bisecting fixing commit since 14b58326976de6ef3998eefec1dd7f8b38b97a75
building syzkaller on f721e4a097714a9054b9fe1aadf427afbbd2c157
testing commit 14b58326976de6ef3998eefec1dd7f8b38b97a75 with gcc (GCC) 8.1.0
kernel signature: aad7e37f471851170c423fb8c974da4e627c9a6be5082c022677cfaaae8f0d51
run #0: crashed: KASAN: use-after-free Read in l2cap_sock_close_cb
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
testing current HEAD 8961076ed318dfd22aa357b41589f07bf67e73b6
testing commit 8961076ed318dfd22aa357b41589f07bf67e73b6 with gcc (GCC) 8.1.0
kernel signature: 5cb9aa601808c729b09209daf695277fd10d85fb63b95086abb69cdd88180257
all runs: OK
# git bisect start 8961076ed318dfd22aa357b41589f07bf67e73b6 14b58326976de6ef3998eefec1dd7f8b38b97a75
Bisecting: 626 revisions left to test after this (roughly 9 steps)
[e309db54d9e8ba0fb793536f97c062f88c963f4a] rtc: ds1374: fix possible race condition
testing commit e309db54d9e8ba0fb793536f97c062f88c963f4a with gcc (GCC) 8.1.0
kernel signature: cfcdafe57d9cec37003b1d68b6ae5e0e0950dd3d1b7872b5685d4837ba57d545
all runs: OK
# git bisect bad e309db54d9e8ba0fb793536f97c062f88c963f4a
Bisecting: 312 revisions left to test after this (roughly 8 steps)
[b2504e03d3753f7cd9281adcfba0a310e6009740] media: davinci: vpif_capture: fix potential double free
testing commit b2504e03d3753f7cd9281adcfba0a310e6009740 with gcc (GCC) 8.1.0
kernel signature: 053dc9db35e64bd4ffcf1968edd7b5264937369bf18cece958fda96e355e0e98
run #0: crashed: KASAN: use-after-free Read in l2cap_sock_close_cb
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good b2504e03d3753f7cd9281adcfba0a310e6009740
Bisecting: 156 revisions left to test after this (roughly 7 steps)
[01fa1f9090e07fb47cc270f9af46187e2f81753f] gcov: Disable gcov build with GCC 10
testing commit 01fa1f9090e07fb47cc270f9af46187e2f81753f with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
run #0: crashed: KASAN: use-after-free Read in l2cap_sock_close_cb
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 01fa1f9090e07fb47cc270f9af46187e2f81753f
Bisecting: 78 revisions left to test after this (roughly 6 steps)
[c0fdfbf01ab015515e1ff1bee3d2b9e5f86628aa] mm/thp: fix __split_huge_pmd_locked() for migration PMD
testing commit c0fdfbf01ab015515e1ff1bee3d2b9e5f86628aa with gcc (GCC) 8.1.0
kernel signature: 516856050c04c7526e2eafb20c6b32b4d2f208aabdb501b604c57aa890bbb6b3
all runs: OK
# git bisect bad c0fdfbf01ab015515e1ff1bee3d2b9e5f86628aa
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[9a81aa7adf2ecf5090a18e496b9e9b66f0e34a25] gfs2: initialize transaction tr_ailX_lists earlier
testing commit 9a81aa7adf2ecf5090a18e496b9e9b66f0e34a25 with gcc (GCC) 8.1.0
kernel signature: de027be2f5fd615396af411d8ea4b0d915beb6792bd13c4c5924f0cde070c66f
all runs: OK
# git bisect bad 9a81aa7adf2ecf5090a18e496b9e9b66f0e34a25
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[ee3e33dc3c8a3ba7f3380daaa039c2b7227c24c1] btrfs: fix wrong address when faulting in pages in the search ioctl
testing commit ee3e33dc3c8a3ba7f3380daaa039c2b7227c24c1 with gcc (GCC) 8.1.0
kernel signature: 0394a368339826a1912186eff6c81dc059ef1f0948ce7506a4ff04e3c94d1457
all runs: OK
# git bisect bad ee3e33dc3c8a3ba7f3380daaa039c2b7227c24c1
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[31c0b4e3544bb07e43ddf5b97694dd3d5beba16e] iio:adc:ti-adc081c Fix alignment and data leak issues
testing commit 31c0b4e3544bb07e43ddf5b97694dd3d5beba16e with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
all runs: OK
# git bisect bad 31c0b4e3544bb07e43ddf5b97694dd3d5beba16e
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[bca5a18aad3d26814958fc5ec76b70d0e63ba892] iio:light:ltr501 Fix timestamp alignment issue.
testing commit bca5a18aad3d26814958fc5ec76b70d0e63ba892 with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
run #0: crashed: KASAN: use-after-free Read in l2cap_sock_close_cb
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good bca5a18aad3d26814958fc5ec76b70d0e63ba892
Bisecting: 2 revisions left to test after this (roughly 1 step)
[e3a794a9d9a18898abaab33d27ed1f475b235d96] iio:adc:ti-adc084s021 Fix alignment and data leak issues.
testing commit e3a794a9d9a18898abaab33d27ed1f475b235d96 with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
run #0: crashed: KASAN: use-after-free Read in l2cap_sock_close_cb
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good e3a794a9d9a18898abaab33d27ed1f475b235d96
Bisecting: 0 revisions left to test after this (roughly 1 step)
[48da980c07581677f9b71954ca190bb1da4cd810] iio:adc:max1118 Fix alignment of timestamp and data leak issues
testing commit 48da980c07581677f9b71954ca190bb1da4cd810 with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
all runs: OK
# git bisect bad 48da980c07581677f9b71954ca190bb1da4cd810
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[7fa7c9a3310cb03704f1cb15c99cfe444fc72221] iio:adc:ina2xx Fix timestamp alignment issue.
testing commit 7fa7c9a3310cb03704f1cb15c99cfe444fc72221 with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
all runs: OK
# git bisect bad 7fa7c9a3310cb03704f1cb15c99cfe444fc72221
7fa7c9a3310cb03704f1cb15c99cfe444fc72221 is the first bad commit
commit 7fa7c9a3310cb03704f1cb15c99cfe444fc72221
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date:   Wed Jul 22 16:51:02 2020 +0100

    iio:adc:ina2xx Fix timestamp alignment issue.
    
    commit f8cd222feb82ecd82dcf610fcc15186f55f9c2b5 upstream.
    
    One of a class of bugs pointed out by Lars in a recent review.
    iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
    to the size of the timestamp (8 bytes).  This is not guaranteed in
    this driver which uses a 32 byte array of smaller elements on the stack.
    As Lars also noted this anti pattern can involve a leak of data to
    userspace and that indeed can happen here.  We close both issues by
    moving to a suitable structure in the iio_priv() data with alignment
    explicitly requested.  This data is allocated with kzalloc so no
    data can leak apart from previous readings. The explicit alignment
    isn't technically needed here, but it reduced fragility and avoids
    cut and paste into drivers where it will be needed.
    
    If we want this in older stables will need manual backport due to
    driver reworks.
    
    Fixes: c43a102e67db ("iio: ina2xx: add support for TI INA2xx Power Monitors")
    Reported-by: Lars-Peter Clausen <lars@metafoo.de>
    Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
    Cc: Marc Titinger <mtitinger@baylibre.com>
    Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
    Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
    Cc: <Stable@vger.kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/iio/adc/ina2xx-adc.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
culprit signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
parent  signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
Reproducer flagged being flaky
revisions tested: 13, total time: 3h51m28.836226241s (build: 1h48m24.59315095s, test: 2h1m39.407213152s)
first good commit: 7fa7c9a3310cb03704f1cb15c99cfe444fc72221 iio:adc:ina2xx Fix timestamp alignment issue.
recipients (to): ["andy.shevchenko@gmail.com" "gregkh@linuxfoundation.org" "jonathan.cameron@huawei.com"]
recipients (cc): []