bisecting fixing commit since d7e78d08fa77acdea351c8f628f49ca9a0e1029a
building syzkaller on 318430cbb3b2ceefe51518ecccabbdabb32ffe3b
testing commit d7e78d08fa77acdea351c8f628f49ca9a0e1029a with gcc (GCC) 8.1.0
kernel signature: 457efa3eca3c32e92d78ba7026b454b275f1c7127241a846c1d8567f59ec0c25
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
testing current HEAD 1752938529c614a8ed4432ecce6ebc95d3b87207
testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.1.0
kernel signature: 1cb003fae2978545c0bced2b0fe8c300e4a42c2110034688cdcb7086c6836afe
all runs: OK
# git bisect start 1752938529c614a8ed4432ecce6ebc95d3b87207 d7e78d08fa77acdea351c8f628f49ca9a0e1029a
Bisecting: 698 revisions left to test after this (roughly 10 steps)
[cd1d81f44541e99e75df66197d14f5f167ca5d05] scsi: qedi: Fix list_del corruption while removing active I/O

testing commit cd1d81f44541e99e75df66197d14f5f167ca5d05 with gcc (GCC) 8.1.0
kernel signature: e797fb7e7a129a60355d988ddb043bd7a8a6776e1da62fb9ed4d229b1b05aefd
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good cd1d81f44541e99e75df66197d14f5f167ca5d05
Bisecting: 349 revisions left to test after this (roughly 9 steps)
[85bbd80380ca0f876b0a4853e0dfbd80ecb9bdea] xtensa: disable preemption around cache alias management calls

testing commit 85bbd80380ca0f876b0a4853e0dfbd80ecb9bdea with gcc (GCC) 8.1.0
kernel signature: 46ed1aafede18780e3bc0c8b442548466912b203a157f6f1df0d60cb182708d9
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 85bbd80380ca0f876b0a4853e0dfbd80ecb9bdea
Bisecting: 174 revisions left to test after this (roughly 8 steps)
[579f8b9015bd14a67f5b32245e1a30a479833d44] soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()

testing commit 579f8b9015bd14a67f5b32245e1a30a479833d44 with gcc (GCC) 8.1.0
kernel signature: 28eb14425fab5829ee8a60145ad06d809c552fc82ad06897bd7d77bb37c67ddd
all runs: OK
# git bisect bad 579f8b9015bd14a67f5b32245e1a30a479833d44
Bisecting: 87 revisions left to test after this (roughly 7 steps)
[3f517f819096b36bc49e77bd8f7aee7fd4ac943a] USB: serial: option: add support for Thales Cinterion EXS82

testing commit 3f517f819096b36bc49e77bd8f7aee7fd4ac943a with gcc (GCC) 8.1.0
kernel signature: cb22948f618d53e5bbc22ec5284088276b0df8c0fa84cb3a752d382d0613dbae
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 3f517f819096b36bc49e77bd8f7aee7fd4ac943a
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[213da138fe3d529ebfef5c187c1b391afc8e6513] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux

testing commit 213da138fe3d529ebfef5c187c1b391afc8e6513 with gcc (GCC) 8.1.0
kernel signature: 3163bcd14980044d68b5e2a354e21aa714b791ec489b019903875e7443ce9870
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 213da138fe3d529ebfef5c187c1b391afc8e6513
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[951481c52a94ba646e35b99fdb93177ab580555b] vxlan: Add needed_headroom for lower device

testing commit 951481c52a94ba646e35b99fdb93177ab580555b with gcc (GCC) 8.1.0
kernel signature: 654e4c83a1172657c6cccc37e3a9f8310df7a635b2144ded2d23baa1463fb676
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 951481c52a94ba646e35b99fdb93177ab580555b
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[27ea2f575c847ca63de8fb4da8ec831baab23227] ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU

testing commit 27ea2f575c847ca63de8fb4da8ec831baab23227 with gcc (GCC) 8.1.0
kernel signature: 3647b2c2d34fc61c2ea4dc9004db38e76eb0bc33d71b2d4818194a87339b00ba
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 27ea2f575c847ca63de8fb4da8ec831baab23227
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[a9c625fcddc078624e1e7a673443b29c71be3431] quota: Sanity-check quota file headers on load

testing commit a9c625fcddc078624e1e7a673443b29c71be3431 with gcc (GCC) 8.1.0
kernel signature: 897b94b6b320b555b86784bc1957d18ade1499ac21d1bd2247182315238a6af9
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good a9c625fcddc078624e1e7a673443b29c71be3431
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[13b25b55a2dd728fa5af9165a8c30433d5c799b2] md: fix a warning caused by a race between concurrent md_ioctl()s

testing commit 13b25b55a2dd728fa5af9165a8c30433d5c799b2 with gcc (GCC) 8.1.0
kernel signature: 04084bd0d7ef01f31e2cc8f4c348ce194f9558681ce9b2564d26dd0f3b962b76
all runs: crashed: KASAN: slab-out-of-bounds Read in hci_le_meta_evt
# git bisect good 13b25b55a2dd728fa5af9165a8c30433d5c799b2
Bisecting: 0 revisions left to test after this (roughly 1 step)
[5631c037547ff706fdcd67df51f8b1539eb1c976] drm/gma500: fix double free of gma_connector

testing commit 5631c037547ff706fdcd67df51f8b1539eb1c976 with gcc (GCC) 8.1.0
kernel signature: 28eb14425fab5829ee8a60145ad06d809c552fc82ad06897bd7d77bb37c67ddd
all runs: OK
# git bisect bad 5631c037547ff706fdcd67df51f8b1539eb1c976
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[7ee2cd49f7220b1069e23a65d3ab59526bda9821] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()

testing commit 7ee2cd49f7220b1069e23a65d3ab59526bda9821 with gcc (GCC) 8.1.0
kernel signature: 28eb14425fab5829ee8a60145ad06d809c552fc82ad06897bd7d77bb37c67ddd
all runs: OK
# git bisect bad 7ee2cd49f7220b1069e23a65d3ab59526bda9821
7ee2cd49f7220b1069e23a65d3ab59526bda9821 is the first bad commit
commit 7ee2cd49f7220b1069e23a65d3ab59526bda9821
Author: Peilin Ye <yepeilin.cs@gmail.com>
Date:   Wed Sep 9 03:17:00 2020 -0400

    Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
    
    commit f7e0e8b2f1b0a09b527885babda3e912ba820798 upstream.
    
    `num_reports` is not being properly checked. A malformed event packet with
    a large `num_reports` number makes hci_le_direct_adv_report_evt() read out
    of bounds. Fix it.
    
    Cc: stable@vger.kernel.org
    Fixes: 2f010b55884e ("Bluetooth: Add support for handling LE Direct Advertising Report events")
    Reported-and-tested-by: syzbot+24ebd650e20bd263ca01@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=24ebd650e20bd263ca01
    Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 net/bluetooth/hci_event.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

culprit signature: 28eb14425fab5829ee8a60145ad06d809c552fc82ad06897bd7d77bb37c67ddd
parent  signature: 04084bd0d7ef01f31e2cc8f4c348ce194f9558681ce9b2564d26dd0f3b962b76
revisions tested: 13, total time: 2h48m0.373744218s (build: 1h47m57.814300403s, test: 58m55.183378754s)
first good commit: 7ee2cd49f7220b1069e23a65d3ab59526bda9821 Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
recipients (to): ["gregkh@linuxfoundation.org" "marcel@holtmann.org" "syzbot+24ebd650e20bd263ca01@syzkaller.appspotmail.com" "yepeilin.cs@gmail.com"]
recipients (cc): []