bisecting fixing commit since d183c8e2647a7d45202c14a33631f6c09020f8ac
building syzkaller on 11ebf937fc501c384b5cf3909da95bf49cd56e81
testing commit d183c8e2647a7d45202c14a33631f6c09020f8ac with gcc (GCC) 8.1.0
kernel signature: e42fcbf958401fae877f6acd7f1d65ebe981ab261d9703b08bb8bb7162dbe50b
all runs: crashed: WARNING in cbq_destroy_class
testing current HEAD 4fccc2503536a564a4ba31a1d50439854201659f
testing commit 4fccc2503536a564a4ba31a1d50439854201659f with gcc (GCC) 8.1.0
kernel signature: ec2f924bb0c1cfe85e9d0c5879e5c0cfae230d98128265ba19a85ffe301d052c
all runs: OK
# git bisect start 4fccc2503536a564a4ba31a1d50439854201659f d183c8e2647a7d45202c14a33631f6c09020f8ac
Bisecting: 572 revisions left to test after this (roughly 9 steps)
[fb3809dde0acd7d492dd085490b4f5ee900c96ad] net: netsec: Fix signedness bug in netsec_probe()
testing commit fb3809dde0acd7d492dd085490b4f5ee900c96ad with gcc (GCC) 8.1.0
kernel signature: be47db8557e41f0c1f1590fdd5feb7a284744aa78032a5b969e6f6f3296cb1f7
all runs: crashed: WARNING in cbq_destroy_class
# git bisect good fb3809dde0acd7d492dd085490b4f5ee900c96ad
Bisecting: 286 revisions left to test after this (roughly 8 steps)
[bdfaaf35ac49ef43d1f3a6ccf6f27b8e64f61828] kernel/module: Fix memleak in module_add_modinfo_attrs()
testing commit bdfaaf35ac49ef43d1f3a6ccf6f27b8e64f61828 with gcc (GCC) 8.1.0
kernel signature: e3c8787fedab5e25d25839cff3f9eaffd7e21dfc14b46854db6369cc67c52023
all runs: OK
# git bisect bad bdfaaf35ac49ef43d1f3a6ccf6f27b8e64f61828
Bisecting: 142 revisions left to test after this (roughly 7 steps)
[817edd2bb385aa4bc96f287081bac0d9c99bbf9a] s390x/mm: implement arch_remove_memory()
testing commit 817edd2bb385aa4bc96f287081bac0d9c99bbf9a with gcc (GCC) 8.1.0
kernel signature: 38f972059a136e2f0230cb21160d37130c8d22e0a6bc1bfe3e35de8da81e2c35
all runs: crashed: WARNING in cbq_destroy_class
# git bisect good 817edd2bb385aa4bc96f287081bac0d9c99bbf9a
Bisecting: 71 revisions left to test after this (roughly 6 steps)
[95a41c7b7f1431b3264dd6dc1a1691f317ee89ee] x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup
testing commit 95a41c7b7f1431b3264dd6dc1a1691f317ee89ee with gcc (GCC) 8.1.0
kernel signature: 0fc7a4b1bce670e65367d69ef33891180287dc97414b9e9ce1b6d08181f5c44d
all runs: OK
# git bisect bad 95a41c7b7f1431b3264dd6dc1a1691f317ee89ee
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[979f93f1e1477cdc78801498ab8ef23ee782e6df] net_sched: ematch: reject invalid TCF_EM_SIMPLE
testing commit 979f93f1e1477cdc78801498ab8ef23ee782e6df with gcc (GCC) 8.1.0
kernel signature: 3c2c95a0d7cbd77ed2289f8f681747fbca9a7d7606cbd295f70865d7308aa277
all runs: crashed: WARNING in cbq_destroy_class
# git bisect good 979f93f1e1477cdc78801498ab8ef23ee782e6df
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[c630c3f4164a5c3f712edb2ef0b56f3edd3b7848] platform/x86: dell-laptop: disable kbd backlight on Inspiron 10xx
testing commit c630c3f4164a5c3f712edb2ef0b56f3edd3b7848 with gcc (GCC) 8.1.0
kernel signature: 67b843d808c98ac2572400ac0512b4b70dca449c1798816ae1700c93bc3ee1e7
all runs: OK
# git bisect bad c630c3f4164a5c3f712edb2ef0b56f3edd3b7848
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[e0fcfcda809cb3b52e59cfb28d72d95bc93436b0] phy: cpcap-usb: Prevent USB line glitches from waking up modem
testing commit e0fcfcda809cb3b52e59cfb28d72d95bc93436b0 with gcc (GCC) 8.1.0
kernel signature: 9e2ccd5294d6a426908786b37ca43c3457ec6e202e97434f4bd184fe2371c313
all runs: OK
# git bisect bad e0fcfcda809cb3b52e59cfb28d72d95bc93436b0
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[76801819d5d8cb3173e584994a3edf14ad739a49] HID: Add quirk for Xin-Mo Dual Controller
testing commit 76801819d5d8cb3173e584994a3edf14ad739a49 with gcc (GCC) 8.1.0
kernel signature: d208a9fb8ef72aa24388690aaad604e5a61967494674e77833e68f0b478b5776
all runs: OK
# git bisect bad 76801819d5d8cb3173e584994a3edf14ad739a49
Bisecting: 1 revision left to test after this (roughly 1 step)
[4ea66250caf029bde54597c6d5d6654c75fd3e64] HID: multitouch: Add LG MELF0410 I2C touchscreen support
testing commit 4ea66250caf029bde54597c6d5d6654c75fd3e64 with gcc (GCC) 8.1.0
kernel signature: 48498572c847224a41c70ff040f2035a2e554f52d0fd9beddaf3fe0404e2f95c
all runs: OK
# git bisect bad 4ea66250caf029bde54597c6d5d6654c75fd3e64
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9f7a32834b624bdfc94a21f3035463310faf7259] net_sched: fix ops->bind_class() implementations
testing commit 9f7a32834b624bdfc94a21f3035463310faf7259 with gcc (GCC) 8.1.0
kernel signature: 5733f51d4b547e190bb0399907d5563e6d70f3a23f8f3f4a02df630192ad20c3
all runs: OK
# git bisect bad 9f7a32834b624bdfc94a21f3035463310faf7259
9f7a32834b624bdfc94a21f3035463310faf7259 is the first bad commit
commit 9f7a32834b624bdfc94a21f3035463310faf7259
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date:   Thu Jan 23 16:26:18 2020 -0800

    net_sched: fix ops->bind_class() implementations
    
    [ Upstream commit 2e24cd755552350b94a7617617c6877b8cbcb701 ]
    
    The current implementations of ops->bind_class() are merely
    searching for classid and updating class in the struct tcf_result,
    without invoking either of cl_ops->bind_tcf() or
    cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
    like cbq use them to count filters too. This is why syzbot triggered
    the warning in cbq_destroy_class().
    
    In order to fix this, we have to call cl_ops->bind_tcf() and
    cl_ops->unbind_tcf() like the filter binding path. This patch does
    so by refactoring out two helper functions __tcf_bind_filter()
    and __tcf_unbind_filter(), which are lockless and accept a Qdisc
    pointer, then teaching each implementation to call them correctly.
    
    Note, we merely pass the Qdisc pointer as an opaque pointer to
    each filter, they only need to pass it down to the helper
    functions without understanding it at all.
    
    Fixes: 07d79fc7d94e ("net_sched: add reverse binding for tc class")
    Reported-and-tested-by: syzbot+0a0596220218fcb603a8@syzkaller.appspotmail.com
    Reported-and-tested-by: syzbot+63bdb6006961d8c917c6@syzkaller.appspotmail.com
    Cc: Jamal Hadi Salim <jhs@mojatatu.com>
    Cc: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/net/pkt_cls.h     | 33 +++++++++++++++++++--------------
 include/net/sch_generic.h |  3 ++-
 net/sched/cls_basic.c     | 11 ++++++++---
 net/sched/cls_bpf.c       | 11 ++++++++---
 net/sched/cls_flower.c    | 11 ++++++++---
 net/sched/cls_fw.c        | 11 ++++++++---
 net/sched/cls_matchall.c  | 11 ++++++++---
 net/sched/cls_route.c     | 11 ++++++++---
 net/sched/cls_rsvp.h      | 11 ++++++++---
 net/sched/cls_tcindex.c   | 11 ++++++++---
 net/sched/cls_u32.c       | 11 ++++++++---
 net/sched/sch_api.c       |  6 ++++--
 12 files changed, 97 insertions(+), 44 deletions(-)
culprit signature: 5733f51d4b547e190bb0399907d5563e6d70f3a23f8f3f4a02df630192ad20c3
parent  signature: 3c2c95a0d7cbd77ed2289f8f681747fbca9a7d7606cbd295f70865d7308aa277
revisions tested: 12, total time: 3h36m37.366778498s (build: 1h48m45.930720647s, test: 1h46m0.080054234s)
first good commit: 9f7a32834b624bdfc94a21f3035463310faf7259 net_sched: fix ops->bind_class() implementations
cc: ["davem@davemloft.net" "gregkh@linuxfoundation.org" "syzbot+0a0596220218fcb603a8@syzkaller.appspotmail.com" "syzbot+63bdb6006961d8c917c6@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"]