syzbot

 sign-in | mailing list | source | docs
🐞 Open [821]
🐞 Fixed [84]
🐞 Invalid [1067]
Missing Backports [127]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in __nf_conntrack_confirm (2)

Status: upstream: reported on 2024/11/24 21:07
Reported-by: syzbot+d9f0333db477af76d04d@syzkaller.appspotmail.com
First crash: 335d, last: 38d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in __nf_conntrack_confirm -1 1 634d 634d 0/3 auto-obsoleted due to no activity on 2024/05/10 11:41

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/netfilter/nf_conntrack_core.c:570!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10092 Comm: syz.3.935 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:nf_ct_del_from_dying_or_unconfirmed_list net/netfilter/nf_conntrack_core.c:570 [inline]
RIP: 0010:__nf_conntrack_confirm+0x109d/0x10a0 net/netfilter/nf_conntrack_core.c:1207
Code: fc ff ff e8 35 6e 61 f9 48 c7 c7 d0 dd 64 8d 48 c7 c6 80 19 04 8b 48 8b 54 24 08 e8 6d 88 e0 fb e9 fa f1 ff ff e8 13 6e 61 f9 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 89 fb 48 bd 00 00 00 00
RSP: 0018:ffffc90000007820 EFLAGS: 00010246
RAX: ffffffff88165d0d RBX: ffffe8ffffc25d10 RCX: ffff888061753b80
RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffffc900000077a0
RBP: ffff888063ba9000 R08: 0000000000000004 R09: 0000000000000003
R10: fffff52000000ef4 R11: 1ffff92000000ef4 R12: 000000000003a5e1
R13: 0000000000000000 R14: ffff888063ba9058 R15: 0000000000000000
FS:  00007f16e52406c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2840e8 CR3: 0000000051bff000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:62 [inline]
 nf_confirm+0x381/0x4b0 net/netfilter/nf_conntrack_proto.c:154
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_slow+0xb9/0x200 net/netfilter/core.c:584
 nf_hook include/linux/netfilter.h:257 [inline]
 NF_HOOK+0x1cb/0x360 include/linux/netfilter.h:300
 NF_HOOK+0x2d6/0x360 include/linux/netfilter.h:302
 __netif_receive_skb_one_core net/core/dev.c:5525 [inline]
 __netif_receive_skb+0xcc/0x290 net/core/dev.c:5639
 process_backlog+0x364/0x780 net/core/dev.c:6516
 __napi_poll+0xc0/0x430 net/core/dev.c:7075
 napi_poll net/core/dev.c:7142 [inline]
 net_rx_action+0x4a8/0x9c0 net/core/dev.c:7232
 handle_softirqs+0x328/0x820 kernel/softirq.c:576
 do_softirq+0x13b/0x200 kernel/softirq.c:477
 </IRQ>
 <TASK>
 netif_rx_ni+0xcf/0x3f0 net/core/dev.c:5034
 dev_loopback_xmit+0x255/0x330 net/core/dev.c:3994
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ip_mc_output+0x2a1/0x5e0 net/ipv4/ip_output.c:394
 dst_output include/net/dst.h:452 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb+0x129/0x1c0 net/ipv4/ip_output.c:1581
 raw_sendmsg+0x1387/0x1890 net/ipv4/raw.c:676
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 ____sys_sendmsg+0x5a2/0x8c0 net/socket.c:2436
 ___sys_sendmsg+0x1f0/0x260 net/socket.c:2490
 __sys_sendmsg net/socket.c:2519 [inline]
 __do_sys_sendmsg net/socket.c:2528 [inline]
 __se_sys_sendmsg+0x190/0x250 net/socket.c:2526
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f16e6fd8ba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f16e5240038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f16e721ffa0 RCX: 00007f16e6fd8ba9
RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006
RBP: 00007f16e705be19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f16e7220038 R14: 00007f16e721ffa0 R15: 00007ffeb78d85a8
 </TASK>
Modules linked in:
---[ end trace 464460b8351479aa ]---
RIP: 0010:nf_ct_del_from_dying_or_unconfirmed_list net/netfilter/nf_conntrack_core.c:570 [inline]
RIP: 0010:__nf_conntrack_confirm+0x109d/0x10a0 net/netfilter/nf_conntrack_core.c:1207
Code: fc ff ff e8 35 6e 61 f9 48 c7 c7 d0 dd 64 8d 48 c7 c6 80 19 04 8b 48 8b 54 24 08 e8 6d 88 e0 fb e9 fa f1 ff ff e8 13 6e 61 f9 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 89 fb 48 bd 00 00 00 00
RSP: 0018:ffffc90000007820 EFLAGS: 00010246
RAX: ffffffff88165d0d RBX: ffffe8ffffc25d10 RCX: ffff888061753b80
RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffffc900000077a0
RBP: ffff888063ba9000 R08: 0000000000000004 R09: 0000000000000003
R10: fffff52000000ef4 R11: 1ffff92000000ef4 R12: 000000000003a5e1
R13: 0000000000000000 R14: ffff888063ba9058 R15: 0000000000000000
FS:  00007f16e52406c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2840e8 CR3: 0000000051bff000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/18 00:12 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/06/30 18:36 linux-5.15.y 3dea0e7f549e 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/04/29 02:27 linux-5.15.y f7347f400572 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/04/29 02:26 linux-5.15.y f7347f400572 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/04/19 16:25 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/02/20 20:01 linux-5.15.y c16c81c81336 0808a665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/02/14 14:55 linux-5.15.y c16c81c81336 1022af74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan kernel BUG in __nf_conntrack_confirm
2025/07/28 14:44 linux-5.15.y c79648372d02 6654ea9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/05/22 02:28 linux-5.15.y a68c15152131 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/02/18 23:45 linux-5.15.y c16c81c81336 9a14138f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/02/18 23:43 linux-5.15.y c16c81c81336 9a14138f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2025/01/26 16:05 linux-5.15.y 003148680b79 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2024/12/16 03:47 linux-5.15.y 963e654022cc 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
2024/11/24 21:06 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 kernel BUG in __nf_conntrack_confirm
* Struck through repros no longer work on HEAD.