[v6.1] WARNING in __alloc_skb
1 view
Skip to first unread message
syzbot
Nov 8, 2023, 4:39:25 PM11/8/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: fb2635ac69ab Linux 6.1.62
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=136fd9c0e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=87ac2800e03db39a
dashboard link: https://syzkaller.appspot.com/bug?extid=9ecfd5ff297e45ebfb80
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c67870e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cb0588e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dcc1cd63efb4/disk-fb2635ac.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ba80cff2748/vmlinux-fb2635ac.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7224e10d13ba/Image-fb2635ac.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9ecfd5...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11 at mm/page_alloc.c:5521 __alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
Modules linked in:
CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.62-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
lr : __alloc_pages+0xc8/0x730 mm/page_alloc.c:5515
sp : ffff800019e07740
x29: ffff800019e07820 x28: ffff800019e07760 x27: dfff800000000000
x26: ffff7000033c0eec x25: 0000000000000000 x24: ffff800019e07780
x23: 0000000000000000 x22: 0000000000060a20 x21: 1ffff000033c0ef0
x20: ffff800019e077a0 x19: 0000000000000013 x18: ffff800019e07240
x17: ffff80000d421dc4 x16: ffff800012083980 x15: ffff8000103b57c0
x14: ffff800008967774 x13: ffff80000802a900 x12: 0000000000000005
x11: 1ffff000033c0ef4 x10: 0000000000000000 x9 : 0000000000000001
x8 : ffff800018132000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff800019e077a0
Call trace:
__alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xbc/0x21c mm/slab_common.c:1096
__do_kmalloc_node mm/slab_common.c:943 [inline]
__kmalloc_node_track_caller+0x12c/0x1c0 mm/slab_common.c:975
kmalloc_reserve net/core/skbuff.c:454 [inline]
__alloc_skb+0x1b4/0x580 net/core/skbuff.c:515
__netdev_alloc_skb+0xb8/0x3c8 net/core/skbuff.c:579
netdev_alloc_skb include/linux/skbuff.h:3174 [inline]
dev_alloc_skb include/linux/skbuff.h:3187 [inline]
ppp_sync_input drivers/net/ppp/ppp_synctty.c:679 [inline]
ppp_sync_receive+0x13c/0x7b0 drivers/net/ppp/ppp_synctty.c:342
tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x260/0x6f8 drivers/tty/tty_buffer.c:565
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 146750
hardirqs last enabled at (146749): [<ffff8000122159fc>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (146749): [<ffff8000122159fc>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (146750): [<ffff800012215778>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (146750): [<ffff800012215778>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (146742): [<ffff80000caa8cd4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (146738): [<ffff80000caa8c1c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
PPPsync: no memory (input pkt)
PPPsync: no memory (input pkt)
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: fb2635ac69ab Linux 6.1.62
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=136fd9c0e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=87ac2800e03db39a
dashboard link: https://syzkaller.appspot.com/bug?extid=9ecfd5ff297e45ebfb80
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c67870e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cb0588e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dcc1cd63efb4/disk-fb2635ac.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ba80cff2748/vmlinux-fb2635ac.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7224e10d13ba/Image-fb2635ac.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9ecfd5...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11 at mm/page_alloc.c:5521 __alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
Modules linked in:
CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.62-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
lr : __alloc_pages+0xc8/0x730 mm/page_alloc.c:5515
sp : ffff800019e07740
x29: ffff800019e07820 x28: ffff800019e07760 x27: dfff800000000000
x26: ffff7000033c0eec x25: 0000000000000000 x24: ffff800019e07780
x23: 0000000000000000 x22: 0000000000060a20 x21: 1ffff000033c0ef0
x20: ffff800019e077a0 x19: 0000000000000013 x18: ffff800019e07240
x17: ffff80000d421dc4 x16: ffff800012083980 x15: ffff8000103b57c0
x14: ffff800008967774 x13: ffff80000802a900 x12: 0000000000000005
x11: 1ffff000033c0ef4 x10: 0000000000000000 x9 : 0000000000000001
x8 : ffff800018132000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff800019e077a0
Call trace:
__alloc_pages+0x32c/0x730 mm/page_alloc.c:5521
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
__kmalloc_large_node+0xbc/0x21c mm/slab_common.c:1096
__do_kmalloc_node mm/slab_common.c:943 [inline]
__kmalloc_node_track_caller+0x12c/0x1c0 mm/slab_common.c:975
kmalloc_reserve net/core/skbuff.c:454 [inline]
__alloc_skb+0x1b4/0x580 net/core/skbuff.c:515
__netdev_alloc_skb+0xb8/0x3c8 net/core/skbuff.c:579
netdev_alloc_skb include/linux/skbuff.h:3174 [inline]
dev_alloc_skb include/linux/skbuff.h:3187 [inline]
ppp_sync_input drivers/net/ppp/ppp_synctty.c:679 [inline]
ppp_sync_receive+0x13c/0x7b0 drivers/net/ppp/ppp_synctty.c:342
tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x260/0x6f8 drivers/tty/tty_buffer.c:565
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 146750
hardirqs last enabled at (146749): [<ffff8000122159fc>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (146749): [<ffff8000122159fc>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (146750): [<ffff800012215778>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (146750): [<ffff800012215778>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (146742): [<ffff80000caa8cd4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (146738): [<ffff80000caa8c1c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
PPPsync: no memory (input pkt)
PPPsync: no memory (input pkt)
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Dec 8, 2023, 11:10:05 PM12/8/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit ab3e13b35c1ada63773a276f0f8c4fec7956cb9a
Author: Willem de Bruijn <wil...@google.com>
Date: Mon Nov 13 03:16:32 2023 +0000
ppp: limit MRU to 64K
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11cee4f4e80000
start commit: fb2635ac69ab Linux 6.1.62
git tree: linux-6.1.y
#syz fix: ppp: limit MRU to 64K
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit ab3e13b35c1ada63773a276f0f8c4fec7956cb9a
Author: Willem de Bruijn <wil...@google.com>
Date: Mon Nov 13 03:16:32 2023 +0000
ppp: limit MRU to 64K
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11cee4f4e80000
start commit: fb2635ac69ab Linux 6.1.62
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=87ac2800e03db39a
dashboard link: https://syzkaller.appspot.com/bug?extid=9ecfd5ff297e45ebfb80
dashboard link: https://syzkaller.appspot.com/bug?extid=9ecfd5ff297e45ebfb80
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c67870e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cb0588e80000
If the result looks correct, please mark the issue as fixed by replying with:
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c67870e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cb0588e80000
#syz fix: ppp: limit MRU to 64K
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages