bisecting cause commit starting from c25a951c50dca1da4a449a985a9debd82dc18573
building syzkaller on 2b41159686513694e75f8c376b4a32c66c8b709f
testing commit c25a951c50dca1da4a449a985a9debd82dc18573 with gcc (GCC) 8.1.0
kernel signature: d4b92a4d3e96248aaccf31d34b8c415d7079f6e289e6577674fda41e6a40fa7c
all runs: crashed: general protection fault in l2cap_sock_getsockopt
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 2dd2f3b039d018f75e5b401804c3b553f07ebbe86b49a66020267acd6734e716
all runs: OK
# git bisect start c25a951c50dca1da4a449a985a9debd82dc18573 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 6706 revisions left to test after this (roughly 13 steps)
[9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm
testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0
kernel signature: 550add01892fec77fd1ced01b75980521fff9cab7e816cb822f4d8891d8808ac
all runs: OK
# git bisect good 9f68e3655aae6d49d6ba05dd263f99f33c2567af
Bisecting: 3275 revisions left to test after this (roughly 12 steps)
[1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc with gcc (GCC) 8.1.0
kernel signature: fe904aff242949731be6f54475e8e06a7fd774eb6c1317d9f2252af484871d6e
all runs: OK
# git bisect good 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc
Bisecting: 1637 revisions left to test after this (roughly 11 steps)
[c399ecef2ce3bf61a75bffab73f2ffc8300c7c16] Merge remote-tracking branch 'ext3/for_next'
testing commit c399ecef2ce3bf61a75bffab73f2ffc8300c7c16 with gcc (GCC) 8.1.0
kernel signature: aa8ac3243beb2386d564503aee58a2c10222d5452942757ef655e6152e9f8979
all runs: OK
# git bisect good c399ecef2ce3bf61a75bffab73f2ffc8300c7c16
Bisecting: 820 revisions left to test after this (roughly 10 steps)
[f6ca467f2126b713baf542ad7fc6e5a01347caa4] Merge remote-tracking branch 'sound-asoc/for-next'
testing commit f6ca467f2126b713baf542ad7fc6e5a01347caa4 with gcc (GCC) 8.1.0
kernel signature: dd97f55f11336cb30a96defb6fb79a0977d18ab5ccbef2f77bc6db1ea6f02de7
all runs: crashed: general protection fault in l2cap_sock_getsockopt
# git bisect bad f6ca467f2126b713baf542ad7fc6e5a01347caa4
Bisecting: 404 revisions left to test after this (roughly 9 steps)
[8bc850b9792d52ff9d126fa8d7318ce123d28c4e] Merge remote-tracking branch 'thermal/thermal/linux-next'
testing commit 8bc850b9792d52ff9d126fa8d7318ce123d28c4e with gcc (GCC) 8.1.0
kernel signature: 4d76329b49628da8f30ce467acfd4887ddbd3cb81f692b424fb9acff72dc2f37
all runs: OK
# git bisect good 8bc850b9792d52ff9d126fa8d7318ce123d28c4e
Bisecting: 249 revisions left to test after this (roughly 8 steps)
[05b5ff30d31fbf9281b108a84da7422efce5c419] drm/amdgpu: drop legacy drm load and unload callbacks
testing commit 05b5ff30d31fbf9281b108a84da7422efce5c419 with gcc (GCC) 8.1.0
kernel signature: 3c9b3ba9373cc1695af8f0ec83f137b1f216f76330d19c80d325bc74a609656e
all runs: OK
# git bisect good 05b5ff30d31fbf9281b108a84da7422efce5c419
Bisecting: 133 revisions left to test after this (roughly 7 steps)
[b7730511cf6a39891d90afec2ac0e2f441fc9a1f] Merge remote-tracking branch 'mac80211-next/master'
testing commit b7730511cf6a39891d90afec2ac0e2f441fc9a1f with gcc (GCC) 8.1.0
kernel signature: dfaf7678786c10e306ddb0fbde7239f56c96090ab28b9d27611016d4a577e2ab
all runs: crashed: general protection fault in l2cap_sock_getsockopt
# git bisect bad b7730511cf6a39891d90afec2ac0e2f441fc9a1f
Bisecting: 52 revisions left to test after this (roughly 6 steps)
[9d86cbc07ab07983e3c9dfcdb5477996cfe567cc] Merge remote-tracking branch 'wireless-drivers-next/master'
testing commit 9d86cbc07ab07983e3c9dfcdb5477996cfe567cc with gcc (GCC) 8.1.0
kernel signature: a04a188901bf38aa9721870a54eebd552bc6de6d9f530ccf32568e1ecec39d19
all runs: OK
# git bisect good 9d86cbc07ab07983e3c9dfcdb5477996cfe567cc
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[85b27ef73419db8d59a5d685bc62113883ca9330] mac80211: Accept broadcast probe responses on 6GHz band
testing commit 85b27ef73419db8d59a5d685bc62113883ca9330 with gcc (GCC) 8.1.0
kernel signature: 9149de34f8e9778921f31a193045005a5dcd46b8a15c52ae9694a3f8c027be62
all runs: OK
# git bisect good 85b27ef73419db8d59a5d685bc62113883ca9330
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[cee5f20fece32cd1722230cb05333f39db860698] Bluetooth: secure bluetooth stack from bluedump attack
testing commit cee5f20fece32cd1722230cb05333f39db860698 with gcc (GCC) 8.1.0
kernel signature: 7b0e2d47b2b7c4ece3cea5717833633457709383047f43c02a083a7291aa3914
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good cee5f20fece32cd1722230cb05333f39db860698
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[9b125c27998719288e4dcf2faf54511039526692] mac80211: support NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_MAC_ADDRS
testing commit 9b125c27998719288e4dcf2faf54511039526692 with gcc (GCC) 8.1.0
kernel signature: 851c44dbd0b22699cfc8b240d9824723577c4275dcbe89f7ed35c273fade643c
all runs: OK
# git bisect good 9b125c27998719288e4dcf2faf54511039526692
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[1f6e0baa703d31002c312c3e423c108b04325df0] mac80211: allow setting queue_len for drivers not using wake_tx_queue
testing commit 1f6e0baa703d31002c312c3e423c108b04325df0 with gcc (GCC) 8.1.0
kernel signature: aa31f0722d7ca0df74cad1eba606955f91ddc6fc9c26a18bcbec8be73f041750
all runs: OK
# git bisect good 1f6e0baa703d31002c312c3e423c108b04325df0
Bisecting: 1 revision left to test after this (roughly 1 step)
[e22998f53a1e5a2e8c98d0f42506be985773b50c] Bluetooth: Fix a typo in Kconfig
testing commit e22998f53a1e5a2e8c98d0f42506be985773b50c with gcc (GCC) 8.1.0
kernel signature: 5c8874dfdc24453877c162811a7808a54882420786b1b39706124153459df998
all runs: crashed: general protection fault in l2cap_sock_getsockopt
# git bisect bad e22998f53a1e5a2e8c98d0f42506be985773b50c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[eab2404ba798a8efda2a970f44071c3406d94e57] Bluetooth: Add BT_PHY socket option
testing commit eab2404ba798a8efda2a970f44071c3406d94e57 with gcc (GCC) 8.1.0
kernel signature: 2d8e8c2f3f5292ba58b409d18629ddd006cafdc6ab014ca44146bef4a9aa3057
all runs: crashed: general protection fault in l2cap_sock_getsockopt
# git bisect bad eab2404ba798a8efda2a970f44071c3406d94e57
eab2404ba798a8efda2a970f44071c3406d94e57 is the first bad commit
commit eab2404ba798a8efda2a970f44071c3406d94e57
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Fri Feb 14 10:08:57 2020 -0800

    Bluetooth: Add BT_PHY socket option
    
    This adds BT_PHY socket option (read-only) which can be used to read
    the PHYs in use by the underline connection.
    
    Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

 include/net/bluetooth/bluetooth.h |  17 ++++++
 include/net/bluetooth/hci_core.h  |   2 +
 net/bluetooth/hci_conn.c          | 107 ++++++++++++++++++++++++++++++++++++++
 net/bluetooth/l2cap_sock.c        |  13 +++++
 net/bluetooth/sco.c               |  13 +++++
 5 files changed, 152 insertions(+)
culprit signature: 2d8e8c2f3f5292ba58b409d18629ddd006cafdc6ab014ca44146bef4a9aa3057
parent  signature: 7b0e2d47b2b7c4ece3cea5717833633457709383047f43c02a083a7291aa3914
revisions tested: 16, total time: 4h7m28.510087041s (build: 1h48m54.124015034s, test: 2h17m1.407150911s)
first bad commit: eab2404ba798a8efda2a970f44071c3406d94e57 Bluetooth: Add BT_PHY socket option
cc: ["davem@davemloft.net" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "linux-kernel@vger.kernel.org" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "netdev@vger.kernel.org"]
crash: general protection fault in l2cap_sock_getsockopt
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8492 Comm: syz-executor.3 Not tainted 5.5.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:l2cap_sock_getsockopt+0x649/0xf50 net/bluetooth/l2cap_sock.c:613
Code: 00 00 fc ff df 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 60 08 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 1f 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 35 08 00 00 48 8b 3b e8 35 9e f7 ff be 67 02 00
RSP: 0018:ffffc90002ce7c80 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888090b73012
RBP: ffffc90002ce7de0 R08: 0000000000000006 R09: fffffbfff14fa373
R10: fffffbfff14fa372 R11: ffffffff8a7d1b97 R12: 1ffff9200059cf93
R13: 0000000000000000 R14: ffff888090b73000 R15: ffff888092964000
FS:  00007f3b2bfa8700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fefdcc18000 CR3: 0000000090ad4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __sys_getsockopt+0x13c/0x2e0 net/socket.c:2175
 __do_sys_getsockopt net/socket.c:2190 [inline]
 __se_sys_getsockopt net/socket.c:2187 [inline]
 __x64_sys_getsockopt+0xb9/0x150 net/socket.c:2187
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c6c9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3b2bfa7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007f3b2bfa86d4 RCX: 000000000045c6c9
RDX: 000000000000000e RSI: 0000000000000112 RDI: 0000000000000004
RBP: 000000000076bf20 R08: 0000000020000140 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000154 R14: 00000000004c3bf6 R15: 000000000076bf2c
Modules linked in:
---[ end trace e743cee45e7cc59e ]---
RIP: 0010:l2cap_sock_getsockopt+0x649/0xf50 net/bluetooth/l2cap_sock.c:613
Code: 00 00 fc ff df 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 60 08 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 1f 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 35 08 00 00 48 8b 3b e8 35 9e f7 ff be 67 02 00
RSP: 0018:ffffc90002ce7c80 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888090b73012
RBP: ffffc90002ce7de0 R08: 0000000000000006 R09: fffffbfff14fa373
R10: fffffbfff14fa372 R11: ffffffff8a7d1b97 R12: 1ffff9200059cf93
R13: 0000000000000000 R14: ffff888090b73000 R15: ffff888092964000
FS:  00007f3b2bfa8700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 0000000090ad4000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400