syzbot

 sign-in | mailing list | source | docs
🐞 Open [673]
🐞 Fixed [67]
🐞 Invalid [808]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in __nf_conntrack_confirm (2)

Status: upstream: reported on 2024/11/24 21:07
Reported-by: syzbot+d9f0333db477af76d04d@syzkaller.appspotmail.com
First crash: 114d, last: 26d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in __nf_conntrack_confirm 1 412d 412d 0/3 auto-obsoleted due to no activity on 2024/05/10 11:41

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/netfilter/nf_conntrack_core.c:570!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8151 Comm: kworker/u4:8 Not tainted 5.15.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
RIP: 0010:nf_ct_del_from_dying_or_unconfirmed_list net/netfilter/nf_conntrack_core.c:570 [inline]
RIP: 0010:__nf_conntrack_confirm+0x1080/0x1090 net/netfilter/nf_conntrack_core.c:1207
Code: e9 78 f6 ff ff e8 20 32 e5 f8 48 c7 c7 f0 d2 05 8e 48 c7 c6 20 cf a3 8b 4c 89 ea e8 8a 50 96 fb e9 04 f2 ff ff e8 00 32 e5 f8 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 41 57 41 56 41
RSP: 0018:ffffc90000dd06d8 EFLAGS: 00010246
RAX: ffffffff889b5390 RBX: 0000000000000000 RCX: ffff88802539bb80
RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffffc90000dd0660
RBP: dffffc0000000000 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffffffff96e512c0
R13: ffffe8ffffc26f40 R14: ffff888063ea40c8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3051dff8 CR3: 000000000c88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:62 [inline]
 nf_confirm+0x303/0x420 net/netfilter/nf_conntrack_proto.c:154
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_slow+0xae/0x1e0 net/netfilter/core.c:584
 nf_hook include/linux/netfilter.h:257 [inline]
 NF_HOOK+0x26b/0x410 include/linux/netfilter.h:300
 NF_HOOK+0x364/0x410 include/linux/netfilter.h:302
 __netif_receive_skb_one_core net/core/dev.c:5493 [inline]
 __netif_receive_skb+0x1c6/0x530 net/core/dev.c:5607
 process_backlog+0x363/0x7f0 net/core/dev.c:6484
 __napi_poll+0xc7/0x440 net/core/dev.c:7043
 napi_poll net/core/dev.c:7110 [inline]
 net_rx_action+0x617/0xda0 net/core/dev.c:7200
 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558
 do_softirq+0x162/0x240 kernel/softirq.c:459
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1b1/0x1f0 kernel/softirq.c:383
 wg_socket_send_skb_to_peer+0x172/0x1d0 drivers/net/wireguard/socket.c:184
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x1d9/0x310 drivers/net/wireguard/send.c:51
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace 29a80f8f5590c63a ]---
RIP: 0010:nf_ct_del_from_dying_or_unconfirmed_list net/netfilter/nf_conntrack_core.c:570 [inline]
RIP: 0010:__nf_conntrack_confirm+0x1080/0x1090 net/netfilter/nf_conntrack_core.c:1207
Code: e9 78 f6 ff ff e8 20 32 e5 f8 48 c7 c7 f0 d2 05 8e 48 c7 c6 20 cf a3 8b 4c 89 ea e8 8a 50 96 fb e9 04 f2 ff ff e8 00 32 e5 f8 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 41 57 41 56 41
RSP: 0018:ffffc90000dd06d8 EFLAGS: 00010246
RAX: ffffffff889b5390 RBX: 0000000000000000 RCX: ffff88802539bb80
RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffffc90000dd0660
RBP: dffffc0000000000 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffffffff96e512c0
R13: ffffe8ffffc26f40 R14: ffff888063ea40c8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3051dff8 CR3: 000000000c88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/20 20:01 linux-5.15.y c16c81c81336 0808a665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/02/14 14:55 linux-5.15.y c16c81c81336 1022af74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/02/18 23:45 linux-5.15.y c16c81c81336 9a14138f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/02/18 23:43 linux-5.15.y c16c81c81336 9a14138f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/01/26 16:05 linux-5.15.y 003148680b79 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2024/12/16 03:47 linux-5.15.y 963e654022cc 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2024/11/24 21:06 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
* Struck through repros no longer work on HEAD.