syzbot


UBSAN: shift-out-of-bounds in nft_hash_estimate
Status: internal: reported C repro on 2021/05/05 12:55
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: a54754ec9891 netfilter: nftables: avoid overflows in nft_hash_buckets()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 85d, last: 85d

Cause bisection: introduced by (bisect log) :
commit e32a4dc6512ce3c1a1920531246e7037896e510a
Author: Florian Westphal <fw@strlen.de>
Date: Tue Feb 18 10:59:26 2020 +0000

  netfilter: nf_tables: make sets built-in

Crash: UBSAN: undefined-behaviour in nft_hash_buckets (log)
Repro: C syz .config

Sample crash report:

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-this-kasan-gce 2021/05/05 17:03 net bbd6f0a94813 06c27ff5 .config log report syz C UBSAN: shift-out-of-bounds in nft_hash_estimate
ci-upstream-net-kasan-gce 2021/05/05 13:13 net-next 95aafe911db6 06c27ff5 .config log report syz C UBSAN: shift-out-of-bounds in nft_hash_estimate
ci-upstream-net-kasan-gce 2021/05/05 12:54 net-next 95aafe911db6 06c27ff5 .config log report info UBSAN: shift-out-of-bounds in nft_hash_estimate