syzbot


WARNING in __alloc_skb (2)

Status: fixed on 2024/01/20 21:18
Subsystems: ppp
[Documentation on labels]
Fix commit: c0a2a1b0d631 ppp: limit MRU to 64K
First crash: 394d, last: 380d
Cause bisection: introduced by (bisect log) :
commit e7096c131e5161fa3b8e52a650d7719d2857adfd
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Sun Dec 8 23:27:34 2019 +0000

  net: WireGuard secure network tunnel

Crash: WARNING in __alloc_skb (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[PATCH net] ppp: limit MRU to 64K 3 (3) 2023/11/13 11:10
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __alloc_skb (3) ppp C 2 309d 309d 25/28 fixed on 2024/03/29 01:33
upstream WARNING in __alloc_skb arm-msm net C error 24 1371d 1383d 20/28 fixed on 2021/04/09 19:46
linux-6.1 WARNING in __alloc_skb origin:upstream C done 2 397d 397d 3/3 fixed on 2023/12/11 10:30

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 37 at mm/page_alloc.c:4544 __alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4544
Modules linked in:
CPU: 1 PID: 37 Comm: kworker/u4:2 Not tainted 6.6.0-syzkaller-16159-g3ca112b71f35 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Workqueue: events_unbound flush_to_ldisc
RIP: 0010:__alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4544
Code: ff ff 00 0f 84 2f fe ff ff 80 ce 01 e9 27 fe ff ff 83 fe 0a 0f 86 3a fd ff ff 80 3d ce 6a 2f 0d 00 75 09 c6 05 c5 6a 2f 0d 01 <0f> 0b 45 31 f6 e9 97 fe ff ff e8 96 47 9c ff 84 c0 0f 85 8a fe ff
RSP: 0018:ffffc90000adf8e8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000060820 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000013 RDI: 0000000000060820
RBP: 1ffff9200015bf1e R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81df73c1 R12: 0000000000000013
R13: 0000000000000000 R14: 00000000ffffffff R15: 000000005e641940
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f36edd652d0 CR3: 0000000016ad3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __alloc_pages_node include/linux/gfp.h:238 [inline]
 alloc_pages_node include/linux/gfp.h:261 [inline]
 __kmalloc_large_node+0x87/0x1c0 mm/slab_common.c:1148
 __do_kmalloc_node mm/slab_common.c:995 [inline]
 __kmalloc_node_track_caller.cold+0x5/0xdd mm/slab_common.c:1027
 kmalloc_reserve+0x218/0x260 net/core/skbuff.c:590
 __alloc_skb+0x12b/0x330 net/core/skbuff.c:651
 __netdev_alloc_skb+0x72/0x3f0 net/core/skbuff.c:715
 netdev_alloc_skb include/linux/skbuff.h:3225 [inline]
 dev_alloc_skb include/linux/skbuff.h:3238 [inline]
 ppp_sync_input drivers/net/ppp/ppp_synctty.c:669 [inline]
 ppp_sync_receive+0xff/0x680 drivers/net/ppp/ppp_synctty.c:334
 tty_ldisc_receive_buf+0x14c/0x180 drivers/tty/tty_buffer.c:390
 tty_port_default_receive_buf+0x70/0xb0 drivers/tty/tty_port.c:37
 receive_buf drivers/tty/tty_buffer.c:444 [inline]
 flush_to_ldisc+0x261/0x780 drivers/tty/tty_buffer.c:494
 process_one_work+0x884/0x15c0 kernel/workqueue.c:2630
 process_scheduled_works kernel/workqueue.c:2703 [inline]
 worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
 kthread+0x33c/0x440 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/12 05:23 upstream 3ca112b71f35 6d6dbf8a .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in __alloc_skb
2023/11/26 09:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c 5b429f39 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in __alloc_skb
* Struck through repros no longer work on HEAD.