bisecting cause commit starting from 54c490164523de90c42b1d89e7de3befe3284d1b building syzkaller on 427ea48700e7ca23f29a418f8d1998b55170c0aa testing commit 54c490164523de90c42b1d89e7de3befe3284d1b with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_uart_set_flow_control testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: WARNING: ODEBUG bug in corrupted run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 all runs: OK # git bisect start v4.9 v4.8 Bisecting: 8695 revisions left to test after this (roughly 13 steps) [a5af7e1fc69a46f29b977fd4b570e0ac414c2338] rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs testing commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad a5af7e1fc69a46f29b977fd4b570e0ac414c2338 Bisecting: 4346 revisions left to test after this (roughly 12 steps) [d268dbe76a53d72cc41316eb59e7968db60e77ad] Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d268dbe76a53d72cc41316eb59e7968db60e77ad with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad d268dbe76a53d72cc41316eb59e7968db60e77ad Bisecting: 2170 revisions left to test after this (roughly 11 steps) [02bafd96f3a5d8e610b19033ffec55b92459aaae] Merge tag 'docs-4.9' of git://git.lwn.net/linux testing commit 02bafd96f3a5d8e610b19033ffec55b92459aaae with gcc (GCC) 5.5.0 all runs: OK # git bisect good 02bafd96f3a5d8e610b19033ffec55b92459aaae Bisecting: 1051 revisions left to test after this (roughly 10 steps) [e812bd905a5cf00fea95da9df4889dad63d4a36a] Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit e812bd905a5cf00fea95da9df4889dad63d4a36a with gcc (GCC) 5.5.0 all runs: OK # git bisect good e812bd905a5cf00fea95da9df4889dad63d4a36a Bisecting: 525 revisions left to test after this (roughly 9 steps) [7a823471ad42cba6c3b658494d8437ca5c166292] igb: fix non static symbol warning testing commit 7a823471ad42cba6c3b658494d8437ca5c166292 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad 7a823471ad42cba6c3b658494d8437ca5c166292 Bisecting: 262 revisions left to test after this (roughly 8 steps) [1fbafcb84747d0784fe928bedc4189f47d18ad8f] Merge branch 'vlan_act_modify' testing commit 1fbafcb84747d0784fe928bedc4189f47d18ad8f with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad 1fbafcb84747d0784fe928bedc4189f47d18ad8f Bisecting: 131 revisions left to test after this (roughly 7 steps) [d0bef1d26fb6fdad818f3d15a178d51e2a8478ae] Bluetooth: Add extra channel checks for control open/close messages testing commit d0bef1d26fb6fdad818f3d15a178d51e2a8478ae with gcc (GCC) 5.5.0 all runs: OK # git bisect good d0bef1d26fb6fdad818f3d15a178d51e2a8478ae Bisecting: 61 revisions left to test after this (roughly 6 steps) [204dfe1798bbfa242e4083b87c3a8c5200412e6f] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 204dfe1798bbfa242e4083b87c3a8c5200412e6f with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad 204dfe1798bbfa242e4083b87c3a8c5200412e6f Bisecting: 34 revisions left to test after this (roughly 5 steps) [1f449736525addd6fcce674d654bd1471748484e] net-next: dsa: b53: remove empty set_addr() stub testing commit 1f449736525addd6fcce674d654bd1471748484e with gcc (GCC) 5.5.0 all runs: OK # git bisect good 1f449736525addd6fcce674d654bd1471748484e Bisecting: 17 revisions left to test after this (roughly 4 steps) [c4960ecf2b09210930964ef2c05ce2590802ccf4] Bluetooth: Add support for appearance in scan rsp testing commit c4960ecf2b09210930964ef2c05ce2590802ccf4 with gcc (GCC) 5.5.0 all runs: OK # git bisect good c4960ecf2b09210930964ef2c05ce2590802ccf4 Bisecting: 8 revisions left to test after this (roughly 3 steps) [cde7a863d36a4a629c111f37edc2297d6b822a82] Bluetooth: Factor appending EIR to separate helper testing commit cde7a863d36a4a629c111f37edc2297d6b822a82 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad cde7a863d36a4a629c111f37edc2297d6b822a82 Bisecting: 4 revisions left to test after this (roughly 2 steps) [3310230c5dddfafe3d1ef87f1257812011681aca] Bluetooth: Increment management interface revision testing commit 3310230c5dddfafe3d1ef87f1257812011681aca with gcc (GCC) 5.5.0 all runs: OK # git bisect good 3310230c5dddfafe3d1ef87f1257812011681aca Bisecting: 2 revisions left to test after this (roughly 1 step) [9e69130c4efc61ce0a8fb3b9eea0188f8d41f779] Bluetooth: hci_uart: Add Nokia Protocol identifier testing commit 9e69130c4efc61ce0a8fb3b9eea0188f8d41f779 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 9e69130c4efc61ce0a8fb3b9eea0188f8d41f779 Bisecting: 0 revisions left to test after this (roughly 1 step) [7d5c11da1ff6389511c42448f59456373edfc103] Bluetooth: Refactor read_ext_controller_info handler testing commit 7d5c11da1ff6389511c42448f59456373edfc103 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup # git bisect bad 7d5c11da1ff6389511c42448f59456373edfc103 Bisecting: 0 revisions left to test after this (roughly 0 steps) [162f812f23bab583f5d514ca0e4df67797ac9cdf] Bluetooth: hci_uart: Add Marvell support testing commit 162f812f23bab583f5d514ca0e4df67797ac9cdf with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted # git bisect bad 162f812f23bab583f5d514ca0e4df67797ac9cdf 162f812f23bab583f5d514ca0e4df67797ac9cdf is the first bad commit commit 162f812f23bab583f5d514ca0e4df67797ac9cdf Author: Loic Poulain Date: Mon Sep 19 16:29:27 2016 +0200 Bluetooth: hci_uart: Add Marvell support This patch introduces support for Marvell Bluetooth controller over UART (8897 for now). In order to send the final firmware at full speed, a helper firmware is firstly sent. Firmware download is driven by the controller which sends request firmware packets (including expected size). This driver is a global rework of the one proposed by Amitkumar Karwar . Signed-off-by: Loic Poulain Signed-off-by: Marcel Holtmann drivers/bluetooth/Kconfig | 11 ++ drivers/bluetooth/Makefile | 1 + drivers/bluetooth/hci_ldisc.c | 6 + drivers/bluetooth/hci_mrvl.c | 387 ++++++++++++++++++++++++++++++++++++++++++ drivers/bluetooth/hci_uart.h | 8 +- 5 files changed, 412 insertions(+), 1 deletion(-) create mode 100644 drivers/bluetooth/hci_mrvl.c revisions tested: 30, total time: 4h50m46.109940715s (build: 2h10m34.566618636s, test: 2h35m23.016671477s) first bad commit: 162f812f23bab583f5d514ca0e4df67797ac9cdf Bluetooth: hci_uart: Add Marvell support cc: ["gustavo@padovan.org" "johan.hedberg@gmail.com" "linux-bluetooth@vger.kernel.org" "linux-kernel@vger.kernel.org" "loic.poulain@intel.com" "marcel@holtmann.org"] crash: BUG: unable to handle kernel NULL pointer dereference in corrupted bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready BUG: unable to handle kernel NULL pointer dereference at (null) IP: [< (null)>] (null) PGD 36f82067 PUD 3647d067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 2677 Comm: kworker/u9:0 Not tainted 4.8.0-rc6+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Workqueue: hci0 hci_power_on task: ffff880067a74040 task.stack: ffff880067a78000 RIP: 0010:[<0000000000000000>] [ 187.093266] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [< (null)>] (null) RSP: 0018:ffff880067a7f910 EFLAGS: 00010246 kobject: 'bonding_slave' (ffff88003bd3edd8): kobject_add_internal: parent: 'bond_slave_0', set: '' bond0: Enslaving bond_slave_0 as an active interface with an up link RAX: dffffc0000000000 RBX: ffff88006b194000 RCX: 1ffffffff11eecfa RDX: 1ffffffff0c021d9 RSI: 0000000000000003 RDI: ffff88006b194000 RBP: ffff880067a7f9c8 R08: 000000000000000c R09: 0000000000000004 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88006b194010 R13: 1ffff1000cf4ff24 R14: ffffffff86010e00 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88006da00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000032827000 CR4: 00000000007406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 00000000 Stack: ffffffff84068feb ffff88006b194000 0000000041b58ab3 ffffffff86935e82 ffffffff84068c60 ffff880067a7f9e8 0000000500000500 00008a3b000010b2 010004157f1c030f 170f12001a131100 0001c20000000016 000000050001c200 Call Trace: [] mrvl_setup+0x14/0xe0 drivers/bluetooth/hci_mrvl.c:348 [] hci_uart_setup+0x192/0x390 drivers/bluetooth/hci_ldisc.c:390 [] hci_dev_do_open+0x874/0xee0 net/bluetooth/hci_core.c:1336 [] hci_power_on+0xdd/0x420 net/bluetooth/hci_core.c:2031 [] process_one_work+0x6a2/0x1580 kernel/workqueue.c:2096 [] worker_thread+0xd7/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: Bad RIP value. RIP [< (null)>] (null) RSP CR2: 0000000000000000 ---[ end trace afbd3e107892ac6a ]---