Hello Sir,
> > I have looked into the Bisected logs and the problem occurs from this commit:
> >
> > 941992d29447 ("ethernet: amd: use IS_ENABLED() instead of checking for built-in or module")
> >
>
> That's just the patch which made the code testable by syzbot. It didn't
> introduce the bug.
>
> >
> > Here is a diff of patch which i modified from last patch,
> >
> > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> > index 4b7fc430793c..6ce435064e0b 100644
> > --- a/net/bluetooth/hci_event.c
> > +++ b/net/bluetooth/hci_event.c
> > @@ -4936,6 +4936,12 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev,
> > return;
> > }
> >
> > + if (!hcon->amp_mgr) {
> > + hci_conn_del(hcon);
> > + hci_dev_unlock(hdev);
>
> I have no idea if calling hci_conn_del() is really the correct, thing.
> I don't know the code at all. Anyway, do some research and figure out
> for sure what the correct thing is.
I have created my patch on the basis of the already applied conditions handling
in this function, i.e whenever NULL dereference occurs, connection cleanup is
required hence, hci_conn_del() is used here. Will see if anything else could be
done.
>
> Also look for similar bugs in other places where hcon->amp_mgr is
> dereferenced. For example, amp_read_loc_assoc_final_data() seems to
> have a similar bug.
>
Sure sir will look into it.
> regards,
> dan carpenter
>
Thanks,
Anmol
