bisecting fixing commit since 174651bdf802a2139065e8e31ce950e2f3fc4a94
building syzkaller on 0ecb9746a701be4544b845514a31a21cce92cc79
testing commit 174651bdf802a2139065e8e31ce950e2f3fc4a94 with gcc (GCC) 8.1.0
kernel signature: b9555a697803f759594171c4ea9563f15c568953
run #0: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #1: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #2: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #3: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #4: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #5: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #6: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #7: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #8: OK
run #9: OK
testing current HEAD c7ecf3e3a71c216327980f26b1e895ce9b07ad31
testing commit c7ecf3e3a71c216327980f26b1e895ce9b07ad31 with gcc (GCC) 8.1.0
kernel signature: 0433b51f363a716bd690646cf372ab3f1622e234
all runs: OK
# git bisect start c7ecf3e3a71c216327980f26b1e895ce9b07ad31 174651bdf802a2139065e8e31ce950e2f3fc4a94
Bisecting: 500 revisions left to test after this (roughly 9 steps)
[b6f4e1caf426b1978c1afdbade18d094aed4e3ce] firmware: qcom: scm: fix compilation error when disabled
testing commit b6f4e1caf426b1978c1afdbade18d094aed4e3ce with gcc (GCC) 8.1.0
kernel signature: 8ffe78d9380b3125acb97af64b3502ad85b52468
all runs: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
# git bisect good b6f4e1caf426b1978c1afdbade18d094aed4e3ce
Bisecting: 250 revisions left to test after this (roughly 8 steps)
[848fd6b17926703648a2c77933a3713163e875e4] mmc: block: Make card_busy_detect() a bit more generic
testing commit 848fd6b17926703648a2c77933a3713163e875e4 with gcc (GCC) 8.1.0
kernel signature: ed8817e78243c299f4ce5d5abd0e4eb8928bceff
all runs: OK
# git bisect bad 848fd6b17926703648a2c77933a3713163e875e4
Bisecting: 124 revisions left to test after this (roughly 7 steps)
[7c07d0267364194aae9786ec0b3d70a65c83329b] hwrng: omap - Fix RNG wait loop timeout
testing commit 7c07d0267364194aae9786ec0b3d70a65c83329b with gcc (GCC) 8.1.0
kernel signature: c53247e69b55225009b5d979506d55cfe8a9d59a
all runs: OK
# git bisect bad 7c07d0267364194aae9786ec0b3d70a65c83329b
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[af0174a63c45bd25c7fd7ece5f93e5f166256d1c] binder: Handle start==NULL in binder_update_page_range()
testing commit af0174a63c45bd25c7fd7ece5f93e5f166256d1c with gcc (GCC) 8.1.0
kernel signature: e334eae71e90c5941955f77d5fab0324e06df951
all runs: OK
# git bisect bad af0174a63c45bd25c7fd7ece5f93e5f166256d1c
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[28655c632ee0090ae01576e234118ee983a4afa3] xfrm interface: fix memory leak on creation
testing commit 28655c632ee0090ae01576e234118ee983a4afa3 with gcc (GCC) 8.1.0
kernel signature: 15ca17093dbc532d0a63728024a74c65d1232798
all runs: OK
# git bisect bad 28655c632ee0090ae01576e234118ee983a4afa3
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[742f2319cbd61d9a051f532ad8c83bb33b48f442] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
testing commit 742f2319cbd61d9a051f532ad8c83bb33b48f442 with gcc (GCC) 8.1.0
kernel signature: 1afa5323811aa5da77d1807b96c5e94fc5a2de2d
run #0: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #1: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #2: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #3: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #4: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #5: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #6: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #7: OK
run #8: OK
run #9: OK
# git bisect good 742f2319cbd61d9a051f532ad8c83bb33b48f442
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[2ef2441c49859001d562b1c40635d4d7bc74f758] Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus
testing commit 2ef2441c49859001d562b1c40635d4d7bc74f758 with gcc (GCC) 8.1.0
kernel signature: c2611e1bd0d9bd35e507e4023681e9e9de24dc83
all runs: OK
# git bisect bad 2ef2441c49859001d562b1c40635d4d7bc74f758
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[fa77bf0cf96c54de226463a6fe9d8dd4be5c115a] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
testing commit fa77bf0cf96c54de226463a6fe9d8dd4be5c115a with gcc (GCC) 8.1.0
kernel signature: e42cb28eec03889a6f65833597b26fc20f2e741b
run #0: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #1: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #2: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #3: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #4: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #5: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good fa77bf0cf96c54de226463a6fe9d8dd4be5c115a
Bisecting: 1 revision left to test after this (roughly 1 step)
[c6bebccd3c6293e49a291a3339f1230b3e49630a] ALSA: pcm: oss: Avoid potential buffer overflows
testing commit c6bebccd3c6293e49a291a3339f1230b3e49630a with gcc (GCC) 8.1.0
kernel signature: 8ed64b771c947055653c34aa8dd4df0052851cc9
all runs: OK
# git bisect bad c6bebccd3c6293e49a291a3339f1230b3e49630a
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f9f56eb9c8412fa62131e6ed0ac8cb7ab7d15d77] ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
testing commit f9f56eb9c8412fa62131e6ed0ac8cb7ab7d15d77 with gcc (GCC) 8.1.0
kernel signature: d7ac5d892496087a4674c013ba90d3cd8c5f090b
run #0: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #1: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #2: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #3: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #4: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #5: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #6: crashed: KASAN: slab-out-of-bounds Read in linear_transfer
run #7: OK
run #8: OK
run #9: OK
# git bisect good f9f56eb9c8412fa62131e6ed0ac8cb7ab7d15d77
c6bebccd3c6293e49a291a3339f1230b3e49630a is the first bad commit
commit c6bebccd3c6293e49a291a3339f1230b3e49630a
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Dec 4 15:48:24 2019 +0100

    ALSA: pcm: oss: Avoid potential buffer overflows
    
    commit 4cc8d6505ab82db3357613d36e6c58a297f57f7c upstream.
    
    syzkaller reported an invalid access in PCM OSS read, and this seems
    to be an overflow of the internal buffer allocated for a plugin.
    Since the rate plugin adjusts its transfer size dynamically, the
    calculation for the chained plugin might be bigger than the given
    buffer size in some extreme cases, which lead to such an buffer
    overflow as caught by KASAN.
    
    Fix it by limiting the max transfer size properly by checking against
    the destination size in each plugin transfer callback.
    
    Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 sound/core/oss/linear.c | 2 ++
 sound/core/oss/mulaw.c  | 2 ++
 sound/core/oss/route.c  | 2 ++
 3 files changed, 6 insertions(+)
culprit signature: 8ed64b771c947055653c34aa8dd4df0052851cc9
parent  signature: d7ac5d892496087a4674c013ba90d3cd8c5f090b
revisions tested: 12, total time: 4h0m47.524975474s (build: 1h47m0.956229173s, test: 2h12m1.807393669s)
first good commit: c6bebccd3c6293e49a291a3339f1230b3e49630a ALSA: pcm: oss: Avoid potential buffer overflows
cc: ["alsa-devel@alsa-project.org" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "perex@perex.cz" "tiwai@suse.com" "tiwai@suse.de"]