bisecting fixing commit since dc4ba5be1babd3b3ec905751a30df89a5899a7a9
building syzkaller on bc8bc756c272115ed92fad4f716b77f6fb995203
testing commit dc4ba5be1babd3b3ec905751a30df89a5899a7a9 with gcc (GCC) 8.1.0
kernel signature: 1c27d76bd2b68043f2950a793d87e39d45d489eac25eca4b15336f5902cf3f0a
run #0: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #1: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #2: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #3: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #4: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #5: crashed: KASAN: use-after-free Read in snd_seq_info_timer_read
run #6: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #7: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #8: crashed: KASAN: use-after-free Read in snd_timer_resolution
run #9: crashed: KASAN: use-after-free Read in snd_timer_resolution
testing current HEAD 9b15f7fae677336e04b9e026ff91854e43165455
testing commit 9b15f7fae677336e04b9e026ff91854e43165455 with gcc (GCC) 8.1.0
kernel signature: afc678e9796ac6acbc74bb07d23809703b06fe3aec0e234b61b9c9f563714264
all runs: OK
# git bisect start 9b15f7fae677336e04b9e026ff91854e43165455 dc4ba5be1babd3b3ec905751a30df89a5899a7a9
Bisecting: 605 revisions left to test after this (roughly 9 steps)
[9f14acadf13bf945521681caf295c0e3d0e2523c] ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
testing commit 9f14acadf13bf945521681caf295c0e3d0e2523c with gcc (GCC) 8.1.0
kernel signature: b28da5c4e452cf5ab9c8cce432890d2c2ef1e845a3041b48c5977d1525e97683
all runs: OK
# git bisect bad 9f14acadf13bf945521681caf295c0e3d0e2523c
Bisecting: 302 revisions left to test after this (roughly 8 steps)
[8234d30d8e95d673f5e5117768299902e48b8138] net: dsa: b53: Fix default VLAN ID
testing commit 8234d30d8e95d673f5e5117768299902e48b8138 with gcc (GCC) 8.1.0
kernel signature: cbb56051aec516772359f08b742a4c1beb2119d4550fbcd733f62a39d266e297
all runs: OK
# git bisect bad 8234d30d8e95d673f5e5117768299902e48b8138
Bisecting: 150 revisions left to test after this (roughly 7 steps)
[d2c06876e7a3a56fddc9f947bcb98b0dad3182ba] netfilter: nft_osf: usage from output path is not valid
testing commit d2c06876e7a3a56fddc9f947bcb98b0dad3182ba with gcc (GCC) 8.1.0
kernel signature: 5b0f5a94787b3f2d878133b0c0958517945363e430eeb6694cd7077f99bfb07d
all runs: OK
# git bisect bad d2c06876e7a3a56fddc9f947bcb98b0dad3182ba
Bisecting: 75 revisions left to test after this (roughly 6 steps)
[34e855f998f76169e685c7e3c790b0ee0eed2a75] tcp: fix marked lost packets not being retransmitted
testing commit 34e855f998f76169e685c7e3c790b0ee0eed2a75 with gcc (GCC) 8.1.0
kernel signature: 053fc5d93f54deb46376dfe80812f17cdd2003df51b7c9ae3bec17e84ca340f5
all runs: OK
# git bisect bad 34e855f998f76169e685c7e3c790b0ee0eed2a75
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[bb8e8f427f63632be055460d40088cd26c7ca905] x86/resctrl: Fix potential memory leak
testing commit bb8e8f427f63632be055460d40088cd26c7ca905 with gcc (GCC) 8.1.0
kernel signature: 54adb3935b6495c335ab632f97eea3c578af2135428cb42addbd4f67bac93316
all runs: OK
# git bisect bad bb8e8f427f63632be055460d40088cd26c7ca905
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[ac13a00acd3f108179ee944e7805643f4410c35c] scsi: fnic: fix invalid stack access
testing commit ac13a00acd3f108179ee944e7805643f4410c35c with gcc (GCC) 8.1.0
kernel signature: 2958dcca755e5f7677ef99a8bf2f4b29ac5c5b67885e95853c47a963495d6443
all runs: crashed: KASAN: use-after-free Read in snd_timer_resolution
# git bisect good ac13a00acd3f108179ee944e7805643f4410c35c
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[8d9fd1f4aee052b031b9cc03a645991ab190b2cc] Fix built-in early-load Intel microcode alignment
testing commit 8d9fd1f4aee052b031b9cc03a645991ab190b2cc with gcc (GCC) 8.1.0
kernel signature: 231b7515b3f3dce492f86c3026cd97b9fde713b9a7b5db45e66df823b6425678
all runs: OK
# git bisect bad 8d9fd1f4aee052b031b9cc03a645991ab190b2cc
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[6a75df0c648dff084d889d99dd186f96dce2f976] ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection
testing commit 6a75df0c648dff084d889d99dd186f96dce2f976 with gcc (GCC) 8.1.0
kernel signature: a22209a21fd96baf9b04417c3c5c8287379db7e84cf6a0d95d3a7263074cbb4f
all runs: crashed: KASAN: use-after-free Read in snd_timer_resolution
# git bisect good 6a75df0c648dff084d889d99dd186f96dce2f976
Bisecting: 2 revisions left to test after this (roughly 1 step)
[20f2e4c228c712158113583947f4e16691e951f6] ALSA: seq: Fix racy access for queue timer in proc read
testing commit 20f2e4c228c712158113583947f4e16691e951f6 with gcc (GCC) 8.1.0
kernel signature: 75c333adb42e029105941f1bf9fd0e1a4f8baf3b4a8b18c773f8f18d8868800c
all runs: OK
# git bisect bad 20f2e4c228c712158113583947f4e16691e951f6
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e68bc5ef7dcb69fbd3009914129e2c1ddda58a6b] ALSA: dice: fix fallback from protocol extension into limited functionality
testing commit e68bc5ef7dcb69fbd3009914129e2c1ddda58a6b with gcc (GCC) 8.1.0
kernel signature: db51a603fbd8b4ed09d5e02d3d48bec47342f64a5c00f7749ea66a63029314ac
all runs: crashed: KASAN: use-after-free Read in snd_timer_resolution
# git bisect good e68bc5ef7dcb69fbd3009914129e2c1ddda58a6b
20f2e4c228c712158113583947f4e16691e951f6 is the first bad commit
commit 20f2e4c228c712158113583947f4e16691e951f6
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jan 15 21:37:33 2020 +0100

    ALSA: seq: Fix racy access for queue timer in proc read
    
    commit 60adcfde92fa40fcb2dbf7cc52f9b096e0cd109a upstream.
    
    snd_seq_info_timer_read() reads the information of the timer assigned
    for each queue, but it's done in a racy way which may lead to UAF as
    spotted by syzkaller.
    
    This patch applies the missing q->timer_mutex lock while accessing the
    timer object as well as a slight code change to adapt the standard
    coding style.
    
    Reported-by: syzbot+2b2ef983f973e5c40943@syzkaller.appspotmail.com
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/20200115203733.26530-1-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 sound/core/seq/seq_timer.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)
culprit signature: 75c333adb42e029105941f1bf9fd0e1a4f8baf3b4a8b18c773f8f18d8868800c
parent  signature: db51a603fbd8b4ed09d5e02d3d48bec47342f64a5c00f7749ea66a63029314ac
revisions tested: 12, total time: 3h35m55.938204673s (build: 1h50m43.488492544s, test: 1h43m17.272892141s)
first good commit: 20f2e4c228c712158113583947f4e16691e951f6 ALSA: seq: Fix racy access for queue timer in proc read
cc: ["alsa-devel@alsa-project.org" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "perex@perex.cz" "tiwai@suse.com" "tiwai@suse.de"]