bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217
building syzkaller on fc7735a27949755327024847e12dcc1b868bcb99
testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.1.0
kernel signature: 0cc2c1baf83d8c57a1e236fbb2a880aec4bc3988fa4421d8d58201ee8b611686
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing current HEAD c110fed0e606ff922d5cad8ab74ba9410ca41694
testing commit c110fed0e606ff922d5cad8ab74ba9410ca41694 with gcc (GCC) 8.1.0
kernel signature: 19759690bdf1a4319c499b42649deb68db2a569c96c10b26e2e9024e6fcf1abd
all runs: OK
# git bisect start c110fed0e606ff922d5cad8ab74ba9410ca41694 a1b977b49b66c75e6c51a515f6700371ae720217
Bisecting: 723 revisions left to test after this (roughly 10 steps)
[f0ec2cd03100ab287c9e5fce5ae56a76d6fc17a4] inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()

testing commit f0ec2cd03100ab287c9e5fce5ae56a76d6fc17a4 with gcc (GCC) 8.1.0
kernel signature: 147dfe638fb5348488a093f705755c21b0244e8ddbe38bc8befc99cebe1875f3
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: general protection fault in hci_phy_link_complete_evt
run #2: crashed: general protection fault in hci_phy_link_complete_evt
run #3: crashed: general protection fault in hci_phy_link_complete_evt
run #4: crashed: general protection fault in hci_phy_link_complete_evt
run #5: crashed: general protection fault in hci_phy_link_complete_evt
run #6: crashed: general protection fault in hci_phy_link_complete_evt
run #7: crashed: general protection fault in hci_phy_link_complete_evt
run #8: crashed: general protection fault in hci_phy_link_complete_evt
run #9: crashed: general protection fault in hci_phy_link_complete_evt
# git bisect good f0ec2cd03100ab287c9e5fce5ae56a76d6fc17a4
Bisecting: 361 revisions left to test after this (roughly 9 steps)
[5173b3900126b1d8b75331a3528c2ae8eebb7ae5] Input: ads7846 - fix race that causes missing releases

testing commit 5173b3900126b1d8b75331a3528c2ae8eebb7ae5 with gcc (GCC) 8.1.0
kernel signature: 17d1ac117fe4ad1c0995b6fb1ecbf5193205907318a277d34d0e87e63d05b021
all runs: OK
# git bisect bad 5173b3900126b1d8b75331a3528c2ae8eebb7ae5
Bisecting: 180 revisions left to test after this (roughly 8 steps)
[212b9a2c54b4203a9b0bbf202aa886203d315371] USB: serial: kl5kusb105: fix memleak on open

testing commit 212b9a2c54b4203a9b0bbf202aa886203d315371 with gcc (GCC) 8.1.0
kernel signature: 1b0a0e9e1e4b22f2a177f302192f7ecfe81aa65de6e85fb623877f08fc9fdd9f
all runs: crashed: general protection fault in hci_phy_link_complete_evt
# git bisect good 212b9a2c54b4203a9b0bbf202aa886203d315371
Bisecting: 90 revisions left to test after this (roughly 7 steps)
[c8b506affe10d12e8fb71c3d69dc8f609d3a05ba] x86/resctrl: Remove unused struct mbm_state::chunks_bw

testing commit c8b506affe10d12e8fb71c3d69dc8f609d3a05ba with gcc (GCC) 8.1.0
kernel signature: 4cf27613645e2e23d6f23bbd3332728f8b40ce4fa5df797e7011b187e0dd09c1
all runs: crashed: general protection fault in hci_phy_link_complete_evt
# git bisect good c8b506affe10d12e8fb71c3d69dc8f609d3a05ba
Bisecting: 45 revisions left to test after this (roughly 6 steps)
[18a4a903b4684b420fb1facd496769f21a1cd1b1] drm/gma500: fix double free of gma_connector

testing commit 18a4a903b4684b420fb1facd496769f21a1cd1b1 with gcc (GCC) 8.1.0
kernel signature: 42f8223b39bef1617b885c089ebc05c8a5bec683590e01fbe161be9409bc3be2
all runs: crashed: general protection fault in hci_phy_link_complete_evt
# git bisect good 18a4a903b4684b420fb1facd496769f21a1cd1b1
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[4da6c1af4d3115b19092f0fd1267163ce91dc796] arm64: dts: exynos: Correct psci compatible used on Exynos7

testing commit 4da6c1af4d3115b19092f0fd1267163ce91dc796 with gcc (GCC) 8.1.0
kernel signature: 156720133b897e037d2ef1fe9413099f2a1dc7af30bbf9cfb584eace02316ce9
all runs: crashed: general protection fault in hci_phy_link_complete_evt
# git bisect good 4da6c1af4d3115b19092f0fd1267163ce91dc796
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838] RDMa/mthca: Work around -Wenum-conversion warning

testing commit 4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838 with gcc (GCC) 8.1.0
kernel signature: 520b01318942808726172b78cf490bb295c6f8d5019ea7e277ee2f710f2a28d5
all runs: OK
# git bisect bad 4b68c10dbf4d6d6a9e4f9604eb598dda3edaf838
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[2d40dbad5fb61bcbdd518dfa005eb1f994cb3ff7] spi: tegra20-sflash: fix reference leak in tegra_sflash_resume

testing commit 2d40dbad5fb61bcbdd518dfa005eb1f994cb3ff7 with gcc (GCC) 8.1.0
kernel signature: 520b01318942808726172b78cf490bb295c6f8d5019ea7e277ee2f710f2a28d5
all runs: OK
# git bisect bad 2d40dbad5fb61bcbdd518dfa005eb1f994cb3ff7
Bisecting: 2 revisions left to test after this (roughly 1 step)
[a15989ce987c3b112d5ec4fdabb755dbdc1d923b] Bluetooth: hci_h5: fix memory leak in h5_close

testing commit a15989ce987c3b112d5ec4fdabb755dbdc1d923b with gcc (GCC) 8.1.0
kernel signature: 520b01318942808726172b78cf490bb295c6f8d5019ea7e277ee2f710f2a28d5
all runs: OK
# git bisect bad a15989ce987c3b112d5ec4fdabb755dbdc1d923b
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[abae100355c011d14c75cabbf9eb773c231187ee] Bluetooth: Fix null pointer dereference in hci_event_packet()

testing commit abae100355c011d14c75cabbf9eb773c231187ee with gcc (GCC) 8.1.0
kernel signature: 90b2d8cf69b6d61451f5998d45696b0ddd1d959c93f63f410ae30e071a85cd56
all runs: OK
# git bisect bad abae100355c011d14c75cabbf9eb773c231187ee
abae100355c011d14c75cabbf9eb773c231187ee is the first bad commit
commit abae100355c011d14c75cabbf9eb773c231187ee
Author: Anmol Karn <anmol.karan123@gmail.com>
Date:   Wed Sep 30 19:48:13 2020 +0530

    Bluetooth: Fix null pointer dereference in hci_event_packet()
    
    [ Upstream commit 6dfccd13db2ff2b709ef60a50163925d477549aa ]
    
    AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called
    from hci_event_packet() and there is a possibility, that hcon->amp_mgr may
    not be found when accessing after initialization of hcon.
    
    - net/bluetooth/hci_event.c:4945
    The bug seems to get triggered in this line:
    
    bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
    
    Fix it by adding a NULL check for the hcon->amp_mgr before checking the ev-status.
    
    Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt")
    Reported-and-tested-by: syzbot+0bef568258653cff272f@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
    Signed-off-by: Anmol Karn <anmol.karan123@gmail.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 net/bluetooth/hci_event.c | 5 +++++
 1 file changed, 5 insertions(+)

culprit signature: 90b2d8cf69b6d61451f5998d45696b0ddd1d959c93f63f410ae30e071a85cd56
parent  signature: 156720133b897e037d2ef1fe9413099f2a1dc7af30bbf9cfb584eace02316ce9
revisions tested: 12, total time: 2h58m30.375056469s (build: 1h49m44.074870624s, test: 1h7m38.783899595s)
first good commit: abae100355c011d14c75cabbf9eb773c231187ee Bluetooth: Fix null pointer dereference in hci_event_packet()
recipients (to): ["anmol.karan123@gmail.com" "marcel@holtmann.org" "sashal@kernel.org" "syzbot+0bef568258653cff272f@syzkaller.appspotmail.com"]
recipients (cc): []