Re: [syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog

From: syzbot
Date: Fri Jul 04 2025 - 02:36:55 EST

Next message: Paul-pl Chen (陳柏霖): "Re: [PATCH v3 13/17] drm/mediatek: add BLENDER support for MT8196"
Previous message: Kuniyuki Iwashima: "Re: [PATCH net-next v3 5/7] af_unix: stash pidfs dentry when needed"
In reply to: syzbot: "[syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog"
Next in thread: Hillf Danton: "Re: [syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog
Author: lizhi.xu@xxxxxxxxxxxxx

#syz test

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index d8a33486c51..7f32347971f 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -803,12 +803,13 @@ void qdisc_tree_reduce_backlog(struct Qdisc *sch, int n, int len)
break;
}
cops = sch->ops->cl_ops;
- if (notify && cops->qlen_notify) {
+ if (cops && notify && cops->qlen_notify) {
/* Note that qlen_notify must be idempotent as it may get called
* multiple times.
*/
cl = cops->find(sch, parentid);
- cops->qlen_notify(sch, cl);
+ if (virt_addr_valid(cl))
+ cops->qlen_notify(sch, cl);
}
sch->q.qlen -= n;
sch->qstats.backlog -= len;

Next message: Paul-pl Chen (陳柏霖): "Re: [PATCH v3 13/17] drm/mediatek: add BLENDER support for MT8196"
Previous message: Kuniyuki Iwashima: "Re: [PATCH net-next v3 5/7] af_unix: stash pidfs dentry when needed"
In reply to: syzbot: "[syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog"
Next in thread: Hillf Danton: "Re: [syzbot] [net?] general protection fault in qdisc_tree_reduce_backlog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]