WARNING in __skb_flow

Kernel	Title	Rank 🛈	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in __skb_flow_dissect (6) net	-1			1	715d	715d	27/29	fixed on 2024/08/14 19:57
linux-6.1	WARNING in __skb_flow_dissect	-1	C		20	3d16h	95d	0/3	upstream: reported C repro on 2026/01/17 07:47
upstream	WARNING in __skb_flow_dissect net	-1	syz		3	2750d	2751d	11/29	fixed on 2018/10/11 18:37
upstream	WARNING in __skb_flow_dissect (5) net	-1			1	755d	755d	0/29	closed as invalid on 2024/04/26 11:59
upstream	WARNING in __skb_flow_dissect (7) net	-1			275	99d	91d	28/29	upstream: reported on 2026/01/20 16:15
upstream	WARNING in __skb_flow_dissect (3) net	-1	syz		224	2654d	2743d	11/29	fixed on 2019/03/06 07:43
upstream	WARNING in __skb_flow_dissect (4) net	-1	C	error	6	1263d	1273d	22/29	fixed on 2023/02/24 13:50

------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at net/core/flow_dissector.c:1107 __skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1102 Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 RIP: 0010:__skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1107 Code: db 59 00 00 80 3d 00 aa fd 05 01 0f 85 01 5a 00 00 e8 d6 28 0f f9 e9 17 f9 ff ff e8 cc 28 0f f9 e9 b4 03 00 00 e8 c2 28 0f f9 <0f> 0b e9 00 ff ff ff e8 b6 28 0f f9 c6 05 cb a9 fd 05 01 48 c7 c7 RSP: 0018:ffffc900001ef920 EFLAGS: 00010246 RAX: ffffffff8877f93e RBX: ffff8880569da140 RCX: ffff88801be63c00 RDX: 0000000000000100 RSI: ffffffff8b1c8e40 RDI: ffffffff8b1c8e00 RBP: ffffc900001eff38 R08: dffffc0000000000 R09: 1ffffffff2238aa0 R10: dffffc0000000000 R11: fffffbfff2238aa1 R12: ffffffff8e8b86b8 R13: ffffffff8877ef59 R14: 0000000000000000 R15: 1ffffffff1d170d8 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f99482fb4ac CR3: 00000000637b4000 CR4: 00000000003506e0 Call Trace: <IRQ> skb_flow_dissect_flow_keys include/linux/skbuff.h:1544 [inline] ___skb_get_hash net/core/flow_dissector.c:1801 [inline] __skb_get_hash+0xf3/0x2e0 net/core/flow_dissector.c:1866 skb_get_hash include/linux/skbuff.h:1586 [inline] nft_trace_init+0x1bb/0x410 net/netfilter/nf_tables_trace.c:316 nft_do_chain+0x14fc/0x1600 net/netfilter/nf_tables_core.c:268 nf_route_table_hook6+0x366/0x7b0 net/netfilter/nft_chain_route.c:88 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:259 [inline] __ip6_local_out+0x784/0x8a0 net/ipv6/output_core.c:143 ip6_local_out+0x2a/0x130 net/ipv6/output_core.c:153 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline] udp_tunnel6_xmit_skb+0x53e/0x970 net/ipv6/ip6_udp_tunnel.c:109 tipc_udp_xmit+0x58d/0xb40 net/tipc/udp_media.c:220 tipc_udp_send_msg+0x27e/0x3e0 net/tipc/udp_media.c:271 tipc_bearer_xmit_skb+0x2ad/0x3f0 net/tipc/bearer.c:575 tipc_disc_timeout+0x596/0x6f0 net/tipc/discover.c:338 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701 expire_timers kernel/time/timer.c:1752 [inline] __run_timers+0x542/0x800 kernel/time/timer.c:2023 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036 handle_softirqs+0x280/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:pv_native_safe_halt+0xf/0x10 arch/x86/kernel/paravirt.c:148 Code: 29 21 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 e3 41 00 fb f4 <c3> 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 RSP: 0018:ffffc90000187de0 EFLAGS: 000002c6 RAX: d3f4ef6915642800 RBX: ffffffff8162aa0d RCX: d3f4ef6915642800 RDX: 0000000000000001 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60 RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65 R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff92000030fc8 R13: dffffc0000000000 R14: 1ffff110037cc780 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:753 default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97 cpuidle_idle_call kernel/sched/idle.c:178 [inline] do_idle+0x33d/0x590 kernel/sched/idle.c:302 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:401 start_secondary+0xee/0xf0 arch/x86/kernel/smpboot.c:323 secondary_startup_64_no_verify+0x179/0x17b </TASK> ---------------- Code disassembly (best guess): 0: 29 21 sub %esp,(%rcx) 2: 02 c3 add %bl,%al 4: cc int3 5: cc int3 6: cc int3 7: cc int3 8: cc int3 9: cc int3 a: cc int3 b: f3 0f 1e fa endbr64 f: 0f 0b ud2 11: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 18: 00 00 00 1b: f3 0f 1e fa endbr64 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 83 e3 41 00 verw 0x41e383(%rip) # 0x41e3ab 28: fb sti 29: f4 hlt * 2a: c3 ret <-- trapping instruction 2b: 66 0f 1f 00 nopw (%rax) 2f: 55 push %rbp 30: 41 57 push %r15 32: 41 56 push %r14 34: 41 54 push %r12 36: 53 push %rbx 37: 50 push %rax 38: 8b 2f mov (%rdi),%ebp 3a: eb 2e jmp 0x6a 3c: 41 89 de mov %ebx,%r14d 3f: 80 .byte 0x80

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/04/13 19:05	linux-6.6.y	8cee53b8eaeb	9530ccf9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	WARNING in __skb_flow_dissect
2026/04/13 06:49	linux-6.6.y	8cee53b8eaeb	38c8e246	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	WARNING in __skb_flow_dissect

Crashes (2):

Assets (help?)