bisecting cause commit starting from 1590a2e1c681b0991bd42c992cabfd380e0338f2
building syzkaller on ffec44b5d1e024359410f6ba8d5e965973ede8f5
testing commit 1590a2e1c681b0991bd42c992cabfd380e0338f2 with gcc (GCC) 8.1.0
kernel signature: f928425f7c301f2561e4c4d92c75ccfc42cb31003e1d7974bc564a981fc0cddd
all runs: crashed: general protection fault in qrtr_endpoint_post
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 19e4fc8b0f4a93c89e48177e61cdc68b95b47ca22b329341eca4ff89c8d5fd36
all runs: OK
# git bisect start 1590a2e1c681b0991bd42c992cabfd380e0338f2 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
Bisecting: 7906 revisions left to test after this (roughly 13 steps)
[762a3af6faa0682e5b30b67b1db156c7df55f2c7] exec: open code copy_string_kernel
testing commit 762a3af6faa0682e5b30b67b1db156c7df55f2c7 with gcc (GCC) 8.1.0
kernel signature: ef908390922a403651d2e905132dfac3f17076a63f62daa973915c012e30fed7
all runs: crashed: general protection fault in qrtr_endpoint_post
# git bisect bad 762a3af6faa0682e5b30b67b1db156c7df55f2c7
Bisecting: 3953 revisions left to test after this (roughly 12 steps)
[86ec2da037b85436b63afe3df43ed48fa0e52b0e] mm/thp: rename pmd_mknotpresent() as pmd_mkinvalid()
testing commit 86ec2da037b85436b63afe3df43ed48fa0e52b0e with gcc (GCC) 8.1.0
kernel signature: ccd9c0d617c0a85c726d1b5428f2fae6ea7184e9218d69c9b0e69f97df9dae81
all runs: OK
# git bisect good 86ec2da037b85436b63afe3df43ed48fa0e52b0e
Bisecting: 1869 revisions left to test after this (roughly 11 steps)
[3248044ecf9f91900be5678919966715f1fb8834] Merge tag 'wireless-drivers-next-2020-05-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit 3248044ecf9f91900be5678919966715f1fb8834 with gcc (GCC) 8.1.0
kernel signature: ff1ae2ced41e91b197cd7365b2a5cd4a6c648f0cfe658392dd9720951717071c
all runs: crashed: general protection fault in qrtr_endpoint_post
# git bisect bad 3248044ecf9f91900be5678919966715f1fb8834
Bisecting: 970 revisions left to test after this (roughly 10 steps)
[5d9e4722c74e8868d5fe2f8749de80928eb4a1d1] Merge tag 'wireless-drivers-next-2020-05-07' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit 5d9e4722c74e8868d5fe2f8749de80928eb4a1d1 with gcc (GCC) 8.1.0
kernel signature: 3f0126dcb43eb7dd75329900790edc8c97a880539cb0def7b88dae9a2932f043
all runs: crashed: general protection fault in qrtr_endpoint_post
# git bisect bad 5d9e4722c74e8868d5fe2f8749de80928eb4a1d1
Bisecting: 556 revisions left to test after this (roughly 9 steps)
[da4063bdfcfa70ec57a6c25f772ac6378b1584ad] netlink: allow NLA_MSECS to have range validation
testing commit da4063bdfcfa70ec57a6c25f772ac6378b1584ad with gcc (GCC) 8.1.0
kernel signature: 1eb353cf9ed4e0593d8ba16e1fc05adf5078f510117c432cc93bf672a72df3d6
all runs: OK
# git bisect good da4063bdfcfa70ec57a6c25f772ac6378b1584ad
Bisecting: 278 revisions left to test after this (roughly 8 steps)
[58618ef85546726cf27c38ddc1b022c703b7a6ad] net: nxp: Fix use correct return type for ndo_start_xmit()
testing commit 58618ef85546726cf27c38ddc1b022c703b7a6ad with gcc (GCC) 8.1.0
kernel signature: ae6c884a8d0bc2962fb2f2b6c88ae46b378032c13b40df62c088bd1a481dd750
all runs: OK
# git bisect good 58618ef85546726cf27c38ddc1b022c703b7a6ad
Bisecting: 150 revisions left to test after this (roughly 7 steps)
[cbb1404f65414130fb89e52a97b9d853d303dc5c] rtlwifi: rtl8188ee: remove Comparison to bool in rf.c
testing commit cbb1404f65414130fb89e52a97b9d853d303dc5c with gcc (GCC) 8.1.0
kernel signature: b7b24965c8b21ccf8f60b609d20bcd4996a9b8f723a10cab765d5e75d9bf94fe
all runs: OK
# git bisect good cbb1404f65414130fb89e52a97b9d853d303dc5c
Bisecting: 75 revisions left to test after this (roughly 6 steps)
[f30dcb7dcb1aa925dfc83923c580a53c975b754b] net: ipa: kill ipa_endpoint_stop()
testing commit f30dcb7dcb1aa925dfc83923c580a53c975b754b with gcc (GCC) 8.1.0
kernel signature: 0c5b7e39678be11efb1de598957d22a457f170de4ab6cebdb7d986e6ab4e64df
all runs: OK
# git bisect good f30dcb7dcb1aa925dfc83923c580a53c975b754b
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[d431f8939c1419854dfe89dd345387f5397c6edd] ath10k: remove the max_sched_scan_reqs value
testing commit d431f8939c1419854dfe89dd345387f5397c6edd with gcc (GCC) 8.1.0
kernel signature: e9d49cc8e458b5a55c5f0bf721096b126251f12348f05e060e8c8b20d8d24c8f
all runs: OK
# git bisect good d431f8939c1419854dfe89dd345387f5397c6edd
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[7f960633a458136d168f2049508d39cba8be55bd] net: encx24j600: make encx24j600_hw_init() return void
testing commit 7f960633a458136d168f2049508d39cba8be55bd with gcc (GCC) 8.1.0
kernel signature: d8ba6451bf1f094fe906fc44bc5df6c8e7a8c716704dacb956858a0f7d0e0236
all runs: OK
# git bisect good 7f960633a458136d168f2049508d39cba8be55bd
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[d7d43782d541edb8596d2f4fc7f41b0734948ec5] ath11k: fix kernel panic by freeing the msdu received with invalid length
testing commit d7d43782d541edb8596d2f4fc7f41b0734948ec5 with gcc (GCC) 8.1.0
kernel signature: b659505513026c6417c264c4d86c8edcecbca272531fc627ebe82705f976e76c
all runs: OK
# git bisect good d7d43782d541edb8596d2f4fc7f41b0734948ec5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[3031a86ebd3f9c818486dd7433f121c27ef23188] Merge branch 'Add-QRTR-MHI-client-driver'
testing commit 3031a86ebd3f9c818486dd7433f121c27ef23188 with gcc (GCC) 8.1.0
kernel signature: 1ea770a636ceb2b6808e726765421543d06125438c72baef3ca8509f9d010d50
all runs: crashed: general protection fault in qrtr_endpoint_post
# git bisect bad 3031a86ebd3f9c818486dd7433f121c27ef23188
Bisecting: 2 revisions left to test after this (roughly 1 step)
[0932969e0b1b6ba54028b35b80148302e8fe7db8] via-rhine: Add platform dependencies
testing commit 0932969e0b1b6ba54028b35b80148302e8fe7db8 with gcc (GCC) 8.1.0
kernel signature: 099146367a8a8a471580d4883ba9da1ef6ec1f5ce65baf2b55ed00e499408576
all runs: OK
# git bisect good 0932969e0b1b6ba54028b35b80148302e8fe7db8
Bisecting: 0 revisions left to test after this (roughly 1 step)
[e42671084361302141a09284fde9bbc14fdd16bf] net: qrtr: Do not depend on ARCH_QCOM
testing commit e42671084361302141a09284fde9bbc14fdd16bf with gcc (GCC) 8.1.0
kernel signature: 9fc983f0458d86a6da7c4a79845fab92f613ce8cc6f41e4dcca6ce644b0b5133
all runs: crashed: general protection fault in qrtr_endpoint_post
# git bisect bad e42671084361302141a09284fde9bbc14fdd16bf
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[6e728f321393b1fce9e1c2c3e55f9f7c15991321] net: qrtr: Add MHI transport layer
testing commit 6e728f321393b1fce9e1c2c3e55f9f7c15991321 with gcc (GCC) 8.1.0
kernel signature: 0dc0f3ef45dff448a7826dfac14b0ebbbfd3ac929d31436210bdd3405460d8c4
all runs: OK
# git bisect good 6e728f321393b1fce9e1c2c3e55f9f7c15991321
e42671084361302141a09284fde9bbc14fdd16bf is the first bad commit
commit e42671084361302141a09284fde9bbc14fdd16bf
Author: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Date:   Thu May 7 18:23:06 2020 +0530

    net: qrtr: Do not depend on ARCH_QCOM
    
    IPC Router protocol is also used by external modems for exchanging the QMI
    messages. Hence, it doesn't always depend on Qualcomm platforms. One such
    instance is the QCA6390 WLAN device connected to x86 machine.
    
    Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
    Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/qrtr/Kconfig | 1 -
 1 file changed, 1 deletion(-)
culprit signature: 9fc983f0458d86a6da7c4a79845fab92f613ce8cc6f41e4dcca6ce644b0b5133
parent  signature: 0dc0f3ef45dff448a7826dfac14b0ebbbfd3ac929d31436210bdd3405460d8c4
revisions tested: 17, total time: 3h59m47.195346057s (build: 1h46m12.457133786s, test: 2h11m27.365190813s)
first bad commit: e42671084361302141a09284fde9bbc14fdd16bf net: qrtr: Do not depend on ARCH_QCOM
cc: ["bjorn.andersson@linaro.org" "davem@davemloft.net" "manivannan.sadhasivam@linaro.org"]
crash: general protection fault in qrtr_endpoint_post
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 8436 Comm: syz-executor.3 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:qrtr_endpoint_post+0x7c/0x1020 net/qrtr/qrtr.c:440
Code: 89 45 c8 e8 a6 db 76 fe 48 85 c0 48 89 45 d0 0f 84 ed 0b 00 00 48 89 da 4c 8b 45 c8 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 48 89 da 83 e2 07 38 d0 7f 08 84 c0 0f 85 71 0b 00 00
RSP: 0018:ffffc90009c1fc60 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000010 RCX: 1ffff11012ba8d1a
RDX: 0000000000000002 RSI: 0000000000000004 RDI: ffff888095d468d0
RBP: ffffc90009c1fcb0 R08: 0000000000000000 R09: ffffed10120e2e3d
R10: ffff8880907171e3 R11: ffffed10120e2e3c R12: 0000000000000010
R13: ffff8880a92bbc00 R14: ffff88809f829800 R15: ffff8880a92bbc00
FS:  00007fdd4b01c700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000788060 CR3: 00000000976cb000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 qrtr_tun_write_iter+0xc2/0x120 net/qrtr/tun.c:92
 call_write_iter include/linux/fs.h:1907 [inline]
 new_sync_write+0x417/0x6c0 fs/read_write.c:484
 vfs_write+0x18b/0x490 fs/read_write.c:559
 ksys_write+0xec/0x1c0 fs/read_write.c:612
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45cb99
Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fdd4b01bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050de00 RCX: 000000000045cb99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000d1e R14: 00000000004cf7ed R15: 00007fdd4b01c6d4
Modules linked in:
---[ end trace 86a7cb8395511720 ]---
RIP: 0010:qrtr_endpoint_post+0x7c/0x1020 net/qrtr/qrtr.c:440
Code: 89 45 c8 e8 a6 db 76 fe 48 85 c0 48 89 45 d0 0f 84 ed 0b 00 00 48 89 da 4c 8b 45 c8 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 48 89 da 83 e2 07 38 d0 7f 08 84 c0 0f 85 71 0b 00 00
RSP: 0018:ffffc90009c1fc60 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000010 RCX: 1ffff11012ba8d1a
RDX: 0000000000000002 RSI: 0000000000000004 RDI: ffff888095d468d0
RBP: ffffc90009c1fcb0 R08: 0000000000000000 R09: ffffed10120e2e3d
R10: ffff8880907171e3 R11: ffffed10120e2e3c R12: 0000000000000010
R13: ffff8880a92bbc00 R14: ffff88809f829800 R15: ffff8880a92bbc00
FS:  00007fdd4b01c700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000788060 CR3: 00000000976cb000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400