bisecting cause commit starting from 30bb5572ce7a8710fa9ea720b6ecb382791c9800
building syzkaller on 35f53e457420e79fa28e3260cdbbf9f37b9f97e4
testing commit 30bb5572ce7a8710fa9ea720b6ecb382791c9800 with gcc (GCC) 8.1.0
kernel signature: 37d6eacc1bc57e168540f8e33eaac4eae15fd93f527ee4645ee84ff7d42a4cd8
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: ee4941c4b32c8ea69e88852bbd0553407e112d76b3a1e64f13b9d44149924d7d
all runs: OK
# git bisect start 30bb5572ce7a8710fa9ea720b6ecb382791c9800 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 7349 revisions left to test after this (roughly 13 steps)
[4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0
kernel signature: 06f8421388de9ec5c81245862b797c0c9b0a0e298e68ff1cc85ab55c0f47ca66
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb
Bisecting: 2314 revisions left to test after this (roughly 12 steps)
[bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0
kernel signature: 094e57dffdcecfaa0c52ab2ed904457d7ef210517e99febe4595c86b57539423
all runs: OK
# git bisect good bd2463ac7d7ec51d432f23bf0e893fb371a908cd
Bisecting: 1179 revisions left to test after this (roughly 10 steps)
[aac96626713fe167c672f9a008be0f514aa3e237] Merge tag 'usb-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
testing commit aac96626713fe167c672f9a008be0f514aa3e237 with gcc (GCC) 8.1.0
kernel signature: 1649b876a96c580675731c9ed03f3506fec2807ab7ffd16b2055b0dfb1284bbd
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad aac96626713fe167c672f9a008be0f514aa3e237
Bisecting: 479 revisions left to test after this (roughly 9 steps)
[90fb04f890bcb7384b4d4c216dc2640b0a870df3] Merge tag 'asoc-v5.6' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
testing commit 90fb04f890bcb7384b4d4c216dc2640b0a870df3 with gcc (GCC) 8.1.0
kernel signature: b0321ced111edc67d98f93f24e1de3699c16ce3045848dba062dfca560e5a7b8
run #0: crashed: INFO: task hung in kvm_arch_destroy_vm
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 90fb04f890bcb7384b4d4c216dc2640b0a870df3
Bisecting: 327 revisions left to test after this (roughly 8 steps)
[41dbc792794acf520892afe40b7df4cc58a8f5f5] ALSA: oxfw: fix for Stanton SCS.1d
testing commit 41dbc792794acf520892afe40b7df4cc58a8f5f5 with gcc (GCC) 8.1.0
kernel signature: 7f7bdfc24b909ec0257e3f36d50b5c70f1d7cfbb7bf8bf3fa798f6ab1b294ec3
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 41dbc792794acf520892afe40b7df4cc58a8f5f5
Bisecting: 159 revisions left to test after this (roughly 7 steps)
[df1d6ea05a75104b8e7dc642cc5d3f9c4b80d58b] Merge tag 'y2038-alsa-v8-signed' of git://git.kernel.org:/pub/scm/linux/kernel/git/arnd/playground into for-next
testing commit df1d6ea05a75104b8e7dc642cc5d3f9c4b80d58b with gcc (GCC) 8.1.0
kernel signature: f231f8bd80ef2fd0a01f188d6802ad5f8dd48322bb8e5cd084855117c9fc5da2
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad df1d6ea05a75104b8e7dc642cc5d3f9c4b80d58b
Bisecting: 83 revisions left to test after this (roughly 6 steps)
[4ab6596a32b198dc2d9b5499ae63f069564c178c] ALSA: intel8x0: Drop superfluous ioctl PCM ops
testing commit 4ab6596a32b198dc2d9b5499ae63f069564c178c with gcc (GCC) 8.1.0
kernel signature: b287bbc13dafbae522d2830efa82d7e6c5d8fdab665ac91ef3b4afd38b413003
all runs: OK
# git bisect good 4ab6596a32b198dc2d9b5499ae63f069564c178c
Bisecting: 41 revisions left to test after this (roughly 5 steps)
[bf17d20adea74015628a1db0c658d256697b8d83] ALSA: oxygen: Support PCM sync_stop
testing commit bf17d20adea74015628a1db0c658d256697b8d83 with gcc (GCC) 8.1.0
kernel signature: 1ba9fe2012df79e900893805372e338b62b20bc015cd65624b0b42bd3e58a733
all runs: OK
# git bisect good bf17d20adea74015628a1db0c658d256697b8d83
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[cefeaa5053d937f28116f8a53bd422f92d0c7475] ALSA: mixart: Support PCM sync_stop
testing commit cefeaa5053d937f28116f8a53bd422f92d0c7475 with gcc (GCC) 8.1.0
kernel signature: fc26fdae8333a324ffd2e8854b19bc1a9587950ce4ad9f8da433d328f34d20d2
all runs: OK
# git bisect good cefeaa5053d937f28116f8a53bd422f92d0c7475
Bisecting: 10 revisions left to test after this (roughly 3 steps)
[651bbb9d5161ae7170bc19fec893b8bf05fc590f] ALSA: hda: Comment about snd_hdac_bus_update_rirb() and spinlock
testing commit 651bbb9d5161ae7170bc19fec893b8bf05fc590f with gcc (GCC) 8.1.0
kernel signature: b07e6d7dddf22da1c2d39b870a25fb1defbf51d23dcea00f78156a7f95db0b15
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 651bbb9d5161ae7170bc19fec893b8bf05fc590f
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[dc5eafe7787c6c4ffab6c6b8a5f78859a249880e] ALSA: usb-audio: Support PCM sync_stop
testing commit dc5eafe7787c6c4ffab6c6b8a5f78859a249880e with gcc (GCC) 8.1.0
kernel signature: e027fd26f76da768a48aee52fe72a4cf67dbc8b68f755267b6abb15a58b87ad9
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad dc5eafe7787c6c4ffab6c6b8a5f78859a249880e
Bisecting: 2 revisions left to test after this (roughly 1 step)
[59fdf8e96c03261d5b32166a49be9d7daaf7ef73] ALSA: vx222: Support PCM sync_stop
testing commit 59fdf8e96c03261d5b32166a49be9d7daaf7ef73 with gcc (GCC) 8.1.0
kernel signature: ac725c6e068bbe7386e8d2ae5136fb4555303a13d6011e872b86228bb7bbb663
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 59fdf8e96c03261d5b32166a49be9d7daaf7ef73
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[271213ef4d0d3a3b80d4cf95c5f2bebb5643e666] ALSA: pcxhr: Support PCM sync_stop
testing commit 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666 with gcc (GCC) 8.1.0
kernel signature: 0088e314d261114976f4465eb9c81366674c28f4772271767dc2ed4c021abfce
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #1: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666
271213ef4d0d3a3b80d4cf95c5f2bebb5643e666 is the first bad commit
commit 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666
Author: Takashi Iwai <tiwai@suse.de>
Date:   Tue Dec 10 07:34:50 2019 +0100

    ALSA: pcxhr: Support PCM sync_stop
    
    The driver invokes snd_pcm_period_elapsed() simply from the threaded
    interrupt handler.  Set card->sync_irq for enabling the missing
    sync_stop PCM operation.
    
    Link: https://lore.kernel.org/r/20191210063454.31603-52-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>

 sound/pci/pcxhr/pcxhr.c | 1 +
 1 file changed, 1 insertion(+)
culprit signature: 0088e314d261114976f4465eb9c81366674c28f4772271767dc2ed4c021abfce
parent  signature: fc26fdae8333a324ffd2e8854b19bc1a9587950ce4ad9f8da433d328f34d20d2
revisions tested: 15, total time: 4h30m46.973661772s (build: 1h36m12.893915197s, test: 2h53m36.450895574s)
first bad commit: 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666 ALSA: pcxhr: Support PCM sync_stop
cc: ["allison@lohutok.net" "alsa-devel@alsa-project.org" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "perex@perex.cz" "rfontana@redhat.com" "tglx@linutronix.de" "tiwai@suse.com" "tiwai@suse.de"]
crash: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __read_once_size include/linux/compiler.h:199 [inline]
BUG: KASAN: vmalloc-out-of-bounds in rcu_seq_current kernel/rcu/rcu.h:99 [inline]
BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x30c/0x330 kernel/rcu/srcutree.c:1169
Read of size 8 at addr ffffc9000271ec78 by task kworker/1:0/17

CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp srcu_invoke_callbacks
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x128/0x182 lib/dump_stack.c:118
 print_address_description.constprop.8.cold.10+0x56/0x317 mm/kasan/report.c:374
 __kasan_report.cold.11+0x1c/0x37 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:639
 __read_once_size include/linux/compiler.h:199 [inline]
 rcu_seq_current kernel/rcu/rcu.h:99 [inline]
 srcu_invoke_callbacks+0x30c/0x330 kernel/rcu/srcutree.c:1169
 process_one_work+0x8d1/0x15b0 kernel/workqueue.c:2264
 worker_thread+0x82/0xb50 kernel/workqueue.c:2410
 kthread+0x31d/0x3e0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352


Memory state around the buggy address:
 ffffc9000271eb00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000271eb80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffc9000271ec00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                                                                ^
 ffffc9000271ec80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000271ed00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================