From syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com Mon Jun 2 13:21:34 2025 From: syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com (syzbot) Date: Mon, 02 Jun 2025 06:21:34 -0700 Subject: [syzbot] [net?] general protection fault in veth_xdp_rcv Message-ID: <683da55e.a00a0220.d8eae.0052.GAE@google.com> Hello, syzbot found the following issue on: HEAD commit: 4cb6c8af8591 selftests/filesystems: Fix build of anon_inod.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11e8300c580000 kernel config: https://syzkaller.appspot.com/x/.config?x=5319177d225a42f1 dashboard link: https://syzkaller.appspot.com/bug?extid=c4c7bf27f6b0c4bd97fe compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-4cb6c8af.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bc0e5dfdd686/vmlinux-4cb6c8af.xz kernel image: https://storage.googleapis.com/syzbot-assets/2cdd323de6ca/bzImage-4cb6c8af.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com Oops: general protection fault, probably for non-canonical address 0xdffffc0000000098: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000004c0-0x00000000000004c7] CPU: 1 UID: 0 PID: 5975 Comm: kworker/1:4 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: veth_poll+0x19c/0x9c0 drivers/net/veth.c:979 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7414 napi_poll net/core/dev.c:7478 [inline] net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579 do_softirq kernel/softirq.c:480 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:467 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407 local_bh_enable include/linux/bottom_half.h:33 [inline] fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline] kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:476 blake2s_compress+0x7f/0xe0 arch/x86/lib/crypto/blake2s-glue.c:46 blake2s_final+0xc9/0x150 lib/crypto/blake2s.c:54 hmac.constprop.0+0x335/0x420 drivers/net/wireguard/noise.c:333 kdf.constprop.0+0x122/0x280 drivers/net/wireguard/noise.c:360 mix_dh+0xe8/0x150 drivers/net/wireguard/noise.c:413 wg_noise_handshake_consume_initiation+0x265/0x880 drivers/net/wireguard/noise.c:608 wg_receive_handshake_packet+0x219/0xbf0 drivers/net/wireguard/receive.c:144 wg_packet_handshake_receive_worker+0x17f/0x3a0 drivers/net/wireguard/receive.c:213 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3321 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 54 push %rsp 1: d9 31 fnstenv (%rcx) 3: fb sti 4: 45 85 e4 test %r12d,%r12d 7: 0f 85 db 08 00 00 jne 0x8e8 d: e8 06 de 31 fb call 0xfb31de18 12: 48 8d bd c0 04 00 00 lea 0x4c0(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 08 je 0x3a 32: 3c 03 cmp $0x3,%al 34: 0f 8e 18 0c 00 00 jle 0xc52 3a: 44 rex.R 3b: 8b .byte 0x8b 3c: a5 movsl %ds:(%rsi),%es:(%rdi) 3d: c0 .byte 0xc0 3e: 04 00 add $0x0,%al --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From yury.norov at gmail.com Wed Jun 4 23:36:55 2025 From: yury.norov at gmail.com (Yury Norov) Date: Wed, 4 Jun 2025 19:36:55 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() Message-ID: <20250604233656.41896-1-yury.norov@gmail.com> wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the function significantly simpler. While there, fix opencoded cpu_online() too. Signed-off-by: Yury Norov --- drivers/net/wireguard/queueing.h | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index 7eb76724b3ed..3bfe16f71af0 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) { - unsigned int cpu = *stored_cpu, cpu_index, i; + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) + return cpu; - if (unlikely(cpu >= nr_cpu_ids || - !cpumask_test_cpu(cpu, cpu_online_mask))) { - cpu_index = id % cpumask_weight(cpu_online_mask); - cpu = cpumask_first(cpu_online_mask); - for (i = 0; i < cpu_index; ++i) - cpu = cpumask_next(cpu, cpu_online_mask); - *stored_cpu = cpu; - } - return cpu; + *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); + return *stored_cpu; } /* This function is racy, in the sense that it's called while last_cpu is -- 2.43.0 From yury.norov at gmail.com Thu Jun 5 04:23:29 2025 From: yury.norov at gmail.com (Yury Norov) Date: Thu, 5 Jun 2025 00:23:29 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: <20250604233656.41896-1-yury.norov@gmail.com> References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > function significantly simpler. While there, fix opencoded cpu_online() > too. > > Signed-off-by: Yury Norov > --- > drivers/net/wireguard/queueing.h | 14 ++++---------- > 1 file changed, 4 insertions(+), 10 deletions(-) > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > index 7eb76724b3ed..3bfe16f71af0 100644 > --- a/drivers/net/wireguard/queueing.h > +++ b/drivers/net/wireguard/queueing.h > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > { > - unsigned int cpu = *stored_cpu, cpu_index, i; > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > + return cpu; Oops... This should be return *stored_cpu; I'll resend, sorry for noise. > > - if (unlikely(cpu >= nr_cpu_ids || > - !cpumask_test_cpu(cpu, cpu_online_mask))) { > - cpu_index = id % cpumask_weight(cpu_online_mask); > - cpu = cpumask_first(cpu_online_mask); > - for (i = 0; i < cpu_index; ++i) > - cpu = cpumask_next(cpu, cpu_online_mask); > - *stored_cpu = cpu; > - } > - return cpu; > + *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > + return *stored_cpu; > } > > /* This function is racy, in the sense that it's called while last_cpu is > -- > 2.43.0 From vegeta at tuxpowered.net Thu Jun 5 10:27:22 2025 From: vegeta at tuxpowered.net (Kajetan Staszkiewicz) Date: Thu, 5 Jun 2025 12:27:22 +0200 Subject: are WG clients expected to automatically handle it when the endpoint is within the AllowedIPs In-Reply-To: <1a897464d3fb56184b83cb6ac7b4a2407047b10e.camel@scientia.org> References: <1a897464d3fb56184b83cb6ac7b4a2407047b10e.camel@scientia.org> Message-ID: <8e9f8b10-f438-40d5-a03a-85ef64632b11@tuxpowered.net> On 2025-05-23 00:36, Christoph Anton Mitterer wrote: > (re-posting, now that the list seems to work again) > > > Hey folks. > > In science/education, many organisations (I could find the total list > only in the Android app, but there it seems to be several 1000) use > eduVPN to provide VPN access to their users. > It comes with a client which, AFAIU, either sets up some OpenVPN or WG > VPN. > > I've previously used the OpenVPN profile files successfully with > NetworkManager but now wanted to switch to WG, and again I don't wanna > use the eduVPN client, because I think this should be done with the > native tools that integrate nicely into the system (e.g. NM for desktop > environments, ifupdown/systemd-networkd/etc. for servers). > > ? > > Using that config with NM fails NetworkManager's Wireguard implemmentation already has a way of supporting it by using fwmarks. It's just that the fwmark operation is not automatically turned unless the tunnel is configured with AllowedIPs=::/0 See my comment and a workaround which always forces the fwmark operation on https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1157#note_2426757 -- | pozdrawiam / regards | Powered by Debian and FreeBSD | | Kajetan Staszkiewicz | www: http://tuxpowered.net | | | matrix: @vegeta:tuxpowered.net | `----------------------^--------------------------------' -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From atann at alphasrv.net Wed Jun 4 14:53:33 2025 From: atann at alphasrv.net (Andre Tann) Date: Wed, 4 Jun 2025 16:53:33 +0200 Subject: Delay in ipv6 Message-ID: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> Hi all, I hope this is not offtopic here. If so, pls let me know a better place for this question. I configured wireguard to route both IPv4 and IPv6. Both protocols work fine. But test-ipv6.com only gives 9/10 points because the browser does not use IPV6 even though it is available. Then I investigated a bit and found this: ping -4 dns.google => ping sequence starts immediately ping -6 dns.google => .5 secs delay => ping sequence starts ping -6 dns.google => ping sequence starts immediately i.e.: On the first try, ping6 takes longer, but the second time there is no delay anymore. I suspected DNS trouble, but pinging 2001:4860:4860::8844 shows the exact same behavior: delay the first time, no delay next time. Yet I couldn't determine how long I need to wait until a second try becomes a first one again, i.e. the delay shows up again. Any ideas where to look next? -- Andre Tann From Jason at zx2c4.com Thu Jun 5 11:33:19 2025 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 5 Jun 2025 13:33:19 +0200 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > function significantly simpler. While there, fix opencoded cpu_online() > > too. > > > > Signed-off-by: Yury Norov > > --- > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > index 7eb76724b3ed..3bfe16f71af0 100644 > > --- a/drivers/net/wireguard/queueing.h > > +++ b/drivers/net/wireguard/queueing.h > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > { > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > + return cpu; > > Oops... This should be > return *stored_cpu; Maybe it's best to structure the function something like: unsigned int cpu = *stored_cpu; if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); return cpu; From rm at romanrm.net Thu Jun 5 12:04:59 2025 From: rm at romanrm.net (Roman Mamedov) Date: Thu, 5 Jun 2025 17:04:59 +0500 Subject: Delay in ipv6 In-Reply-To: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> References: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> Message-ID: <20250605170459.43439532@nvm> On Wed, 4 Jun 2025 16:53:33 +0200 Andre Tann wrote: > Hi all, > > I hope this is not offtopic here. If so, pls let me know a better place > for this question. > > I configured wireguard to route both IPv4 and IPv6. Both protocols work > fine. But test-ipv6.com only gives 9/10 points because the browser does > not use IPV6 even though it is available. > > Then I investigated a bit and found this: > > ping -4 dns.google => ping sequence starts immediately > ping -6 dns.google => .5 secs delay => ping sequence starts > ping -6 dns.google => ping sequence starts immediately > > i.e.: On the first try, ping6 takes longer, but the second time there is > no delay anymore. Hello, Which DNS resolvers do you use? Try 8.8.8.8 or 1.1.1.1 at first, and then their v6 equivalents. > I suspected DNS trouble, but pinging 2001:4860:4860::8844 shows the > exact same behavior: delay the first time, no delay next time. This might be caused by DNS again, trying to resolve PTR record for the IP. Recheck if "ping -n" starts in this case without a delay. -- With respect, Roman From yury.norov at gmail.com Thu Jun 5 14:24:32 2025 From: yury.norov at gmail.com (Yury Norov) Date: Thu, 5 Jun 2025 10:24:32 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Thu, Jun 05, 2025 at 01:33:19PM +0200, Jason A. Donenfeld wrote: > On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > > function significantly simpler. While there, fix opencoded cpu_online() > > > too. > > > > > > Signed-off-by: Yury Norov > > > --- > > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > > index 7eb76724b3ed..3bfe16f71af0 100644 > > > --- a/drivers/net/wireguard/queueing.h > > > +++ b/drivers/net/wireguard/queueing.h > > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > > { > > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > > + return cpu; > > > > Oops... This should be > > return *stored_cpu; > > Maybe it's best to structure the function something like: > > unsigned int cpu = *stored_cpu; > if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { > cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > return cpu; If you prefer. I'll send v2 shortly From Jason at zx2c4.com Thu Jun 5 15:47:32 2025 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 5 Jun 2025 17:47:32 +0200 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com>

Message-ID: On Thu, Jun 05, 2025 at 10:24:32AM -0400, Yury Norov wrote: > On Thu, Jun 05, 2025 at 01:33:19PM +0200, Jason A. Donenfeld wrote: > > On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > > > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > > > function significantly simpler. While there, fix opencoded cpu_online() > > > > too. > > > > > > > > Signed-off-by: Yury Norov > > > > --- > > > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > > > index 7eb76724b3ed..3bfe16f71af0 100644 > > > > --- a/drivers/net/wireguard/queueing.h > > > > +++ b/drivers/net/wireguard/queueing.h > > > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > > > { > > > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > > > + return cpu; > > > > > > Oops... This should be > > > return *stored_cpu; > > > > Maybe it's best to structure the function something like: > > > > unsigned int cpu = *stored_cpu; > > if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { > > cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > > return cpu; > > If you prefer. I'll send v2 shortly While you're at it, fix the commit subject to match the format used by every single other wireguard commit. `$ git log --oneline drivers/net/wireguard` to see what I mean.