bisecting fixing commit since 2b79150141611d3c6e1b55d4e70f49602482f0b8 building syzkaller on 8bc4594f832068a30c0eff44d468311780057d1f testing commit 2b79150141611d3c6e1b55d4e70f49602482f0b8 with gcc (GCC) 8.1.0 kernel signature: 39041f6a6cba9433ab8646c4b30181ee1c8abf81134882d46fd878946d175444 all runs: crashed: general protection fault in hci_phy_link_complete_evt testing current HEAD 2d2791fce891fc20709232d49a6bae075b9a77f8 testing commit 2d2791fce891fc20709232d49a6bae075b9a77f8 with gcc (GCC) 8.1.0 kernel signature: a5928d273722c949afd5bc8d5657e0f397e90bb37195cb8e8815af03802cad3b all runs: OK # git bisect start 2d2791fce891fc20709232d49a6bae075b9a77f8 2b79150141611d3c6e1b55d4e70f49602482f0b8 Bisecting: 424 revisions left to test after this (roughly 9 steps) [427d52697c4086efd6ad9975864be6d7cb107cf1] ALSA: hda/realtek - Add new codec supported for ALC897 testing commit 427d52697c4086efd6ad9975864be6d7cb107cf1 with gcc (GCC) 8.1.0 kernel signature: af12f3288092d6cc069f1e78537e8225ef1634e107a4a9a0a2196db26c477fde all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 427d52697c4086efd6ad9975864be6d7cb107cf1 Bisecting: 212 revisions left to test after this (roughly 8 steps) [d81fd62fe45f991ead9d9fb2b26b285a9a20a069] powerpc/perf: Exclude kernel samples while counting events in user space. testing commit d81fd62fe45f991ead9d9fb2b26b285a9a20a069 with gcc (GCC) 8.1.0 kernel signature: 560371254e146b166921a6f2b1cae87b817624441323f2b5ce7ce1e47db1159b all runs: OK # git bisect bad d81fd62fe45f991ead9d9fb2b26b285a9a20a069 Bisecting: 105 revisions left to test after this (roughly 7 steps) [070e410c4cbdc698e4dcca47cc741c87d69c411b] RDMa/mthca: Work around -Wenum-conversion warning testing commit 070e410c4cbdc698e4dcca47cc741c87d69c411b with gcc (GCC) 8.1.0 kernel signature: bf3356ddc39251b2e1c7f58c8730b35bb74e0f592e68fea98f061112ba559ffd all runs: OK # git bisect bad 070e410c4cbdc698e4dcca47cc741c87d69c411b Bisecting: 52 revisions left to test after this (roughly 6 steps) [d24e447e9127e11ec2d3e2bdbd067223d8186f3b] pinctrl: merrifield: Set default bias in case no particular value given testing commit d24e447e9127e11ec2d3e2bdbd067223d8186f3b with gcc (GCC) 8.1.0 kernel signature: 0915ec321686a87d92e5cec2a4eb25e3cb5030d349243f314884b928aaa355ed all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good d24e447e9127e11ec2d3e2bdbd067223d8186f3b Bisecting: 26 revisions left to test after this (roughly 5 steps) [37e7d9aa24bd40c62062df0fa1a0a2f245519d96] media: msi2500: assign SPI bus number dynamically testing commit 37e7d9aa24bd40c62062df0fa1a0a2f245519d96 with gcc (GCC) 8.1.0 kernel signature: d6b8a2eeea7452a7e2ce755b16ef91051d04d7fb4e84f7e441b3bd4c1072cc50 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 37e7d9aa24bd40c62062df0fa1a0a2f245519d96 Bisecting: 13 revisions left to test after this (roughly 4 steps) [1295b6d7e4c958c1667ea9641890c328ec5d822b] sched: Reenable interrupts in do_sched_yield() testing commit 1295b6d7e4c958c1667ea9641890c328ec5d822b with gcc (GCC) 8.1.0 kernel signature: 04cdcba6f570d2a63c0b4d86ea1c4d6b11de291d00a4482fff9e8e29b07aa480 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 1295b6d7e4c958c1667ea9641890c328ec5d822b Bisecting: 6 revisions left to test after this (roughly 3 steps) [1d0d30e1e5e6b846e919418111e9f2a959201179] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup testing commit 1d0d30e1e5e6b846e919418111e9f2a959201179 with gcc (GCC) 8.1.0 kernel signature: bf3356ddc39251b2e1c7f58c8730b35bb74e0f592e68fea98f061112ba559ffd all runs: OK # git bisect bad 1d0d30e1e5e6b846e919418111e9f2a959201179 Bisecting: 3 revisions left to test after this (roughly 2 steps) [00a2ac6000203a0dc7d6ebf6be4fe288445d90de] ASoC: pcm: DRAIN support reactivation testing commit 00a2ac6000203a0dc7d6ebf6be4fe288445d90de with gcc (GCC) 8.1.0 kernel signature: 04cdcba6f570d2a63c0b4d86ea1c4d6b11de291d00a4482fff9e8e29b07aa480 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 00a2ac6000203a0dc7d6ebf6be4fe288445d90de Bisecting: 1 revision left to test after this (roughly 1 step) [9054435396d7e99e6ddece2c8481afc5e0f418dd] arm64: dts: exynos: Correct psci compatible used on Exynos7 testing commit 9054435396d7e99e6ddece2c8481afc5e0f418dd with gcc (GCC) 8.1.0 kernel signature: a36380a3ad05d2710a152b602661730f239c304d701275ea34ea4083b078d122 all runs: crashed: general protection fault in hci_phy_link_complete_evt # git bisect good 9054435396d7e99e6ddece2c8481afc5e0f418dd Bisecting: 0 revisions left to test after this (roughly 0 steps) [4113f6f73f6e8d215609bde8c0c14ca9f8a476c5] Bluetooth: Fix null pointer dereference in hci_event_packet() testing commit 4113f6f73f6e8d215609bde8c0c14ca9f8a476c5 with gcc (GCC) 8.1.0 kernel signature: bf3356ddc39251b2e1c7f58c8730b35bb74e0f592e68fea98f061112ba559ffd all runs: OK # git bisect bad 4113f6f73f6e8d215609bde8c0c14ca9f8a476c5 4113f6f73f6e8d215609bde8c0c14ca9f8a476c5 is the first bad commit commit 4113f6f73f6e8d215609bde8c0c14ca9f8a476c5 Author: Anmol Karn Date: Wed Sep 30 19:48:13 2020 +0530 Bluetooth: Fix null pointer dereference in hci_event_packet() [ Upstream commit 6dfccd13db2ff2b709ef60a50163925d477549aa ] AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called from hci_event_packet() and there is a possibility, that hcon->amp_mgr may not be found when accessing after initialization of hcon. - net/bluetooth/hci_event.c:4945 The bug seems to get triggered in this line: bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon; Fix it by adding a NULL check for the hcon->amp_mgr before checking the ev-status. Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt") Reported-and-tested-by: syzbot+0bef568258653cff272f@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f Signed-off-by: Anmol Karn Signed-off-by: Marcel Holtmann Signed-off-by: Sasha Levin net/bluetooth/hci_event.c | 5 +++++ 1 file changed, 5 insertions(+) culprit signature: bf3356ddc39251b2e1c7f58c8730b35bb74e0f592e68fea98f061112ba559ffd parent signature: a36380a3ad05d2710a152b602661730f239c304d701275ea34ea4083b078d122 revisions tested: 12, total time: 2h38m32.045632811s (build: 1h33m57.581889039s, test: 1h3m33.582518431s) first good commit: 4113f6f73f6e8d215609bde8c0c14ca9f8a476c5 Bluetooth: Fix null pointer dereference in hci_event_packet() recipients (to): ["anmol.karan123@gmail.com" "marcel@holtmann.org" "sashal@kernel.org" "syzbot+0bef568258653cff272f@syzkaller.appspotmail.com"] recipients (cc): []