syzbot

 sign-in | mailing list | source | docs
🐞 Open [1028] Subsystems 🐞 Fixed [5274] 🐞 Invalid [12598] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: refcount bug in skb_expand_head

Status: closed as invalid on 2022/11/15 17:18
Subsystems: net
[Documentation on labels]
First crash: 596d, last: 596d

Sample crash report:
------------[ cut here ]------------
refcount_t: saturated; leaking memory.
WARNING: CPU: 1 PID: 3719 at lib/refcount.c:22 refcount_warn_saturate+0x12d/0x1e0 lib/refcount.c:22
Modules linked in:
CPU: 1 PID: 3719 Comm: kworker/1:8 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: wg-crypt-wg0 wg_packet_tx_worker
RIP: 0010:refcount_warn_saturate+0x12d/0x1e0 lib/refcount.c:22
Code: 09 31 ff 89 de e8 e3 4b 7d fd 84 db 0f 85 72 ff ff ff e8 46 4f 7d fd 48 c7 c7 20 f1 48 8a c6 05 d7 09 cb 09 01 e8 b7 97 3e 05 <0f> 0b e9 53 ff ff ff e8 27 4f 7d fd 0f b6 1d be 09 cb 09 31 ff 89
RSP: 0018:ffffc900050778e0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801e653a80 RSI: ffffffff81620448 RDI: fffff52000a0ef0e
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000401 R11: 0000000063666572 R12: ffff88807e418740
R13: ffff88807e4189b4 R14: ffff888078ce1dc0 R15: 0000000000000058
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30d38000 CR3: 000000000bc8e000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 __refcount_add include/linux/refcount.h:201 [inline]
 refcount_add include/linux/refcount.h:222 [inline]
 skb_expand_head+0x3bb/0x440 net/core/skbuff.c:1889
 ip6_finish_output2+0xd6d/0x1520 net/ipv6/ip6_output.c:72
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x690/0x1160 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip6_output+0x1ed/0x540 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0xaf/0x1a0 net/ipv6/output_core.c:161
 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
 udp_tunnel6_xmit_skb+0x73c/0xbd0 net/ipv6/ip6_udp_tunnel.c:109
 send6+0x48f/0xcb0 drivers/net/wireguard/socket.c:152
 wg_socket_send_skb_to_peer+0xf5/0x220 drivers/net/wireguard/socket.c:178
 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
 wg_packet_tx_worker+0x1a7/0x720 drivers/net/wireguard/send.c:276
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/20 21:30 linux-next e47eb90a0a9a c4b8ccfd .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: refcount bug in skb_expand_head
* Struck through repros no longer work on HEAD.