Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp3221366rwe;
        Mon, 29 Aug 2022 07:52:20 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7FPtCqzaWxUy6ZYtsMny63epOqY17Z8km6Sqog7DAgrHVBTF48jsFUnCOW/NL2gPiq6fXi
X-Received: by 2002:a05:6402:270b:b0:448:76f0:4f55 with SMTP id y11-20020a056402270b00b0044876f04f55mr4031689edd.215.1661784739791;
        Mon, 29 Aug 2022 07:52:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661784739; cv=none;
        d=google.com; s=arc-20160816;
        b=RcSpBXyD46w6gHPe/rMhGNrCEm2/8sjFcgR44q+gqMgv6cYZf0quAbxf7fWL/7P1tj
         x2j+ldap8uzkt1oCuxCYrxnXA9Zj4A5BA8Gjp1zGK4U1V+NZEqcQgLo6H4LYeTHzM4xE
         hz9n1e6gskdGNhQTfMjaxXb5CevTAJ9XCPICNXTHS1HvgmjLRIHXu4jP6+sEIJm4VcvB
         jCsy5i5Nj9rOQAzFfVR7XSTwo40vQ7uiiA7OxuH2Hoi0lowwKQUeeSQcqJ0rVGRwl8r5
         g6sVXNTVlGDZ9it9FOerMXj+jL2RcPk5aMI49ZgH078t2Y13BKTBIRBvE+S6LNY1JW+m
         tIHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=0JGTS4lw6dy2hpKAIfbv5QJLL8dJQD43vvWQFlFi/v8=;
        b=UFfQH/K0PwKg1sC+RBPnQ0fvRTEbT9cjD4b3pYcNTRzPYsoPR8/rjYT10b+gvn8OOs
         ZPFR7hdkjbLdgZxfYGfVg6M6l1Lmp499dGbZ8ogobatOz8ihhjk6pFCfMDLy0ub23D9v
         axQwZYgYCB1BpraZ2WYllq47XKRt/FY3e5TepHjkgkU5+dp4mMm0vZXJ/W9FkG6nnvYa
         v8ib2eVAe3W9+aNvAsNSE8mxftBHQQiBelj+TUNCqrIicEIC3QmkQDhcarAwONmXemOz
         6nESQH540skpuCYzk21GuJlrZ5V8u917xiftsZ8YIYBLGIZA1wI+mjUQAjU3oYaKLJ02
         /auQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s15-20020a056402520f00b0043d552deb37si4284153edd.14.2022.08.29.07.51.54;
        Mon, 29 Aug 2022 07:52:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230083AbiH2ODb (ORCPT
        <rfc822;andriy.druk.mailinglists@gmail.com> + 99 others);
        Mon, 29 Aug 2022 10:03:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45672 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229456AbiH2OD3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Aug 2022 10:03:29 -0400
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:12e:520::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D5D9832C8;
        Mon, 29 Aug 2022 07:03:26 -0700 (PDT)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
        (envelope-from <fw@strlen.de>)
        id 1oSfMG-0000t9-Ln; Mon, 29 Aug 2022 16:03:20 +0200
Date:   Mon, 29 Aug 2022 16:03:20 +0200
From:   Florian Westphal <fw@strlen.de>
To:     john.p.donnelly@oracle.com
Cc:     Florian Westphal <fw@strlen.de>, netfilter-devel@vger.kernel.org,
        syzkaller@googlegroups.com, george.kennedy@oracle.com,
        vegard.nossum@oracle.com, bridge@lists.linux-foundation.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Subject: Re: [PATCH nf] netfilter: ebtables: reject blobs that don't provide
 all entry points
Message-ID: <20220829140320.GB27814@breakpoint.cc>
References: <20220820070331.48817-1-harshit.m.mogalapalli@oracle.com>
 <20220820173555.131326-1-fw@strlen.de>
 <93eca5ab-46ee-241a-b01c-a6131b28ba29@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <93eca5ab-46ee-241a-b01c-a6131b28ba29@oracle.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,
        SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

john.p.donnelly@oracle.com <john.p.donnelly@oracle.com> wrote:
> On 8/20/22 12:35 PM, Florian Westphal wrote:
> > For some reason ebtables reject blobs that provide entry points that are
> > not supported by the table.
> > 
> > What it should instead reject is the opposite, i.e. rulesets that
> > DO NOT provide an entry point that is supported by the table.
> > 
> > t->valid_hooks is the bitmask of hooks (input, forward ...) that will
> > see packets.  So, providing an entry point that is not support is
> > harmless (never called/used), but the reverse is NOT, this will cause
> > crash because the ebtables traverser doesn't expect a NULL blob for
> > a location its receiving packets for.
> > 
> > Instead of fixing all the individual checks, do what iptables is doing and
> > reject all blobs that doesn't provide the expected hooks.
> > 
> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> > Signed-off-by: Florian Westphal <fw@strlen.de>
> 
> Hi,
> 
>  Could you please add the panic stack mentioned above  and syzkaller
> reproducer ID to the commit text ?

I did not see a reproducer ID.  What ended up in the tree is this:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7997eff82828304b780dc0a39707e1946d6f1ebf