bisecting cause commit starting from 95aafe911db602d19b00d2a88c3d54a84119f5dc building syzkaller on 06c27ff56b460864b5195bc0668d1d582df3cbf8 testing commit 95aafe911db602d19b00d2a88c3d54a84119f5dc with gcc (GCC) 10.2.1 20210217 kernel signature: 8e77dabc82d930edf15078341d93c512698f7632f212c08981df35cdb97413e9 all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_estimate testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 293e6579f0d65cbda46b2d20e15f30555f6e4ea292502f9356c74a1affb84b2f all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_estimate testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: aa5dbcb7b6350e128566df7b79649d445731318f591bef7c95206222f351bb67 all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_estimate testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: 5c24f3f4b62492843caa7e7e852285d332e09df8819536e003a2c6149fac4abc all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_estimate testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: e064f1b90e3cfa434cb136ae367ce886a75f83b37d3f635477c7b19461094f39 all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_buckets testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: 0c3b42a2623ff57e7e764989f96f47d87aded95e87d9e48275f1a3c8bd52969b all runs: crashed: UBSAN: shift-out-of-bounds in nft_hash_buckets testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217 kernel signature: d9f64012349e0d74c7c908ab911c6276e4b0f83458da87d57127cd8708aa9c37 all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.4.1 20210217 kernel signature: 0d1c1de0e6918e7934a8bacab412fca9f959afada996cb3594a46b998097996d all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(8,1) # git bisect skip 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [422c032afcf57d5e8109a54912e22ffc53d99068] netfilter: flowtable: Use rw sem as flow block lock testing commit 422c032afcf57d5e8109a54912e22ffc53d99068 with gcc (GCC) 8.4.1 20210217 kernel signature: 0044267005292344c27dbfe282921ebe3d0daa777639c96ad283e50ef7217e9a all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad 422c032afcf57d5e8109a54912e22ffc53d99068 Bisecting: 771 revisions left to test after this (roughly 10 steps) [6349021701d0ba2e84e2be440258d81e198c3392] Merge branch 'mlxsw-Offload-FIFO' testing commit 6349021701d0ba2e84e2be440258d81e198c3392 with gcc (GCC) 8.4.1 20210217 kernel signature: 45c66fcf7e433dadd5fe4077f02055ce3be7ab54290d46ffd0e2968704e21074 all runs: OK # git bisect good 6349021701d0ba2e84e2be440258d81e198c3392 Bisecting: 385 revisions left to test after this (roughly 9 steps) [d5e3c87d302cd08d01ac041cc3f8049c979cb97d] net: fec: reject unsupported coalescing params testing commit d5e3c87d302cd08d01ac041cc3f8049c979cb97d with gcc (GCC) 8.4.1 20210217 kernel signature: 915b39a8e7d33015dfe3a352341147f3c9439469d2d72d7c84ec4a42cddd1420 all runs: OK # git bisect good d5e3c87d302cd08d01ac041cc3f8049c979cb97d Bisecting: 192 revisions left to test after this (roughly 8 steps) [fa83820e5c58d200f41d08003ecb5f61cad3113b] Merge branch 'net-phy-XLGMII-define-and-usage-in-PHYLINK' testing commit fa83820e5c58d200f41d08003ecb5f61cad3113b with gcc (GCC) 8.4.1 20210217 kernel signature: 3e99dc70f57617099d4b8e199cf289214e7cec53c9e9fd2b500f3c833c8dc131 all runs: OK # git bisect good fa83820e5c58d200f41d08003ecb5f61cad3113b Bisecting: 96 revisions left to test after this (roughly 7 steps) [0419c450e1bb5eb1c68ba10efeefddaf556cde85] Merge branch 'stmmac-100GB-Enterprise-MAC-support' testing commit 0419c450e1bb5eb1c68ba10efeefddaf556cde85 with gcc (GCC) 8.4.1 20210217 kernel signature: 7c6a2bf3238764cc2f5ed9ee5d0765f725dce0ec98dcec4a8692cccb0a20feed all runs: OK # git bisect good 0419c450e1bb5eb1c68ba10efeefddaf556cde85 Bisecting: 47 revisions left to test after this (roughly 6 steps) [54e73b9c0a88f71ce041a69471b7c4ef9a6a4407] s390/qeth: don't report hard-coded driver version testing commit 54e73b9c0a88f71ce041a69471b7c4ef9a6a4407 with gcc (GCC) 8.4.1 20210217 kernel signature: db6e70c910630f05a804d5ab1243bfb04957cd004b9f915ba40d83f833d302c1 all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad 54e73b9c0a88f71ce041a69471b7c4ef9a6a4407 Bisecting: 23 revisions left to test after this (roughly 5 steps) [339706bc21c15f2feac9d1c3bd0ba55d74530081] netfilter: nft_lookup: update element stateful expression testing commit 339706bc21c15f2feac9d1c3bd0ba55d74530081 with gcc (GCC) 8.4.1 20210217 kernel signature: 60572144c3923f3992a11b568db7d3f72d651ddf6d71bd2f1af65cc741dc32c8 all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad 339706bc21c15f2feac9d1c3bd0ba55d74530081 Bisecting: 12 revisions left to test after this (roughly 4 steps) [b5140a36da7876bc084a2c680c8dbc7438db2051] netfilter: flowtable: add indr block setup support testing commit b5140a36da7876bc084a2c680c8dbc7438db2051 with gcc (GCC) 8.4.1 20210217 kernel signature: 06d31899dffcc0f732b0ce810fbfc020c03a6359c063a521019a196892eb15fd all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad b5140a36da7876bc084a2c680c8dbc7438db2051 Bisecting: 5 revisions left to test after this (roughly 3 steps) [9325f070f7db23261b9b02c7530eadff91d4b8e2] netfilter: cleanup unused macro testing commit 9325f070f7db23261b9b02c7530eadff91d4b8e2 with gcc (GCC) 8.4.1 20210217 kernel signature: f3a036c9dd7c299369132f51b14d47bb56d1b50fcfecff0981b4d85e7f197fde all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad 9325f070f7db23261b9b02c7530eadff91d4b8e2 Bisecting: 2 revisions left to test after this (roughly 2 steps) [925d844696d9287f841d6b3e0ed62a35fb175970] netfilter: nft_tunnel: add support for geneve opts testing commit 925d844696d9287f841d6b3e0ed62a35fb175970 with gcc (GCC) 8.4.1 20210217 kernel signature: 4b394befd8e0ab7cda31143ba003b3fd78bfb46637112a254b76e63fbe4c7a2b all runs: OK # git bisect good 925d844696d9287f841d6b3e0ed62a35fb175970 Bisecting: 0 revisions left to test after this (roughly 1 step) [24d19826fcbd97144908ae32019ee67d358c5879] netfilter: nf_tables: make all set structs const testing commit 24d19826fcbd97144908ae32019ee67d358c5879 with gcc (GCC) 8.4.1 20210217 kernel signature: cff80b86ad3864b42216ec54dd96a6f759df8eec818c167fbe9de5dfbdafa80b all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad 24d19826fcbd97144908ae32019ee67d358c5879 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e32a4dc6512ce3c1a1920531246e7037896e510a] netfilter: nf_tables: make sets built-in testing commit e32a4dc6512ce3c1a1920531246e7037896e510a with gcc (GCC) 8.4.1 20210217 kernel signature: 67a2786b7cb57e5f06499a66fb2bbfd621707db97156fb13407e01403ef58cbf all runs: crashed: UBSAN: undefined-behaviour in nft_hash_buckets # git bisect bad e32a4dc6512ce3c1a1920531246e7037896e510a e32a4dc6512ce3c1a1920531246e7037896e510a is the first bad commit commit e32a4dc6512ce3c1a1920531246e7037896e510a Author: Florian Westphal Date: Tue Feb 18 11:59:26 2020 +0100 netfilter: nf_tables: make sets built-in Placing nftables set support in an extra module is pointless: 1. nf_tables needs dynamic registeration interface for sake of one module 2. nft heavily relies on sets, e.g. even simple rule like "nft ... tcp dport { 80, 443 }" will not work with _SETS=n. IOW, either nftables isn't used or both nf_tables and nf_tables_set modules are needed anyway. With extra module: 307K net/netfilter/nf_tables.ko 79K net/netfilter/nf_tables_set.ko text data bss dec filename 146416 3072 545 150033 nf_tables.ko 35496 1817 0 37313 nf_tables_set.ko This patch: 373K net/netfilter/nf_tables.ko 178563 4049 545 183157 nf_tables.ko Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 6 ------ net/netfilter/Kconfig | 8 -------- net/netfilter/Makefile | 9 +++------ net/netfilter/nf_tables_api.c | 41 +++++++++++--------------------------- net/netfilter/nf_tables_set_core.c | 31 ---------------------------- 5 files changed, 15 insertions(+), 80 deletions(-) delete mode 100644 net/netfilter/nf_tables_set_core.c culprit signature: 67a2786b7cb57e5f06499a66fb2bbfd621707db97156fb13407e01403ef58cbf parent signature: 4b394befd8e0ab7cda31143ba003b3fd78bfb46637112a254b76e63fbe4c7a2b revisions tested: 20, total time: 4h15m34.640127263s (build: 2h25m30.371930633s, test: 1h46m37.367902739s) first bad commit: e32a4dc6512ce3c1a1920531246e7037896e510a netfilter: nf_tables: make sets built-in recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "fw@strlen.de" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "pablo@netfilter.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: UBSAN: undefined-behaviour in nft_hash_buckets ================================================================================ UBSAN: Undefined behaviour in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 10762 Comm: syz-executor.3 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 ubsan_epilogue+0x5/0x21 lib/ubsan.c:154 __ubsan_handle_shift_out_of_bounds.cold.14+0xb4/0xf3 lib/ubsan.c:390 __roundup_pow_of_two include/linux/log2.h:57 [inline] nft_hash_buckets.cold.17+0x17/0x20 net/netfilter/nft_set_hash.c:398 nft_hash_estimate+0x86/0x1b0 net/netfilter/nft_set_hash.c:639 nft_select_set_ops net/netfilter/nf_tables_api.c:3321 [inline] nf_tables_newset+0xbca/0x2000 net/netfilter/nf_tables_api.c:4037 nfnetlink_rcv_batch+0x876/0x15e0 net/netfilter/nfnetlink.c:433 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline] nfnetlink_rcv+0x2bc/0x340 net/netfilter/nfnetlink.c:561 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x766/0xc10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:672 ____sys_sendmsg+0x54e/0x760 net/socket.c:2343 ___sys_sendmsg+0xe4/0x160 net/socket.c:2397 __sys_sendmsg+0xce/0x170 net/socket.c:2430 do_syscall_64+0x98/0x560 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa951784188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff04b4898f R14: 00007fa951784300 R15: 0000000000022000 ================================================================================