12 bpf-next 7e165d193928 514514f6 .config console log report info WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2022/07/13 13:14 bpf-next ace2bee839e0 5d921b08 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/07/09 13:21 net-next 16bd188eae2d b5765a15 .config console log report info WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2022/05/21 10:41 bpf-next 7aa424e02a04 7268fa62 .config console log report info WARNING in pskb_expand_head
ci-upstream-net-kasan-gce 2022/04/05 02:50 net-next 2975dbdc3989 5915c2cb .config console log report info WARNING in pskb_expand_head
ci-upstream-bpf-next-kasan-gce 2021/01/20 20:42 bpf-next 7d68e3828842 d4f4eca5 .config console log report info WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/10/14 15:10 linux-next aaa11ce2ffc8 4954e4b2 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/04/20 19:19 linux-next f1244c81da13 160a3f31 .config console log report info WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/03/17 08:58 linux-next 91265a6da44d dfa9a8ed .config console log report info WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/03/16 02:31 linux-next 91265a6da44d 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-upstream-linux-next-kasan-gce-root 2022/03/11 20:06 linux-next 91265a6da44d 9e8eaa75 .config console log report info WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/11/02 11:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 edac4fd1 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/09/22 09:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aa49f95768a9 60af5050 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/09/14 03:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 b884348d .config console log report info WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/09/11 19:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 356d8217 .config console log report info [disk image] [vmlinux] WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/08/26 22:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d e5a303f1 .config console log report info WARNING in pskb_expand_head
ci-upstream-gce-arm64 2022/08/21 09:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 680fb5b009e8 26a13b38 .config console log report info WARNING in pskb_expand_head
* Struck through repros no longer work on HEAD.