bisecting cause commit starting from c25a951c50dca1da4a449a985a9debd82dc18573 building syzkaller on 2b41159686513694e75f8c376b4a32c66c8b709f testing commit c25a951c50dca1da4a449a985a9debd82dc18573 with gcc (GCC) 8.1.0 kernel signature: c106c8a891b83e7c133b0cae0431a54b323e92b3076b070be313c132c670fb74 all runs: crashed: general protection fault in sco_sock_getsockopt testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: f5e92280d848d55d8006138e8fa270bed1b44f6928b52cd2bae9ebfb9804fcc1 all runs: OK # git bisect start c25a951c50dca1da4a449a985a9debd82dc18573 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6706 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0 kernel signature: 7eedf42803395a41a6aeea30ab2a2cc035ca8c29855caf965b4e052ba36b66c2 all runs: OK # git bisect good 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3275 revisions left to test after this (roughly 12 steps) [1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc with gcc (GCC) 8.1.0 kernel signature: 29e0430a19cde863da815c5d476ba79418a6167b463b38bf1a680001019bd8d0 all runs: OK # git bisect good 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc Bisecting: 1637 revisions left to test after this (roughly 11 steps) [c399ecef2ce3bf61a75bffab73f2ffc8300c7c16] Merge remote-tracking branch 'ext3/for_next' testing commit c399ecef2ce3bf61a75bffab73f2ffc8300c7c16 with gcc (GCC) 8.1.0 kernel signature: 33f6c33502a10e70d29d86ffdabeb164b5e4e56895f5801e0f9562ffd066da5b all runs: OK # git bisect good c399ecef2ce3bf61a75bffab73f2ffc8300c7c16 Bisecting: 820 revisions left to test after this (roughly 10 steps) [f6ca467f2126b713baf542ad7fc6e5a01347caa4] Merge remote-tracking branch 'sound-asoc/for-next' testing commit f6ca467f2126b713baf542ad7fc6e5a01347caa4 with gcc (GCC) 8.1.0 kernel signature: 400c91676ac05ec7e809fe0342193d47879fbc07a492bcf2a0d7d07f7a5e5ebe all runs: crashed: general protection fault in sco_sock_getsockopt # git bisect bad f6ca467f2126b713baf542ad7fc6e5a01347caa4 Bisecting: 404 revisions left to test after this (roughly 9 steps) [8bc850b9792d52ff9d126fa8d7318ce123d28c4e] Merge remote-tracking branch 'thermal/thermal/linux-next' testing commit 8bc850b9792d52ff9d126fa8d7318ce123d28c4e with gcc (GCC) 8.1.0 kernel signature: b976d2a8ed5be55aef72ab412c68f93b4247f2ae6c7eda64604a65796c137e32 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/workdir/repro.prog" "root@10.128.0.4:./repro.prog"]: exit status 1 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. /syzkaller/jobs/linux/workdir/repro.prog: Broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 8bc850b9792d52ff9d126fa8d7318ce123d28c4e Bisecting: 249 revisions left to test after this (roughly 8 steps) [05b5ff30d31fbf9281b108a84da7422efce5c419] drm/amdgpu: drop legacy drm load and unload callbacks testing commit 05b5ff30d31fbf9281b108a84da7422efce5c419 with gcc (GCC) 8.1.0 kernel signature: 46756ba011714945af94cf70da21bfcea19c6fe5beeefda8776a9e17239c9fb6 all runs: OK # git bisect good 05b5ff30d31fbf9281b108a84da7422efce5c419 Bisecting: 133 revisions left to test after this (roughly 7 steps) [b7730511cf6a39891d90afec2ac0e2f441fc9a1f] Merge remote-tracking branch 'mac80211-next/master' testing commit b7730511cf6a39891d90afec2ac0e2f441fc9a1f with gcc (GCC) 8.1.0 kernel signature: c5bc208c206f2f7ab7f45e0d2586efd41654b4746bb275e629bee7a31ae5655e all runs: crashed: general protection fault in sco_sock_getsockopt # git bisect bad b7730511cf6a39891d90afec2ac0e2f441fc9a1f Bisecting: 52 revisions left to test after this (roughly 6 steps) [9d86cbc07ab07983e3c9dfcdb5477996cfe567cc] Merge remote-tracking branch 'wireless-drivers-next/master' testing commit 9d86cbc07ab07983e3c9dfcdb5477996cfe567cc with gcc (GCC) 8.1.0 kernel signature: b8481e22c15f7ec838e0d35c336d7bf1a6fb2fbce5bcf7ccadc16a177b3ba712 all runs: OK # git bisect good 9d86cbc07ab07983e3c9dfcdb5477996cfe567cc Bisecting: 26 revisions left to test after this (roughly 5 steps) [85b27ef73419db8d59a5d685bc62113883ca9330] mac80211: Accept broadcast probe responses on 6GHz band testing commit 85b27ef73419db8d59a5d685bc62113883ca9330 with gcc (GCC) 8.1.0 kernel signature: ac5947d98b43095db6fb7f32122d0a5edccfb734ffc48fe8fbae06f09951a1af all runs: OK # git bisect good 85b27ef73419db8d59a5d685bc62113883ca9330 Bisecting: 13 revisions left to test after this (roughly 4 steps) [cee5f20fece32cd1722230cb05333f39db860698] Bluetooth: secure bluetooth stack from bluedump attack testing commit cee5f20fece32cd1722230cb05333f39db860698 with gcc (GCC) 8.1.0 kernel signature: 7267e97ecaf978ea47f070fc26a857a89aca94996d1d9cccfb0f5b167ece5643 all runs: OK # git bisect good cee5f20fece32cd1722230cb05333f39db860698 Bisecting: 6 revisions left to test after this (roughly 3 steps) [9b125c27998719288e4dcf2faf54511039526692] mac80211: support NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_MAC_ADDRS testing commit 9b125c27998719288e4dcf2faf54511039526692 with gcc (GCC) 8.1.0 kernel signature: dee98d92da703f7be0e2407f1ebbd4d8b1267f17e3378b6b373a5c6dea906a46 all runs: OK # git bisect good 9b125c27998719288e4dcf2faf54511039526692 Bisecting: 3 revisions left to test after this (roughly 2 steps) [1f6e0baa703d31002c312c3e423c108b04325df0] mac80211: allow setting queue_len for drivers not using wake_tx_queue testing commit 1f6e0baa703d31002c312c3e423c108b04325df0 with gcc (GCC) 8.1.0 kernel signature: 9c8eb5b1cdb57e57387353cbec154a900b20bff946ca5180e937892ea4269911 all runs: OK # git bisect good 1f6e0baa703d31002c312c3e423c108b04325df0 Bisecting: 1 revision left to test after this (roughly 1 step) [e22998f53a1e5a2e8c98d0f42506be985773b50c] Bluetooth: Fix a typo in Kconfig testing commit e22998f53a1e5a2e8c98d0f42506be985773b50c with gcc (GCC) 8.1.0 kernel signature: 9c775c78876eeb90d7d4a27540ef902488fa75cf95acbb2e398b1a3167838157 all runs: crashed: general protection fault in sco_sock_getsockopt # git bisect bad e22998f53a1e5a2e8c98d0f42506be985773b50c Bisecting: 0 revisions left to test after this (roughly 0 steps) [eab2404ba798a8efda2a970f44071c3406d94e57] Bluetooth: Add BT_PHY socket option testing commit eab2404ba798a8efda2a970f44071c3406d94e57 with gcc (GCC) 8.1.0 kernel signature: 0cfd816f7c5e26b8e60336c79ed5f52fc0e87738241109aa93bffe551b0572ce all runs: crashed: general protection fault in sco_sock_getsockopt # git bisect bad eab2404ba798a8efda2a970f44071c3406d94e57 eab2404ba798a8efda2a970f44071c3406d94e57 is the first bad commit commit eab2404ba798a8efda2a970f44071c3406d94e57 Author: Luiz Augusto von Dentz Date: Fri Feb 14 10:08:57 2020 -0800 Bluetooth: Add BT_PHY socket option This adds BT_PHY socket option (read-only) which can be used to read the PHYs in use by the underline connection. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann include/net/bluetooth/bluetooth.h | 17 ++++++ include/net/bluetooth/hci_core.h | 2 + net/bluetooth/hci_conn.c | 107 ++++++++++++++++++++++++++++++++++++++ net/bluetooth/l2cap_sock.c | 13 +++++ net/bluetooth/sco.c | 13 +++++ 5 files changed, 152 insertions(+) culprit signature: 0cfd816f7c5e26b8e60336c79ed5f52fc0e87738241109aa93bffe551b0572ce parent signature: 7267e97ecaf978ea47f070fc26a857a89aca94996d1d9cccfb0f5b167ece5643 revisions tested: 16, total time: 4h3m53.578719867s (build: 1h49m38.568104285s, test: 2h12m47.024972631s) first bad commit: eab2404ba798a8efda2a970f44071c3406d94e57 Bluetooth: Add BT_PHY socket option cc: ["davem@davemloft.net" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "linux-kernel@vger.kernel.org" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "netdev@vger.kernel.org"] crash: general protection fault in sco_sock_getsockopt kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8374 Comm: syz-executor.4 Not tainted 5.5.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:sco_sock_getsockopt+0x2ff/0x800 net/bluetooth/sco.c:966 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7c 04 00 00 49 8b 9e b8 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 48 8b 3b e8 0f fb f4 ff be c8 03 00 RSP: 0018:ffffc90007ae7d00 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88809e07f4b8 RBP: ffffc90007ae7de0 R08: 0000000000000006 R09: fffffbfff14fa37f R10: fffffbfff14fa37e R11: ffffffff8a7d1bf7 R12: 0000000000000000 R13: 1ffff92000f5cfa3 R14: ffff88809e07f000 R15: 0000000000000000 FS: 00007f1ac38a5700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000625208 CR3: 000000009efe2000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __sys_getsockopt+0x13c/0x2e0 net/socket.c:2175 __do_sys_getsockopt net/socket.c:2190 [inline] __se_sys_getsockopt net/socket.c:2187 [inline] __x64_sys_getsockopt+0xb9/0x150 net/socket.c:2187 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c6c9 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f1ac38a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007f1ac38a56d4 RCX: 000000000045c6c9 RDX: 000000000000000e RSI: 0000000000000084 RDI: 0000000000000005 RBP: 000000000076bf20 R08: 0000000020000080 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000001d2 R14: 00000000004d2720 R15: 000000000076bf2c Modules linked in: ---[ end trace 685c191b5f10a6df ]--- RIP: 0010:sco_sock_getsockopt+0x2ff/0x800 net/bluetooth/sco.c:966 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7c 04 00 00 49 8b 9e b8 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 48 8b 3b e8 0f fb f4 ff be c8 03 00 RSP: 0018:ffffc90007ae7d00 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88809e07f4b8 RBP: ffffc90007ae7de0 R08: 0000000000000006 R09: fffffbfff14fa37f R10: fffffbfff14fa37e R11: ffffffff8a7d1bf7 R12: 0000000000000000 R13: 1ffff92000f5cfa3 R14: ffff88809e07f000 R15: 0000000000000000 FS: 00007f1ac38a5700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000017ed000 CR3: 000000009efe2000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400