bisecting cause commit starting from 6642d600b541b81931fb1ab0c041b0d68f77be7e
building syzkaller on fc9fd31ee7998c8b747752791000ea4eef07b5c6
testing commit 6642d600b541b81931fb1ab0c041b0d68f77be7e with gcc (GCC) 8.1.0
kernel signature: fffecc25f519e7ccdeb04baf8b08a2a6e245b8cdb4a1066baa21db724ed70828
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: 1176f6e3da191cd9a4f0adcc96b27926a7b0fee4c392f5c3802a03719279a08f
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: f9c6c15ef2c250e9223431da7d927113e6c13ea74c5f3efc6aa82799e3a40306
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: 99778a096df853bd1a40ef123e12eefeb5fda430252902a2a8be5c15fc4fb37b
all runs: OK
# git bisect start bbf5c979011a099af5dc76498918ed7df445635b bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 7841 revisions left to test after this (roughly 13 steps)
[47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0
kernel signature: 48698f6325a82dfe97f24f4891b974948398c9e63f1a554206b99439a252cab2
all runs: OK
# git bisect good 47ec5303d73ea344e84f46660fff693c57641386
Bisecting: 3921 revisions left to test after this (roughly 12 steps)
[97d052ea3fa853b9aabcc4baca1a605cb1188611] Merge tag 'locking-urgent-2020-08-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 97d052ea3fa853b9aabcc4baca1a605cb1188611 with gcc (GCC) 8.1.0
kernel signature: faacc236ade96fb33f8ae3fdbd1e9e624bac376662aeb911ebad5b1e69431354
all runs: OK
# git bisect good 97d052ea3fa853b9aabcc4baca1a605cb1188611
Bisecting: 1960 revisions left to test after this (roughly 11 steps)
[df561f6688fef775baa341a0f5d960becd248b11] treewide: Use fallthrough pseudo-keyword

testing commit df561f6688fef775baa341a0f5d960becd248b11 with gcc (GCC) 8.1.0
kernel signature: ff41a77f95c4ae476d0559ea237572fb5ae4722735a1421c56e3210cc6a99bef
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad df561f6688fef775baa341a0f5d960becd248b11
Bisecting: 978 revisions left to test after this (roughly 10 steps)
[ff419b61fd66dab6ad223e044d1c3c54bb5cef6c] Merge tag 'exfat-for-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat

testing commit ff419b61fd66dab6ad223e044d1c3c54bb5cef6c with gcc (GCC) 8.1.0
kernel signature: bc403fe6cc11f7897cf632e5efb3f791affaaa9a0d1e91dba53bb64e34797297
all runs: OK
# git bisect good ff419b61fd66dab6ad223e044d1c3c54bb5cef6c
Bisecting: 486 revisions left to test after this (roughly 9 steps)
[713eee84720e6525bc5b65954c5087604a15f5e8] Merge tag 'perf-tools-2020-08-14' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit 713eee84720e6525bc5b65954c5087604a15f5e8 with gcc (GCC) 8.1.0
kernel signature: 570494216c921d79ad812b8fbc1f879c0b6240883f72e2cb6f5a7efcaf182425
all runs: OK
# git bisect good 713eee84720e6525bc5b65954c5087604a15f5e8
Bisecting: 242 revisions left to test after this (roughly 8 steps)
[7f04f3ed621fd345ca1b01ec6e98c9b85d95851f] Merge tag 'sound-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

testing commit 7f04f3ed621fd345ca1b01ec6e98c9b85d95851f with gcc (GCC) 8.1.0
kernel signature: 02ecd22ac43a74eefd394a56730af75e63038fa0055eaff86740059b6f8e7c02
all runs: OK
# git bisect good 7f04f3ed621fd345ca1b01ec6e98c9b85d95851f
Bisecting: 120 revisions left to test after this (roughly 7 steps)
[9e574b74b781f14fa7348ba8b980b19a250a9c83] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

testing commit 9e574b74b781f14fa7348ba8b980b19a250a9c83 with gcc (GCC) 8.1.0
kernel signature: d55444a2b16acd72f5241303f35d4288517a926aec5b506994733c0150a0ce04
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad 9e574b74b781f14fa7348ba8b980b19a250a9c83
Bisecting: 60 revisions left to test after this (roughly 6 steps)
[985c788b6da44dc21b401ce8ce3c2db023ef79e4] Merge tag 'pm-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

testing commit 985c788b6da44dc21b401ce8ce3c2db023ef79e4 with gcc (GCC) 8.1.0
kernel signature: 45211276e729de49df2b496ff440524ea7ff76a86e698f2013ffd711a564ef5c
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad 985c788b6da44dc21b401ce8ce3c2db023ef79e4
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[ce9f24cccdc019229b70a5c15e2b09ad9c0ab5d1] ext4: check journal inode extents more carefully

testing commit ce9f24cccdc019229b70a5c15e2b09ad9c0ab5d1 with gcc (GCC) 8.1.0
kernel signature: 8346611ee5d6b214b4168368307a4805c9c85a8f2e38dd3cb2b9b16c28a85c5d
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad ce9f24cccdc019229b70a5c15e2b09ad9c0ab5d1
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[273108fa5015eeffc4bacfa5ce272af3434b96e4] ext4: handle read only external journal device

testing commit 273108fa5015eeffc4bacfa5ce272af3434b96e4 with gcc (GCC) 8.1.0
kernel signature: 996e8123fbe0927a44e5b20d790fe8ebcdb146a1639ac860decb50c0895280c2
all runs: OK
# git bisect good 273108fa5015eeffc4bacfa5ce272af3434b96e4
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[3d392b2676bf3199863a1e5efb2c087ad9d442a4] ext4: add prefetch_block_bitmaps mount option

testing commit 3d392b2676bf3199863a1e5efb2c087ad9d442a4 with gcc (GCC) 8.1.0
kernel signature: 8278cb175d25816811325cfdaad8e985764558c942ddb59d663b39c5bed8e8d8
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad 3d392b2676bf3199863a1e5efb2c087ad9d442a4
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[bc71726c725767205757821df364acff87f92ac5] ext4: abort the filesystem if failed to async write metadata buffer

testing commit bc71726c725767205757821df364acff87f92ac5 with gcc (GCC) 8.1.0
kernel signature: 9d11672afbad02aa798b3f51a1ee5d0fa270e973b7708fbd391a159446ebbe24
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad bc71726c725767205757821df364acff87f92ac5
Bisecting: 0 revisions left to test after this (roughly 1 step)
[c1d2c7d47e15482bb23cda83a5021e60f624a09c] ext4: skip non-loaded groups at cr=0/1 when scanning for good groups

testing commit c1d2c7d47e15482bb23cda83a5021e60f624a09c with gcc (GCC) 8.1.0
kernel signature: 69eff50940a9a49aad3c745ab5eb2cd9d033946fd4b140987262f11b2b50c73a
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad c1d2c7d47e15482bb23cda83a5021e60f624a09c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[cfd73237722135807967f389bcbda558a60a30d6] ext4: add prefetching for block allocation bitmaps

testing commit cfd73237722135807967f389bcbda558a60a30d6 with gcc (GCC) 8.1.0
kernel signature: 700545ad9af59c539a66ae977fe69d8c62be644f989cb7784e63bcfc2ac84168
all runs: crashed: UBSAN: shift-out-of-bounds in ext4_mb_init
# git bisect bad cfd73237722135807967f389bcbda558a60a30d6
cfd73237722135807967f389bcbda558a60a30d6 is the first bad commit
commit cfd73237722135807967f389bcbda558a60a30d6
Author: Alex Zhuravlev <bzzz@whamcloud.com>
Date:   Tue Apr 21 10:54:07 2020 +0300

    ext4: add prefetching for block allocation bitmaps
    
    This should significantly improve bitmap loading, especially for flex
    groups as it tries to load all bitmaps within a flex.group instead of
    one by one synchronously.
    
    Prefetching is done in 8 * flex_bg groups, so it should be 8
    read-ahead reads for a single allocating thread. At the end of
    allocation the thread waits for read-ahead completion and initializes
    buddy information so that read-aheads are not lost in case of memory
    pressure.
    
    At cr=0 the number of prefetching IOs is limited per allocation
    context to prevent a situation when mballoc loads thousands of bitmaps
    looking for a perfect group and ignoring groups with good chunks.
    
    Together with the patch "ext4: limit scanning of uninitialized groups"
    the mount time (which includes few tiny allocations) of a 1PB
    filesystem is reduced significantly:
    
                   0% full    50%-full unpatched    patched
      mount time       33s                9279s       563s
    
    [ Restructured by tytso; removed the state flags in the allocation
      context, so it can be used to lazily prefetch the allocation bitmaps
      immediately after the file system is mounted.  Skip prefetching
      block groups which are uninitialized.  Finally pass in the
      REQ_RAHEAD flag to the block layer while prefetching. ]
    
    Signed-off-by: Alex Zhuravlev <bzzz@whamcloud.com>
    Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>

 fs/ext4/balloc.c  |  14 ++++--
 fs/ext4/ext4.h    |   8 +++-
 fs/ext4/mballoc.c | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 fs/ext4/sysfs.c   |   4 ++
 4 files changed, 153 insertions(+), 6 deletions(-)

culprit signature: 700545ad9af59c539a66ae977fe69d8c62be644f989cb7784e63bcfc2ac84168
parent  signature: 996e8123fbe0927a44e5b20d790fe8ebcdb146a1639ac860decb50c0895280c2
revisions tested: 18, total time: 2h59m37.331579911s (build: 1h27m25.138767337s, test: 1h30m1.680565912s)
first bad commit: cfd73237722135807967f389bcbda558a60a30d6 ext4: add prefetching for block allocation bitmaps
recipients (to): ["adilger@whamcloud.com" "bzzz@whamcloud.com" "tytso@mit.edu"]
recipients (cc): []
crash: UBSAN: shift-out-of-bounds in ext4_mb_init
================================================================================
UBSAN: shift-out-of-bounds in fs/ext4/mballoc.c:2727:26
shift exponent 60 is too large for 32-bit type 'int'
CPU: 1 PID: 10406 Comm: syz-executor.0 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x78/0xa0 lib/dump_stack.c:118
 ubsan_epilogue+0x5/0x40 lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold.13+0x14/0x98 lib/ubsan.c:395
 ext4_mb_init_backend fs/ext4/mballoc.c:2727 [inline]
 ext4_mb_init.cold.58+0x51/0xc5 fs/ext4/mballoc.c:2910
 ext4_fill_super+0x23bc/0x4180 fs/ext4/super.c:4709
 mount_bdev+0x178/0x1b0 fs/super.c:1417
 legacy_get_tree+0x28/0x60 fs/fs_context.c:592
 vfs_get_tree+0x1d/0xd0 fs/super.c:1547
 do_new_mount fs/namespace.c:2874 [inline]
 do_mount+0x83f/0xa50 fs/namespace.c:3199
 __do_sys_mount fs/namespace.c:3409 [inline]
 __se_sys_mount fs/namespace.c:3386 [inline]
 __x64_sys_mount+0xbf/0xe0 fs/namespace.c:3386
 do_syscall_64+0x50/0xd0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x460c6a
Code: Bad RIP value.
RSP: 002b:00007f49f1e56a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f49f1e56b10 RCX: 0000000000460c6a
RDX: 0000000020000000 RSI: 0000000020000180 RDI: 00007f49f1e56ad0
RBP: 00007f49f1e56ad0 R08: 00007f49f1e56b10 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000180 R14: 0000000020000200 R15: 0000000020000040
================================================================================