[v6.1] WARNING in nft_socket_init
0 views
Skip to first unread message
syzbot
May 25, 2026, 10:12:22 PM (10 hours ago) May 25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10c94760580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0605c5af04d7603
dashboard link: https://syzkaller.appspot.com/bug?extid=4c4c5a5720d2c11919ec
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9a737b79badc/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/173f40718d47/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71c539a3d166/bzImage-dcbcab9d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4c4c5a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 13789 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2e0/0x3c0 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 1 PID: 13789 Comm: syz.7.2028 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:nft_socket_init+0x2e0/0x3c0 net/netfilter/nft_socket.c:220
Code: 30 84 c0 0f 85 d8 00 00 00 41 88 2c 24 bd 08 00 00 00 e9 0b ff ff ff 89 f3 e8 0c d8 f8 f8 89 d8 e9 5c ff ff ff e8 00 d8 f8 f8 <0f> 0b e9 4b ff ff ff 89 e9 80 e1 07 38 c1 0f 8c 98 fd ff ff 48 89
RSP: 0018:ffffc900052c7238 EFLAGS: 00010287
RAX: ffffffff8889aeb0 RBX: ffff8880396b0020 RCX: 0000000000080000
RDX: ffffc900168a8000 RSI: 000000000000190b RDI: 000000000000190c
RBP: 00000000000000ff R08: ffffffff8e1ffbef R09: 1ffffffff1c3ff7d
R10: dffffc0000000000 R11: fffffbfff1c3ff7e R12: 0000000000000100
R13: ffff88807beba898 R14: dffffc0000000000 R15: 1ffff110072d6004
FS: 00007f690f03a6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c3b7650 CR3: 0000000058cb8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001800
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
nf_tables_newexpr net/netfilter/nf_tables_api.c:3065 [inline]
nf_tables_newrule+0x1731/0x2810 net/netfilter/nf_tables_api.c:3792
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0x1124/0x2480 net/netfilter/nfnetlink.c:657
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x74d/0x8d0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8ad/0xbd0 net/netlink/af_netlink.c:1872
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5be/0x970 net/socket.c:2518
___sys_sendmsg+0x2a2/0x360 net/socket.c:2572
__sys_sendmsg net/socket.c:2601 [inline]
__do_sys_sendmsg net/socket.c:2610 [inline]
__se_sys_sendmsg+0x1bb/0x2a0 net/socket.c:2608
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f690e19ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f690f03a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f690e415fa0 RCX: 00007f690e19ce59
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
RBP: 00007f690e232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f690e416038 R14: 00007f690e415fa0 R15: 00007ffd3af94dc8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10c94760580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0605c5af04d7603
dashboard link: https://syzkaller.appspot.com/bug?extid=4c4c5a5720d2c11919ec
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9a737b79badc/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/173f40718d47/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71c539a3d166/bzImage-dcbcab9d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4c4c5a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 13789 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2e0/0x3c0 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 1 PID: 13789 Comm: syz.7.2028 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:nft_socket_init+0x2e0/0x3c0 net/netfilter/nft_socket.c:220
Code: 30 84 c0 0f 85 d8 00 00 00 41 88 2c 24 bd 08 00 00 00 e9 0b ff ff ff 89 f3 e8 0c d8 f8 f8 89 d8 e9 5c ff ff ff e8 00 d8 f8 f8 <0f> 0b e9 4b ff ff ff 89 e9 80 e1 07 38 c1 0f 8c 98 fd ff ff 48 89
RSP: 0018:ffffc900052c7238 EFLAGS: 00010287
RAX: ffffffff8889aeb0 RBX: ffff8880396b0020 RCX: 0000000000080000
RDX: ffffc900168a8000 RSI: 000000000000190b RDI: 000000000000190c
RBP: 00000000000000ff R08: ffffffff8e1ffbef R09: 1ffffffff1c3ff7d
R10: dffffc0000000000 R11: fffffbfff1c3ff7e R12: 0000000000000100
R13: ffff88807beba898 R14: dffffc0000000000 R15: 1ffff110072d6004
FS: 00007f690f03a6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c3b7650 CR3: 0000000058cb8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001800
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
nf_tables_newexpr net/netfilter/nf_tables_api.c:3065 [inline]
nf_tables_newrule+0x1731/0x2810 net/netfilter/nf_tables_api.c:3792
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0x1124/0x2480 net/netfilter/nfnetlink.c:657
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x74d/0x8d0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8ad/0xbd0 net/netlink/af_netlink.c:1872
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5be/0x970 net/socket.c:2518
___sys_sendmsg+0x2a2/0x360 net/socket.c:2572
__sys_sendmsg net/socket.c:2601 [inline]
__do_sys_sendmsg net/socket.c:2610 [inline]
__se_sys_sendmsg+0x1bb/0x2a0 net/socket.c:2608
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f690e19ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f690f03a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f690e415fa0 RCX: 00007f690e19ce59
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
RBP: 00007f690e232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f690e416038 R14: 00007f690e415fa0 R15: 00007ffd3af94dc8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 25, 2026, 10:22:23 PM (10 hours ago) May 25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0a40c6fbd105 Linux 6.6.141
syzbot found the following issue on:
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=165d22a6580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c5b35c4db8465904
dashboard link: https://syzkaller.appspot.com/bug?extid=38ace3de1b2f0417c412
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bef5f7e53495/disk-0a40c6fb.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/61ce39aaab25/vmlinux-0a40c6fb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43d2363e7871/bzImage-0a40c6fb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7228 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2ee/0x3c0 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 1 PID: 7228 Comm: syz.2.306 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:nft_socket_init+0x2ee/0x3c0 net/netfilter/nft_socket.c:220
Code: 30 84 c0 0f 85 d8 00 00 00 41 88 2c 24 bd 08 00 00 00 e9 b2 fe ff ff 89 f3 e8 ee de b0 f8 89 d8 e9 5c ff ff ff e8 e2 de b0 f8 <0f> 0b e9 4b ff ff ff 89 e9 80 e1 07 38 c1 0f 8c 8e fd ff ff 48 89
RSP: 0018:ffffc9001a7df1d8 EFLAGS: 00010287
RAX: ffffffff88d64d0e RBX: ffff888057008020 RCX: 0000000000080000
RDX: ffffc9000d3ba000 RSI: 0000000000002073 RDI: 0000000000002074
RBP: 00000000000000ff R08: ffffffff8e8b3aef R09: 1ffffffff1d1675d
R10: dffffc0000000000 R11: fffffbfff1d1675e R12: 0000000000000100
R13: ffff888056327818 R14: dffffc0000000000 R15: 1ffff1100ae01004
FS: 00007f222cbcc6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c36271b CR3: 000000001bfa5000 CR4: 00000000003506e0
Call Trace:
<TASK>
nf_tables_newexpr net/netfilter/nf_tables_api.c:3307 [inline]
nf_tables_newrule+0x176c/0x2880 net/netfilter/nf_tables_api.c:4140
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0x113e/0x24a0 net/netfilter/nfnetlink.c:657
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f222bd9ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f222cbcc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f222c015fa0 RCX: 00007f222bd9ce59
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
RBP: 00007f222be32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f222c016038 R14: 00007f222c015fa0 R15: 00007ffe073188c8
syzbot
May 25, 2026, 10:48:42 PM (10 hours ago) May 25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1202fcec580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b1adc0bfde2d8a4a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1754547e580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=134a8673980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/afbb3144d02c/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/645249aeb1d4/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6dba7bfbb673/Image-dcbcab9d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4c4c5a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4457 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 0 PID: 4457 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
lr : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
sp : ffff800021217130
x29: ffff800021217130 x28: ffff60001a27f000 x27: dfff800000000000
x26: 0000000003000000 x25: 1fffe0001a27f004 x24: dfff800000000000
x23: ffff0000cbc93322 x22: 0000000000000100 x21: ffff0000d13f8020
x20: ffff0000cbc93318 x19: ffff800021217280 x18: 0000000000000000
x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000
x14: 0000000000000001 x13: 1ffff00002a44071 x12: 0000000000ff0100
x11: ff008000102a0ee0 x10: 0000000000000000 x9 : ffff8000102a0ee0
x8 : ffff0000d2bc3780 x7 : ffff8000102a1de0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000100 x0 : 00000000000000ff
Call trace:
nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
nf_tables_newexpr net/netfilter/nf_tables_api.c:3065 [inline]
nf_tables_newrule+0x1174/0x1b70 net/netfilter/nf_tables_api.c:3792
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x60c/0x814 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6f4/0x9c0 net/netlink/af_netlink.c:1872
___sys_sendmsg net/socket.c:2572 [inline]
__sys_sendmsg+0x288/0x374 net/socket.c:2601
__do_sys_sendmsg net/socket.c:2610 [inline]
__se_sys_sendmsg net/socket.c:2608 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2608
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1934
hardirqs last enabled at (1933): [<ffff800011b24404>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (1933): [<ffff800011b24404>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1934): [<ffff800011a39234>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1920): [<ffff80000fdd2bdc>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1914): [<ffff80000fdd2ba8>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=b1adc0bfde2d8a4a
dashboard link: https://syzkaller.appspot.com/bug?extid=4c4c5a5720d2c11919ec
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1754547e580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=134a8673980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/afbb3144d02c/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/645249aeb1d4/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6dba7bfbb673/Image-dcbcab9d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4c4c5a...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 4457 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
lr : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
sp : ffff800021217130
x29: ffff800021217130 x28: ffff60001a27f000 x27: dfff800000000000
x26: 0000000003000000 x25: 1fffe0001a27f004 x24: dfff800000000000
x23: ffff0000cbc93322 x22: 0000000000000100 x21: ffff0000d13f8020
x20: ffff0000cbc93318 x19: ffff800021217280 x18: 0000000000000000
x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000
x14: 0000000000000001 x13: 1ffff00002a44071 x12: 0000000000ff0100
x11: ff008000102a0ee0 x10: 0000000000000000 x9 : ffff8000102a0ee0
x8 : ffff0000d2bc3780 x7 : ffff8000102a1de0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000100 x0 : 00000000000000ff
Call trace:
nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
nf_tables_newexpr net/netfilter/nf_tables_api.c:3065 [inline]
nf_tables_newrule+0x1174/0x1b70 net/netfilter/nf_tables_api.c:3792
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0xc7c/0x1bfc net/netfilter/nfnetlink.c:657
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x60c/0x814 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6f4/0x9c0 net/netlink/af_netlink.c:1872
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5c8/0x938 net/socket.c:2518
__sock_sendmsg net/socket.c:730 [inline]
___sys_sendmsg net/socket.c:2572 [inline]
__sys_sendmsg+0x288/0x374 net/socket.c:2601
__do_sys_sendmsg net/socket.c:2610 [inline]
__se_sys_sendmsg net/socket.c:2608 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2608
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1934
hardirqs last enabled at (1933): [<ffff800011b24404>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (1933): [<ffff800011b24404>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1934): [<ffff800011a39234>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1920): [<ffff80000fdd2bdc>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1914): [<ffff80000fdd2ba8>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 25, 2026, 11:08:26 PM (9 hours ago) May 25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 0a40c6fbd105 Linux 6.6.141
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=140f5aa6580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1640915c580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bef5f7e53495/disk-0a40c6fb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/61ce39aaab25/vmlinux-0a40c6fb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43d2363e7871/bzImage-0a40c6fb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+38ace3...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5927 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2ee/0x3c0 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 1 PID: 5927 Comm: syz.0.17 Not tainted syzkaller #0
RAX: ffffffff88d64d0e RBX: ffff8880270d8020 RCX: ffff888077b69e00
RDX: 0000000000000000 RSI: 0000000000000100 RDI: 00000000000000ff
FS: 000055556fd38500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
RAX: ffffffffffffffda RBX: 00007f25f3c15fa0 RCX: 00007f25f399ce59
</TASK>
HEAD commit: 0a40c6fbd105 Linux 6.6.141
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=c5b35c4db8465904
dashboard link: https://syzkaller.appspot.com/bug?extid=38ace3de1b2f0417c412
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=128c82ec580000
dashboard link: https://syzkaller.appspot.com/bug?extid=38ace3de1b2f0417c412
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1640915c580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bef5f7e53495/disk-0a40c6fb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/61ce39aaab25/vmlinux-0a40c6fb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43d2363e7871/bzImage-0a40c6fb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+38ace3...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 5927 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:nft_socket_init+0x2ee/0x3c0 net/netfilter/nft_socket.c:220
Code: 30 84 c0 0f 85 d8 00 00 00 41 88 2c 24 bd 08 00 00 00 e9 b2 fe ff ff 89 f3 e8 ee de b0 f8 89 d8 e9 5c ff ff ff e8 e2 de b0 f8 <0f> 0b e9 4b ff ff ff 89 e9 80 e1 07 38 c1 0f 8c 8e fd ff ff 48 89
RSP: 0018:ffffc900034271d8 EFLAGS: 00010293
RIP: 0010:nft_socket_init+0x2ee/0x3c0 net/netfilter/nft_socket.c:220
Code: 30 84 c0 0f 85 d8 00 00 00 41 88 2c 24 bd 08 00 00 00 e9 b2 fe ff ff 89 f3 e8 ee de b0 f8 89 d8 e9 5c ff ff ff e8 e2 de b0 f8 <0f> 0b e9 4b ff ff ff 89 e9 80 e1 07 38 c1 0f 8c 8e fd ff ff 48 89
RAX: ffffffff88d64d0e RBX: ffff8880270d8020 RCX: ffff888077b69e00
RDX: 0000000000000000 RSI: 0000000000000100 RDI: 00000000000000ff
RBP: 00000000000000ff R08: ffffffff8e8b3aef R09: 1ffffffff1d1675d
R10: dffffc0000000000 R11: fffffbfff1d1675e R12: 0000000000000100
R13: ffff88807a5fd798 R14: dffffc0000000000 R15: 1ffff11004e1b004
R10: dffffc0000000000 R11: fffffbfff1d1675e R12: 0000000000000100
FS: 000055556fd38500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000200 CR3: 000000007a627000 CR4: 00000000003506e0
Call Trace:
<TASK>
nf_tables_newexpr net/netfilter/nf_tables_api.c:3307 [inline]
nf_tables_newrule+0x176c/0x2880 net/netfilter/nf_tables_api.c:4140
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0x113e/0x24a0 net/netfilter/nfnetlink.c:657
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f25f399ce59
<TASK>
nf_tables_newexpr net/netfilter/nf_tables_api.c:3307 [inline]
nf_tables_newrule+0x176c/0x2880 net/netfilter/nf_tables_api.c:4140
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
nfnetlink_rcv+0x113e/0x24a0 net/netfilter/nfnetlink.c:657
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd9cbffd88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f25f3c15fa0 RCX: 00007f25f399ce59
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
RBP: 00007f25f3a32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f25f3c15fac R14: 00007f25f3c15fa0 R15: 00007f25f3c15fa0
</TASK>
Reply all
Reply to author
Forward
0 new messages