bisecting fixing commit since 65f0d2414b7079556fbbcc070b3d1c9f9587606d
building syzkaller on 269d24e857a757d09a898086a2fa6fa5d827c3e1
testing commit 65f0d2414b7079556fbbcc070b3d1c9f9587606d with gcc (GCC) 10.2.1 20210217
kernel signature: da7ba6e670be12504daa1a984854c77b4dcbc784956e99ce728f274a7a8ea0ce
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing current HEAD 7a7fd0de4a9804299793e564a555a49c1fc924cb
testing commit 7a7fd0de4a9804299793e564a555a49c1fc924cb with gcc (GCC) 10.2.1 20210217
kernel signature: db61f0850781789206d5f26b7227949cc355fcea5969904fe2b2a1a5b54650c9
all runs: OK
# git bisect start 7a7fd0de4a9804299793e564a555a49c1fc924cb 65f0d2414b7079556fbbcc070b3d1c9f9587606d
Bisecting: 6627 revisions left to test after this (roughly 13 steps)
[69e9b12a27a1b2d099e528928162428df4d6e93f] Merge tag 'mtd/for-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

testing commit 69e9b12a27a1b2d099e528928162428df4d6e93f with gcc (GCC) 10.2.1 20210217
kernel signature: ff7846d3546755c97c68a92e5d2129140f3bd6386057a15f24e35931f9de4cc2
all runs: OK
# git bisect bad 69e9b12a27a1b2d099e528928162428df4d6e93f
Bisecting: 3331 revisions left to test after this (roughly 12 steps)
[86dd9868b8788a9063893a97649594af93cd5aa6] net: dsa: tag_rtl4_a: Support also egress tags

testing commit 86dd9868b8788a9063893a97649594af93cd5aa6 with gcc (GCC) 10.2.1 20210217
kernel signature: 36ecf3da3ca5fe79460bb3bdc08a30bb82da4d3251340bd77f1d9347e8b425f1
all runs: OK
# git bisect bad 86dd9868b8788a9063893a97649594af93cd5aa6
Bisecting: 1658 revisions left to test after this (roughly 11 steps)
[e21268efbe26d9ab3f7468577d691b992d76e06a] net: dsa: felix: perform switch setup for tag_8021q

testing commit e21268efbe26d9ab3f7468577d691b992d76e06a with gcc (GCC) 10.2.1 20210217
kernel signature: 062db061f40f734c7d97648c9acc8990f9c16f63ff5fa918b24c60c46acb02c1
all runs: OK
# git bisect bad e21268efbe26d9ab3f7468577d691b992d76e06a
Bisecting: 828 revisions left to test after this (roughly 10 steps)
[8be2b2b940f040be9123be16216f69ad5ddb12fe] Merge branch 'net-ipa-remove-a-build-dependency'

testing commit 8be2b2b940f040be9123be16216f69ad5ddb12fe with gcc (GCC) 10.2.1 20210217
kernel signature: 94474a461fdd109e11a8c77a57f5c813a33ad3be03a61ec9ff5993dd2776fcf0
all runs: OK
# git bisect bad 8be2b2b940f040be9123be16216f69ad5ddb12fe
Bisecting: 408 revisions left to test after this (roughly 9 steps)
[2d9116be760793491827f30b7f77e88b5c44b81a] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit 2d9116be760793491827f30b7f77e88b5c44b81a with gcc (GCC) 10.2.1 20210217
kernel signature: 455c62dd97402aa6c8c6dddcefcd18365cbd6f93efa03dd01aec4b3996695fc6
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
# git bisect good 2d9116be760793491827f30b7f77e88b5c44b81a
Bisecting: 204 revisions left to test after this (roughly 8 steps)
[e2da783614bb8930aa89753d3c3cd53d5604665d] Merge tag 'perf-tools-fixes-2021-01-17' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit e2da783614bb8930aa89753d3c3cd53d5604665d with gcc (GCC) 10.2.1 20210217
kernel signature: 4ae9ee19daf1b762302e2326e26b89ead795c7eeaed938eb05a676eabe1a1cb7
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
# git bisect good e2da783614bb8930aa89753d3c3cd53d5604665d
Bisecting: 124 revisions left to test after this (roughly 7 steps)
[75439bc439e0f02903b48efce84876ca92da97bd] Merge tag 'net-5.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 75439bc439e0f02903b48efce84876ca92da97bd with gcc (GCC) 10.2.1 20210217
kernel signature: 2e0ba248743f7d81bb48420bd243f93895cc121c92f55f552c76073968c79eef
all runs: OK
# git bisect bad 75439bc439e0f02903b48efce84876ca92da97bd
Bisecting: 39 revisions left to test after this (roughly 5 steps)
[2565ff4eef34e03af67b7447c232c858f46b6e3b] Merge branch 'ipv4-ensure-ecn-bits-don-t-influence-source-address-validation'

testing commit 2565ff4eef34e03af67b7447c232c858f46b6e3b with gcc (GCC) 10.2.1 20210217
kernel signature: 3916024359a2f00889430d4984ea3744e166f197faa2c447a88a0a8d2c120fd3
all runs: OK
# git bisect bad 2565ff4eef34e03af67b7447c232c858f46b6e3b
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[87fe04367d842c4d97a77303242d4dd4ac351e46] net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext

testing commit 87fe04367d842c4d97a77303242d4dd4ac351e46 with gcc (GCC) 10.2.1 20210217
kernel signature: b7d13330f43a1d112f2fa73579ab68fa7bc585d59a8d16fc6f3b01d179fc70b9
all runs: OK
# git bisect bad 87fe04367d842c4d97a77303242d4dd4ac351e46
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[4237e9f4a96228ccc8a7abe5e4b30834323cd353] selftests/bpf: Add verifier test for PTR_TO_MEM spill

testing commit 4237e9f4a96228ccc8a7abe5e4b30834323cd353 with gcc (GCC) 10.2.1 20210217
kernel signature: 18bf1654e2be63efc0d9ef4430b2f2241238b70d50c78dcd76d6ec978fa88b18
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
# git bisect good 4237e9f4a96228ccc8a7abe5e4b30834323cd353
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[e4bedf48aaa5552bc1f49703abd17606e7e6e82a] net_sched: reject silly cell_log in qdisc_get_rtab()

testing commit e4bedf48aaa5552bc1f49703abd17606e7e6e82a with gcc (GCC) 10.2.1 20210217
kernel signature: 4969ca562f8b3b7ae65efd15713c15f981b8cb8e89f7654a862a1544927d6877
all runs: OK
# git bisect bad e4bedf48aaa5552bc1f49703abd17606e7e6e82a
Bisecting: 2 revisions left to test after this (roughly 1 step)
[c96adff95619178e2118925578343ad54857c80c] cls_flower: call nla_ok() before nla_next()

testing commit c96adff95619178e2118925578343ad54857c80c with gcc (GCC) 10.2.1 20210217
kernel signature: 94d29446afd7b1a02e6371f6a4a5e3b8f3a92a76cec0c51d5e11eb017b576121
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
# git bisect good c96adff95619178e2118925578343ad54857c80c
Bisecting: 0 revisions left to test after this (roughly 1 step)
[e23a8d00219818ba74f97f6a4cbe071dbbd5b5f1] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

testing commit e23a8d00219818ba74f97f6a4cbe071dbbd5b5f1 with gcc (GCC) 10.2.1 20210217
kernel signature: eb706d81f93104fc44a7c0944712fc4cfe5a1f4307bca375f2deb6c839f371c4
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
# git bisect good e23a8d00219818ba74f97f6a4cbe071dbbd5b5f1
e4bedf48aaa5552bc1f49703abd17606e7e6e82a is the first bad commit
commit e4bedf48aaa5552bc1f49703abd17606e7e6e82a
Author: Eric Dumazet <edumazet@google.com>
Date:   Thu Jan 14 08:06:37 2021 -0800

    net_sched: reject silly cell_log in qdisc_get_rtab()
    
    iproute2 probably never goes beyond 8 for the cell exponent,
    but stick to the max shift exponent for signed 32bit.
    
    UBSAN reported:
    UBSAN: shift-out-of-bounds in net/sched/sch_api.c:389:22
    shift exponent 130 is too large for 32-bit type 'int'
    CPU: 1 PID: 8450 Comm: syz-executor586 Not tainted 5.11.0-rc3-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:79 [inline]
     dump_stack+0x183/0x22e lib/dump_stack.c:120
     ubsan_epilogue lib/ubsan.c:148 [inline]
     __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:395
     __detect_linklayer+0x2a9/0x330 net/sched/sch_api.c:389
     qdisc_get_rtab+0x2b5/0x410 net/sched/sch_api.c:435
     cbq_init+0x28f/0x12c0 net/sched/sch_cbq.c:1180
     qdisc_create+0x801/0x1470 net/sched/sch_api.c:1246
     tc_modify_qdisc+0x9e3/0x1fc0 net/sched/sch_api.c:1662
     rtnetlink_rcv_msg+0xb1d/0xe60 net/core/rtnetlink.c:5564
     netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2494
     netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
     netlink_unicast+0x7de/0x9b0 net/netlink/af_netlink.c:1330
     netlink_sendmsg+0xaa6/0xe90 net/netlink/af_netlink.c:1919
     sock_sendmsg_nosec net/socket.c:652 [inline]
     sock_sendmsg net/socket.c:672 [inline]
     ____sys_sendmsg+0x5a2/0x900 net/socket.c:2345
     ___sys_sendmsg net/socket.c:2399 [inline]
     __sys_sendmsg+0x319/0x400 net/socket.c:2432
     do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
     entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: syzbot <syzkaller@googlegroups.com>
    Acked-by: Cong Wang <cong.wang@bytedance.com>
    Link: https://lore.kernel.org/r/20210114160637.1660597-1-eric.dumazet@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

 net/sched/sch_api.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

culprit signature: 4969ca562f8b3b7ae65efd15713c15f981b8cb8e89f7654a862a1544927d6877
parent  signature: eb706d81f93104fc44a7c0944712fc4cfe5a1f4307bca375f2deb6c839f371c4
revisions tested: 15, total time: 3h10m33.16860478s (build: 1h27m14.366938093s, test: 1h41m56.897338824s)
first good commit: e4bedf48aaa5552bc1f49703abd17606e7e6e82a net_sched: reject silly cell_log in qdisc_get_rtab()
recipients (to): ["cong.wang@bytedance.com" "edumazet@google.com" "kuba@kernel.org"]
recipients (cc): []