bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217
building syzkaller on fa79ed2ae1c546ca48519cfcd80d43b51b502750
testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.4.1 20210217
kernel signature: 7763e1086e0219f8b165c7a35094188adf96dca6cc2d74fc15cf7339b34a73f0
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
testing current HEAD 255b58a2b3af0baa0ee11507390349217b8b73b0
testing commit 255b58a2b3af0baa0ee11507390349217b8b73b0 with gcc (GCC) 8.4.1 20210217
kernel signature: 8d472fa05ae3e6fbda7a2e34c41a99fcd1e6699118ad375bbcda15f6030d51b7
all runs: OK
# git bisect start 255b58a2b3af0baa0ee11507390349217b8b73b0 a1b977b49b66c75e6c51a515f6700371ae720217
Bisecting: 859 revisions left to test after this (roughly 10 steps)
[dfd888ee5db1488f2bbbd370348879e703398760] USB: core: Change %pK for __user pointers to %px

testing commit dfd888ee5db1488f2bbbd370348879e703398760 with gcc (GCC) 8.4.1 20210217
kernel signature: 74e783943e5d9343bfb035b5f7ecdbd30db61b06fe47907ece02a9511813cef1
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good dfd888ee5db1488f2bbbd370348879e703398760
Bisecting: 429 revisions left to test after this (roughly 9 steps)
[218cf245fc6a3aacb0ebe143a4f4a88121104559] f2fs: prevent creating duplicate encrypted filenames

testing commit 218cf245fc6a3aacb0ebe143a4f4a88121104559 with gcc (GCC) 8.4.1 20210217
kernel signature: 4026310a9a3899fc6d9b46c4a9ba2eaf2fe2b765ddae0528246f863d341dd5a8
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good 218cf245fc6a3aacb0ebe143a4f4a88121104559
Bisecting: 214 revisions left to test after this (roughly 8 steps)
[11e36dcef44e6c7ab269f79657ff3d2db9a82c15] net: sit: unregister_netdevice on newlink's error path

testing commit 11e36dcef44e6c7ab269f79657ff3d2db9a82c15 with gcc (GCC) 8.4.1 20210217
kernel signature: fe4075b1b3ad2c8aaf0291dbd66b225277d8768f2fa3e79952f4776860b6fb94
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good 11e36dcef44e6c7ab269f79657ff3d2db9a82c15
Bisecting: 107 revisions left to test after this (roughly 7 steps)
[5aeee4faf5ef6c40497996a740b00e385d17560d] xen: Fix XenStore initialisation for XS_LOCAL

testing commit 5aeee4faf5ef6c40497996a740b00e385d17560d with gcc (GCC) 8.4.1 20210217
kernel signature: e7b9e8fe25215606234670c49db3af566ceb4dad8634c7390ace9ba1e2f35097
all runs: OK
# git bisect bad 5aeee4faf5ef6c40497996a740b00e385d17560d
Bisecting: 53 revisions left to test after this (roughly 6 steps)
[a45a83301a69d030246819bea9ea408a2fc765f4] sh_eth: Fix power down vs. is_opened flag ordering

testing commit a45a83301a69d030246819bea9ea408a2fc765f4 with gcc (GCC) 8.4.1 20210217
kernel signature: 043b3018229df13fd5addb7ec110e54eed7a0d1b20fd1cc85bf6a6a5ee8b47de
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good a45a83301a69d030246819bea9ea408a2fc765f4
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[f03b21494da1ebf4ecfcb34ab647f35dc7fb7d92] futex: Replace pointless printk in fixup_owner()

testing commit f03b21494da1ebf4ecfcb34ab647f35dc7fb7d92 with gcc (GCC) 8.4.1 20210217
kernel signature: c69386f6e07ad529d8e13c8610344637e9f4027ccc0a4a20111a5de029ae7d65
all runs: OK
# git bisect bad f03b21494da1ebf4ecfcb34ab647f35dc7fb7d92
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[4e5ee86dcb0003ae9ed0b477e47a1d0aaf2f8c67] gpio: mvebu: fix pwm .get_state period calculation

testing commit 4e5ee86dcb0003ae9ed0b477e47a1d0aaf2f8c67 with gcc (GCC) 8.4.1 20210217
kernel signature: df52bc7c167a61f4cdaac6150b24411925874b90d1a9ff8d0a01443c469c74b5
all runs: OK
# git bisect bad 4e5ee86dcb0003ae9ed0b477e47a1d0aaf2f8c67
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[22c1b22672f3c56289ea91cf5eaffa61db3e4b2e] net_sched: avoid shift-out-of-bounds in tcindex_set_parms()

testing commit 22c1b22672f3c56289ea91cf5eaffa61db3e4b2e with gcc (GCC) 8.4.1 20210217
kernel signature: 248e3a4e1efe19cd9d95b706069c92343165ee92510b4cf7823c64acc229b5e6
all runs: OK
# git bisect bad 22c1b22672f3c56289ea91cf5eaffa61db3e4b2e
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[1ad3d65c19b9ea823331afd58541a0936b9f2c6c] kasan: fix incorrect arguments passing in kasan_add_zero_shadow

testing commit 1ad3d65c19b9ea823331afd58541a0936b9f2c6c with gcc (GCC) 8.4.1 20210217
kernel signature: da6d99ac9168b64a204c4e121d910b6959e1ec4f9778be05a669b44bfb7889c8
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good 1ad3d65c19b9ea823331afd58541a0936b9f2c6c
Bisecting: 0 revisions left to test after this (roughly 1 step)
[be33a52751d2482630bfc085179edc95356ba7fb] ipv6: create multicast route with RTPROT_KERNEL

testing commit be33a52751d2482630bfc085179edc95356ba7fb with gcc (GCC) 8.4.1 20210217
kernel signature: d99dece1e9bb6860cab346c1a4c2ba510a6a29ede6a8dd098f01fea538a81636
all runs: crashed: WARNING: ODEBUG bug in tcindex_destroy_work
# git bisect good be33a52751d2482630bfc085179edc95356ba7fb
22c1b22672f3c56289ea91cf5eaffa61db3e4b2e is the first bad commit
commit 22c1b22672f3c56289ea91cf5eaffa61db3e4b2e
Author: Eric Dumazet <edumazet@google.com>
Date:   Thu Jan 14 10:52:29 2021 -0800

    net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
    
    commit bcd0cf19ef8258ac31b9a20248b05c15a1f4b4b0 upstream.
    
    tc_index being 16bit wide, we need to check that TCA_TCINDEX_SHIFT
    attribute is not silly.
    
    UBSAN: shift-out-of-bounds in net/sched/cls_tcindex.c:260:29
    shift exponent 255 is too large for 32-bit type 'int'
    CPU: 0 PID: 8516 Comm: syz-executor228 Not tainted 5.10.0-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:79 [inline]
     dump_stack+0x107/0x163 lib/dump_stack.c:120
     ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
     __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
     valid_perfect_hash net/sched/cls_tcindex.c:260 [inline]
     tcindex_set_parms.cold+0x1b/0x215 net/sched/cls_tcindex.c:425
     tcindex_change+0x232/0x340 net/sched/cls_tcindex.c:546
     tc_new_tfilter+0x13fb/0x21b0 net/sched/cls_api.c:2127
     rtnetlink_rcv_msg+0x8b6/0xb80 net/core/rtnetlink.c:5555
     netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
     netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
     netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
     netlink_sendmsg+0x907/0xe40 net/netlink/af_netlink.c:1919
     sock_sendmsg_nosec net/socket.c:652 [inline]
     sock_sendmsg+0xcf/0x120 net/socket.c:672
     ____sys_sendmsg+0x6e8/0x810 net/socket.c:2336
     ___sys_sendmsg+0xf3/0x170 net/socket.c:2390
     __sys_sendmsg+0xe5/0x1b0 net/socket.c:2423
     do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
     entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: syzbot <syzkaller@googlegroups.com>
    Link: https://lore.kernel.org/r/20210114185229.1742255-1-eric.dumazet@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 net/sched/cls_tcindex.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

culprit signature: 248e3a4e1efe19cd9d95b706069c92343165ee92510b4cf7823c64acc229b5e6
parent  signature: d99dece1e9bb6860cab346c1a4c2ba510a6a29ede6a8dd098f01fea538a81636
revisions tested: 12, total time: 3h7m12.207887329s (build: 1h37m20.125686091s, test: 1h24m59.531608928s)
first good commit: 22c1b22672f3c56289ea91cf5eaffa61db3e4b2e net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
recipients (to): ["edumazet@google.com" "gregkh@linuxfoundation.org" "kuba@kernel.org"]
recipients (cc): []