bisecting fixing commit since 87335852c5d9ec629f80bb2257b9a9945962b719
building syzkaller on c42a35e9053074ec924558e4aa4077ac0d86cfff
testing commit 87335852c5d9ec629f80bb2257b9a9945962b719 with gcc (GCC) 8.4.1 20210217
kernel signature: fe115f6d305f93ddbfeb690c7f1fac531852f83ed5baf2d96e817680686f9c97
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
testing current HEAD bd634aa6416382439890b78f7be0023020a86207
testing commit bd634aa6416382439890b78f7be0023020a86207 with gcc (GCC) 8.4.1 20210217
kernel signature: 4c0db7229af9d1158789006fa239f73a6518c0d9bb05d0a02a915ccb241c23fd
all runs: OK
# git bisect start bd634aa6416382439890b78f7be0023020a86207 87335852c5d9ec629f80bb2257b9a9945962b719
Bisecting: 566 revisions left to test after this (roughly 9 steps)
[b64c11166e3a9d8f832537581832844beb974cb1] drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs

testing commit b64c11166e3a9d8f832537581832844beb974cb1 with gcc (GCC) 8.4.1 20210217
kernel signature: f0452d0544c9c892f0880cd97d94d2af106ced00357e7f9db3ccd5ebaebe7200
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
# git bisect good b64c11166e3a9d8f832537581832844beb974cb1
Bisecting: 283 revisions left to test after this (roughly 8 steps)
[fd9a5ca4df2ce459787db0249ac6b4896766e9c5] usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()

testing commit fd9a5ca4df2ce459787db0249ac6b4896766e9c5 with gcc (GCC) 8.4.1 20210217
kernel signature: 3f5fdf65399404e619d7855109a0f48ca21da5ae8c3cebfed5d1a4f7d6c5e63e
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
# git bisect good fd9a5ca4df2ce459787db0249ac6b4896766e9c5
Bisecting: 141 revisions left to test after this (roughly 7 steps)
[6f6cc57b02882a6d62a982716db80f4290d938d5] USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter

testing commit 6f6cc57b02882a6d62a982716db80f4290d938d5 with gcc (GCC) 8.4.1 20210217
kernel signature: 2b69e7bf5e03b1e4b00a0070e07b12080ac70a8f5f6e6e393821eacb3b5d6758
all runs: OK
# git bisect bad 6f6cc57b02882a6d62a982716db80f4290d938d5
Bisecting: 70 revisions left to test after this (roughly 6 steps)
[a70a4e8baa0b53b75299f07535e054804365c3fe] dm table: fix DAX iterate_devices based device capability checks

testing commit a70a4e8baa0b53b75299f07535e054804365c3fe with gcc (GCC) 8.4.1 20210217
kernel signature: ae1b2fcd5dcbd9e50cd614835fffcf58dacc3db5e32bae1570751603cdd5dc65
all runs: OK
# git bisect bad a70a4e8baa0b53b75299f07535e054804365c3fe
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[9a1e55f23ed1a85e189b70011ebc9330735f3e7d] media: mceusb: sanity check for prescaler value

testing commit 9a1e55f23ed1a85e189b70011ebc9330735f3e7d with gcc (GCC) 8.4.1 20210217
kernel signature: 3343911e3f218ded3b55e0bd9884359c0820d117a7377e9c8c73efe493956f2b
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
# git bisect good 9a1e55f23ed1a85e189b70011ebc9330735f3e7d
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[9f683fd7d2bb01b8f8346e3039cc5d063ebe83fd] parisc: Bump 64-bit IRQ stack size to 64 KB

testing commit 9f683fd7d2bb01b8f8346e3039cc5d063ebe83fd with gcc (GCC) 8.4.1 20210217
kernel signature: 4017b697f8a9979e811b1d54e3e9164b5bfb8580747394ab2b750a0cbc17deb0
all runs: OK
# git bisect bad 9f683fd7d2bb01b8f8346e3039cc5d063ebe83fd
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[b79e5277d637099ce5c924f3b32b1ee7e704e459] vt/consolemap: do font sum unsigned

testing commit b79e5277d637099ce5c924f3b32b1ee7e704e459 with gcc (GCC) 8.4.1 20210217
kernel signature: 24333264bb67c161f6cde3da850a0a0fd4081412d0686db1e5ccd50fa8d194cc
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
# git bisect good b79e5277d637099ce5c924f3b32b1ee7e704e459
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[1dbf9f2b284167ae19bd037f6e1bfb0a28b13721] x86/build: Treat R_386_PLT32 relocation as R_386_PC32

testing commit 1dbf9f2b284167ae19bd037f6e1bfb0a28b13721 with gcc (GCC) 8.4.1 20210217
kernel signature: a75cc572dec9e1d3225e2cfc65162545528247429eb30bf7ad5970820c2b4dfb
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data
# git bisect good 1dbf9f2b284167ae19bd037f6e1bfb0a28b13721
Bisecting: 2 revisions left to test after this (roughly 1 step)
[8f78d999ce48b6fa466c14e1669e2d9f671d3df0] staging: most: sound: add sanity check for function argument

testing commit 8f78d999ce48b6fa466c14e1669e2d9f671d3df0 with gcc (GCC) 8.4.1 20210217
kernel signature: efaee0b738c5d0922e96ae525bc3e3e1bc849b396912aee682bbf7f4ab6d010d
all runs: OK
# git bisect bad 8f78d999ce48b6fa466c14e1669e2d9f671d3df0
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2f642a2b33655f6495ce3640f44be76b0145aede] Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data

testing commit 2f642a2b33655f6495ce3640f44be76b0145aede with gcc (GCC) 8.4.1 20210217
kernel signature: efaee0b738c5d0922e96ae525bc3e3e1bc849b396912aee682bbf7f4ab6d010d
all runs: OK
# git bisect bad 2f642a2b33655f6495ce3640f44be76b0145aede
2f642a2b33655f6495ce3640f44be76b0145aede is the first bad commit
commit 2f642a2b33655f6495ce3640f44be76b0145aede
Author: Gopal Tiwari <gtiwari@redhat.com>
Date:   Tue Feb 2 15:12:30 2021 +0530

    Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    
    [ Upstream commit e8bd76ede155fd54d8c41d045dda43cd3174d506 ]
    
    kernel panic trace looks like:
    
     #5 [ffffb9e08698fc80] do_page_fault at ffffffffb666e0d7
     #6 [ffffb9e08698fcb0] page_fault at ffffffffb70010fe
        [exception RIP: amp_read_loc_assoc_final_data+63]
        RIP: ffffffffc06ab54f  RSP: ffffb9e08698fd68  RFLAGS: 00010246
        RAX: 0000000000000000  RBX: ffff8c8845a5a000  RCX: 0000000000000004
        RDX: 0000000000000000  RSI: ffff8c8b9153d000  RDI: ffff8c8845a5a000
        RBP: ffffb9e08698fe40   R8: 00000000000330e0   R9: ffffffffc0675c94
        R10: ffffb9e08698fe58  R11: 0000000000000001  R12: ffff8c8b9cbf6200
        R13: 0000000000000000  R14: 0000000000000000  R15: ffff8c8b2026da0b
        ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
     #7 [ffffb9e08698fda8] hci_event_packet at ffffffffc0676904 [bluetooth]
     #8 [ffffb9e08698fe50] hci_rx_work at ffffffffc06629ac [bluetooth]
     #9 [ffffb9e08698fe98] process_one_work at ffffffffb66f95e7
    
    hcon->amp_mgr seems NULL triggered kernel panic in following line inside
    function amp_read_loc_assoc_final_data
    
            set_bit(READ_LOC_AMP_ASSOC_FINAL, &mgr->state);
    
    Fixed by checking NULL for mgr.
    
    Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 net/bluetooth/amp.c | 3 +++
 1 file changed, 3 insertions(+)

culprit signature: efaee0b738c5d0922e96ae525bc3e3e1bc849b396912aee682bbf7f4ab6d010d
parent  signature: a75cc572dec9e1d3225e2cfc65162545528247429eb30bf7ad5970820c2b4dfb
revisions tested: 12, total time: 2h53m44.982679737s (build: 1h42m50.445703058s, test: 1h9m25.457043426s)
first good commit: 2f642a2b33655f6495ce3640f44be76b0145aede Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
recipients (to): ["gtiwari@redhat.com" "marcel@holtmann.org" "sashal@kernel.org"]
recipients (cc): []