bisecting fixing commit since f6e27dbb1afabcba436e346d6aa88a592a1436bb
building syzkaller on d8074e0bb985b9be6611e16b45b8657f20157a4b
testing commit f6e27dbb1afabcba436e346d6aa88a592a1436bb with gcc (GCC) 8.1.0
kernel signature: b80bbc881936760001d7d00ea6aa70c3d1680a96
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
testing current HEAD a844dc4c544291470aa69edbe2434b040794e269
testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0
kernel signature: 7a68b737bc432ec8283c8cb14fb871d6d1eddc62
all runs: OK
# git bisect start a844dc4c544291470aa69edbe2434b040794e269 f6e27dbb1afabcba436e346d6aa88a592a1436bb
Bisecting: 795 revisions left to test after this (roughly 10 steps)
[a4f14d5a0795fe7c4f75d31ef4abf816570e3872] x86/speculation/taa: Add documentation for TSX Async Abort
testing commit a4f14d5a0795fe7c4f75d31ef4abf816570e3872 with gcc (GCC) 8.1.0
kernel signature: 384dafed637181807cc05a1b78455e01838a026c
all runs: OK
# git bisect bad a4f14d5a0795fe7c4f75d31ef4abf816570e3872
Bisecting: 397 revisions left to test after this (roughly 9 steps)
[2e18e22063986658f0ebfb90f742ab1f6e378f33] Revert "drm/radeon: Fix EEH during kexec"
testing commit 2e18e22063986658f0ebfb90f742ab1f6e378f33 with gcc (GCC) 8.1.0
kernel signature: c63a9fabd7281e36d665459e22f1c01c86267b10
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good 2e18e22063986658f0ebfb90f742ab1f6e378f33
Bisecting: 198 revisions left to test after this (roughly 8 steps)
[80d0c02e28601ba0631d6dd92b93d16fda76832c] arm64: dts: Fix gpio to pinmux mapping
testing commit 80d0c02e28601ba0631d6dd92b93d16fda76832c with gcc (GCC) 8.1.0
kernel signature: 931e8d7dcf68180052d40667a017ab75370a46d9
all runs: OK
# git bisect bad 80d0c02e28601ba0631d6dd92b93d16fda76832c
Bisecting: 99 revisions left to test after this (roughly 7 steps)
[b425d011e83d220d3be0a19561d6b33d11358fa5] kvm: vmx: Basic APIC virtualization controls have three settings
testing commit b425d011e83d220d3be0a19561d6b33d11358fa5 with gcc (GCC) 8.1.0
kernel signature: 80e711a7bfb3f4a9dffc1ea661da5e243b6e4fdf
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good b425d011e83d220d3be0a19561d6b33d11358fa5
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[22731e226b8f47fd4843673ed68d5e7c43c48ebc] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
testing commit 22731e226b8f47fd4843673ed68d5e7c43c48ebc with gcc (GCC) 8.1.0
kernel signature: c0a19f91721c0f6621fde748d5a744901ea4adbc
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good 22731e226b8f47fd4843673ed68d5e7c43c48ebc
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[294da39e05db61cbad1f3367de15176215fdf422] USB: serial: whiteheat: fix line-speed endianness
testing commit 294da39e05db61cbad1f3367de15176215fdf422 with gcc (GCC) 8.1.0
kernel signature: 9bc62451b1137e8295b989417b2c0a92ea62325f
all runs: OK
# git bisect bad 294da39e05db61cbad1f3367de15176215fdf422
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[56ab84408da105d46aa565e9221bf9926e814b91] thunderbolt: Use 32-bit writes when writing ring producer/consumer
testing commit 56ab84408da105d46aa565e9221bf9926e814b91 with gcc (GCC) 8.1.0
kernel signature: e39b979fdf14f357186c6ea79f04d74b378dfbea
all runs: OK
# git bisect bad 56ab84408da105d46aa565e9221bf9926e814b91
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[640fb32d61f32d1011bf9a96805e5a8d033abcea] NFSv4: Fix leak of clp->cl_acceptor string
testing commit 640fb32d61f32d1011bf9a96805e5a8d033abcea with gcc (GCC) 8.1.0
kernel signature: f1140c91cd1ef83872f7236dc74098a684b311f0
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good 640fb32d61f32d1011bf9a96805e5a8d033abcea
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[4df728651b8a99693c69962d8e5a5b9e5a3bbcc7] nbd: verify socket is supported during setup
testing commit 4df728651b8a99693c69962d8e5a5b9e5a3bbcc7 with gcc (GCC) 8.1.0
kernel signature: fb4232cb07fd3623f6e1a7b829181502acd3885f
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good 4df728651b8a99693c69962d8e5a5b9e5a3bbcc7
Bisecting: 0 revisions left to test after this (roughly 1 step)
[54b9f5791846d2de59e8c65502b3f1071f65424f] net_sched: check cops->tcf_block in tc_bind_tclass()
testing commit 54b9f5791846d2de59e8c65502b3f1071f65424f with gcc (GCC) 8.1.0
kernel signature: b4f864fd71c98cef0833361b53bd0269d7b90bcd
all runs: OK
# git bisect bad 54b9f5791846d2de59e8c65502b3f1071f65424f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d7030f05a84cf6ce9587dce5fab9774666597cd5] USB: legousbtower: fix a signedness bug in tower_probe()
testing commit d7030f05a84cf6ce9587dce5fab9774666597cd5 with gcc (GCC) 8.1.0
kernel signature: d002e907fdfabbbfa48a0c0695f5a8679bfda8a5
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
# git bisect good d7030f05a84cf6ce9587dce5fab9774666597cd5
54b9f5791846d2de59e8c65502b3f1071f65424f is the first bad commit
commit 54b9f5791846d2de59e8c65502b3f1071f65424f
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date:   Thu Oct 31 11:42:59 2019 -0700

    net_sched: check cops->tcf_block in tc_bind_tclass()
    
    commit 8b142a00edcf8422ca48b8de88d286efb500cb53 upstream
    
    At least sch_red and sch_tbf don't implement ->tcf_block()
    while still have a non-zero tc "class".
    
    Instead of adding nop implementations to each of such qdisc's,
    we can just relax the check of cops->tcf_block() in
    tc_bind_tclass(). They don't support TC filter anyway.
    
    Reported-by: syzbot+21b29db13c065852f64b@syzkaller.appspotmail.com
    Cc: Jamal Hadi Salim <jhs@mojatatu.com>
    Cc: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Zubin Mithra <zsm@chromium.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 net/sched/sch_api.c | 2 ++
 1 file changed, 2 insertions(+)
culprit signature: b4f864fd71c98cef0833361b53bd0269d7b90bcd
parent  signature: d002e907fdfabbbfa48a0c0695f5a8679bfda8a5
revisions tested: 13, total time: 3h6m39.391693711s (build: 1h42m55.603387575s, test: 1h22m33.244183247s)
first good commit: 54b9f5791846d2de59e8c65502b3f1071f65424f net_sched: check cops->tcf_block in tc_bind_tclass()
cc: ["davem@davemloft.net" "sashal@kernel.org" "xiyou.wangcong@gmail.com" "zsm@chromium.org"]