bisecting fixing commit since 15bc20c6af4ceee97a1f90b43c0e386643c071b4
building syzkaller on 816e0689d7d9d8321f8bf360740f0e516aee15ca
testing commit 15bc20c6af4ceee97a1f90b43c0e386643c071b4 with gcc (GCC) 8.1.0
kernel signature: 25b0094d4e84e941a0de4c0cd3bdb80283c26f7c947e10e9cf4f75d6e4e3af58
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
testing current HEAD 4ef8451b332662d004df269d4cdeb7d9f31419b5
testing commit 4ef8451b332662d004df269d4cdeb7d9f31419b5 with gcc (GCC) 8.1.0
kernel signature: 1620c3b057bf1ef6cfec25cef7e477ed3e771c2fd05eb7fd1cee17eff84e9bb4
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
revisions tested: 2, total time: 16m27.974385174s (build: 9m59.701838632s, test: 5m50.772882315s)
the crash still happens on HEAD
commit msg: Merge tag 'perf-tools-for-v5.10-2020-11-03' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
crash: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
BUG: kernel NULL pointer dereference, address: 0000000000000010
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0 
Oops: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 7163 Comm: kworker/u5:4 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci0 hci_rx_work
RIP: 0010:hci_phy_link_complete_evt net/bluetooth/hci_event.c:4950 [inline]
RIP: 0010:hci_event_packet+0x1c88/0x2840 net/bluetooth/hci_event.c:6282
Code: 85 c0 49 89 c4 0f 84 4c e9 ff ff 48 8b 45 88 80 38 00 0f 85 91 03 00 00 49 8b 84 24 30 09 00 00 49 8d 7c 24 14 b9 01 00 00 00 <48> 8b 40 10 48 8b 10 66 41 89 4c 24 32 48 8d 72 14 48 89 55 88 e8
RSP: 0018:ffffc90000f87d50 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888104214000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: ffffffff83e8a3d7 RDI: ffff888106f8e014
RBP: ffffc90000f87df0 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888106f8e000
R13: ffff88810bb20100 R14: ffff888104214010 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 000000011ecd0000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hci_rx_work+0xbd/0x500 net/bluetooth/hci_core.c:4926
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x145/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Modules linked in:
CR2: 0000000000000010
---[ end trace 8c97e41cbc7cacca ]---
RIP: 0010:hci_phy_link_complete_evt net/bluetooth/hci_event.c:4950 [inline]
RIP: 0010:hci_event_packet+0x1c88/0x2840 net/bluetooth/hci_event.c:6282
Code: 85 c0 49 89 c4 0f 84 4c e9 ff ff 48 8b 45 88 80 38 00 0f 85 91 03 00 00 49 8b 84 24 30 09 00 00 49 8d 7c 24 14 b9 01 00 00 00 <48> 8b 40 10 48 8b 10 66 41 89 4c 24 32 48 8d 72 14 48 89 55 88 e8
RSP: 0018:ffffc90000f87d50 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888104214000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: ffffffff83e8a3d7 RDI: ffff888106f8e014
RBP: ffffc90000f87df0 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888106f8e000
R13: ffff88810bb20100 R14: ffff888104214010 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 000000011ecd0000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400