UBSAN: shift-out-of-bounds in qdisc_get

Cause bisection: introduced by (bisect log) [release commit]:
commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 15 21:19:32 2019 +0000

Linux 5.3

Crash: UBSAN: undefined-behaviour in qdisc_get_rtab (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit e4bedf48aaa5552bc1f49703abd17606e7e6e82a
Author: Eric Dumazet <edumazet@google.com>
Date: Thu Jan 14 16:06:37 2021 +0000

net_sched: reject silly cell_log in qdisc_get_rtab()

================================================================================
UBSAN: shift-out-of-bounds in net/sched/sch_api.c:389:22
shift exponent 129 is too large for 32-bit type 'int'
CPU: 0 PID: 8450 Comm: syz-executor907 Not tainted 5.11.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 __detect_linklayer net/sched/sch_api.c:389 [inline]
 qdisc_get_rtab net/sched/sch_api.c:435 [inline]
 qdisc_get_rtab.cold+0x1d/0x90 net/sched/sch_api.c:409
 tbf_change+0xcfa/0x16e0 net/sched/sch_tbf.c:362
 tbf_init+0x91/0xd0 net/sched/sch_tbf.c:476
 qdisc_create+0x4ba/0x1270 net/sched/sch_api.c:1246
 tc_modify_qdisc+0x4c8/0x1990 net/sched/sch_api.c:1662
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2345
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2399
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440fe9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcb42b20a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440fe9
RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000004
RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004027f0
R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000
================================================================================

Crashes (521):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Manager	Title
2021/01/17 11:27	upstream	0da0a8a0a0e1	65a7a854	.config	console log	report	syz	C		ci-upstream-kasan-gce
2021/01/14 13:40	net-old	a95d25dd7b94	269d24e8	.config	console log	report	syz	C		ci-upstream-net-this-kasan-gce
2021/01/14 13:36	net-next-old	679500e385fc	269d24e8	.config	console log	report	syz	C		ci-upstream-net-kasan-gce
2021/01/02 03:25	net-next-old	3db1a3fa9880	79264ae3	.config	console log	report	syz	C		ci-upstream-net-kasan-gce
2020/12/08 04:53	linux-next	15ac8fdb7440	51a9082e	.config	console log	report	syz	C		ci-upstream-linux-next-kasan-gce-root
2021/01/20 17:46	upstream	45dfb8a5659a	d4f4eca5	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/20 16:33	upstream	45dfb8a5659a	d4f4eca5	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/20 14:24	upstream	45dfb8a5659a	d4f4eca5	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/20 12:50	upstream	45dfb8a5659a	d4f4eca5	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/19 23:55	upstream	1e2a199f6ccd	63631df1	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/19 18:10	upstream	1e2a199f6ccd	63631df1	.config	console log	report			info	ci-upstream-kasan-gce-root	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/19 06:24	upstream	1e2a199f6ccd	63631df1	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 21:15	upstream	19c329f68089	63631df1	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 17:29	upstream	19c329f68089	63631df1	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 07:10	upstream	a1339d6355ac	fd103621	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 03:32	upstream	a1339d6355ac	fd103621	.config	console log	report			info	ci-upstream-kasan-gce-root	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/17 15:27	upstream	0da0a8a0a0e1	813be542	.config	console log	report			info	ci-upstream-kasan-gce-root	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 05:55	upstream	a1339d6355ac	fd103621	.config	console log	report			info	ci-upstream-kasan-gce-386	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/20 22:29	net-next-old	7b8fc0103bb5	d4f4eca5	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/20 16:27	net-next-old	7b8fc0103bb5	d4f4eca5	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/19 15:57	net-next-old	99d518970c5a	63631df1	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 21:33	net-next-old	220723dc3bcf	63631df1	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 19:47	net-next-old	213b97b12580	63631df1	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/18 14:59	net-next-old	213b97b12580	63631df1	.config	console log	report			info	ci-upstream-net-kasan-gce	UBSAN: shift-out-of-bounds in qdisc_get_rtab
2021/01/17 14:16	upstream	0da0a8a0a0e1	813be542	.config	console log	report			info	ci-upstream-kasan-gce
2021/01/17 10:48	upstream	0da0a8a0a0e1	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce
2021/01/16 14:51	upstream	1d94330a437a	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-root
2021/01/16 14:37	upstream	1d94330a437a	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-root
2021/01/16 13:35	upstream	1d94330a437a	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-root
2021/01/16 05:52	upstream	5ee88057889b	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root
2021/01/15 05:32	upstream	146620506274	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root
2021/01/15 04:23	upstream	146620506274	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce
2021/01/13 20:32	upstream	e609571b5ffa	a945f0a3	.config	console log	report			info	ci-upstream-kasan-gce-root
2021/01/13 19:29	upstream	e609571b5ffa	a945f0a3	.config	console log	report			info	ci-upstream-kasan-gce
2021/01/13 14:00	upstream	e609571b5ffa	a945f0a3	.config	console log	report			info	ci-upstream-kasan-gce
2021/01/09 22:09	upstream	2ff90100ace8	2c1f2513	.config	console log	report			info	ci-qemu-upstream
2021/01/16 17:18	upstream	1d94330a437a	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-386
2021/01/16 16:10	upstream	1d94330a437a	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-386
2021/01/15 20:30	upstream	5ee88057889b	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-386
2021/01/15 06:19	upstream	146620506274	65a7a854	.config	console log	report			info	ci-upstream-kasan-gce-386
2021/01/13 23:16	upstream	e609571b5ffa	a945f0a3	.config	console log	report			info	ci-upstream-kasan-gce-386
2021/01/10 03:14	upstream	2ff90100ace8	2c1f2513	.config	console log	report			info	ci-qemu-upstream-386
2021/01/16 05:43	net-old	b7ba6cfabc42	65a7a854	.config	console log	report			info	ci-upstream-net-this-kasan-gce
2021/01/14 19:02	net-old	5b55299eed78	65a7a854	.config	console log	report			info	ci-upstream-net-this-kasan-gce
2021/01/17 12:43	net-next-old	213b97b12580	813be542	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/16 23:42	net-next-old	9ab7e76aefc9	65a7a854	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/15 21:54	net-next-old	1d9f03c0a15f	65a7a854	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/15 16:14	net-next-old	1d9f03c0a15f	65a7a854	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/15 11:17	net-next-old	1d9f03c0a15f	65a7a854	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/14 18:50	net-next-old	0ae5b43d6dde	65a7a854	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/14 11:41	net-next-old	679500e385fc	269d24e8	.config	console log	report			info	ci-upstream-net-kasan-gce
2021/01/15 01:38	linux-next	9152a993930d	65a7a854	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root
2021/01/15 00:07	linux-next	9152a993930d	65a7a854	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root
2021/01/14 22:46	linux-next	9152a993930d	65a7a854	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root
2021/01/14 12:43	linux-next	9152a993930d	269d24e8	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root
2021/01/13 16:40	linux-next	aa515cdce7a1	a945f0a3	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root
2020/12/07 13:12	linux-next	15ac8fdb7440	1190297f	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root

Crashes (521):

Assets (help?)

2021/01/17 11:27

upstream