[v5.15] WARNING: suspicious RCU usage in qdisc_lookup
6 views
Skip to first unread message
syzbot
Oct 24, 2024, 2:40:34 PM10/24/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 74cdd62cb470 Linux 5.15.169
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1486d287980000
kernel config: https://syzkaller.appspot.com/x/.config?x=2c775f6a2d8859ac
dashboard link: https://syzkaller.appspot.com/bug?extid=047e2671b8635ee1ca61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d004d23ead0a/disk-74cdd62c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/13e733b04666/vmlinux-74cdd62c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/474cddd6092f/Image-74cdd62c.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+047e26...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.15.169-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
6 locks held by syz.4.362/5329:
#0: ffff0000dc6c3120 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1678 [inline]
#0: ffff0000dc6c3120 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x30/0x64 net/ipv4/tcp.c:1456
#1: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#2: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#3: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3875 [inline]
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: __dev_queue_xmit+0x8a0/0x2ac8 net/core/dev.c:4217
#5: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311
stack backtrace:
CPU: 0 PID: 5329 Comm: syz.4.362 Not tainted 5.15.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x188/0x1e0 kernel/locking/lockdep.c:6571
qdisc_lookup+0xc8/0x64c net/sched/sch_api.c:304
qdisc_tree_reduce_backlog+0x200/0x4e8 net/sched/sch_api.c:800
cake_enqueue+0x1bb0/0x7930 net/sched/sch_cake.c:1775
qdisc_enqueue include/net/sch_generic.h:832 [inline]
tbf_enqueue+0x2f8/0x5f0 net/sched/sch_tbf.c:237
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3816
__dev_xmit_skb net/core/dev.c:3900 [inline]
__dev_queue_xmit+0x1018/0x2ac8 net/core/dev.c:4217
dev_queue_xmit+0x24/0x34 net/core/dev.c:4285
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
ip_finish_output2+0xd3c/0x131c net/ipv4/ip_output.c:228
__ip_finish_output+0x1b0/0x458
ip_finish_output+0x40/0x218 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip_output+0x330/0x49c net/ipv4/ip_output.c:430
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0xe90/0x1a04 net/ipv4/ip_output.c:532
ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
__tcp_transmit_skb+0x1944/0x31e8 net/ipv4/tcp_output.c:1402
tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
tcp_write_xmit+0x12bc/0x4dc0 net/ipv4/tcp_output.c:2705
tcp_push_one+0xb4/0xfc net/ipv4/tcp_output.c:2904
tcp_sendmsg_locked+0x1858/0x30a8 net/ipv4/tcp.c:1410
tcp_sendmsg+0x40/0x64 net/ipv4/tcp.c:1457
inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:836
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x388/0x4d0 net/socket.c:2063
__do_sys_sendto net/socket.c:2075 [inline]
__se_sys_sendto net/socket.c:2071 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2071
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 74cdd62cb470 Linux 5.15.169
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1486d287980000
kernel config: https://syzkaller.appspot.com/x/.config?x=2c775f6a2d8859ac
dashboard link: https://syzkaller.appspot.com/bug?extid=047e2671b8635ee1ca61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d004d23ead0a/disk-74cdd62c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/13e733b04666/vmlinux-74cdd62c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/474cddd6092f/Image-74cdd62c.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+047e26...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.15.169-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
6 locks held by syz.4.362/5329:
#0: ffff0000dc6c3120 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1678 [inline]
#0: ffff0000dc6c3120 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x30/0x64 net/ipv4/tcp.c:1456
#1: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#2: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#3: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3875 [inline]
#4: ffff0000dae18908 (&sch->q.lock){+.-.}-{2:2}, at: __dev_queue_xmit+0x8a0/0x2ac8 net/core/dev.c:4217
#5: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311
stack backtrace:
CPU: 0 PID: 5329 Comm: syz.4.362 Not tainted 5.15.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x188/0x1e0 kernel/locking/lockdep.c:6571
qdisc_lookup+0xc8/0x64c net/sched/sch_api.c:304
qdisc_tree_reduce_backlog+0x200/0x4e8 net/sched/sch_api.c:800
cake_enqueue+0x1bb0/0x7930 net/sched/sch_cake.c:1775
qdisc_enqueue include/net/sch_generic.h:832 [inline]
tbf_enqueue+0x2f8/0x5f0 net/sched/sch_tbf.c:237
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3816
__dev_xmit_skb net/core/dev.c:3900 [inline]
__dev_queue_xmit+0x1018/0x2ac8 net/core/dev.c:4217
dev_queue_xmit+0x24/0x34 net/core/dev.c:4285
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
ip_finish_output2+0xd3c/0x131c net/ipv4/ip_output.c:228
__ip_finish_output+0x1b0/0x458
ip_finish_output+0x40/0x218 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip_output+0x330/0x49c net/ipv4/ip_output.c:430
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0xe90/0x1a04 net/ipv4/ip_output.c:532
ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
__tcp_transmit_skb+0x1944/0x31e8 net/ipv4/tcp_output.c:1402
tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
tcp_write_xmit+0x12bc/0x4dc0 net/ipv4/tcp_output.c:2705
tcp_push_one+0xb4/0xfc net/ipv4/tcp_output.c:2904
tcp_sendmsg_locked+0x1858/0x30a8 net/ipv4/tcp.c:1410
tcp_sendmsg+0x40/0x64 net/ipv4/tcp.c:1457
inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:836
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x388/0x4d0 net/socket.c:2063
__do_sys_sendto net/socket.c:2075 [inline]
__se_sys_sendto net/socket.c:2071 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2071
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 26, 2024, 9:04:37 AM10/26/24
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 74cdd62cb470 Linux 5.15.169
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15b1d65f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=a532e68091e668cf
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17c07e40580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9cd5ba5c8eb5/disk-74cdd62c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/51345e3be25c/vmlinux-74cdd62c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9670d8303340/Image-74cdd62c.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+047e26...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.15.169-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
8 locks held by kworker/1:3/4032:
#0: ffff0000c8f56138 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
#1: ffff80001fd87c00 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2285
#2: ffff0000c8a40178 (&peer->endpoint_lock){++..}-{2:2}, at: wg_socket_send_skb_to_peer+0x64/0x1a8 drivers/net/wireguard/socket.c:173
#5: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3875 [inline]
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: __dev_queue_xmit+0x8a0/0x2ac8 net/core/dev.c:4217
#7: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311
stack backtrace:
CPU: 1 PID: 4032 Comm: kworker/1:3 Not tainted 5.15.169-syzkaller #0
__ip6_finish_output+0x580/0x6ec net/ipv6/ip6_output.c:201
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:211
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x274/0x594 net/ipv6/ip6_output.c:234
dst_output include/net/dst.h:443 [inline]
ip6_local_out+0x120/0x160 net/ipv6/output_core.c:161
ip6tunnel_xmit include/net/ip6_tunnel.h:160 [inline]
udp_tunnel6_xmit_skb+0x43c/0x938 net/ipv6/ip6_udp_tunnel.c:109
send6+0x560/0x930 drivers/net/wireguard/socket.c:152
wg_socket_send_skb_to_peer+0xfc/0x1a8 drivers/net/wireguard/socket.c:178
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x1a8/0x714 drivers/net/wireguard/send.c:276
process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
worker_thread+0x910/0x1034 kernel/workqueue.c:2457
kthread+0x37c/0x45c kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 74cdd62cb470 Linux 5.15.169
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=a532e68091e668cf
dashboard link: https://syzkaller.appspot.com/bug?extid=047e2671b8635ee1ca61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114384a7980000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17c07e40580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9cd5ba5c8eb5/disk-74cdd62c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/51345e3be25c/vmlinux-74cdd62c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9670d8303340/Image-74cdd62c.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+047e26...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.15.169-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
#0: ffff0000c8f56138 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
#1: ffff80001fd87c00 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2285
#2: ffff0000c8a40178 (&peer->endpoint_lock){++..}-{2:2}, at: wg_socket_send_skb_to_peer+0x64/0x1a8 drivers/net/wireguard/socket.c:173
#3: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#4: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#5: ffff800014c82340 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3875 [inline]
#6: ffff0000cd9e1908 (&sch->q.lock){+...}-{2:2}, at: __dev_queue_xmit+0x8a0/0x2ac8 net/core/dev.c:4217
#7: ffff800014c822e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311
stack backtrace:
CPU: 1 PID: 4032 Comm: kworker/1:3 Not tainted 5.15.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: wg-crypt-wg0 wg_packet_tx_worker
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x188/0x1e0 kernel/locking/lockdep.c:6571
qdisc_lookup+0xc8/0x64c net/sched/sch_api.c:304
qdisc_tree_reduce_backlog+0x200/0x4e8 net/sched/sch_api.c:800
pfifo_tail_enqueue+0x280/0x38c net/sched/sch_fifo.c:51
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x188/0x1e0 kernel/locking/lockdep.c:6571
qdisc_lookup+0xc8/0x64c net/sched/sch_api.c:304
qdisc_tree_reduce_backlog+0x200/0x4e8 net/sched/sch_api.c:800
qdisc_enqueue include/net/sch_generic.h:832 [inline]
tbf_enqueue+0x2f8/0x5f0 net/sched/sch_tbf.c:237
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3816
__dev_xmit_skb net/core/dev.c:3900 [inline]
__dev_queue_xmit+0x1018/0x2ac8 net/core/dev.c:4217
dev_queue_xmit+0x24/0x34 net/core/dev.c:4285
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
ip6_finish_output2+0x132c/0x1cec net/ipv6/ip6_output.c:130
tbf_enqueue+0x2f8/0x5f0 net/sched/sch_tbf.c:237
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3816
__dev_xmit_skb net/core/dev.c:3900 [inline]
__dev_queue_xmit+0x1018/0x2ac8 net/core/dev.c:4217
dev_queue_xmit+0x24/0x34 net/core/dev.c:4285
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
__ip6_finish_output+0x580/0x6ec net/ipv6/ip6_output.c:201
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:211
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x274/0x594 net/ipv6/ip6_output.c:234
dst_output include/net/dst.h:443 [inline]
ip6_local_out+0x120/0x160 net/ipv6/output_core.c:161
ip6tunnel_xmit include/net/ip6_tunnel.h:160 [inline]
udp_tunnel6_xmit_skb+0x43c/0x938 net/ipv6/ip6_udp_tunnel.c:109
send6+0x560/0x930 drivers/net/wireguard/socket.c:152
wg_socket_send_skb_to_peer+0xfc/0x1a8 drivers/net/wireguard/socket.c:178
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x1a8/0x714 drivers/net/wireguard/send.c:276
process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
worker_thread+0x910/0x1034 kernel/workqueue.c:2457
kthread+0x37c/0x45c kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages