bisecting fixing commit since ddef1e8e3f6eb26034833b7255e3fa584d54a230 building syzkaller on c9610487d8c10f7b4ffb32764a6720cbbdfe6058 testing commit ddef1e8e3f6eb26034833b7255e3fa584d54a230 with gcc (GCC) 8.1.0 kernel signature: 26a4b9105be2abb1aec059d7680402c8dfded942 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in inet_autobind testing current HEAD a844dc4c544291470aa69edbe2434b040794e269 testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0 kernel signature: c7a855a44ec0e9f8f130b97649ea840cc9d0f5b7 all runs: OK # git bisect start a844dc4c544291470aa69edbe2434b040794e269 ddef1e8e3f6eb26034833b7255e3fa584d54a230 Bisecting: 546 revisions left to test after this (roughly 9 steps) [23acf86994d35b750f8879761796f449de31c0cd] rtc: armada38x: fix possible race condition testing commit 23acf86994d35b750f8879761796f449de31c0cd with gcc (GCC) 8.1.0 kernel signature: db96d468b65eec8a7b8755f303346eb3f03e546a all runs: OK # git bisect bad 23acf86994d35b750f8879761796f449de31c0cd Bisecting: 272 revisions left to test after this (roughly 8 steps) [738878ada16538c664a3ae032474fdd845765249] drm/i915: Silence smatch for cmdparser testing commit 738878ada16538c664a3ae032474fdd845765249 with gcc (GCC) 8.1.0 kernel signature: 5bbf7f01e15b5685d2dc285df66b1fca94bdea2a all runs: OK # git bisect bad 738878ada16538c664a3ae032474fdd845765249 Bisecting: 136 revisions left to test after this (roughly 7 steps) [adea9fd3b159cf25d2567b112bc7b84479447e72] r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 testing commit adea9fd3b159cf25d2567b112bc7b84479447e72 with gcc (GCC) 8.1.0 kernel signature: 342220f9fab1f7330f03367f97dc63ae4ffbefbb all runs: OK # git bisect bad adea9fd3b159cf25d2567b112bc7b84479447e72 Bisecting: 67 revisions left to test after this (roughly 6 steps) [94f5de2eefae22c449e367c2dacafe869af73e3f] USB: gadget: Reject endpoints with 0 maxpacket value testing commit 94f5de2eefae22c449e367c2dacafe869af73e3f with gcc (GCC) 8.1.0 kernel signature: 79941b744bd2223b4020831e8898bae4f7ba1297 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in inet_autobind # git bisect good 94f5de2eefae22c449e367c2dacafe869af73e3f Bisecting: 33 revisions left to test after this (roughly 5 steps) [d8708726ef89ae67f6ac0103664cb8ea161eba09] ASoc: rockchip: i2s: Fix RPM imbalance testing commit d8708726ef89ae67f6ac0103664cb8ea161eba09 with gcc (GCC) 8.1.0 kernel signature: ef5ce913abac12fd446a4a3c273456aacff2a1a8 all runs: OK # git bisect bad d8708726ef89ae67f6ac0103664cb8ea161eba09 Bisecting: 16 revisions left to test after this (roughly 4 steps) [c87091ed19935f90b6cfefd8e984c41b47caed65] llc: fix sk_buff leak in llc_conn_service() testing commit c87091ed19935f90b6cfefd8e984c41b47caed65 with gcc (GCC) 8.1.0 kernel signature: 4e7e63f05aeff8c79703107edbf7dda437cf8c8a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in inet_autobind # git bisect good c87091ed19935f90b6cfefd8e984c41b47caed65 Bisecting: 8 revisions left to test after this (roughly 3 steps) [b195f26ab82529e8e8ea4525ce6aef5e694c3393] xfs: Correctly invert xfs_buftarg LRU isolation logic testing commit b195f26ab82529e8e8ea4525ce6aef5e694c3393 with gcc (GCC) 8.1.0 kernel signature: a714323ebc86cc8f9daadaded2dd6a8562967599 all runs: OK # git bisect bad b195f26ab82529e8e8ea4525ce6aef5e694c3393 Bisecting: 3 revisions left to test after this (roughly 2 steps) [18efc2e3889e4d4a0e4901d342fc7206a30c0b9e] net: usb: sr9800: fix uninitialized local variable testing commit 18efc2e3889e4d4a0e4901d342fc7206a30c0b9e with gcc (GCC) 8.1.0 kernel signature: d444cf3bfd80a2d56559668b122d0d20c381fda8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in inet_autobind # git bisect good 18efc2e3889e4d4a0e4901d342fc7206a30c0b9e Bisecting: 1 revision left to test after this (roughly 1 step) [8afb9f5344c42d648e565df3239f8746a7a7ed8f] sctp: fix the issue that flags are ignored when using kernel_connect testing commit 8afb9f5344c42d648e565df3239f8746a7a7ed8f with gcc (GCC) 8.1.0 kernel signature: dc69d6e047181d01f30d55f8d9d1eff0a23ccfc6 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in sctp_inet_connect # git bisect good 8afb9f5344c42d648e565df3239f8746a7a7ed8f Bisecting: 0 revisions left to test after this (roughly 0 steps) [7c3c0d51129a1914e36f1942b1c226e894859f08] sctp: not bind the socket in sctp_connect testing commit 7c3c0d51129a1914e36f1942b1c226e894859f08 with gcc (GCC) 8.1.0 kernel signature: 234f87bc5630bcf3ce10645b63b191f770316c66 all runs: OK # git bisect bad 7c3c0d51129a1914e36f1942b1c226e894859f08 7c3c0d51129a1914e36f1942b1c226e894859f08 is the first bad commit commit 7c3c0d51129a1914e36f1942b1c226e894859f08 Author: Xin Long Date: Wed Jun 26 16:31:39 2019 +0800 sctp: not bind the socket in sctp_connect commit 9b6c08878e23adb7cc84bdca94d8a944b03f099e upstream. Now when sctp_connect() is called with a wrong sa_family, it binds to a port but doesn't set bp->port, then sctp_get_af_specific will return NULL and sctp_connect() returns -EINVAL. Then if sctp_bind() is called to bind to another port, the last port it has bound will leak due to bp->port is NULL by then. sctp_connect() doesn't need to bind ports, as later __sctp_connect will do it if bp->port is NULL. So remove it from sctp_connect(). While at it, remove the unnecessary sockaddr.sa_family len check as it's already done in sctp_inet_connect. Fixes: 644fbdeacf1d ("sctp: fix the issue that flags are ignored when using kernel_connect") Reported-by: syzbot+079bf326b38072f849d9@syzkaller.appspotmail.com Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/sctp/socket.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) culprit signature: 234f87bc5630bcf3ce10645b63b191f770316c66 parent signature: dc69d6e047181d01f30d55f8d9d1eff0a23ccfc6 revisions tested: 12, total time: 3h4m0.584555333s (build: 1h36m23.344302152s, test: 1h26m18.516260241s) first good commit: 7c3c0d51129a1914e36f1942b1c226e894859f08 sctp: not bind the socket in sctp_connect cc: ["davem@davemloft.net" "gregkh@linuxfoundation.org" "lucien.xin@gmail.com" "marcelo.leitner@gmail.com"]