bisecting fixing commit since b850307b279cbd12ab8c654d1a3dfe55319cc475 building syzkaller on edf162e8c360dd578d20a86c4ad79b54747a2d64 testing commit b850307b279cbd12ab8c654d1a3dfe55319cc475 with gcc (GCC) 8.1.0 kernel signature: 7578b76142d00e8293421fd44f78262c9e73dd648bd5f92c40bc9e1c4eddc2b9 all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet testing current HEAD cbfa1702aaf69b2311ea1b35e04f113c48368c67 testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.1.0 kernel signature: c172360ff92acd47cb5af083114e87709d426d7ad611da3de698eb40e6c51ff5 all runs: OK # git bisect start cbfa1702aaf69b2311ea1b35e04f113c48368c67 b850307b279cbd12ab8c654d1a3dfe55319cc475 Bisecting: 573 revisions left to test after this (roughly 9 steps) [08f7ddd309d05e52f33859f378758d4e82d0d3c6] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout testing commit 08f7ddd309d05e52f33859f378758d4e82d0d3c6 with gcc (GCC) 8.1.0 kernel signature: b360a0dcf74fab62cb00f805074e4e6ee9c924372235d2ca47e78687bfc17768 all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good 08f7ddd309d05e52f33859f378758d4e82d0d3c6 Bisecting: 286 revisions left to test after this (roughly 8 steps) [0ca974e9e527afb1e9941f5f13c0cecac8d2b7b6] parisc: Implement __smp_store_release and __smp_load_acquire barriers testing commit 0ca974e9e527afb1e9941f5f13c0cecac8d2b7b6 with gcc (GCC) 8.1.0 kernel signature: b2f8c7a45198a68d85a6729174a8ef5a6c0be3364621d1e7cc503384dd1ebb53 all runs: OK # git bisect bad 0ca974e9e527afb1e9941f5f13c0cecac8d2b7b6 Bisecting: 143 revisions left to test after this (roughly 7 steps) [1452c5ffe79f34ded327310a84a67d653a00e68e] leds: da903x: fix use-after-free on unbind testing commit 1452c5ffe79f34ded327310a84a67d653a00e68e with gcc (GCC) 8.1.0 kernel signature: 15747e64eb4846c6e5e786c173521d3e5febcd70adc698e13d1ccd42b5d94abb all runs: OK # git bisect bad 1452c5ffe79f34ded327310a84a67d653a00e68e Bisecting: 71 revisions left to test after this (roughly 6 steps) [3a156abd24346a3188eb7e88cf86386a409e0d02] scsi: libsas: direct call probe and destruct testing commit 3a156abd24346a3188eb7e88cf86386a409e0d02 with gcc (GCC) 8.1.0 kernel signature: 5af22097e4bf3a79279c2258c2da072b3c97d17b16531d9bc91c471dfe2da1d0 all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good 3a156abd24346a3188eb7e88cf86386a409e0d02 Bisecting: 35 revisions left to test after this (roughly 5 steps) [9358267414ca4cefc73ddc29542ec5b1433cd3de] usb: hso: Fix debug compile warning on sparc32 testing commit 9358267414ca4cefc73ddc29542ec5b1433cd3de with gcc (GCC) 8.1.0 kernel signature: dda514f5b787a4f5ed4fb89df22e85f3d77fea37b6784c56ed15307438affc85 all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good 9358267414ca4cefc73ddc29542ec5b1433cd3de Bisecting: 17 revisions left to test after this (roughly 4 steps) [baf191c492c6592430ce684fb3464120d47d11f9] ext4: fix direct I/O read error testing commit baf191c492c6592430ce684fb3464120d47d11f9 with gcc (GCC) 8.1.0 kernel signature: f64ffeea842c99d1afa9cfe1c4754b2715a00b2977dab69cd3849fb045b74bc5 all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good baf191c492c6592430ce684fb3464120d47d11f9 Bisecting: 8 revisions left to test after this (roughly 3 steps) [79c70607e5403d31d267e31a1a34e5334318326d] staging: android: ashmem: Fix lockdep warning for write operation testing commit 79c70607e5403d31d267e31a1a34e5334318326d with gcc (GCC) 8.1.0 kernel signature: a401ce83de28f4fd9df2da91e2d315f1ee05cafddf2e7a45c8093a574ef6333f all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good 79c70607e5403d31d267e31a1a34e5334318326d Bisecting: 4 revisions left to test after this (roughly 2 steps) [9a0cb0a6bc88bc4684d7b1e8e8fc3892bb921ed1] omapfb: dss: Fix max fclk divider for omap36xx testing commit 9a0cb0a6bc88bc4684d7b1e8e8fc3892bb921ed1 with gcc (GCC) 8.1.0 kernel signature: 6dd36b3648298040573b1dd58e2c0b5506af861049105d65d81205bdc212b714 all runs: OK # git bisect bad 9a0cb0a6bc88bc4684d7b1e8e8fc3892bb921ed1 Bisecting: 1 revision left to test after this (roughly 1 step) [8b0861f956f65f063662f9553a4dcad574a95b37] Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() testing commit 8b0861f956f65f063662f9553a4dcad574a95b37 with gcc (GCC) 8.1.0 kernel signature: bd1169dfd9c27ca6ba3bf29f28ceee0b25f0ff45e061af0bbf60ce9fc0ab122d all runs: crashed: KASAN: slab-out-of-bounds Read in hci_event_packet # git bisect good 8b0861f956f65f063662f9553a4dcad574a95b37 Bisecting: 0 revisions left to test after this (roughly 0 steps) [68bb9eddbf5da767131079325b2097341ab05dca] Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() testing commit 68bb9eddbf5da767131079325b2097341ab05dca with gcc (GCC) 8.1.0 kernel signature: 99f2b4ceec2e8c830e1910f5f09af1e4534ba10280bc3bd57228f724628538d8 all runs: OK # git bisect bad 68bb9eddbf5da767131079325b2097341ab05dca 68bb9eddbf5da767131079325b2097341ab05dca is the first bad commit commit 68bb9eddbf5da767131079325b2097341ab05dca Author: Peilin Ye Date: Fri Jul 10 17:45:26 2020 -0400 Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() commit 629b49c848ee71244203934347bd7730b0ddee8d upstream. Check `num_rsp` before using it as for-loop counter. Add `unlock` label. Cc: stable@vger.kernel.org Signed-off-by: Peilin Ye Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman net/bluetooth/hci_event.c | 7 +++++++ 1 file changed, 7 insertions(+) culprit signature: 99f2b4ceec2e8c830e1910f5f09af1e4534ba10280bc3bd57228f724628538d8 parent signature: bd1169dfd9c27ca6ba3bf29f28ceee0b25f0ff45e061af0bbf60ce9fc0ab122d revisions tested: 12, total time: 2h50m34.17681379s (build: 1h35m1.496150094s, test: 1h14m24.071386565s) first good commit: 68bb9eddbf5da767131079325b2097341ab05dca Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() recipients (to): ["gregkh@linuxfoundation.org" "marcel@holtmann.org" "yepeilin.cs@gmail.com"] recipients (cc): []