bisecting fixing commit since 31acccdc877486a649a86d37725a15175fcd5ed6 building syzkaller on 4a7fa9b416fd0a961793328a785666d6d2c5976d testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.1.0 kernel signature: 2200f95f580e42d1eac4374db083d77cba4b89e8eae9b2c2b6e83f1c337a9609 all runs: crashed: general protection fault in hci_phy_link_complete_evt testing current HEAD 43d555d83c3f1fb8168367ca5b47c3a6570ca487 testing commit 43d555d83c3f1fb8168367ca5b47c3a6570ca487 with gcc (GCC) 8.1.0 kernel signature: 658c83c5454eaee0fb682a0810d136cea0000deccff27c9c23a25a46e9bfa372 all runs: OK # git bisect start 43d555d83c3f1fb8168367ca5b47c3a6570ca487 31acccdc877486a649a86d37725a15175fcd5ed6 Bisecting: 443 revisions left to test after this (roughly 9 steps) [620974102ad8ed5641f805dfec7e75765c3d2df9] ARM: dts: aspeed: s2600wf: Fix VGA memory region location testing commit 620974102ad8ed5641f805dfec7e75765c3d2df9 with gcc (GCC) 8.1.0 kernel signature: 06795b84e9be0c02a5ab2f4795610d709d66c4d1d09ee930b00c6489aabbaaa6 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 620974102ad8ed5641f805dfec7e75765c3d2df9 Bisecting: 221 revisions left to test after this (roughly 8 steps) [c0d48a11c4210a3efdab371677c3986c00a7a680] iio:light:rpr0521: Fix timestamp alignment and prevent data leak. testing commit c0d48a11c4210a3efdab371677c3986c00a7a680 with gcc (GCC) 8.1.0 kernel signature: a114d84ac7caa734f041854912522984b48e8077873f46c1e7da9b10f66eba88 all runs: OK # git bisect bad c0d48a11c4210a3efdab371677c3986c00a7a680 Bisecting: 110 revisions left to test after this (roughly 7 steps) [63a217e524773e63c127a140ec8d5f4f859b67a2] nfsd: Fix message level for normal termination testing commit 63a217e524773e63c127a140ec8d5f4f859b67a2 with gcc (GCC) 8.1.0 kernel signature: bd0a2f3b589da51aedfd5826a35a01ea7bd33b4d28976735aeede18bff1b605b all runs: OK # git bisect bad 63a217e524773e63c127a140ec8d5f4f859b67a2 Bisecting: 55 revisions left to test after this (roughly 6 steps) [2bd2d5b8046be1b502ee0b295f7105a4a6bb4d7c] ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host testing commit 2bd2d5b8046be1b502ee0b295f7105a4a6bb4d7c with gcc (GCC) 8.1.0 kernel signature: 2a3951d60459e69ae8ae4e9ab36d1ac8cf5cf9b7381067c13d474dfd12558bbe all runs: OK # git bisect bad 2bd2d5b8046be1b502ee0b295f7105a4a6bb4d7c Bisecting: 27 revisions left to test after this (roughly 5 steps) [4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838] RDMa/mthca: Work around -Wenum-conversion warning testing commit 4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838 with gcc (GCC) 8.1.0 kernel signature: fc8af5f1d9092967a0636beff44ad42f9ae4f7cf1afe6247fcbebbe7bbc733be all runs: OK # git bisect bad 4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838 Bisecting: 13 revisions left to test after this (roughly 4 steps) [7d1c05ed878d35523db9786f4223903f50962136] ASoC: pcm: DRAIN support reactivation testing commit 7d1c05ed878d35523db9786f4223903f50962136 with gcc (GCC) 8.1.0 kernel signature: 020e119612ddbb95f4da95430eb1615675c17cd79dfcee315d38501448d7c746 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 7d1c05ed878d35523db9786f4223903f50962136 Bisecting: 6 revisions left to test after this (roughly 3 steps) [3c0f136a052c7e8392e9d5ace113900b7a9a3209] spi: tegra20-slink: fix reference leak in slink ops of tegra20 testing commit 3c0f136a052c7e8392e9d5ace113900b7a9a3209 with gcc (GCC) 8.1.0 kernel signature: fc8af5f1d9092967a0636beff44ad42f9ae4f7cf1afe6247fcbebbe7bbc733be all runs: OK # git bisect bad 3c0f136a052c7e8392e9d5ace113900b7a9a3209 Bisecting: 3 revisions left to test after this (roughly 2 steps) [4da6c1af4d3115b19092f0fd1267163ce91dc796] arm64: dts: exynos: Correct psci compatible used on Exynos7 testing commit 4da6c1af4d3115b19092f0fd1267163ce91dc796 with gcc (GCC) 8.1.0 kernel signature: da2f837887445c3a5df8ea5ca48f2a25a4686b6f436cdaa188433acb4b97cdf8 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 4da6c1af4d3115b19092f0fd1267163ce91dc796 Bisecting: 1 revision left to test after this (roughly 1 step) [a15989ce987c3b112d5ec4fdabb755dbdc1d923b] Bluetooth: hci_h5: fix memory leak in h5_close testing commit a15989ce987c3b112d5ec4fdabb755dbdc1d923b with gcc (GCC) 8.1.0 kernel signature: fc8af5f1d9092967a0636beff44ad42f9ae4f7cf1afe6247fcbebbe7bbc733be all runs: OK # git bisect bad a15989ce987c3b112d5ec4fdabb755dbdc1d923b Bisecting: 0 revisions left to test after this (roughly 0 steps) [abae100355c011d14c75cabbf9eb773c231187ee] Bluetooth: Fix null pointer dereference in hci_event_packet() testing commit abae100355c011d14c75cabbf9eb773c231187ee with gcc (GCC) 8.1.0 kernel signature: e6f614b9d6eb0d18ed99f4edb34a2a9860b3e472d3e1ebeaae4506a50791262e all runs: OK # git bisect bad abae100355c011d14c75cabbf9eb773c231187ee abae100355c011d14c75cabbf9eb773c231187ee is the first bad commit commit abae100355c011d14c75cabbf9eb773c231187ee Author: Anmol Karn Date: Wed Sep 30 19:48:13 2020 +0530 Bluetooth: Fix null pointer dereference in hci_event_packet() [ Upstream commit 6dfccd13db2ff2b709ef60a50163925d477549aa ] AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called from hci_event_packet() and there is a possibility, that hcon->amp_mgr may not be found when accessing after initialization of hcon. - net/bluetooth/hci_event.c:4945 The bug seems to get triggered in this line: bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon; Fix it by adding a NULL check for the hcon->amp_mgr before checking the ev-status. Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt") Reported-and-tested-by: syzbot+0bef568258653cff272f@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f Signed-off-by: Anmol Karn Signed-off-by: Marcel Holtmann Signed-off-by: Sasha Levin net/bluetooth/hci_event.c | 5 +++++ 1 file changed, 5 insertions(+) culprit signature: e6f614b9d6eb0d18ed99f4edb34a2a9860b3e472d3e1ebeaae4506a50791262e parent signature: da2f837887445c3a5df8ea5ca48f2a25a4686b6f436cdaa188433acb4b97cdf8 revisions tested: 12, total time: 3h3m44.210204282s (build: 1h40m32.681095903s, test: 1h22m0.568435481s) first good commit: abae100355c011d14c75cabbf9eb773c231187ee Bluetooth: Fix null pointer dereference in hci_event_packet() recipients (to): ["anmol.karan123@gmail.com" "marcel@holtmann.org" "sashal@kernel.org" "syzbot+0bef568258653cff272f@syzkaller.appspotmail.com"] recipients (cc): []