bisecting fixing commit since 8fe28cb58bcb235034b64cbbb7550a8a43fd88be building syzkaller on 8a41a0ad8ed91a6c7a65663b1bacaf6d79cde558 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 38954eccb071228ea8c28e97174206c045495544 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free testing current HEAD 2f13437b8917627119d163d62f73e7a78a92303a testing commit 2f13437b8917627119d163d62f73e7a78a92303a with gcc (GCC) 8.1.0 kernel signature: 76046dca6161b8cd000e55df813e2da4b68a7844 all runs: OK # git bisect start 2f13437b8917627119d163d62f73e7a78a92303a 8fe28cb58bcb235034b64cbbb7550a8a43fd88be Bisecting: 43212 revisions left to test after this (roughly 15 steps) [ebf68996de0ab250c5d520eb2291ab65643e9a1e] arm/komeda: Convert dp_wait_cond() to return an error code. testing commit ebf68996de0ab250c5d520eb2291ab65643e9a1e with gcc (GCC) 8.1.0 kernel signature: 0487602700c70501007fa15ef4d11e0d78ba7472 all runs: OK # git bisect bad ebf68996de0ab250c5d520eb2291ab65643e9a1e Bisecting: 21040 revisions left to test after this (roughly 14 steps) [851ca779d110f694b5d078bc4af06d3ad37169e8] Merge tag 'drm-next-2019-03-06' of git://anongit.freedesktop.org/drm/drm testing commit 851ca779d110f694b5d078bc4af06d3ad37169e8 with gcc (GCC) 8.1.0 kernel signature: c1e13013dd46b329e7f5abc753500f0a352ce324 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good 851ca779d110f694b5d078bc4af06d3ad37169e8 Bisecting: 9686 revisions left to test after this (roughly 13 steps) [80f232121b69cc69a31ccb2b38c1665d770b0710] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 80f232121b69cc69a31ccb2b38c1665d770b0710 with gcc (GCC) 8.1.0 kernel signature: 5f5f3a9fcb5f7d2d7c5188ef819b0f48ec1a7c02 all runs: OK # git bisect bad 80f232121b69cc69a31ccb2b38c1665d770b0710 Bisecting: 5676 revisions left to test after this (roughly 13 steps) [a43d05086c5e88e62e11be595dd1966ab08f3803] Merge branch 'bpf-sysctl-hook' testing commit a43d05086c5e88e62e11be595dd1966ab08f3803 with gcc (GCC) 8.1.0 kernel signature: 2b34afc2e137732126cdb541153eaf700938d85c all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good a43d05086c5e88e62e11be595dd1966ab08f3803 Bisecting: 2819 revisions left to test after this (roughly 12 steps) [9f2e3a53f7ec9ef55e9d01bc29a6285d291c151e] Merge tag 'for-5.2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 9f2e3a53f7ec9ef55e9d01bc29a6285d291c151e with gcc (GCC) 8.1.0 kernel signature: c570f8033c0cffc4d5182f383b737763d54024e4 all runs: OK # git bisect bad 9f2e3a53f7ec9ef55e9d01bc29a6285d291c151e Bisecting: 1456 revisions left to test after this (roughly 11 steps) [ccbc2e5ed192ccd2663477107379f843d072e649] Merge tag 'm68k-for-v5.2-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k testing commit ccbc2e5ed192ccd2663477107379f843d072e649 with gcc (GCC) 8.1.0 kernel signature: 335cc25586ad3b1f9c037a1198c1cf2caff26b3f all runs: OK # git bisect bad ccbc2e5ed192ccd2663477107379f843d072e649 Bisecting: 699 revisions left to test after this (roughly 10 steps) [34259977f23cde5cac323055845ae5dd6343df0f] Merge tag 'wireless-drivers-for-davem-2019-04-30' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers testing commit 34259977f23cde5cac323055845ae5dd6343df0f with gcc (GCC) 8.1.0 kernel signature: b0b8453a3c4c5a0ef0dd29343e54d698a2aa56e4 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good 34259977f23cde5cac323055845ae5dd6343df0f Bisecting: 349 revisions left to test after this (roughly 9 steps) [e50c5d2e725eb7192a62868d4a9987907741ff62] Merge branch 'core-rseq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit e50c5d2e725eb7192a62868d4a9987907741ff62 with gcc (GCC) 8.1.0 kernel signature: e90c9a84a95c161e32d8ab87d84e84a11441461b all runs: OK # git bisect bad e50c5d2e725eb7192a62868d4a9987907741ff62 Bisecting: 176 revisions left to test after this (roughly 8 steps) [a4ccb5f9dc6c4fb4d4c0a9d73a911986f20ec88a] Merge tag 'drm-fixes-2019-05-03' of git://anongit.freedesktop.org/drm/drm testing commit a4ccb5f9dc6c4fb4d4c0a9d73a911986f20ec88a with gcc (GCC) 8.1.0 kernel signature: 352717d753be3dbec05fef695fccef3d01f8f6e8 all runs: OK # git bisect bad a4ccb5f9dc6c4fb4d4c0a9d73a911986f20ec88a Bisecting: 87 revisions left to test after this (roughly 7 steps) [975a0f400f2e1b5f585fec0b8b4c5942c3b05792] Merge tag 'for-linus-20190428' of git://git.kernel.dk/linux-block testing commit 975a0f400f2e1b5f585fec0b8b4c5942c3b05792 with gcc (GCC) 8.1.0 kernel signature: 137acd74db2186fe522e8fb17004f550d7bc1a5d all runs: OK # git bisect bad 975a0f400f2e1b5f585fec0b8b4c5942c3b05792 Bisecting: 42 revisions left to test after this (roughly 5 steps) [e9e1a2e7b486e3940badb6d743c8841ed94517b6] Merge tag 'trace-v5.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit e9e1a2e7b486e3940badb6d743c8841ed94517b6 with gcc (GCC) 8.1.0 kernel signature: dc851bc49ea60c0b576f6d583a7bd32a3a3123d1 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good e9e1a2e7b486e3940badb6d743c8841ed94517b6 Bisecting: 21 revisions left to test after this (roughly 5 steps) [037904a22bf8b2c999a6e2a8ba971b549c1e9600] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 037904a22bf8b2c999a6e2a8ba971b549c1e9600 with gcc (GCC) 8.1.0 kernel signature: 5918c8daf6b69e751648251fab2f2f9e18bea859 all runs: OK # git bisect bad 037904a22bf8b2c999a6e2a8ba971b549c1e9600 Bisecting: 11 revisions left to test after this (roughly 3 steps) [89189557b47b35683a27c80ee78aef18248eefb4] fs/proc/proc_sysctl.c: Fix a NULL pointer dereference testing commit 89189557b47b35683a27c80ee78aef18248eefb4 with gcc (GCC) 8.1.0 kernel signature: 0fae1c60c6f55dd4c17594d1d5735a62c5314525 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good 89189557b47b35683a27c80ee78aef18248eefb4 Bisecting: 6 revisions left to test after this (roughly 3 steps) [baf76f0c58aec435a3a864075b8f6d8ee5d1f17e] slip: make slhc_free() silently accept an error pointer testing commit baf76f0c58aec435a3a864075b8f6d8ee5d1f17e with gcc (GCC) 8.1.0 kernel signature: 602afead713f81549dc13e8515bfc7e201bd0edb all runs: OK # git bisect bad baf76f0c58aec435a3a864075b8f6d8ee5d1f17e Bisecting: 2 revisions left to test after this (roughly 1 step) [4e69ecf4da1ee0b2ac735e1f1bb13935acd5a38d] arm64/module: ftrace: deal with place relative nature of PLTs testing commit 4e69ecf4da1ee0b2ac735e1f1bb13935acd5a38d with gcc (GCC) 8.1.0 kernel signature: c3663f323325e5ef5f7f88c8d86f07d42513dc67 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good 4e69ecf4da1ee0b2ac735e1f1bb13935acd5a38d Bisecting: 0 revisions left to test after this (roughly 1 step) [ce944935eef2a56f7efe5c765794e77380651b58] Merge branch 'akpm' (patches from Andrew) testing commit ce944935eef2a56f7efe5c765794e77380651b58 with gcc (GCC) 8.1.0 kernel signature: 5223645e67b12e37c2c3b2c5069142448a12b869 all runs: crashed: BUG: unable to handle kernel paging request in slhc_free # git bisect good ce944935eef2a56f7efe5c765794e77380651b58 baf76f0c58aec435a3a864075b8f6d8ee5d1f17e is the first bad commit commit baf76f0c58aec435a3a864075b8f6d8ee5d1f17e Author: Linus Torvalds Date: Thu Apr 25 16:13:58 2019 -0700 slip: make slhc_free() silently accept an error pointer This way, slhc_free() accepts what slhc_init() returns, whether that is an error or not. In particular, the pattern in sl_alloc_bufs() is slcomp = slhc_init(16, 16); ... slhc_free(slcomp); for the error handling path, and rather than complicate that code, just make it ok to always free what was returned by the init function. That's what the code used to do before commit 4ab42d78e37a ("ppp, slip: Validate VJ compression slot parameters completely") when slhc_init() just returned NULL for the error case, with no actual indication of the details of the error. Reported-by: syzbot+45474c076a4927533d2e@syzkaller.appspotmail.com Fixes: 4ab42d78e37a ("ppp, slip: Validate VJ compression slot parameters completely") Acked-by: Ben Hutchings Cc: David Miller Signed-off-by: Linus Torvalds drivers/net/slip/slhc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) kernel signature: 602afead713f81549dc13e8515bfc7e201bd0edb previous signature: 5223645e67b12e37c2c3b2c5069142448a12b869 revisions tested: 18, total time: 4h3m37.930395992s (build: 1h45m26.811437534s, test: 2h15m49.416896917s) first good commit: baf76f0c58aec435a3a864075b8f6d8ee5d1f17e slip: make slhc_free() silently accept an error pointer cc: ["adobriyan@gmail.com" "ben@decadent.org.uk" "davem@davemloft.net" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "torvalds@linux-foundation.org"]