syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18710]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size

Status: upstream: reported on 2026/04/27 17:27
Subsystems: lvs
[Documentation on labels]
Reported-by: syzbot+217f1db9c791e27fe54a@syzkaller.appspotmail.com
Fix commit: 4ee52b7021a7 ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-gce-arm64]
First crash: 20d, last: 8d02h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
2e12824a-5ba3-4975-9101-e210b4058cc5 assessment-security 💥 UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size 2026/05/14 16:52 2026/05/14 16:52 2026/05/14 16:53 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD Updating files: 15% (14956/93691) Updating files: 16% (14991/93691) Updating files: 17% (15928/93691) Updating files: 18% (16865/93691) Updating files: 19% (17802/93691) Updating files: 20% (18739/93691) Updating files: 21% (19676/93691) Updating files: 22% (20613/93691) Updating files: 23% (21549/93691) Updating files: 24% (22486/93691) Updating files: 25% (23423/93691) Updating files: 26% (24360/93691) Updating files: 26% (24821/93691) error: unable to write file arch/powerpc/platforms/44x/pci.c error: unable to write file arch/powerpc/platforms/44x/pci.h error: unable to write file arch/powerpc/platforms/44x/ppc44x_simple.c error: unable to write file arch/powerpc/platforms/44x/ppc476.c error: unable to write file arch/powerpc/platforms/44x/ppc476_modules.lds error: unable to write file arch/powerpc/platforms/44x/sam440ep.c error: unable to write file arch/powerpc/platforms/44x/soc.c error: unable to write file arch/powerpc/platforms/44x/uic.c error: unable to write file arch/powerpc/platforms/44x/warp.c fatal: cannot create directory at 'arch/powerpc/platforms/512x': No space left on device
Discussions (6)
Title Replies (including bot) Last reply
[PATCH net 6/8] ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size 1 (1) 2026/05/05 00:16
[PATCHv3 nf 6/8] ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size 1 (1) 2026/04/30 07:44
[PATCHv2 nf 6/8] ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size 1 (1) 2026/04/29 14:10
[PATCH nf 5/7] ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size 1 (1) 2026/04/28 17:57
[PATCH net] ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size 1 (1) 2026/04/27 23:40
[syzbot] [lvs?] UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size 1 (2) 2026/04/27 22:37

Sample crash report:
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'unsigned long'
CPU: 0 UID: 0 PID: 31521 Comm: kworker/u8:38 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events_unbound conn_resize_work_handler
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:233
 __ubsan_handle_shift_out_of_bounds+0x385/0x410 lib/ubsan.c:494
 __roundup_pow_of_two include/linux/log2.h:57 [inline]
 ip_vs_rht_desired_size+0x2cf/0x410 net/netfilter/ipvs/ip_vs_core.c:240
 ip_vs_conn_desired_size net/netfilter/ipvs/ip_vs_conn.c:765 [inline]
 conn_resize_work_handler+0x1b6/0x14c0 net/netfilter/ipvs/ip_vs_conn.c:822
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 31521 Comm: kworker/u8:38 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events_unbound conn_resize_work_handler
Call Trace:
 <TASK>
 vpanic+0x56c/0xa60 kernel/panic.c:650
 panic+0xc5/0xd0 kernel/panic.c:787
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:524
 __ubsan_handle_shift_out_of_bounds+0x385/0x410 lib/ubsan.c:494
 __roundup_pow_of_two include/linux/log2.h:57 [inline]
 ip_vs_rht_desired_size+0x2cf/0x410 net/netfilter/ipvs/ip_vs_core.c:240
 ip_vs_conn_desired_size net/netfilter/ipvs/ip_vs_conn.c:765 [inline]
 conn_resize_work_handler+0x1b6/0x14c0 net/netfilter/ipvs/ip_vs_conn.c:822
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/04 04:59 net bd3a4795d574 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/05/04 04:59 net bd3a4795d574 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/05/07 06:35 net-next dacf281771a9 f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/05/05 03:44 net-next d3aae4d954f9 a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/05/05 03:44 net-next d3aae4d954f9 a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/05/02 03:26 net-next 4fe18ddd17d8 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
2026/04/25 00:40 net-next e728258debd5 9c2d0995 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ip_vs_rht_desired_size
* Struck through repros no longer work on HEAD.