bisecting fixing commit since 1590a2e1c681b0991bd42c992cabfd380e0338f2 building syzkaller on ffec44b5d1e024359410f6ba8d5e965973ede8f5 testing commit 1590a2e1c681b0991bd42c992cabfd380e0338f2 with gcc (GCC) 8.1.0 kernel signature: a87a41abce12d9d1c5481e8a687601239515cc17afe0046010277e84b361ea8c all runs: crashed: general protection fault in qrtr_endpoint_post testing current HEAD 00e4db51259a5f936fec1424b884f029479d3981 testing commit 00e4db51259a5f936fec1424b884f029479d3981 with gcc (GCC) 8.1.0 kernel signature: 08f7c1df41e00553950b273fb7b4536635de5ea1a2a28074ed3c29977e8fc332 all runs: OK # git bisect start 00e4db51259a5f936fec1424b884f029479d3981 1590a2e1c681b0991bd42c992cabfd380e0338f2 Bisecting: 6351 revisions left to test after this (roughly 13 steps) [8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0 kernel signature: 6330578ca147fb3b4a410252c9124e4782c29001fc5e07dbe28890c06827e35b all runs: OK # git bisect bad 8186749621ed6b8fc42644c399e8c755a2b6f630 Bisecting: 3847 revisions left to test after this (roughly 12 steps) [822ef14e9dc73079c646d33aa77e2ac42361b39e] Merge tag 'arm-drivers-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 822ef14e9dc73079c646d33aa77e2ac42361b39e with gcc (GCC) 8.1.0 kernel signature: 04658310fa1749079442d27c8b64cc1f4adde2bd634516842a3875b4c30aa728 all runs: OK # git bisect bad 822ef14e9dc73079c646d33aa77e2ac42361b39e Bisecting: 1939 revisions left to test after this (roughly 11 steps) [6dec9f406c1f2de6d750de0fc9d19872d9c4bf0d] Merge tag 'for-5.9-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 6dec9f406c1f2de6d750de0fc9d19872d9c4bf0d with gcc (GCC) 8.1.0 kernel signature: 6fdf554fdaf1c88dc4b4a5b78626df77d8f9bab633fb2258c542cff0cb5ad508 all runs: OK # git bisect bad 6dec9f406c1f2de6d750de0fc9d19872d9c4bf0d Bisecting: 969 revisions left to test after this (roughly 10 steps) [1264d7fa3a64d8bea7aebb77253f917947ffda25] net: ethernet: ave: Fix error returns in ave_init testing commit 1264d7fa3a64d8bea7aebb77253f917947ffda25 with gcc (GCC) 8.1.0 kernel signature: 6490ef2298fe85a54e7b8cbe5a07d1132ca5f910fcbd570208236f4f62595106 all runs: OK # git bisect bad 1264d7fa3a64d8bea7aebb77253f917947ffda25 Bisecting: 482 revisions left to test after this (roughly 9 steps) [72674d480076067d627e708c0a062dd900438bd7] Merge tag 'x86-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 72674d480076067d627e708c0a062dd900438bd7 with gcc (GCC) 8.1.0 kernel signature: db8a1ee0f800f37fab92886419c100d81e640184c9f787d4cb8a3d0714d509ad all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in qrtr_endpoint_post # git bisect good 72674d480076067d627e708c0a062dd900438bd7 Bisecting: 274 revisions left to test after this (roughly 8 steps) [9321f1aaf63e74ec3884347490e4ebb039f01b6e] mips: Remove compiler check in unroll macro testing commit 9321f1aaf63e74ec3884347490e4ebb039f01b6e with gcc (GCC) 8.1.0 kernel signature: d68b962ee5796f158460ac4e67ccfdfae6b485082f6eaa2bfc612e5a9ee2e615 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in qrtr_endpoint_post # git bisect good 9321f1aaf63e74ec3884347490e4ebb039f01b6e Bisecting: 137 revisions left to test after this (roughly 7 steps) [365f9ae4ee36037e2a9268fe7296065356840b4c] ethtool: fix genlmsg_put() failure handling in ethnl_default_dumpit() testing commit 365f9ae4ee36037e2a9268fe7296065356840b4c with gcc (GCC) 8.1.0 kernel signature: 3feec5c11868c82fd74ba130a3db86b41d514b11bf94b1f17a8493b0971b887b all runs: OK # git bisect bad 365f9ae4ee36037e2a9268fe7296065356840b4c Bisecting: 68 revisions left to test after this (roughly 6 steps) [8ff41cc21714704ef0158a546c3c4d07fae2c952] net: qrtr: Fix an out of bounds read qrtr_endpoint_post() testing commit 8ff41cc21714704ef0158a546c3c4d07fae2c952 with gcc (GCC) 8.1.0 kernel signature: 7a951ae22095c1b05adec289ffce697de2e3c533062ff1b8431239a10044d183 all runs: OK # git bisect bad 8ff41cc21714704ef0158a546c3c4d07fae2c952 Bisecting: 35 revisions left to test after this (roughly 5 steps) [0433c93dff147fac488d39956ef1ddf34fd76044] Merge branch 'net-ipa-three-bug-fixes' testing commit 0433c93dff147fac488d39956ef1ddf34fd76044 with gcc (GCC) 8.1.0 kernel signature: 0a020b1f53039d58af826fa2bfc673373f8cbf3fcea88808062fff734b15c4f1 all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good 0433c93dff147fac488d39956ef1ddf34fd76044 Bisecting: 17 revisions left to test after this (roughly 4 steps) [695c12147a40181fe9221d321c3f2de33c9574ed] bpf, netns: Keep attached programs in bpf_prog_array testing commit 695c12147a40181fe9221d321c3f2de33c9574ed with gcc (GCC) 8.1.0 kernel signature: 85122b967e0ba68755606bdd0ca95e6dcd5c37c841368f9ab446430ce88b38bf all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good 695c12147a40181fe9221d321c3f2de33c9574ed Bisecting: 8 revisions left to test after this (roughly 3 steps) [1a1ad3c20a6fe0e8a4b570fbf835d7cc6e87a9d8] selftests: bpf: Pass program to bpf_prog_detach in flow_dissector testing commit 1a1ad3c20a6fe0e8a4b570fbf835d7cc6e87a9d8 with gcc (GCC) 8.1.0 kernel signature: 7a3ed963985f19f9fb9d01806f618f80269e8780384748145bac5f2671e54a12 all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good 1a1ad3c20a6fe0e8a4b570fbf835d7cc6e87a9d8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [d923021c2ce12acb50dc7086a1bf66eed82adf6a] bpf: Add tests for PTR_TO_BTF_ID vs. null comparison testing commit d923021c2ce12acb50dc7086a1bf66eed82adf6a with gcc (GCC) 8.1.0 kernel signature: aadcf2a76942a0e610112a0ff98d1208f88b5c116464f8a5f28ce2bfc2b2be51 all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good d923021c2ce12acb50dc7086a1bf66eed82adf6a Bisecting: 2 revisions left to test after this (roughly 1 step) [8a259e6b73ad8181b0b2ef338b35043433db1075] net: cxgb4: fix return error value in t4_prep_fw testing commit 8a259e6b73ad8181b0b2ef338b35043433db1075 with gcc (GCC) 8.1.0 kernel signature: f7116ac3b8b2d71ba1e8f79d5311fa4930191924e280c20e348cf7da0c168029 all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good 8a259e6b73ad8181b0b2ef338b35043433db1075 Bisecting: 0 revisions left to test after this (roughly 1 step) [6a2febec338df7e7699a52d00b2e1207dcf65b28] tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() testing commit 6a2febec338df7e7699a52d00b2e1207dcf65b28 with gcc (GCC) 8.1.0 kernel signature: 71ebb7b84d52f95e83b4d83f595022a2aaf5ec0c34b820217c7119b1b67c2ac6 all runs: crashed: general protection fault in qrtr_endpoint_post # git bisect good 6a2febec338df7e7699a52d00b2e1207dcf65b28 8ff41cc21714704ef0158a546c3c4d07fae2c952 is the first bad commit commit 8ff41cc21714704ef0158a546c3c4d07fae2c952 Author: Dan Carpenter Date: Tue Jun 30 14:46:15 2020 +0300 net: qrtr: Fix an out of bounds read qrtr_endpoint_post() This code assumes that the user passed in enough data for a qrtr_hdr_v1 or qrtr_hdr_v2 struct, but it's not necessarily true. If the buffer is too small then it will read beyond the end. Reported-by: Manivannan Sadhasivam Reported-by: syzbot+b8fe393f999a291a9ea6@syzkaller.appspotmail.com Fixes: 194ccc88297a ("net: qrtr: Support decoding incoming v2 packets") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller net/qrtr/qrtr.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) culprit signature: 7a951ae22095c1b05adec289ffce697de2e3c533062ff1b8431239a10044d183 parent signature: 71ebb7b84d52f95e83b4d83f595022a2aaf5ec0c34b820217c7119b1b67c2ac6 revisions tested: 16, total time: 3h4m49.392245884s (build: 1h25m37.840832297s, test: 1h37m40.923137174s) first good commit: 8ff41cc21714704ef0158a546c3c4d07fae2c952 net: qrtr: Fix an out of bounds read qrtr_endpoint_post() recipients (to): ["dan.carpenter@oracle.com" "davem@davemloft.net" "davem@davemloft.net" "kuba@kernel.org" "netdev@vger.kernel.org"] recipients (cc): ["bjorn.andersson@linaro.org" "linux-kernel@vger.kernel.org" "manivannan.sadhasivam@linaro.org"]