syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in nf_tables_flowtable_event

Status: closed as invalid on 2022/12/01 14:39
Subsystems: netfilter
[Documentation on labels]
First crash: 577d, last: 575d

Sample crash report:
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 1 PID: 3050 at kernel/locking/mutex.c:582 __mutex_lock_common+0x4c4/0xca8 kernel/locking/mutex.c:582
Modules linked in:
CPU: 1 PID: 3050 Comm: syz-executor.3 Not tainted 6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mutex_lock_common+0x4c4/0xca8 kernel/locking/mutex.c:582
lr : __mutex_lock_common+0x4c4/0xca8 kernel/locking/mutex.c:582
sp : ffff8000127dba00
x29: ffff8000127dba70 x28: ffff80000ee2b000 x27: ffff8000127dbba8
x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000002
x23: ffff80000b46c2a4 x22: 0000000000000000 x21: 0000000000000000
x20: 0000000000000000 x19: ffff0000e7d6c540 x18: 00000000000000a7
x17: 0000000000000008 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000012 x12: ffff80000d5ef920
x11: ff808000081c1630 x10: 0000000000000000 x9 : b385d9850760fe00
x8 : b385d9850760fe00 x7 : 4e5241575f534b43 x6 : ffff800008195d30
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000028
Call trace:
 __mutex_lock_common+0x4c4/0xca8 kernel/locking/mutex.c:582
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 nf_tables_flowtable_event+0x60/0x1bc net/netfilter/nf_tables_api.c:8160
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
 call_netdevice_notifiers net/core/dev.c:1997 [inline]
 netdev_wait_allrefs_any net/core/dev.c:10250 [inline]
 netdev_run_todo+0x340/0x6f0 net/core/dev.c:10364
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147
 tun_detach drivers/net/tun.c:704 [inline]
 tun_chr_close+0xe8/0xfc drivers/net/tun.c:3455
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x26c/0xbe0 kernel/exit.c:795
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190
irq event stamp: 2931123
hardirqs last  enabled at (2931123): [<ffff800008102994>] __local_bh_enable_ip+0x13c/0x1a4 kernel/softirq.c:401
hardirqs last disabled at (2931121): [<ffff80000810291c>] __local_bh_enable_ip+0xc4/0x1a4 kernel/softirq.c:378
softirqs last  enabled at (2931122): [<ffff80000b58e500>] spin_unlock_bh include/linux/spinlock.h:394 [inline]
softirqs last  enabled at (2931122): [<ffff80000b58e500>] rt_flush_dev+0x32c/0x374 net/ipv4/route.c:1557
softirqs last disabled at (2931120): [<ffff80000b58e2e8>] spin_lock_bh include/linux/spinlock.h:354 [inline]
softirqs last disabled at (2931120): [<ffff80000b58e2e8>] rt_flush_dev+0x114/0x374 net/ipv4/route.c:1548
---[ end trace 0000000000000000 ]---
Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a0
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000109616000
[00000000000001a0] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3050 Comm: syz-executor.3 Tainted: G        W          6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nf_tables_flowtable_event+0x74/0x1bc
lr : nf_tables_flowtable_event+0x60/0x1bc net/netfilter/nf_tables_api.c:8160
sp : ffff8000127dbae0
x29: ffff8000127dbae0 x28: ffff0000e84685a0 x27: ffff8000127dbba8
x26: ffff80000d809ea0 x25: 0000000000000001 x24: dead000000000122
x23: 0000000000000000 x22: ffff0000e8468000 x21: 0000000000000006
x20: ffff0000e7d6c500 x19: ffff0000e7d6c540 x18: 00000000000000a7
x17: 0000000000000008 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000012 x12: ffff80000d5ef920
x11: ff808000081c1630 x10: ffff80000d309358 x9 : b385d9850760fe00
x8 : b385d9850760fe00 x7 : 4e5241575f534b43 x6 : ffff80000b46c2a4
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000cb40cf80 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 nf_tables_flowtable_event+0x74/0x1bc
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
 call_netdevice_notifiers net/core/dev.c:1997 [inline]
 netdev_wait_allrefs_any net/core/dev.c:10250 [inline]
 netdev_run_todo+0x340/0x6f0 net/core/dev.c:10364
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147
 tun_detach drivers/net/tun.c:704 [inline]
 tun_chr_close+0xe8/0xfc drivers/net/tun.c:3455
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x26c/0xbe0 kernel/exit.c:795
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190
Code: eb1402ff 54000920 d2802458 f2fbd5b8 (f940d2f9) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	eb1402ff 	cmp	x23, x20
   4:	54000920 	b.eq	0x128  // b.none
   8:	d2802458 	mov	x24, #0x122                 	// #290
   c:	f2fbd5b8 	movk	x24, #0xdead, lsl #48
* 10:	f940d2f9 	ldr	x25, [x23, #416] <-- trapping instruction

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/27 23:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 75c78242 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 WARNING in nf_tables_flowtable_event
2022/09/26 08:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 d59ba983 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 WARNING in nf_tables_flowtable_event
* Struck through repros no longer work on HEAD.