bisecting fixing commit since 2a5699b0de4ee623d77f183c8e8e62691bd60a70 building syzkaller on 3666edfeb55080ebe138d77417fa96fe2555d6bb testing commit 2a5699b0de4ee623d77f183c8e8e62691bd60a70 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 89324186fc3481ff42583a4913d43dc589803d42ac09d4cd778e2087a135c2f8 run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #6: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #7: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #8: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #9: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #10: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #11: OK run #12: OK run #13: OK run #14: OK run #15: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #16: OK run #17: OK run #18: OK run #19: OK testing current HEAD a175eca0f3d747599f1fdfac04cc9195b71ec996 testing commit a175eca0f3d747599f1fdfac04cc9195b71ec996 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8056a95cb9c92f9cd32181adb64b0837a4470879c7b2d5254331f6414f83f613 all runs: OK # git bisect start a175eca0f3d747599f1fdfac04cc9195b71ec996 2a5699b0de4ee623d77f183c8e8e62691bd60a70 Bisecting: 1652 revisions left to test after this (roughly 11 steps) [6f9b5ed8caddfbc94af8307c557ed57a8ec5c65c] Merge tag 'char-misc-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 6f9b5ed8caddfbc94af8307c557ed57a8ec5c65c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f53743fa9c18b712c9541a77f6cefb53296d4f9156f27a7720a449d34dcbe83 run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 6f9b5ed8caddfbc94af8307c557ed57a8ec5c65c Bisecting: 1096 revisions left to test after this (roughly 10 steps) [04d93b2b8bc7a68ec45a6a156f34a611ede5aa60] Merge tag 'spdx-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx testing commit 04d93b2b8bc7a68ec45a6a156f34a611ede5aa60 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03dd14fc56653147fd4b5f3c5493fce0682c91dda0e86e3426733ba6e9551a0d run #0: OK run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 04d93b2b8bc7a68ec45a6a156f34a611ede5aa60 Bisecting: 429 revisions left to test after this (roughly 9 steps) [73503963b715a64a44aa2b1c486114b917a17c73] module: Fix prefix for module.sig_enforce module param testing commit 73503963b715a64a44aa2b1c486114b917a17c73 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2909b85a719a5a021f67e08cf7b0025c0a0a2da12c4958999184b669e21e8646 run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #6: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #7: OK run #8: OK run #9: OK # git bisect good 73503963b715a64a44aa2b1c486114b917a17c73 Bisecting: 216 revisions left to test after this (roughly 8 steps) [baf86ac1c9ccbde281df55a4daeefadec6d2e581] Merge tag 'asm-generic-fixes-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic testing commit baf86ac1c9ccbde281df55a4daeefadec6d2e581 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c89be11ffede404b70b419d64df9cba13ed057c4afbea8c1ea1241f2a6b33351 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect good baf86ac1c9ccbde281df55a4daeefadec6d2e581 Bisecting: 129 revisions left to test after this (roughly 7 steps) [6f6ebb9899861c8a4e49cc7d9796d024f731b512] Merge tag 'sound-fix-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 6f6ebb9899861c8a4e49cc7d9796d024f731b512 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c7cd17fe059ba3b42906f6c68b5e5e55907ec6d3c7e59b003262d4bb0fefd959 all runs: OK # git bisect bad 6f6ebb9899861c8a4e49cc7d9796d024f731b512 Bisecting: 43 revisions left to test after this (roughly 6 steps) [ab5a7fb6d2296b9486d17d1e24f4bde90822e644] drm/amdgpu/gfx: fix typos in comments testing commit ab5a7fb6d2296b9486d17d1e24f4bde90822e644 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: acbf18c4d0a49bf5abd0bf1c04bdb431387e55d59ac309b7944a8bbe8a2a271c run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good ab5a7fb6d2296b9486d17d1e24f4bde90822e644 Bisecting: 24 revisions left to test after this (roughly 5 steps) [404204340c0dc54e4b779737201044dcb231f0bf] Merge tag 'drm/tegra/for-5.19-prep-work' of https://gitlab.freedesktop.org/drm/tegra into drm-next testing commit 404204340c0dc54e4b779737201044dcb231f0bf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d48f6895918f39a5b2328b9b7d81b5f77051e361dd91b872fdc16dbdfe10ff1d run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 404204340c0dc54e4b779737201044dcb231f0bf Bisecting: 15 revisions left to test after this (roughly 4 steps) [ab0925ab728163b854ea17da09e299254a86076e] ASoC: da7219: Small fixes for jack detection and removal testing commit ab0925ab728163b854ea17da09e299254a86076e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2176aa864cfcaa677e6888e30cb418f487a45cad4a03f5a2d16bcc7eef921ece run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good ab0925ab728163b854ea17da09e299254a86076e Bisecting: 7 revisions left to test after this (roughly 3 steps) [672362cbe6df049299c8ed0a463d89daf66b081c] Merge tag 'asoc-fix-v5.19-rc0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus testing commit 672362cbe6df049299c8ed0a463d89daf66b081c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 090ff522a98429f3c0bf3ec2b885100709433ad63f12199fa825d0499c79de70 all runs: OK # git bisect bad 672362cbe6df049299c8ed0a463d89daf66b081c Bisecting: 3 revisions left to test after this (roughly 2 steps) [4dd99891649ea5248e6a60113df0e0d04967eef7] ALSA: hda/via: Delete does not require return testing commit 4dd99891649ea5248e6a60113df0e0d04967eef7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aab6b49d773ef03ddf5e6a5d2c5a1ad353457f831c80bd32e1128b7df11a5b53 all runs: OK # git bisect bad 4dd99891649ea5248e6a60113df0e0d04967eef7 Bisecting: 1 revision left to test after this (roughly 1 step) [0125de38122f0f66bf61336158d12a1aabfe6425] ALSA: usb-audio: Cancel pending work at closing a MIDI substream testing commit 0125de38122f0f66bf61336158d12a1aabfe6425 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a7fecc3d1aad19e63228428ccb79f39a23dfabad1a5b89979a75f8211819d026 all runs: OK # git bisect bad 0125de38122f0f66bf61336158d12a1aabfe6425 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4c691a287d4ee0c308708c1d6f9e0cc7513463f8] ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos testing commit 4c691a287d4ee0c308708c1d6f9e0cc7513463f8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 946bb63b03d0a59adda7498b4b63bc00c1c95b0780b773cc0c67b669a4d05300 run #0: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #1: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #2: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #3: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #4: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #5: OK run #6: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #7: crashed: KASAN: use-after-free Read in __snd_rawmidi_transmit_peek run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 4c691a287d4ee0c308708c1d6f9e0cc7513463f8 0125de38122f0f66bf61336158d12a1aabfe6425 is the first bad commit commit 0125de38122f0f66bf61336158d12a1aabfe6425 Author: Takashi Iwai Date: Wed May 25 15:12:03 2022 +0200 ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing. Reported-by: syzbot+6912c9592caca7ca0e7d@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/000000000000e7e75005dfd07cf6@google.com Link: https://lore.kernel.org/r/20220525131203.11299-1-tiwai@suse.de Signed-off-by: Takashi Iwai sound/usb/midi.c | 3 +++ 1 file changed, 3 insertions(+) culprit signature: a7fecc3d1aad19e63228428ccb79f39a23dfabad1a5b89979a75f8211819d026 parent signature: 946bb63b03d0a59adda7498b4b63bc00c1c95b0780b773cc0c67b669a4d05300 Reproducer flagged being flaky revisions tested: 14, total time: 4h17m28.202531576s (build: 1h35m42.773288454s, test: 2h40m9.873276918s) first good commit: 0125de38122f0f66bf61336158d12a1aabfe6425 ALSA: usb-audio: Cancel pending work at closing a MIDI substream recipients (to): ["alsa-devel@alsa-project.org" "clemens@ladisch.de" "perex@perex.cz" "tiwai@suse.com" "tiwai@suse.de"] recipients (cc): ["linux-kernel@vger.kernel.org"]