bisecting fixing commit since 5692097116094a4a7045abcc1dbc172dbdc5657e
building syzkaller on 749688d22abef3f3cb9a0480e15c19a3f2ed8e13
testing commit 5692097116094a4a7045abcc1dbc172dbdc5657e with gcc (GCC) 8.1.0
kernel signature: 251cbec5269277268cfa07167d5b9eae37471b841468afa077f54e52583998af
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
testing current HEAD 67957f12548c785d0e0b14fd104d2297f3a71835
testing commit 67957f12548c785d0e0b14fd104d2297f3a71835 with gcc (GCC) 8.1.0
kernel signature: 6da4acc78d774a2dd892c7e8cb86bfa078ee49d3b494560332ba67f5abbf74d4
all runs: OK
# git bisect start 67957f12548c785d0e0b14fd104d2297f3a71835 5692097116094a4a7045abcc1dbc172dbdc5657e
Bisecting: 1413 revisions left to test after this (roughly 11 steps)
[63581542724e148e5a82a62d11f859eb6a9a891c] bcache: fix refcount underflow in bcache_device_free()
testing commit 63581542724e148e5a82a62d11f859eb6a9a891c with gcc (GCC) 8.1.0
kernel signature: 857e4b6119b2d5104934d96776e511508f5140d1df0fe66e7a4cd9b0f8bb5c50
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good 63581542724e148e5a82a62d11f859eb6a9a891c
Bisecting: 706 revisions left to test after this (roughly 10 steps)
[70f61966ca82f68583463a1184968e5f9e6d5cc1] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
testing commit 70f61966ca82f68583463a1184968e5f9e6d5cc1 with gcc (GCC) 8.1.0
kernel signature: b79516a36ec83aa1be209f0e7e7b6dc2927c6b877a77831800c8d3c71a64cbb6
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good 70f61966ca82f68583463a1184968e5f9e6d5cc1
Bisecting: 353 revisions left to test after this (roughly 9 steps)
[e83f99c428000d5e347b953da8d539ee67113134] powerpc: Fix circular dependency between percpu.h and mmu.h
testing commit e83f99c428000d5e347b953da8d539ee67113134 with gcc (GCC) 8.1.0
kernel signature: 97d90ec06994901e5a3f8835901f3110b3f6baa8b0c84a02a02d18119e842a49
all runs: OK
# git bisect bad e83f99c428000d5e347b953da8d539ee67113134
Bisecting: 176 revisions left to test after this (roughly 8 steps)
[a9b01fdb9afc6e9886dcf2347f34f08fe63bc8ea] clk: scmi: Fix min and max rate when registering clocks with discrete rates
testing commit a9b01fdb9afc6e9886dcf2347f34f08fe63bc8ea with gcc (GCC) 8.1.0
kernel signature: b13cf0658f8ceb715de493fcfbab1711ecede5e3f87cb86f53e57232e1160ea8
all runs: OK
# git bisect bad a9b01fdb9afc6e9886dcf2347f34f08fe63bc8ea
Bisecting: 87 revisions left to test after this (roughly 7 steps)
[0535c43d369cf63e07a116a4c7e92d3b7b290806] mac80211: mesh: Free pending skb when destroying a mpath
testing commit 0535c43d369cf63e07a116a4c7e92d3b7b290806 with gcc (GCC) 8.1.0
kernel signature: ba63c6c844a57631ab369ead98124404be53da1e35cdc3a9f8d7637bbe1fe141
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good 0535c43d369cf63e07a116a4c7e92d3b7b290806
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[aa42be211646b790a061768587ce5af26d828eca] drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
testing commit aa42be211646b790a061768587ce5af26d828eca with gcc (GCC) 8.1.0
kernel signature: 15a45178d3408544afce4691444cf6310e8e79a6887fe1aeb2c8f2c73ab2665b
all runs: OK
# git bisect bad aa42be211646b790a061768587ce5af26d828eca
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[df9a9ac7a4614afa59fae8f7ad56b93fbab45d46] random32: move the pseudo-random 32-bit definitions to prandom.h
testing commit df9a9ac7a4614afa59fae8f7ad56b93fbab45d46 with gcc (GCC) 8.1.0
kernel signature: da4e3d8e72375342fdbb12ddebe246c3d526bf03180035243ab7c54767b45925
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good df9a9ac7a4614afa59fae8f7ad56b93fbab45d46
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[f2d6adb023fc32816d7962c29fd06d8cd71418ee] Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
testing commit f2d6adb023fc32816d7962c29fd06d8cd71418ee with gcc (GCC) 8.1.0
kernel signature: a88e6caf52ed97989d68b87ab2373338e7b77ac7f039d8d23f48dd36ed75645a
all runs: OK
# git bisect bad f2d6adb023fc32816d7962c29fd06d8cd71418ee
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[c2ea6fcfec3e05fbc5384737fb3eb623427bb30c] usb: xhci: define IDs for various ASMedia host controllers
testing commit c2ea6fcfec3e05fbc5384737fb3eb623427bb30c with gcc (GCC) 8.1.0
kernel signature: 5f14c3050dff26869f6ad83c17ab2e78951c17863f1456f93cffa5f1b9e255db
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good c2ea6fcfec3e05fbc5384737fb3eb623427bb30c
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[34f41d924fc8d5c482a95214581f0b5ede308ce9] ALSA: seq: oss: Serialize ioctls
testing commit 34f41d924fc8d5c482a95214581f0b5ede308ce9 with gcc (GCC) 8.1.0
kernel signature: 3cf9b794c0225864242f2b38268501f8c831fda79950b3b0764fd0da24188f80
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good 34f41d924fc8d5c482a95214581f0b5ede308ce9
Bisecting: 0 revisions left to test after this (roughly 1 step)
[8c4a649c20fec015ebb326f36b47d4e39d9ff5b7] Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
testing commit 8c4a649c20fec015ebb326f36b47d4e39d9ff5b7 with gcc (GCC) 8.1.0
kernel signature: f54a902a68762c2d2b38c2b75705e9e2847fe67e636cb6ba589d0acee0998d4c
all runs: OK
# git bisect bad 8c4a649c20fec015ebb326f36b47d4e39d9ff5b7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[fbe7e878fea059fb536ac55a8ec7fe72433a95dd] staging: android: ashmem: Fix lockdep warning for write operation
testing commit fbe7e878fea059fb536ac55a8ec7fe72433a95dd with gcc (GCC) 8.1.0
kernel signature: 25ec207e1454a3adcf7c7159816265ca036c2711afc2ac3d199bf2d1d8ef51f1
all runs: crashed: KASAN: slab-out-of-bounds Read in bacpy
# git bisect good fbe7e878fea059fb536ac55a8ec7fe72433a95dd
8c4a649c20fec015ebb326f36b47d4e39d9ff5b7 is the first bad commit
commit 8c4a649c20fec015ebb326f36b47d4e39d9ff5b7
Author: Peilin Ye <yepeilin.cs@gmail.com>
Date:   Fri Jul 10 12:09:15 2020 -0400

    Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    
    commit 51c19bf3d5cfaa66571e4b88ba2a6f6295311101 upstream.
    
    Check upon `num_rsp` is insufficient. A malformed event packet with a
    large `num_rsp` number makes hci_extended_inquiry_result_evt() go out
    of bounds. Fix it.
    
    This patch fixes the following syzbot bug:
    
        https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2
    
    Reported-by: syzbot+d8489a79b781849b9c46@syzkaller.appspotmail.com
    Cc: stable@vger.kernel.org
    Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
    Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 net/bluetooth/hci_event.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
culprit signature: f54a902a68762c2d2b38c2b75705e9e2847fe67e636cb6ba589d0acee0998d4c
parent  signature: 25ec207e1454a3adcf7c7159816265ca036c2711afc2ac3d199bf2d1d8ef51f1
revisions tested: 14, total time: 4h0m50.727694472s (build: 2h28m15.923149624s, test: 1h29m53.637830843s)
first good commit: 8c4a649c20fec015ebb326f36b47d4e39d9ff5b7 Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
recipients (to): ["gregkh@linuxfoundation.org" "marcel@holtmann.org" "yepeilin.cs@gmail.com"]
recipients (cc): []