This issue is still present on Ubuntu 24.04 (noble) after upgrading
iptables-netflow-dkms to the latest version 2.6-6ubuntu2.3.
Kernel: 6.8.0-90-generic (x86_64)
Package: iptables-netflow-dkms 2.6-6ubuntu2.3
After every reboot I get one kernel log entry:
[Mon Jan 19 12:08:36 2026] ------------[ cut here ]------------
[Mon Jan 19 12:08:36 2026] UBSAN: shift-out-of-bounds in
/var/lib/dkms/ipt-netflow/2.6/build/ipt_NETFLOW.c:4885:13
[Mon Jan 19 12:08:36 2026] shift exponent 32 is too large for 32-bit type 'int'
[Mon Jan 19 12:08:36 2026] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G O
6.8.0-90-generic #91-Ubuntu
[Mon Jan 19 12:08:36 2026] Hardware name: VMware, Inc. VMware7,1/440BX Desktop
Reference Platform, BIOS VMW71.00V.24504846.B64.2501180334 01/18/2025
[Mon Jan 19 12:08:36 2026] Call Trace:
[Mon Jan 19 12:08:36 2026] <IRQ>
[Mon Jan 19 12:08:36 2026] dump_stack_lvl+0x76/0xa0
[Mon Jan 19 12:08:36 2026] dump_stack+0x10/0x20
[Mon Jan 19 12:08:36 2026] __ubsan_handle_shift_out_of_bounds+0x199/0x370
[Mon Jan 19 12:08:36 2026] ? __inet_dev_addr_type+0xef/0x1b0
[Mon Jan 19 12:08:36 2026] netflow_target.cold+0x1b/0x30 [ipt_NETFLOW]
[Mon Jan 19 12:08:36 2026] ? inet_dev_addr_type+0x47/0x60
[Mon Jan 19 12:08:36 2026] nft_target_eval_xt+0x66/0xb0 [nft_compat]
[Mon Jan 19 12:08:36 2026] expr_call_ops_eval+0x13/0x1e0 [nf_tables]
[Mon Jan 19 12:08:36 2026] nft_do_chain+0xfc/0x650 [nf_tables]
[Mon Jan 19 12:08:36 2026] nft_do_chain_ipv4+0x6e/0x90 [nf_tables]
[Mon Jan 19 12:08:36 2026] nf_hook_slow+0x43/0x130
[Mon Jan 19 12:08:36 2026] promisc_rcv+0x641/0x900 [ipt_NETFLOW]
[Mon Jan 19 12:08:36 2026] ? __pfx_promisc_finish+0x10/0x10 [ipt_NETFLOW]
[Mon Jan 19 12:08:36 2026] __netif_receive_skb_core.constprop.0+0x23a/0x10c0
[Mon Jan 19 12:08:36 2026] ? tcp4_gro_receive+0xfe/0x1b0
[Mon Jan 19 12:08:36 2026] ? inet_gro_receive+0x253/0x2f0
[Mon Jan 19 12:08:36 2026] __netif_receive_skb_list_core+0xfd/0x250
[Mon Jan 19 12:08:36 2026] netif_receive_skb_list_internal+0x1a3/0x2d0
[Mon Jan 19 12:08:36 2026] napi_complete_done+0x74/0x1c0
[Mon Jan 19 12:08:36 2026] vmxnet3_poll_rx_only+0x9a/0xe0 [vmxnet3]
[Mon Jan 19 12:08:36 2026] __napi_poll+0x30/0x200
[Mon Jan 19 12:08:36 2026] net_rx_action+0x181/0x2e0
[Mon Jan 19 12:08:36 2026] handle_softirqs+0xd8/0x340
[Mon Jan 19 12:08:36 2026] __irq_exit_rcu+0xd9/0x100
[Mon Jan 19 12:08:36 2026] irq_exit_rcu+0xe/0x20
[Mon Jan 19 12:08:36 2026] common_interrupt+0xa4/0xb0
[Mon Jan 19 12:08:36 2026] </IRQ>
[Mon Jan 19 12:08:36 2026] <TASK>
[Mon Jan 19 12:08:36 2026] asm_common_interrupt+0x27/0x40
[Mon Jan 19 12:08:36 2026] RIP: 0010:pv_native_safe_halt+0xb/0x10
[Mon Jan 19 12:08:36 2026] Code: 22 d7 31 ff c3 cc cc cc cc 66 0f 1f 44 00 00
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d 19 56 3c 00 fb
f4 <c3> cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 83
[Mon Jan 19 12:08:36 2026] RSP: 0018:ffffd105800bfe78 EFLAGS: 00000246
[Mon Jan 19 12:08:36 2026] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000
[Mon Jan 19 12:08:36 2026] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000000
[Mon Jan 19 12:08:36 2026] RBP: ffffd105800bfe80 R08: 0000000000000000 R09:
0000000000000000
[Mon Jan 19 12:08:36 2026] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff8aa201878000
[Mon Jan 19 12:08:36 2026] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[Mon Jan 19 12:08:36 2026] ? default_idle+0x9/0x30
[Mon Jan 19 12:08:36 2026] arch_cpu_idle+0x9/0x10
[Mon Jan 19 12:08:36 2026] default_idle_call+0x2c/0xf0
[Mon Jan 19 12:08:36 2026] cpuidle_idle_call+0x153/0x190
[Mon Jan 19 12:08:36 2026] do_idle+0x87/0xf0
[Mon Jan 19 12:08:36 2026] cpu_startup_entry+0x2a/0x30
[Mon Jan 19 12:08:36 2026] start_secondary+0x129/0x160
[Mon Jan 19 12:08:36 2026] secondary_startup_64_no_verify+0x184/0x18b
[Mon Jan 19 12:08:36 2026] </TASK>
[Mon Jan 19 12:08:36 2026] ---[ end trace ]---
The installed DKMS source still contains:
/usr/src/ipt-netflow-2.6/ipt_NETFLOW.c:4885: ret |= 1 << (32 - opt);
This matches upstream PR #204 (“tcp options: fix possible shift-out-of-bounds”)
https://github.com/aabc/ipt-netflow/pull/204/files
Could this fix be backported into the Ubuntu package (noble-updates)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1996422
Title:
UBSAN: shift-out-of-bounds in /var/lib/dkms/ipt-
netflow/2.6/build/ipt_NETFLOW.c:4853:13
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-netflow/+bug/1996422/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
