bisecting fixing commit since 20b3a3dfdf6c55b50bbdc8e231a3dbf6bf965dc7 building syzkaller on cb93dc6ac64225e09f44bac6c6cce1dae1b248b0 testing commit 20b3a3dfdf6c55b50bbdc8e231a3dbf6bf965dc7 with gcc (GCC) 8.1.0 kernel signature: 5e858d853c626f3101f5dba7cc1bfcd74eb36f2db45b312d3493fbe7e2b7c7f3 run #0: crashed: general protection fault in free_netdev run #1: crashed: general protection fault in free_netdev run #2: crashed: general protection fault in free_netdev run #3: crashed: general protection fault in free_netdev run #4: crashed: general protection fault in free_netdev run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing current HEAD f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a testing commit f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a with gcc (GCC) 8.1.0 kernel signature: 30925159f213449274ad3cef17b00bfb8e5ec86581305beb192a1a578b2e7cc6 all runs: OK # git bisect start f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a 20b3a3dfdf6c55b50bbdc8e231a3dbf6bf965dc7 Bisecting: 273 revisions left to test after this (roughly 8 steps) [43bd11238da345ad4b09a585ae2a038c6f8b7113] ath10k: Acquire tx_lock in tx error paths testing commit 43bd11238da345ad4b09a585ae2a038c6f8b7113 with gcc (GCC) 8.1.0 kernel signature: 5eba0f1ca1b57126f6342a98dfed8b9f3c5106e5494bbe3202a9af4ece7ea5dc all runs: OK # git bisect bad 43bd11238da345ad4b09a585ae2a038c6f8b7113 Bisecting: 136 revisions left to test after this (roughly 7 steps) [b7935969d226b3601241a3b6112e9139724b3a96] mlxsw: core: Increase scope of RCU read-side critical section testing commit b7935969d226b3601241a3b6112e9139724b3a96 with gcc (GCC) 8.1.0 kernel signature: 67b01ed903bef4ace8a5232dd3b686bb403af5e80b2867ba0459bb010749b702 all runs: OK # git bisect bad b7935969d226b3601241a3b6112e9139724b3a96 Bisecting: 67 revisions left to test after this (roughly 6 steps) [f96ab42f29656efef6cd3cb1a68d8757e4286df1] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift testing commit f96ab42f29656efef6cd3cb1a68d8757e4286df1 with gcc (GCC) 8.1.0 kernel signature: 7ddee25d018071d4b46cd0140868c7d3be9411a4246369eae0eef363eb4578b8 run #0: crashed: general protection fault in free_netdev run #1: crashed: general protection fault in free_netdev run #2: crashed: general protection fault in free_netdev run #3: crashed: general protection fault in free_netdev run #4: crashed: general protection fault in free_netdev run #5: crashed: general protection fault in free_netdev run #6: OK run #7: crashed: general protection fault in free_netdev run #8: OK run #9: OK # git bisect good f96ab42f29656efef6cd3cb1a68d8757e4286df1 Bisecting: 33 revisions left to test after this (roughly 5 steps) [325ac51bee46e9d795dda9a0116ff23beca2b495] udp: Improve load balancing for SO_REUSEPORT. testing commit 325ac51bee46e9d795dda9a0116ff23beca2b495 with gcc (GCC) 8.1.0 kernel signature: ac44a6bbea4c90b4afcd3b356b1bbcdee556c86b6e5170652a75e5b9e5711b07 all runs: OK # git bisect bad 325ac51bee46e9d795dda9a0116ff23beca2b495 Bisecting: 16 revisions left to test after this (roughly 4 steps) [654ae85f1e1823688cda33cba130220d52a57989] ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb testing commit 654ae85f1e1823688cda33cba130220d52a57989 with gcc (GCC) 8.1.0 kernel signature: 02720d9084ec703c3585625345b29961116e3d6e3abc002dfe27434d144049fe run #0: crashed: general protection fault in free_netdev run #1: crashed: general protection fault in free_netdev run #2: crashed: general protection fault in free_netdev run #3: crashed: general protection fault in free_netdev run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 654ae85f1e1823688cda33cba130220d52a57989 Bisecting: 8 revisions left to test after this (roughly 3 steps) [ea19403632142656a0db5fc9501681ff9d5efe68] net-sysfs: add a newline when printing 'tx_timeout' by sysfs testing commit ea19403632142656a0db5fc9501681ff9d5efe68 with gcc (GCC) 8.1.0 kernel signature: c5312d95c67bc1afb0be319f2e867a2da7ec8404d14f5afaaa49ab43da5d6549 all runs: OK # git bisect bad ea19403632142656a0db5fc9501681ff9d5efe68 Bisecting: 3 revisions left to test after this (roughly 2 steps) [4d9bd02c9e76118d36aec820a4e8b8d295980859] AX.25: Prevent out-of-bounds read in ax25_sendmsg() testing commit 4d9bd02c9e76118d36aec820a4e8b8d295980859 with gcc (GCC) 8.1.0 kernel signature: b23704bc06ea0ddf623951efea39031ce5f7583e88e37f94c6d1584249788d1e run #0: crashed: general protection fault in free_netdev run #1: crashed: general protection fault in free_netdev run #2: OK run #3: OK run #4: crashed: general protection fault in free_netdev run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 4d9bd02c9e76118d36aec820a4e8b8d295980859 Bisecting: 1 revision left to test after this (roughly 1 step) [745e883128cbe0d9a19955015ba96b57085eda09] drivers/net/wan/x25_asy: Fix to make it work testing commit 745e883128cbe0d9a19955015ba96b57085eda09 with gcc (GCC) 8.1.0 kernel signature: 72f322b5bf7f7e78f998030a6135d2f3f6f1d09dcac27f6baa6ed03dd163b515 run #0: crashed: general protection fault in free_netdev run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 745e883128cbe0d9a19955015ba96b57085eda09 Bisecting: 0 revisions left to test after this (roughly 0 steps) [abcf95e000b4d469baa33df3565d4a235ecd164a] ip6_gre: fix null-ptr-deref in ip6gre_init_net() testing commit abcf95e000b4d469baa33df3565d4a235ecd164a with gcc (GCC) 8.1.0 kernel signature: 4dcbf16170e04468e6b7ef6a7c84ce72c4ecba9e080028e5bb3685a01f3b4694 all runs: OK # git bisect bad abcf95e000b4d469baa33df3565d4a235ecd164a abcf95e000b4d469baa33df3565d4a235ecd164a is the first bad commit commit abcf95e000b4d469baa33df3565d4a235ecd164a Author: Wei Yongjun Date: Mon Jul 13 23:59:50 2020 +0800 ip6_gre: fix null-ptr-deref in ip6gre_init_net() [ Upstream commit 46ef5b89ec0ecf290d74c4aee844f063933c4da4 ] KASAN report null-ptr-deref error when register_netdev() failed: KASAN: null-ptr-deref in range [0x00000000000003c0-0x00000000000003c7] CPU: 2 PID: 422 Comm: ip Not tainted 5.8.0-rc4+ #12 Call Trace: ip6gre_init_net+0x4ab/0x580 ? ip6gre_tunnel_uninit+0x3f0/0x3f0 ops_init+0xa8/0x3c0 setup_net+0x2de/0x7e0 ? rcu_read_lock_bh_held+0xb0/0xb0 ? ops_init+0x3c0/0x3c0 ? kasan_unpoison_shadow+0x33/0x40 ? __kasan_kmalloc.constprop.0+0xc2/0xd0 copy_net_ns+0x27d/0x530 create_new_namespaces+0x382/0xa30 unshare_nsproxy_namespaces+0xa1/0x1d0 ksys_unshare+0x39c/0x780 ? walk_process_tree+0x2a0/0x2a0 ? trace_hardirqs_on+0x4a/0x1b0 ? _raw_spin_unlock_irq+0x1f/0x30 ? syscall_trace_enter+0x1a7/0x330 ? do_syscall_64+0x1c/0xa0 __x64_sys_unshare+0x2d/0x40 do_syscall_64+0x56/0xa0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ip6gre_tunnel_uninit() has set 'ign->fb_tunnel_dev' to NULL, later access to ign->fb_tunnel_dev cause null-ptr-deref. Fix it by saving 'ign->fb_tunnel_dev' to local variable ndev. Fixes: dafabb6590cb ("ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()") Reported-by: Hulk Robot Signed-off-by: Wei Yongjun Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/ipv6/ip6_gre.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) culprit signature: 4dcbf16170e04468e6b7ef6a7c84ce72c4ecba9e080028e5bb3685a01f3b4694 parent signature: 72f322b5bf7f7e78f998030a6135d2f3f6f1d09dcac27f6baa6ed03dd163b515 revisions tested: 11, total time: 3h52m57.24148897s (build: 1h52m57.307360095s, test: 1h57m55.704123059s) first good commit: abcf95e000b4d469baa33df3565d4a235ecd164a ip6_gre: fix null-ptr-deref in ip6gre_init_net() recipients (to): ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org" "weiyongjun1@huawei.com"] recipients (cc): []