bisecting fixing commit since 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c building syzkaller on cca8798699baeeccbf80af23d234ac19a5d667aa testing commit 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c with gcc (GCC) 8.4.1 20210217 kernel signature: c3d72cf76752ea11010ecd371f54601f54c456e002c4f5c4646f1bad0394c3ca all runs: crashed: general protection fault in ioctl_standard_call testing current HEAD 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 testing commit 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 with gcc (GCC) 8.4.1 20210217 kernel signature: f7984750ba536b933ef4763ba92dfa9b019c27918833944c9dc327b57e7c314c all runs: OK # git bisect start 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c Bisecting: 430 revisions left to test after this (roughly 9 steps) [980f10055aace012af1f644737b8474395bd388c] net: bcmgenet: Fix a resource leak in an error handling path in the probe functin testing commit 980f10055aace012af1f644737b8474395bd388c with gcc (GCC) 8.4.1 20210217 kernel signature: c82a612efdd5900389861a5d6d765900821f1e2d40f9bea545926dfe28bcf1d2 all runs: crashed: general protection fault in ioctl_standard_call # git bisect good 980f10055aace012af1f644737b8474395bd388c Bisecting: 215 revisions left to test after this (roughly 8 steps) [3b972cda608f5fd3db77e05f3a1287cdcd7d8b21] ASoC: Intel: fix error code cnl_set_dsp_D0() testing commit 3b972cda608f5fd3db77e05f3a1287cdcd7d8b21 with gcc (GCC) 8.4.1 20210217 kernel signature: db5f55d24e9bc6a0deb47449b5b6bb6650a7c5a625cd7d6ccdbe3ce9d6d41c7d all runs: crashed: general protection fault in ioctl_standard_call # git bisect good 3b972cda608f5fd3db77e05f3a1287cdcd7d8b21 Bisecting: 107 revisions left to test after this (roughly 7 steps) [f7f55a40b65bfc2f15bc695ad9f93b996ccc8ea3] NFC: fix possible resource leak testing commit f7f55a40b65bfc2f15bc695ad9f93b996ccc8ea3 with gcc (GCC) 8.4.1 20210217 kernel signature: 79bfc8fdf80edbc2c673906cd01a8a57c6d6f14312cd0367d95cf97529b5b589 all runs: OK # git bisect bad f7f55a40b65bfc2f15bc695ad9f93b996ccc8ea3 Bisecting: 53 revisions left to test after this (roughly 6 steps) [235db93b742b4d008f4f154f78773222c010c9ac] xhci: make sure TRB is fully written before giving it to the controller testing commit 235db93b742b4d008f4f154f78773222c010c9ac with gcc (GCC) 8.4.1 20210217 kernel signature: d784d2684cab73274e3738d0c7465c994f3147eb57396bed59c2510f85c8a35d all runs: crashed: general protection fault in ioctl_standard_call # git bisect good 235db93b742b4d008f4f154f78773222c010c9ac Bisecting: 26 revisions left to test after this (roughly 5 steps) [51359110d9d9b0231dc6a60716895104c73e7770] nbd: freeze the queue while we're adding connections testing commit 51359110d9d9b0231dc6a60716895104c73e7770 with gcc (GCC) 8.4.1 20210217 kernel signature: 8b9089e85f2efd555423609f1947782d8d821e6df26662a6128c383e1afc5cd4 all runs: crashed: general protection fault in ioctl_standard_call # git bisect good 51359110d9d9b0231dc6a60716895104c73e7770 Bisecting: 13 revisions left to test after this (roughly 4 steps) [c95d60f23eb7ba5af210b7a1e60af7c2c1840fee] xen-blkfront: allow discard-* nodes to be optional testing commit c95d60f23eb7ba5af210b7a1e60af7c2c1840fee with gcc (GCC) 8.4.1 20210217 kernel signature: dba5e04fab39ab8b153d7d5312e07727d57f8fc003dc32c8936bb17ba3a54e5e all runs: OK # git bisect bad c95d60f23eb7ba5af210b7a1e60af7c2c1840fee Bisecting: 6 revisions left to test after this (roughly 3 steps) [28287a0d207f94c0cd77a820ac4f118f1bd1cbd7] drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] testing commit 28287a0d207f94c0cd77a820ac4f118f1bd1cbd7 with gcc (GCC) 8.4.1 20210217 kernel signature: 5002a182a78fcb34f3c236a4a2b68a2ed1e7a8f8988b3ae096413047adb46ac7 all runs: OK # git bisect bad 28287a0d207f94c0cd77a820ac4f118f1bd1cbd7 Bisecting: 2 revisions left to test after this (roughly 2 steps) [173b67cf1e72baff9cc02351cbe3c207b6ae29a4] wext: fix NULL-ptr-dereference with cfg80211's lack of commit() testing commit 173b67cf1e72baff9cc02351cbe3c207b6ae29a4 with gcc (GCC) 8.4.1 20210217 kernel signature: 397f154bdcc3327a4d98b3fca3c1d6f6794a34fe406c11727c760120e861143d all runs: OK # git bisect bad 173b67cf1e72baff9cc02351cbe3c207b6ae29a4 Bisecting: 0 revisions left to test after this (roughly 1 step) [8ec82d5a30668f30e6b724e6090965c14b47b250] ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming testing commit 8ec82d5a30668f30e6b724e6090965c14b47b250 with gcc (GCC) 8.4.1 20210217 kernel signature: d52957254c82fc17686a815fafd23642d74b716fbf59295cfe1e0f281a6501a3 all runs: crashed: general protection fault in ioctl_standard_call # git bisect good 8ec82d5a30668f30e6b724e6090965c14b47b250 173b67cf1e72baff9cc02351cbe3c207b6ae29a4 is the first bad commit commit 173b67cf1e72baff9cc02351cbe3c207b6ae29a4 Author: Johannes Berg Date: Thu Jan 21 17:16:22 2021 +0100 wext: fix NULL-ptr-dereference with cfg80211's lack of commit() commit 5122565188bae59d507d90a9a9fd2fd6107f4439 upstream. Since cfg80211 doesn't implement commit, we never really cared about that code there (and it's configured out w/o CONFIG_WIRELESS_EXT). After all, since it has no commit, it shouldn't return -EIWCOMMIT to indicate commit is needed. However, EIWCOMMIT is actually an alias for EINPROGRESS, which _can_ happen if e.g. we try to change the frequency but we're already in the process of connecting to some network, and drivers could return that value (or even cfg80211 itself might). This then causes us to crash because dev->wireless_handlers is NULL but we try to check dev->wireless_handlers->standard[0]. Fix this by also checking dev->wireless_handlers. Also simplify the code a little bit. Cc: stable@vger.kernel.org Reported-by: syzbot+444248c79e117bc99f46@syzkaller.appspotmail.com Reported-by: syzbot+8b2a88a09653d4084179@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210121171621.2076e4a37d5a.I5d9c72220fe7bb133fb718751da0180a57ecba4e@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman net/wireless/wext-core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) culprit signature: 397f154bdcc3327a4d98b3fca3c1d6f6794a34fe406c11727c760120e861143d parent signature: d52957254c82fc17686a815fafd23642d74b716fbf59295cfe1e0f281a6501a3 revisions tested: 11, total time: 2h27m19.435247647s (build: 1h20m41.208119746s, test: 1h2m0.691572409s) first good commit: 173b67cf1e72baff9cc02351cbe3c207b6ae29a4 wext: fix NULL-ptr-dereference with cfg80211's lack of commit() recipients (to): ["davem@davemloft.net" "gregkh@linuxfoundation.org" "johannes.berg@intel.com" "netdev@vger.kernel.org"] recipients (cc): ["gregkh@linuxfoundation.org" "johannes.berg@intel.com" "linux-kernel@vger.kernel.org"]