BUG: unable to handle kernel NULL pointer dereference in corrupted (5)

BUG: unable to handle kernel NULL pointer dereference in corrupted (5)
Status: upstream: reported C repro on 2020/03/14 06:37
Reported-by: syzbot+8b0e78e390d1715b0f4e@syzkaller.appspotmail.com
First crash: 150d, last: 140d

Cause bisection: introduced by (bisect log):

commit 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666
Author: Takashi Iwai <tiwai@suse.de>
Date: Tue Dec 10 06:34:50 2019 +0000

ALSA: pcxhr: Support PCM sync_stop

Crash: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks (log)
Repro: C syz .config

Fix bisection: failed (bisect log)

similar bugs (6):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
linux-4.19	BUG: unable to handle kernel NULL pointer dereference in corrupted	C		6	11d	291d	0/1	upstream: reported C repro on 2019/10/21 15:36
upstream	BUG: unable to handle kernel NULL pointer dereference in corrupted (4)	syz	cause+fix	1	410d	409d	13/17	fixed on 2019/08/27 17:15
upstream	BUG: unable to handle kernel NULL pointer dereference in corrupted (3)	C		1	578d	578d	12/17	fixed on 2019/03/06 07:43
linux-4.14	BUG: unable to handle kernel NULL pointer dereference in corrupted	C	fix	3	58d	298d	0/1	upstream: reported C repro on 2019/10/14 10:06
upstream	BUG: unable to handle kernel NULL pointer dereference in corrupted (2)	C		1	752d	752d	9/17	fixed on 2018/08/07 13:43
upstream	BUG: unable to handle kernel NULL pointer dereference in corrupted	C		5	791d	791d	9/17	fixed on 2018/07/09 18:05

Sample crash report:

BUG: kernel NULL pointer dereference, address: 0000000000000086
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 913ae067 P4D 913ae067 PUD 92f95067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8742 Comm: syz-executor543 Not tainted 5.6.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffffc900021d7998 EFLAGS: 00010086
RAX: ffffc900021d79c8 RBX: fffffe0000000000 RCX: ffff88809d522500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff83987263 R09: ffffffff811c7eca
R10: ffff88809d522500 R11: 0000000000000002 R12: dffffc0000000000
R13: fffffe0000000ec8 R14: ffffffff880016f0 R15: fffffe0000000ecb
FS:  00000000021c0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 0000000095b79000 CR4: 00000000001426e0
Call Trace:
Modules linked in:
CR2: 0000000000000086
---[ end trace 88183239d3f1335b ]---
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffffc900021d7998 EFLAGS: 00010086
RAX: ffffc900021d79c8 RBX: fffffe0000000000 RCX: ffff88809d522500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff83987263 R09: ffffffff811c7eca
R10: ffff88809d522500 R11: 0000000000000002 R12: dffffc0000000000
R13: fffffe0000000ec8 R14: ffffffff880016f0 R15: fffffe0000000ecb
FS:  00000000021c0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 0000000095b79000 CR4: 00000000001426e0

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-smack-root	2020/03/20 09:58	upstream	cd607737	2c31c529	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/03/20 01:55	upstream	cd607737	2c31c529	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/03/10 06:26	upstream	30bb5572	35f53e45	.config	log	report	syz	C