bisecting fixing commit since 17a87580a8856170d59aab302226811a4ae69149
building syzkaller on e562dd8adff015d44bec3d7fd8e6608a3a031ff3
testing commit 17a87580a8856170d59aab302226811a4ae69149 with gcc (GCC) 8.1.0
kernel signature: 810b58106166fb3d4a27a3b0c3b9f19b64e3dc02b3494bb02b6fa96ad1fa36fe
all runs: crashed: general protection fault in rose_send_frame
testing current HEAD 13d2ce42de8cb98ff952f8de6307f896203854c2
testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.1.0
kernel signature: 7b0c539dfccff3a33ab99858aa3e8518868c679de2f5862009cf1fad4805e3cf
all runs: OK
# git bisect start 13d2ce42de8cb98ff952f8de6307f896203854c2 17a87580a8856170d59aab302226811a4ae69149
Bisecting: 1147 revisions left to test after this (roughly 10 steps)
[d4c38bfb33c2bb1c9cb6afb633fc210ae63a3337] drm/omap: fix possible object reference leak

testing commit d4c38bfb33c2bb1c9cb6afb633fc210ae63a3337 with gcc (GCC) 8.1.0
kernel signature: 76e61b25692cc8ce0f32763d8006915900c018357fea42fba8132b9b1dd69586
all runs: crashed: general protection fault in rose_send_frame
# git bisect good d4c38bfb33c2bb1c9cb6afb633fc210ae63a3337
Bisecting: 573 revisions left to test after this (roughly 9 steps)
[1ae161d27b01ebe062cc4bf228a1e5debc473310] fscrypt: clean up and improve dentry revalidation

testing commit 1ae161d27b01ebe062cc4bf228a1e5debc473310 with gcc (GCC) 8.1.0
kernel signature: 86d194edecfd0822daba95010651d11ad87dd869108d67cb3975b0684b8e8c83
all runs: crashed: general protection fault in rose_send_frame
# git bisect good 1ae161d27b01ebe062cc4bf228a1e5debc473310
Bisecting: 286 revisions left to test after this (roughly 8 steps)
[d9f4534a9a286877ae29e15b5f9ba8ecb7370924] nbd: fix a block_device refcount leak in nbd_release

testing commit d9f4534a9a286877ae29e15b5f9ba8ecb7370924 with gcc (GCC) 8.1.0
kernel signature: 5618cd6d8e757b73e66e342b01390c72f781be824eb98ca3b5eac43848433284
all runs: crashed: general protection fault in rose_send_frame
# git bisect good d9f4534a9a286877ae29e15b5f9ba8ecb7370924
Bisecting: 143 revisions left to test after this (roughly 7 steps)
[675b9c121c46166b189344fd158f10e064061505] regulator: fix memory leak with repeated set_machine_constraints()

testing commit 675b9c121c46166b189344fd158f10e064061505 with gcc (GCC) 8.1.0
kernel signature: 13923ef55d0f855d940a528fd16231cae4c46fc4ea003ccdf8c912ab454ce1be
all runs: crashed: general protection fault in rose_send_frame
# git bisect good 675b9c121c46166b189344fd158f10e064061505
Bisecting: 71 revisions left to test after this (roughly 6 steps)
[716cd2eba30d7737fd140abd00e1667c76b32fc5] ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init

testing commit 716cd2eba30d7737fd140abd00e1667c76b32fc5 with gcc (GCC) 8.1.0
kernel signature: bb459c4fada39ce77dcc32f13d45fbb4792c62631b4e871ab5dbf061ec98641a
all runs: crashed: general protection fault in rose_send_frame
# git bisect good 716cd2eba30d7737fd140abd00e1667c76b32fc5
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[cd3a447d9d4dc6109ed0d3d95113b00d48960df7] USB: serial: ch341: add new Product ID for CH341A

testing commit cd3a447d9d4dc6109ed0d3d95113b00d48960df7 with gcc (GCC) 8.1.0
kernel signature: 22572e0f17f0b2373c5ff8fa818b4e0db4bae4594291226f62a5f31b6700f948
all runs: OK
# git bisect bad cd3a447d9d4dc6109ed0d3d95113b00d48960df7
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[304c080fc33258e3b177b6f0736b97d54e6fea3b] net/x25: prevent a couple of overflows

testing commit 304c080fc33258e3b177b6f0736b97d54e6fea3b with gcc (GCC) 8.1.0
kernel signature: c597e34a3053446432f0c007053bfdf0c2b80fb9192aa6281225022dda304a75
all runs: OK
# git bisect bad 304c080fc33258e3b177b6f0736b97d54e6fea3b
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[df0c94c7bf7b68b9867856260326ebe8d1fe7525] ibmvnic: fix call_netdevice_notifiers in do_reset

testing commit df0c94c7bf7b68b9867856260326ebe8d1fe7525 with gcc (GCC) 8.1.0
kernel signature: ee67cefdc46154d1b29bfb0569687947b63ddc30070d9400916be740999ddab0
all runs: OK
# git bisect bad df0c94c7bf7b68b9867856260326ebe8d1fe7525
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[0dc25f979633a39b9fb9cbf12414308657fecc7e] sock: set sk_err to ee_errno on dequeue from errq

testing commit 0dc25f979633a39b9fb9cbf12414308657fecc7e with gcc (GCC) 8.1.0
kernel signature: 4f5dc994071b0334c40b7ca76ecc0be49342a5230439fe2b7ed2a9994969fcaf
all runs: OK
# git bisect bad 0dc25f979633a39b9fb9cbf12414308657fecc7e
Bisecting: 1 revision left to test after this (roughly 1 step)
[9e401870db6c901debe3f14eae9d477bdec0e1af] net/tls: missing received data after fast remote close

testing commit 9e401870db6c901debe3f14eae9d477bdec0e1af with gcc (GCC) 8.1.0
kernel signature: 1c6dac8193584e41138e09c7e9806d9dc2a6885313d6d22e2269847b64901427
all runs: crashed: general protection fault in rose_send_frame
# git bisect good 9e401870db6c901debe3f14eae9d477bdec0e1af
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[731b9890a7f136971ac62f3276c4f6e5fa124887] rose: Fix Null pointer dereference in rose_send_frame()

testing commit 731b9890a7f136971ac62f3276c4f6e5fa124887 with gcc (GCC) 8.1.0
kernel signature: df6cc1ff445b746800c12d021831e80b36b9585b97670121b6318fe1f2af054e
all runs: OK
# git bisect bad 731b9890a7f136971ac62f3276c4f6e5fa124887
731b9890a7f136971ac62f3276c4f6e5fa124887 is the first bad commit
commit 731b9890a7f136971ac62f3276c4f6e5fa124887
Author: Anmol Karn <anmol.karan123@gmail.com>
Date:   Fri Nov 20 00:40:43 2020 +0530

    rose: Fix Null pointer dereference in rose_send_frame()
    
    [ Upstream commit 3b3fd068c56e3fbea30090859216a368398e39bf ]
    
    rose_send_frame() dereferences `neigh->dev` when called from
    rose_transmit_clear_request(), and the first occurrence of the
    `neigh` is in rose_loopback_timer() as `rose_loopback_neigh`,
    and it is initialized in rose_add_loopback_neigh() as NULL.
    i.e when `rose_loopback_neigh` used in rose_loopback_timer()
    its `->dev` was still NULL and rose_loopback_timer() was calling
    rose_rx_call_request() without checking for NULL.
    
    - net/rose/rose_link.c
    This bug seems to get triggered in this line:
    
    rose_call = (ax25_address *)neigh->dev->dev_addr;
    
    Fix it by adding NULL checking for `rose_loopback_neigh->dev`
    in rose_loopback_timer().
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Suggested-by: Jakub Kicinski <kuba@kernel.org>
    Reported-by: syzbot+a1c743815982d9496393@syzkaller.appspotmail.com
    Tested-by: syzbot+a1c743815982d9496393@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
    Signed-off-by: Anmol Karn <anmol.karan123@gmail.com>
    Link: https://lore.kernel.org/r/20201119191043.28813-1-anmol.karan123@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 net/rose/rose_loopback.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

culprit signature: df6cc1ff445b746800c12d021831e80b36b9585b97670121b6318fe1f2af054e
parent  signature: 1c6dac8193584e41138e09c7e9806d9dc2a6885313d6d22e2269847b64901427
revisions tested: 13, total time: 3h26m29.618137546s (build: 2h3m33.341393795s, test: 1h21m22.475505439s)
first good commit: 731b9890a7f136971ac62f3276c4f6e5fa124887 rose: Fix Null pointer dereference in rose_send_frame()
recipients (to): ["anmol.karan123@gmail.com" "gregkh@linuxfoundation.org" "kuba@kernel.org" "syzbot+a1c743815982d9496393@syzkaller.appspotmail.com"]
recipients (cc): []