bisecting fixing commit since 10d6aa565d0593fe4e152e49ab58f47a2952f902 building syzkaller on 3faab80738901af37e65a5f1c627004ba189432e testing commit 10d6aa565d0593fe4e152e49ab58f47a2952f902 with gcc (GCC) 8.1.0 kernel signature: 1c8f10e4ea797ca79e436982383aa1fb2bc45d59 all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust testing current HEAD fbc5fe7a54d02e11972e3b2a5ddb6ffc88162c8f testing commit fbc5fe7a54d02e11972e3b2a5ddb6ffc88162c8f with gcc (GCC) 8.1.0 kernel signature: b10eccb2b6bcc651dccb28f70474648d84c419d8 all runs: OK # git bisect start fbc5fe7a54d02e11972e3b2a5ddb6ffc88162c8f 10d6aa565d0593fe4e152e49ab58f47a2952f902 Bisecting: 965 revisions left to test after this (roughly 10 steps) [312ab599be611fbd8995fbf0f9746e9b0bb686de] USB: ldusb: fix read info leaks testing commit 312ab599be611fbd8995fbf0f9746e9b0bb686de with gcc (GCC) 8.1.0 kernel signature: 480e88dfb37ab97ca1ded62586be6c8e6e3604fa all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good 312ab599be611fbd8995fbf0f9746e9b0bb686de Bisecting: 482 revisions left to test after this (roughly 9 steps) [61acfcb2478edff351306f679fc50a50b304d401] dmaengine: dma-jz4780: Further residue status fix testing commit 61acfcb2478edff351306f679fc50a50b304d401 with gcc (GCC) 8.1.0 kernel signature: b89d6267947595782ad8685e81884889b1c68ed6 all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good 61acfcb2478edff351306f679fc50a50b304d401 Bisecting: 241 revisions left to test after this (roughly 8 steps) [fa315cc7cb6cbb76b47c06441787b3aa85514312] iwlwifi: mvm: don't send keys when entering D3 testing commit fa315cc7cb6cbb76b47c06441787b3aa85514312 with gcc (GCC) 8.1.0 kernel signature: a7bd5939553a093ebae83ba61d02ddfdad731216 run #0: boot failed: failed to create instance: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '-5650390087764445855'), backendError run #1: boot failed: failed to create instance: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '-5685085698847100012'), backendError run #2: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #3: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #4: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #5: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #6: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #7: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #8: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust run #9: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good fa315cc7cb6cbb76b47c06441787b3aa85514312 Bisecting: 120 revisions left to test after this (roughly 7 steps) [3fd636f722adde51bb97119e1c786984a9c54bce] mfd: max8997: Enale irq-wakeup unconditionally testing commit 3fd636f722adde51bb97119e1c786984a9c54bce with gcc (GCC) 8.1.0 kernel signature: 4aff9caf7e414ce7644c65a3a86b57333b72e439 all runs: OK # git bisect bad 3fd636f722adde51bb97119e1c786984a9c54bce Bisecting: 60 revisions left to test after this (roughly 6 steps) [40509aa7832306bd93faae648d4e2a3413938dcb] powerpc: Fix signedness bug in update_flash_db() testing commit 40509aa7832306bd93faae648d4e2a3413938dcb with gcc (GCC) 8.1.0 kernel signature: d501aa2fabe726dab89db51553b97d122344b155 all runs: OK # git bisect bad 40509aa7832306bd93faae648d4e2a3413938dcb Bisecting: 29 revisions left to test after this (roughly 5 steps) [28b6a09fbf23d2616af88b13b5654e89bda74777] mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode testing commit 28b6a09fbf23d2616af88b13b5654e89bda74777 with gcc (GCC) 8.1.0 kernel signature: 8f6a0d76c97549029c5eadbcd3e59d498599731a all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good 28b6a09fbf23d2616af88b13b5654e89bda74777 Bisecting: 14 revisions left to test after this (roughly 4 steps) [c3736f400667bc9384a805d22ca290a3c925b886] gpio: max77620: Fixup debounce delays testing commit c3736f400667bc9384a805d22ca290a3c925b886 with gcc (GCC) 8.1.0 kernel signature: e01e3453357e0b9c9e9fef562e0f6a4dbdf33704 all runs: OK # git bisect bad c3736f400667bc9384a805d22ca290a3c925b886 Bisecting: 7 revisions left to test after this (roughly 3 steps) [43598c571e7ed29e4c81e35b4a870fe6b9f8d58e] Linux 4.14.156 testing commit 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e with gcc (GCC) 8.1.0 kernel signature: a2f46a29db90cba7f23890cd8ba4c2c2e58fa874 all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e Bisecting: 3 revisions left to test after this (roughly 2 steps) [058fcda9e025ca3463645688e9091159d0926993] net/mlx5e: Fix set vf link state error flow testing commit 058fcda9e025ca3463645688e9091159d0926993 with gcc (GCC) 8.1.0 kernel signature: c35c800e67af941eb1ac17a7df978de52bdc5e33 all runs: OK # git bisect bad 058fcda9e025ca3463645688e9091159d0926993 Bisecting: 1 revision left to test after this (roughly 1 step) [9ed49fc95f37a457d940324c033c20d85cefb930] net: rtnetlink: prevent underflows in do_setvfinfo() testing commit 9ed49fc95f37a457d940324c033c20d85cefb930 with gcc (GCC) 8.1.0 kernel signature: abb3de5fd28c23300521f02d35d7bcbab619ddcb all runs: OK # git bisect bad 9ed49fc95f37a457d940324c033c20d85cefb930 Bisecting: 0 revisions left to test after this (roughly 0 steps) [08265ef6179e82ca70d5712223d568f725f371fb] net/mlx4_en: fix mlx4 ethtool -N insertion testing commit 08265ef6179e82ca70d5712223d568f725f371fb with gcc (GCC) 8.1.0 kernel signature: 569da1b92b8f2df795abe6fe6effdbf41763ecd6 all runs: crashed: BUG: unable to handle kernel paging request in dummy_set_vf_trust # git bisect good 08265ef6179e82ca70d5712223d568f725f371fb 9ed49fc95f37a457d940324c033c20d85cefb930 is the first bad commit commit 9ed49fc95f37a457d940324c033c20d85cefb930 Author: Dan Carpenter Date: Wed Nov 20 15:34:38 2019 +0300 net: rtnetlink: prevent underflows in do_setvfinfo() [ Upstream commit d658c8f56ec7b3de8051a24afb25da9ba3c388c5 ] The "ivm->vf" variable is a u32, but the problem is that a number of drivers cast it to an int and then forget to check for negatives. An example of this is in the cxgb4 driver. drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c 2890 static int cxgb4_mgmt_get_vf_config(struct net_device *dev, 2891 int vf, struct ifla_vf_info *ivi) ^^^^^^ 2892 { 2893 struct port_info *pi = netdev_priv(dev); 2894 struct adapter *adap = pi->adapter; 2895 struct vf_info *vfinfo; 2896 2897 if (vf >= adap->num_vfs) ^^^^^^^^^^^^^^^^^^^ 2898 return -EINVAL; 2899 vfinfo = &adap->vfinfo[vf]; ^^^^^^^^^^^^^^^^^^^^^^^^^^ There are 48 functions affected. drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:8435 hclge_set_vf_vlan_filter() warn: can 'vfid' underflow 's32min-2147483646' drivers/net/ethernet/freescale/enetc/enetc_pf.c:377 enetc_pf_set_vf_mac() warn: can 'vf' underflow 's32min-2147483646' drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2899 cxgb4_mgmt_get_vf_config() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2960 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3019 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3038 cxgb4_mgmt_set_vf_vlan() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3086 cxgb4_mgmt_set_vf_link_state() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/chelsio/cxgb/cxgb2.c:791 get_eeprom() warn: can 'i' underflow 's32min-(-4),0,4-s32max' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:82 bnxt_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:164 bnxt_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:186 bnxt_get_vf_config() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:228 bnxt_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:264 bnxt_set_vf_vlan() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:293 bnxt_set_vf_bw() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:333 bnxt_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2281 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2285 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2286 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2292 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2297 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1832 qlcnic_sriov_set_vf_mac() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1864 qlcnic_sriov_set_vf_tx_rate() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1937 qlcnic_sriov_set_vf_vlan() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2005 qlcnic_sriov_get_vf_config() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2036 qlcnic_sriov_set_vf_spoofchk() warn: can 'vf' underflow 's32min-254' drivers/net/ethernet/emulex/benet/be_main.c:1914 be_get_vf_config() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/emulex/benet/be_main.c:1915 be_get_vf_config() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/emulex/benet/be_main.c:1922 be_set_vf_tvt() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/emulex/benet/be_main.c:1951 be_clear_vf_tvt() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/emulex/benet/be_main.c:2063 be_set_vf_tx_rate() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/emulex/benet/be_main.c:2091 be_set_vf_link_state() warn: can 'vf' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:2609 ice_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3050 ice_get_vf_cfg() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3103 ice_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3181 ice_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3237 ice_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3286 ice_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3919 i40e_validate_vf() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3957 i40e_ndo_set_vf_mac() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4104 i40e_ndo_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4263 i40e_ndo_set_vf_bw() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4309 i40e_ndo_get_vf_config() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4371 i40e_ndo_set_vf_link_state() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646' drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4504 i40e_ndo_set_vf_trust() warn: can 'vf_id' underflow 's32min-2147483646' Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/core/rtnetlink.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) kernel signature: abb3de5fd28c23300521f02d35d7bcbab619ddcb previous signature: 569da1b92b8f2df795abe6fe6effdbf41763ecd6 revisions tested: 13, total time: 3h9m24.035935278s (build: 1h43m9.210180843s, test: 1h21m53.463271114s) first good commit: 9ed49fc95f37a457d940324c033c20d85cefb930 net: rtnetlink: prevent underflows in do_setvfinfo() cc: ["dan.carpenter@oracle.com" "davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org" "idosch@mellanox.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org"]