bisecting fixing commit since b10ab5e2c476b69689bc0c46d309471b597c880c building syzkaller on d96e88f3207d7ac7ad65e13b896f702ad04c46f7 testing commit b10ab5e2c476b69689bc0c46d309471b597c880c with gcc (GCC) 8.1.0 kernel signature: ab8fb938a0541eae1e6ea3d4593221b4f94bc1ea all runs: crashed: general protection fault in qdisc_destroy testing current HEAD a844dc4c544291470aa69edbe2434b040794e269 testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0 kernel signature: e41214dec24cd6317b0af8c6b6362720d345d0fb all runs: OK # git bisect start a844dc4c544291470aa69edbe2434b040794e269 b10ab5e2c476b69689bc0c46d309471b597c880c Bisecting: 825 revisions left to test after this (roughly 10 steps) [b8fa42e6cfbf8220b90d054af7ebb1de250ea9ea] drm/i915/gtt: Add read only pages to gen8_pte_encode testing commit b8fa42e6cfbf8220b90d054af7ebb1de250ea9ea with gcc (GCC) 8.1.0 kernel signature: a0deef27cd21b8c53b28346f51352d00ea4affb3 all runs: OK # git bisect bad b8fa42e6cfbf8220b90d054af7ebb1de250ea9ea Bisecting: 412 revisions left to test after this (roughly 9 steps) [5f5264e0d769ea8dd31819750d423670546479d2] USB: legousbtower: fix use-after-free on release testing commit 5f5264e0d769ea8dd31819750d423670546479d2 with gcc (GCC) 8.1.0 kernel signature: 857c068b577e4832238a0e18c19eb0530b866392 all runs: OK # git bisect bad 5f5264e0d769ea8dd31819750d423670546479d2 Bisecting: 205 revisions left to test after this (roughly 8 steps) [7d52993a8dcdb70127c881ccab79c3ae77791fcc] fuse: fix missing unlock_page in fuse_writepage() testing commit 7d52993a8dcdb70127c881ccab79c3ae77791fcc with gcc (GCC) 8.1.0 kernel signature: 23dc7c7de5ad205808a2f27313eff22a77bb053e all runs: OK # git bisect bad 7d52993a8dcdb70127c881ccab79c3ae77791fcc Bisecting: 102 revisions left to test after this (roughly 7 steps) [b443d4bb439dc1fe40f3fb4cd65a01eb905a7557] sch_netem: fix a divide by zero in tabledist() testing commit b443d4bb439dc1fe40f3fb4cd65a01eb905a7557 with gcc (GCC) 8.1.0 kernel signature: 3712ecaaaccfd756c15d6f45b0b1d97adc894507 all runs: OK # git bisect bad b443d4bb439dc1fe40f3fb4cd65a01eb905a7557 Bisecting: 51 revisions left to test after this (roughly 6 steps) [f441778096db2531ea54132afb2c909c866790c8] keys: Fix missing null pointer check in request_key_auth_describe() testing commit f441778096db2531ea54132afb2c909c866790c8 with gcc (GCC) 8.1.0 kernel signature: 24aa0b4d262e29868a5171138200542f34a88f31 all runs: OK # git bisect bad f441778096db2531ea54132afb2c909c866790c8 Bisecting: 25 revisions left to test after this (roughly 5 steps) [1f4c2d6aeab31aec5787968d0911db0979b4b795] Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 testing commit 1f4c2d6aeab31aec5787968d0911db0979b4b795 with gcc (GCC) 8.1.0 kernel signature: 4b6937e9e3bdafdf3c238c424aa2b56d8d06a5bf all runs: OK # git bisect bad 1f4c2d6aeab31aec5787968d0911db0979b4b795 Bisecting: 12 revisions left to test after this (roughly 4 steps) [50aa377272ea9aa4f5b2ebc793e26950c11ec09b] tty/serial: atmel: reschedule TX after RX was started testing commit 50aa377272ea9aa4f5b2ebc793e26950c11ec09b with gcc (GCC) 8.1.0 kernel signature: ccd48bd082660299bb0f09fd5291093b4aa66228 all runs: OK # git bisect bad 50aa377272ea9aa4f5b2ebc793e26950c11ec09b Bisecting: 5 revisions left to test after this (roughly 3 steps) [6915935a32ed38269e0b46f711c1a4fae9c14b43] media: tm6000: double free if usb disconnect while streaming testing commit 6915935a32ed38269e0b46f711c1a4fae9c14b43 with gcc (GCC) 8.1.0 kernel signature: b0535f0c823763564a0f2dfdb97e63f78bc9cb47 all runs: crashed: general protection fault in qdisc_destroy # git bisect good 6915935a32ed38269e0b46f711c1a4fae9c14b43 Bisecting: 2 revisions left to test after this (roughly 2 steps) [bf81752d808cd31e18d9a8db6d92b73497aa48d2] KVM: coalesced_mmio: add bounds checking testing commit bf81752d808cd31e18d9a8db6d92b73497aa48d2 with gcc (GCC) 8.1.0 kernel signature: 76f4dd804ebf5d76a0f724393af7638b59e93754 all runs: OK # git bisect bad bf81752d808cd31e18d9a8db6d92b73497aa48d2 Bisecting: 0 revisions left to test after this (roughly 1 step) [e0f600b69df33b5ef69c2821ac69fafa96baab98] net_sched: let qdisc_put() accept NULL pointer testing commit e0f600b69df33b5ef69c2821ac69fafa96baab98 with gcc (GCC) 8.1.0 kernel signature: 9b0bd0a94744c03eb08f0406f399a903bfc223d5 all runs: OK # git bisect bad e0f600b69df33b5ef69c2821ac69fafa96baab98 Bisecting: 0 revisions left to test after this (roughly 0 steps) [717ad917f254f0bfce622271a3f8a01dd66de48f] xen-netfront: do not assume sk_buff_head list is empty in error handling testing commit 717ad917f254f0bfce622271a3f8a01dd66de48f with gcc (GCC) 8.1.0 kernel signature: 5b0363ac5ee78e249c4074fc5698f6fea4004cfe all runs: crashed: general protection fault in qdisc_destroy # git bisect good 717ad917f254f0bfce622271a3f8a01dd66de48f e0f600b69df33b5ef69c2821ac69fafa96baab98 is the first bad commit commit e0f600b69df33b5ef69c2821ac69fafa96baab98 Author: Cong Wang Date: Thu Sep 12 10:22:30 2019 -0700 net_sched: let qdisc_put() accept NULL pointer [ Upstream commit 6efb971ba8edfbd80b666f29de12882852f095ae ] When tcf_block_get() fails in sfb_init(), q->qdisc is still a NULL pointer which leads to a crash in sfb_destroy(). Similar for sch_dsmark. Instead of fixing each separately, Linus suggested to just accept NULL pointer in qdisc_put(), which would make callers easier. (For sch_dsmark, the bug probably exists long before commit 6529eaba33f0.) Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") Reported-by: syzbot+d5870a903591faaca4ae@syzkaller.appspotmail.com Suggested-by: Linus Torvalds Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Acked-by: Jiri Pirko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/sched/sch_generic.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) kernel signature: 9b0bd0a94744c03eb08f0406f399a903bfc223d5 previous signature: 5b0363ac5ee78e249c4074fc5698f6fea4004cfe revisions tested: 13, total time: 3h34m9.048316624s (build: 1h42m22.891649387s, test: 1h50m39.293367469s) first good commit: e0f600b69df33b5ef69c2821ac69fafa96baab98 net_sched: let qdisc_put() accept NULL pointer cc: ["davem@davemloft.net" "gregkh@linuxfoundation.org" "jhs@mojatatu.com" "jiri@mellanox.com" "jiri@resnulli.us" "xiyou.wangcong@gmail.com"]