bisecting cause commit starting from 65f0d2414b7079556fbbcc070b3d1c9f9587606d
building syzkaller on 269d24e857a757d09a898086a2fa6fa5d827c3e1
testing commit 65f0d2414b7079556fbbcc070b3d1c9f9587606d with gcc (GCC) 8.1.0
kernel signature: 87a7799bb203f19acdacb4673afefbc2d40e5dd34fca1794a4adfaad69436f02
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: 5035332b8f978c13779dd8be0ba1e4ce5debb9716b94f5b4b7dce31f48ab366b
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 2f0cdf8aed36b324203f4cc1de1d4131b2298d9a637c07231f4713cb001a6b91
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: e83a67d5838f5deb0028c90a4cb7c18a3b7a965c266778c56c081490bd927d3c
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: c058fd59186be6bc0d55f520f237d24ae012c24d54deae6dcf602bb77313d941
all runs: crashed: UBSAN: shift-out-of-bounds in qdisc_get_rtab
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 504766679c547653d15adbae15ac2db4a908b85f3e0d4c23b00526d43ff6f350
all runs: crashed: UBSAN: undefined-behaviour in qdisc_get_rtab
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 1f9202d0c45623ca8f7f3cf7f0657516cdb12510634c9ad5b4808f54aca4cc3a
all runs: crashed: UBSAN: undefined-behaviour in qdisc_get_rtab
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 127ffbddd34a6f55760997d26c5f9fce5e23f3d1b68b2eb2447b184b3c59958c
all runs: crashed: UBSAN: undefined-behaviour in qdisc_get_rtab
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 67dd518639c5e2e080e7a9ebc7bc7d8e5d264dc0dfb8d14df6c513ecadb8ec73
all runs: crashed: UBSAN: undefined-behaviour in qdisc_get_rtab
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 9438469d4edb032a2109f93c2ee4862b41c482da3c4049fe678bc636cbb52007
all runs: OK
# git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36
Bisecting: 7848 revisions left to test after this (roughly 13 steps)
[43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0
kernel signature: 67603665d0f1033afdb18ee94af008042f9149bec9bd51664ef73c5a7a4eec85
all runs: OK
# git bisect good 43c95d3694cc448fdf50bd53b7ff3a5bb4655883
Bisecting: 3922 revisions left to test after this (roughly 12 steps)
[0e2a5b5bd9a6aaec85df347dd71432a1d2d10763] Merge branch 'parisc-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux

testing commit 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 with gcc (GCC) 8.1.0
kernel signature: f4bdd5da4d726e52fb0a85fecd606b7e7f20438a97d596430dda7dac03aad773
all runs: OK
# git bisect good 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763
Bisecting: 1961 revisions left to test after this (roughly 11 steps)
[12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea] perf record: Fix module size on s390

testing commit 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea with gcc (GCC) 8.1.0
kernel signature: 7dad1b3f2e69125e68adc68eade9ee43040a7f543bf8c5bd225694696427114e
all runs: OK
# git bisect good 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea
Bisecting: 984 revisions left to test after this (roughly 10 steps)
[85d8d3b172eb37b23dcdbe9fa7a85e343642bfea] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux

testing commit 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea with gcc (GCC) 8.1.0
kernel signature: 6ecfe0a47fb4cd59ec774fe82095585a6dd1c8ce1dc1f6a3db2b69a78abd605d
all runs: OK
# git bisect good 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea
Bisecting: 496 revisions left to test after this (roughly 9 steps)
[6525771f58cbc6ab97b5cff9069865cde8283346] Merge tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

testing commit 6525771f58cbc6ab97b5cff9069865cde8283346 with gcc (GCC) 8.1.0
kernel signature: 5458350408321f8b0e95b5dde22dcee66ce4f909ee5e7e92cb5f0432466c7140
all runs: OK
# git bisect good 6525771f58cbc6ab97b5cff9069865cde8283346
Bisecting: 251 revisions left to test after this (roughly 8 steps)
[345464fb760d1b772e891538b498e111c588b692] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 345464fb760d1b772e891538b498e111c588b692 with gcc (GCC) 8.1.0
kernel signature: 6f6fad49acefa638508a864fa890ac8ad531086ad43e6659eef4e19d49637f80
all runs: OK
# git bisect good 345464fb760d1b772e891538b498e111c588b692
Bisecting: 126 revisions left to test after this (roughly 7 steps)
[840ce8f8073edb3ff3d2c2c7a6ef211f4176961c] Merge tag 'pinctrl-v5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

testing commit 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c with gcc (GCC) 8.1.0
kernel signature: d766b63ef3682fac0b7ed1dc1d93e95bdea18185130b8e5dc13d59d17b3732fc
all runs: OK
# git bisect good 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[c3dc1fa72249e4472b90ecef4dbafe25f0f07889] net: hns3: fix spelling mistake "undeflow" -> "underflow"

testing commit c3dc1fa72249e4472b90ecef4dbafe25f0f07889 with gcc (GCC) 8.1.0
kernel signature: 9a638281bc8539512c30f61fd9426967152d573338632ce2d8c84e62399d95b6
all runs: OK
# git bisect good c3dc1fa72249e4472b90ecef4dbafe25f0f07889
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[1c4c5e2528af0c803fb1171632074f4070229a75] Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

testing commit 1c4c5e2528af0c803fb1171632074f4070229a75 with gcc (GCC) 8.1.0
kernel signature: 3ad366017c43c5b9bccd7859a6aeee8e0c6563a49d74835b283249fd08f949a3
all runs: OK
# git bisect good 1c4c5e2528af0c803fb1171632074f4070229a75
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d] Merge branch 'sctp_do_bind-leak'

testing commit ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d with gcc (GCC) 8.1.0
kernel signature: b011d82ceca3ee9dc0affad7f906bc7f18da4815b8cff701e0cf70b8d900cce2
all runs: OK
# git bisect good ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[a9c20bb0206ae9384bd470a6832dd8913730add9] Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master

testing commit a9c20bb0206ae9384bd470a6832dd8913730add9 with gcc (GCC) 8.1.0
kernel signature: f96dd6002e5b6a484de0967fce02b72edfc0ae52397c8898066739ae975b1d15
all runs: OK
# git bisect good a9c20bb0206ae9384bd470a6832dd8913730add9
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[b03c036e6f96340dd311817c7b964dad183c4141] Merge tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

testing commit b03c036e6f96340dd311817c7b964dad183c4141 with gcc (GCC) 8.1.0
kernel signature: 14a4d6c516f728719216f903eb6ac1490c85b903edd95d9f2aa4d9fcfa72ff49
all runs: OK
# git bisect good b03c036e6f96340dd311817c7b964dad183c4141
Bisecting: 2 revisions left to test after this (roughly 1 step)
[1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

testing commit 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e with gcc (GCC) 8.1.0
kernel signature: 23f7617cd68b4cbc0553c3b65a26f6a828a39586f8f6843cb67eece95e3c0d56
all runs: OK
# git bisect good 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e
Bisecting: 0 revisions left to test after this (roughly 1 step)
[72dbcf72156641fde4d8ea401e977341bfd35a05] Revert "ext4: make __ext4_get_inode_loc plug"

testing commit 72dbcf72156641fde4d8ea401e977341bfd35a05 with gcc (GCC) 8.1.0
kernel signature: 63a693860f97ff17eca81dfb68e2c7f6e2b6a26c272383ff2fb5b22c3c30c957
all runs: OK
# git bisect good 72dbcf72156641fde4d8ea401e977341bfd35a05
4d856f72c10ecb060868ed10ff1b1453943fc6c8 is the first bad commit
commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun Sep 15 14:19:32 2019 -0700

    Linux 5.3

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

culprit signature: 67dd518639c5e2e080e7a9ebc7bc7d8e5d264dc0dfb8d14df6c513ecadb8ec73
parent  signature: 63a693860f97ff17eca81dfb68e2c7f6e2b6a26c272383ff2fb5b22c3c30c957
revisions tested: 24, total time: 4h51m8.472031229s (build: 2h12m22.244695557s, test: 2h36m11.610080586s)
first bad commit: 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Linux 5.3
recipients (to): ["linux-kbuild@vger.kernel.org" "michal.lkml@markovi.net" "torvalds@linux-foundation.org" "yamada.masahiro@socionext.com"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: UBSAN: undefined-behaviour in qdisc_get_rtab
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
================================================================================
UBSAN: Undefined behaviour in net/sched/sch_api.c:386:22
shift exponent 130 is too large for 32-bit type 'int'
CPU: 1 PID: 10617 Comm: syz-executor.0 Not tainted 5.3.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x86/0xca lib/dump_stack.c:113
 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158
 __ubsan_handle_shift_out_of_bounds.cold.14+0x21/0x68 lib/ubsan.c:404
 __detect_linklayer net/sched/sch_api.c:386 [inline]
 qdisc_get_rtab.cold.19+0x1e/0xab net/sched/sch_api.c:432
 cbq_init+0x153/0xb80 net/sched/sch_cbq.c:1159
 qdisc_create+0x3fb/0xf40 net/sched/sch_api.c:1237
 tc_modify_qdisc+0x3f5/0x1860 net/sched/sch_api.c:1652
 rtnetlink_rcv_msg+0x35c/0x950 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x43b/0x650 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x67c/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:657
 ___sys_sendmsg+0x653/0x950 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0x96/0x450 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fba4637cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007fff543b82bf R14: 00007fba4637d9c0 R15: 000000000119bf8c
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/sched/sch_api.c:387:24
shift exponent 130 is too large for 32-bit type 'int'
CPU: 1 PID: 10617 Comm: syz-executor.0 Not tainted 5.3.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x86/0xca lib/dump_stack.c:113
 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158
 __ubsan_handle_shift_out_of_bounds.cold.14+0x21/0x68 lib/ubsan.c:404
 __detect_linklayer net/sched/sch_api.c:387 [inline]
 qdisc_get_rtab.cold.19+0x7b/0xab net/sched/sch_api.c:432
 cbq_init+0x153/0xb80 net/sched/sch_cbq.c:1159
 qdisc_create+0x3fb/0xf40 net/sched/sch_api.c:1237
 tc_modify_qdisc+0x3f5/0x1860 net/sched/sch_api.c:1652
 rtnetlink_rcv_msg+0x35c/0x950 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x43b/0x650 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x67c/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:657
 ___sys_sendmsg+0x653/0x950 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0x96/0x450 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fba4637cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007fff543b82bf R14: 00007fba4637d9c0 R15: 000000000119bf8c
================================================================================