syzbot

 sign-in | mailing list | source | docs
🐞 Open [1459]
Subsystems
🐞 Fixed [6847]
🐞 Invalid [17763]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in fib_table_lookup (2)

Status: closed as invalid on 2025/09/16 17:45
Subsystems: net
[Documentation on labels]
First crash: 149d, last: 149d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in fib_table_lookup net -1 1 329d 329d 0/29 closed as invalid on 2025/03/17 11:07

Sample crash report:
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in net/ipv4/fib_trie.c:1448:11
shift exponent 255 is too large for 32-bit type 'unsigned int'
CPU: 1 UID: 0 PID: 11628 Comm: syz.4.1499 Not tainted 6.17.0-rc1-syzkaller-00116-gd7ee5bdce789 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:233 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494
 fib_table_lookup.cold+0x39/0x7a net/ipv4/fib_trie.c:1448
 fib_lookup.constprop.0+0x13e/0x530 include/net/ip_fib.h:390
 ip_route_output_key_hash_rcu+0xde8/0x28c0 net/ipv4/route.c:2805
 ip_route_output_key_hash+0x137/0x2e0 net/ipv4/route.c:2696
 __ip_route_output_key include/net/route.h:169 [inline]
 ip_route_connect include/net/route.h:348 [inline]
 tcp_v4_connect+0x81c/0x1bb0 net/ipv4/tcp_ipv4.c:254
 tcp_v6_connect+0x785/0x2170 net/ipv6/tcp_ipv6.c:241
 __inet_stream_connect+0x914/0xf60 net/ipv4/af_inet.c:677
 inet_stream_connect+0x57/0xa0 net/ipv4/af_inet.c:748
 __sys_connect_file+0x13e/0x1a0 net/socket.c:2086
 __sys_connect+0x13b/0x160 net/socket.c:2105
 __do_sys_connect net/socket.c:2111 [inline]
 __se_sys_connect net/socket.c:2108 [inline]
 __x64_sys_connect+0x72/0xb0 net/socket.c:2108
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8fbf38ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8fbd5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007f8fbf5b6090 RCX: 00007f8fbf38ebe9
RDX: 000000000000001c RSI: 0000200000000200 RDI: 0000000000000008
RBP: 00007f8fbf411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8fbf5b6128 R14: 00007f8fbf5b6090 R15: 00007fff6aa0d458
 </TASK>
---[ end trace ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/15 22:51 upstream d7ee5bdce789 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in fib_table_lookup
* Struck through repros no longer work on HEAD.