bisecting fixing commit since 47ec5303d73ea344e84f46660fff693c57641386 building syzkaller on 1f122f880fe2064d038c0152fbdc763974580f15 testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: 446294d9cb05af70d89a83ae971d1b511dbc9f95482ca1aa4b035aa5cb3fbcbe run #0: crashed: WARNING: ODEBUG bug in hci_conn_del run #1: crashed: WARNING: ODEBUG bug in hci_conn_del run #2: crashed: WARNING: ODEBUG bug in hci_conn_del run #3: crashed: WARNING: ODEBUG bug in hci_conn_del run #4: crashed: WARNING: ODEBUG bug in hci_conn_del run #5: crashed: WARNING: ODEBUG bug in hci_conn_del run #6: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #7: crashed: WARNING: ODEBUG bug in hci_conn_del run #8: crashed: WARNING: ODEBUG bug in hci_conn_del run #9: crashed: WARNING: ODEBUG bug in hci_conn_del testing current HEAD d01e7f10dae29eba0f9ada82b65d24e035d5b2f9 testing commit d01e7f10dae29eba0f9ada82b65d24e035d5b2f9 with gcc (GCC) 8.1.0 kernel signature: 85e8950596c83a37b016071b2394ed74d2cb0e7a4f7de7a3c83f324134ecccd1 all runs: OK # git bisect start d01e7f10dae29eba0f9ada82b65d24e035d5b2f9 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 17915 revisions left to test after this (roughly 14 steps) [4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0 kernel signature: 300c68d575becd411f9d89c90de1e8066d4c56c0fe9bdb33b698f63eb79964a4 all runs: crashed: WARNING: ODEBUG bug in hci_conn_del # git bisect good 4d0e9df5e43dba52d38b251e3b909df8fa1110be Bisecting: 8957 revisions left to test after this (roughly 13 steps) [823b3169fbfc23816dd575214a06864cbcb0454b] drm/amd/display: enable pipe power gating by default testing commit 823b3169fbfc23816dd575214a06864cbcb0454b with gcc (GCC) 8.1.0 kernel signature: 73172f1c94475abf6a214207a6195425164999dcb6b02da65383d7d6d8859790 all runs: crashed: WARNING: ODEBUG bug in hci_conn_del # git bisect good 823b3169fbfc23816dd575214a06864cbcb0454b Bisecting: 4914 revisions left to test after this (roughly 12 steps) [15b447361794271f4d03c04d82276a841fe06328] mm/lru: revise the comments of lru_lock testing commit 15b447361794271f4d03c04d82276a841fe06328 with gcc (GCC) 8.1.0 kernel signature: f69e7e7e71105274717a3348cf3cac700797f6da04c8c43d941c02f82021c252 run #0: crashed: WARNING: ODEBUG bug in hci_conn_del run #1: crashed: WARNING: ODEBUG bug in hci_conn_del run #2: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #3: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #4: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #5: crashed: general protection fault in if_nlmsg_size run #6: crashed: WARNING: ODEBUG bug in hci_conn_del run #7: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #8: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #9: crashed: WARNING in hci_conn_timeout # git bisect good 15b447361794271f4d03c04d82276a841fe06328 Bisecting: 2319 revisions left to test after this (roughly 11 steps) [c367caf1a38b6f0a1aababafd88b00fefa625f9e] Merge tag 'sound-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit c367caf1a38b6f0a1aababafd88b00fefa625f9e with gcc (GCC) 8.1.0 kernel signature: 9568bb5ac3a61d1b7e6a1878f10c9840de5046c9414915f4ca87f7afc04d28f9 all runs: OK # git bisect bad c367caf1a38b6f0a1aababafd88b00fefa625f9e Bisecting: 1330 revisions left to test after this (roughly 10 steps) [fdd8b8249ef819958decd9b0ff2c0e52f9d20ae6] dpaa_eth: fix build errorr in dpaa_fq_init testing commit fdd8b8249ef819958decd9b0ff2c0e52f9d20ae6 with gcc (GCC) 8.1.0 kernel signature: 3af34945726ad8acdda3051ca4cc054cc4edae171a1207dfc81e318540563ece all runs: crashed: WARNING: ODEBUG bug in hci_conn_del # git bisect good fdd8b8249ef819958decd9b0ff2c0e52f9d20ae6 Bisecting: 617 revisions left to test after this (roughly 9 steps) [e5795aacd71b697c739f2d193b0e275993d93187] Merge tag 'wireless-drivers-next-2020-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit e5795aacd71b697c739f2d193b0e275993d93187 with gcc (GCC) 8.1.0 kernel signature: a7045f0720fcbd94f3f245a9a27f185a6f2eab3cf3ab46caea6470859aa6a078 all runs: OK # git bisect bad e5795aacd71b697c739f2d193b0e275993d93187 Bisecting: 356 revisions left to test after this (roughly 9 steps) [ea6d5c924e391872d402acac38461a5f8261e57f] net: dsa: mt7530: support setting ageing time testing commit ea6d5c924e391872d402acac38461a5f8261e57f with gcc (GCC) 8.1.0 kernel signature: 47218d0139544d79eb046be42f67207fafee8fb8faae730cb5c31962dc943f61 all runs: OK # git bisect bad ea6d5c924e391872d402acac38461a5f8261e57f Bisecting: 173 revisions left to test after this (roughly 8 steps) [9eb597c74483ad5c230a884449069adfb68285ea] Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git testing commit 9eb597c74483ad5c230a884449069adfb68285ea with gcc (GCC) 8.1.0 kernel signature: b6229b2fcba5001dd9d1dea29e0f15452757f491a24c2c71de28ee1fb811ca04 run #0: crashed: WARNING: ODEBUG bug in hci_conn_del run #1: crashed: WARNING: ODEBUG bug in hci_conn_del run #2: crashed: WARNING: ODEBUG bug in hci_conn_del run #3: crashed: WARNING: ODEBUG bug in hci_conn_del run #4: crashed: WARNING: ODEBUG bug in hci_conn_del run #5: crashed: WARNING: ODEBUG bug in hci_conn_del run #6: crashed: WARNING: ODEBUG bug in hci_conn_del run #7: crashed: WARNING: ODEBUG bug in hci_conn_del run #8: crashed: WARNING: ODEBUG bug in hci_conn_del run #9: crashed: BUG: unable to handle kernel paging request in kernel_execve # git bisect good 9eb597c74483ad5c230a884449069adfb68285ea Bisecting: 86 revisions left to test after this (roughly 7 steps) [0c4accc41cb56e527c8c049f5495af9f3d6bef7e] net/mlx5: Fix passing zero to 'PTR_ERR' testing commit 0c4accc41cb56e527c8c049f5495af9f3d6bef7e with gcc (GCC) 8.1.0 kernel signature: 3b3b036c86a5a9922af668e66a76b392164d2752d159941a2f62edaa8b024645 all runs: crashed: WARNING: ODEBUG bug in hci_conn_del # git bisect good 0c4accc41cb56e527c8c049f5495af9f3d6bef7e Bisecting: 43 revisions left to test after this (roughly 6 steps) [9a93b8b8eee4ac971a1ac120a2be7a66b7fa5b68] Bluetooth: btusb: Define a function to construct firmware filename testing commit 9a93b8b8eee4ac971a1ac120a2be7a66b7fa5b68 with gcc (GCC) 8.1.0 kernel signature: 8252768a4c38f24e21726a4b2f6c0d96b39e0694eb2447cf53d9591260aac339 all runs: OK # git bisect bad 9a93b8b8eee4ac971a1ac120a2be7a66b7fa5b68 Bisecting: 21 revisions left to test after this (roughly 5 steps) [2be43abac5a839d44bf9d14716573ae0ac920f2b] Bluetooth: hci_qca: Wait for timeout during suspend testing commit 2be43abac5a839d44bf9d14716573ae0ac920f2b with gcc (GCC) 8.1.0 kernel signature: f2a57a3669e00947d17bcccbb8c6f2422313fb6f663136c51604262afaa40ac7 all runs: OK # git bisect bad 2be43abac5a839d44bf9d14716573ae0ac920f2b Bisecting: 10 revisions left to test after this (roughly 3 steps) [82493316507a720b6faa2ec23971c0ca89c6dcb0] Bluetooth: Move force_bredr_smp debugfs into hci_debugfs_create_bredr testing commit 82493316507a720b6faa2ec23971c0ca89c6dcb0 with gcc (GCC) 8.1.0 kernel signature: f4a2c7d0ab8417d11289caab20d6cbcdfd07266c715d6f757367ea6ff4fc12a5 all runs: OK # git bisect bad 82493316507a720b6faa2ec23971c0ca89c6dcb0 Bisecting: 4 revisions left to test after this (roughly 2 steps) [2943d8ede38310db932eb38f91aa1094b471058c] Bluetooth: Resume advertising after LE connection testing commit 2943d8ede38310db932eb38f91aa1094b471058c with gcc (GCC) 8.1.0 kernel signature: c14909462d2133c1f9e06580d259be0455fc6df3a52b9d15a71019b7a156c338 all runs: OK # git bisect bad 2943d8ede38310db932eb38f91aa1094b471058c Bisecting: 2 revisions left to test after this (roughly 1 step) [6dfccd13db2ff2b709ef60a50163925d477549aa] Bluetooth: Fix null pointer dereference in hci_event_packet() testing commit 6dfccd13db2ff2b709ef60a50163925d477549aa with gcc (GCC) 8.1.0 kernel signature: ec7cd6862c57d2968e43a22a3b2c1e89f91b9d2d87c426f8b447318d961b9739 all runs: OK # git bisect bad 6dfccd13db2ff2b709ef60a50163925d477549aa Bisecting: 0 revisions left to test after this (roughly 0 steps) [547801380ec7e6104ea679f599d03c342b4b39a0] Bluetooth: btqca: Add valid le states quirk testing commit 547801380ec7e6104ea679f599d03c342b4b39a0 with gcc (GCC) 8.1.0 kernel signature: 222e1264b789a3c97bf5d1b4253e821e53ea6db437153c30186a86c535c03c19 run #0: crashed: WARNING: ODEBUG bug in hci_conn_del run #1: crashed: WARNING: ODEBUG bug in cancel_delayed_work run #2: crashed: WARNING: ODEBUG bug in hci_conn_del run #3: crashed: WARNING: ODEBUG bug in hci_conn_del run #4: crashed: WARNING: ODEBUG bug in hci_conn_del run #5: crashed: WARNING: ODEBUG bug in hci_conn_del run #6: crashed: WARNING: ODEBUG bug in hci_conn_del run #7: crashed: WARNING: ODEBUG bug in hci_conn_del run #8: crashed: WARNING: ODEBUG bug in hci_conn_del run #9: crashed: WARNING: ODEBUG bug in hci_conn_del # git bisect good 547801380ec7e6104ea679f599d03c342b4b39a0 6dfccd13db2ff2b709ef60a50163925d477549aa is the first bad commit commit 6dfccd13db2ff2b709ef60a50163925d477549aa Author: Anmol Karn Date: Wed Sep 30 19:48:13 2020 +0530 Bluetooth: Fix null pointer dereference in hci_event_packet() AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called from hci_event_packet() and there is a possibility, that hcon->amp_mgr may not be found when accessing after initialization of hcon. - net/bluetooth/hci_event.c:4945 The bug seems to get triggered in this line: bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon; Fix it by adding a NULL check for the hcon->amp_mgr before checking the ev-status. Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt") Reported-and-tested-by: syzbot+0bef568258653cff272f@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f Signed-off-by: Anmol Karn Signed-off-by: Marcel Holtmann net/bluetooth/hci_event.c | 5 +++++ 1 file changed, 5 insertions(+) culprit signature: ec7cd6862c57d2968e43a22a3b2c1e89f91b9d2d87c426f8b447318d961b9739 parent signature: 222e1264b789a3c97bf5d1b4253e821e53ea6db437153c30186a86c535c03c19 revisions tested: 17, total time: 3h28m31.58377022s (build: 1h29m25.067457324s, test: 1h57m5.654371587s) first good commit: 6dfccd13db2ff2b709ef60a50163925d477549aa Bluetooth: Fix null pointer dereference in hci_event_packet() recipients (to): ["anmol.karan123@gmail.com" "marcel@holtmann.org" "syzbot+0bef568258653cff272f@syzkaller.appspotmail.com"] recipients (cc): []