KASAN: use-after-free Read in si470x_int_in

KASAN: use-after-free Read in si470x_int_in_callback (2)
Status: upstream: reported C repro on 2019/10/18 14:53
Reported-by: syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com
First crash: 941d, last: 1d09h

Cause bisection: failed (bisect log)

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in si470x_int_in_callback	C			25	953d	1042d	14/22	fixed on 2019/10/15 23:40

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2019/12/04 15:03	17m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	OK
2019/11/28 11:10	11m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	report log
2019/11/27 18:07	16m	stern@rowland.harvard.edu	patch	https://github.com/google/kasan.git 22be26f7	OK
2019/11/27 10:27	11m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	report log
2019/11/21 12:01	14m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	report log
2019/11/20 10:32	12m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	report log
2019/11/18 13:44	9m	oneukum@suse.com	patch	https://github.com/google/kasan.git 22be26f7	report log

Sample crash report:

radio-si470x 1-1:0.0: non-zero urb status (-71)
==================================================================
BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
Read of size 8 at addr ffff88801dc94b48 by task kworker/0:1/14

CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 5.18.0-rc2-syzkaller-00351-ga2c29ccd9477 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313
 print_report mm/kasan/report.c:429 [inline]
 kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491
 si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1747
 dummy_timer+0x11f9/0x32b0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:200
Code: 48 89 ef 5d e9 c1 ec 4a 00 5d be 03 00 00 00 e9 96 bb 74 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 54 89 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffffc90000136f58 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888010f09d00 RSI: ffffffff815fd568 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff90033907
R10: ffffffff815fd55e R11: 0000000000000000 R12: ffffffff84e254b0
R13: 0000000000000200 R14: ffffc90000136fb8 R15: dffffc0000000000
 console_unlock+0x82e/0xdd0 kernel/printk/printk.c:2779
 vprintk_emit+0x1b4/0x5f0 kernel/printk/printk.c:2272
 vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
 _printk+0xba/0xed kernel/printk/printk.c:2293
 call_driver_probe drivers/base/dd.c:558 [inline]
 really_probe.cold+0xb1/0x17a drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>

Allocated by task 14:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:436 [inline]
 ____kasan_kmalloc mm/kasan/common.c:515 [inline]
 ____kasan_kmalloc mm/kasan/common.c:474 [inline]
 __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
 kmalloc include/linux/slab.h:581 [inline]
 kzalloc include/linux/slab.h:714 [inline]
 si470x_usb_driver_probe+0x51/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:573
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298

Freed by task 14:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track+0x21/0x30 mm/kasan/common.c:45
 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
 ____kasan_slab_free mm/kasan/common.c:366 [inline]
 ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1728 [inline]
 slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1754
 slab_free mm/slub.c:3510 [inline]
 kfree+0xd6/0x4d0 mm/slub.c:4552
 si470x_usb_driver_probe+0xb3d/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:760
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298

The buggy address belongs to the object at ffff88801dc94000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2888 bytes inside of
 4096-byte region [ffff88801dc94000, ffff88801dc95000)

The buggy address belongs to the physical page:
page:ffffea0000772400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dc90
head:ffffea0000772400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3591, tgid 3591 (udevd), ts 36430954443, free_ts 35772194595
 prep_new_page mm/page_alloc.c:2441 [inline]
 get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408
 alloc_pages+0x1aa/0x310 mm/mempolicy.c:2272
 alloc_slab_page mm/slub.c:1799 [inline]
 allocate_slab+0x26c/0x3c0 mm/slub.c:1944
 new_slab mm/slub.c:2004 [inline]
 ___slab_alloc+0x8df/0xf20 mm/slub.c:3005
 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092
 slab_alloc_node mm/slub.c:3183 [inline]
 slab_alloc mm/slub.c:3225 [inline]
 __kmalloc+0x318/0x350 mm/slub.c:4410
 kmalloc include/linux/slab.h:586 [inline]
 kernfs_file_read_iter fs/kernfs/file.c:190 [inline]
 kernfs_fop_read_iter+0x4ef/0x6f0 fs/kernfs/file.c:237
 call_read_iter include/linux/fs.h:2044 [inline]
 new_sync_read+0x384/0x5f0 fs/read_write.c:401
 vfs_read+0x492/0x5d0 fs/read_write.c:482
 ksys_read+0x127/0x250 fs/read_write.c:620
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1356 [inline]
 free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1406
 free_unref_page_prepare mm/page_alloc.c:3328 [inline]
 free_unref_page+0x19/0x6a0 mm/page_alloc.c:3423
 __unfreeze_partials+0x17c/0x1a0 mm/slub.c:2523
 qlink_free mm/kasan/quarantine.c:157 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446
 kasan_slab_alloc include/linux/kasan.h:224 [inline]
 slab_post_alloc_hook mm/slab.h:749 [inline]
 slab_alloc_node mm/slub.c:3217 [inline]
 slab_alloc mm/slub.c:3225 [inline]
 __kmalloc+0x200/0x350 mm/slub.c:4410
 kmalloc include/linux/slab.h:586 [inline]
 tomoyo_add_entry security/tomoyo/common.c:2022 [inline]
 tomoyo_supervisor+0xce6/0xf00 security/tomoyo/common.c:2094
 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline]
 tomoyo_path_number_perm+0x419/0x590 security/tomoyo/file.c:734
 security_file_ioctl+0x50/0xb0 security/security.c:1557
 __do_sys_ioctl fs/ioctl.c:864 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0xb3/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Memory state around the buggy address:
 ffff88801dc94a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801dc94a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88801dc94b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                              ^
 ffff88801dc94b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801dc94c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
----------------
Code disassembly (best guess):
   0:	48 89 ef             	mov    %rbp,%rdi
   3:	5d                   	pop    %rbp
   4:	e9 c1 ec 4a 00       	jmpq   0x4aecca
   9:	5d                   	pop    %rbp
   a:	be 03 00 00 00       	mov    $0x3,%esi
   f:	e9 96 bb 74 02       	jmpq   0x274bbaa
  14:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  1a:	48 8b be a8 01 00 00 	mov    0x1a8(%rsi),%rdi
  21:	e8 b4 ff ff ff       	callq  0xffffffda
  26:	31 c0                	xor    %eax,%eax
  28:	c3                   	retq
  29:	90                   	nop
* 2a:	65 8b 05 39 54 89 7e 	mov    %gs:0x7e895439(%rip),%eax        # 0x7e89546a <-- trapping instruction
  31:	89 c1                	mov    %eax,%ecx
  33:	48 8b 34 24          	mov    (%rsp),%rsi
  37:	81 e1 00 01 00 00    	and    $0x100,%ecx
  3d:	65                   	gs
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-selinux-root	2021/10/14 14:17	upstream	348949d9a444	f415556d	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/09/14 13:56	upstream	d0ee23f9d78b	f415556d	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/08/15 13:15	upstream	0aa78d17099b	f415556d	.config	log	report	syz	C

Crashes (5897):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2022/04/17 23:50	upstream	a2c29ccd9477	8bcc32a6	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream	2022/03/27 17:32	upstream	f022814633e1	89bc8608	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream	2022/03/27 00:43	upstream	52d543b5497c	89bc8608	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream	2022/03/21 09:48	upstream	f443e374ae13	e2d91b1d	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2021/12/29 00:31	upstream	ecf71de775a0	76c8cf06	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root	2021/10/15 19:03	upstream	ec681c53f8d2	0c5d9412	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root	2021/07/13 09:44	upstream	7fef2edf7cc7	f415556d	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root	2021/06/04 18:54	upstream	f88cd3fb9df2	966a236b	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root	2021/06/02 19:02	upstream	231bc5390667	0740de69	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root	2021/05/30 09:40	upstream	6799d4f2da49	325a8dab	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2021/05/29 13:37	upstream	5ff2756afde0	858ea628	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root	2021/05/29 08:33	upstream	5ff2756afde0	858ea628	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root	2021/05/26 12:52	upstream	ad9f25d33860	54f0bcf1	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream	2021/02/17 02:27	upstream	f40ddce88593	98682e5e	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream	2021/02/16 13:48	upstream	f40ddce88593	98682e5e	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2022/01/01 18:56	linux-next	ea586a076e8a	e1768e9c	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2021/06/26 02:04	linux-next	a1f92694393a	ae6bf8dd	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2021/06/23 10:03	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2021/06/20 01:53	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2020/12/12 02:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	a256e24021bf	bca53db9	.config	log	report	syz	C
ci2-upstream-usb	2020/12/10 10:10	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8010622c86ca	c090b4da	.config	log	report	syz	C
ci2-upstream-usb	2020/06/20 17:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f8f02d5c671f	c655ec77	.config	log	report	syz	C
ci2-upstream-usb	2020/06/19 21:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f8f02d5c671f	123cf502	.config	log	report	syz	C
ci2-upstream-usb	2020/06/08 21:13	https://github.com/google/kasan.git usb-fuzzer	2089c6ed5a17	7604bb03	.config	log	report	syz	C
ci2-upstream-usb	2020/05/14 03:37	https://github.com/google/kasan.git usb-fuzzer	059e7e0ff26c	a885920d	.config	log	report	syz	C
ci2-upstream-usb	2020/03/24 19:22	https://github.com/google/kasan.git usb-fuzzer	e17994d1e7b1	68660b21	.config	log	report	syz	C
ci2-upstream-usb	2020/03/23 17:45	https://github.com/google/kasan.git usb-fuzzer	e17994d1e7b1	84f999d6	.config	log	report	syz	C
ci2-upstream-usb	2020/03/21 12:07	https://github.com/google/kasan.git usb-fuzzer	e17994d1e7b1	aa6c6a55	.config	log	report	syz	C
ci2-upstream-usb	2020/03/10 13:03	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	35f53e45	.config	log	report	syz	C
ci2-upstream-usb	2020/03/08 01:06	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	2e9971bb	.config	log	report	syz	C
ci2-upstream-usb	2020/03/06 17:49	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	7fb694ef	.config	log	report	syz	C
ci2-upstream-usb	2020/03/02 07:48	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	4a4e0509	.config	log	report	syz	C
ci2-upstream-usb	2020/02/29 01:27	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	c88c7b75	.config	log	report	syz	C
ci2-upstream-usb	2020/02/28 19:34	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	c88c7b75	.config	log	report	syz	C
ci2-upstream-usb	2020/02/27 09:21	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	40bcfdd5	.config	log	report	syz	C
ci2-upstream-usb	2020/02/26 21:51	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	251aabb7	.config	log	report	syz	C
ci2-upstream-usb	2020/02/24 18:14	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	1253d6f0	.config	log	report	syz	C
ci2-upstream-usb	2020/02/10 19:43	https://github.com/google/kasan.git usb-fuzzer	e5cd56e94edd	d9e55b05	.config	log	report	syz	C
ci2-upstream-usb	2020/02/07 21:07	https://github.com/google/kasan.git usb-fuzzer	e5cd56e94edd	06150bf1	.config	log	report	syz	C
ci2-upstream-usb	2020/01/23 00:22	https://github.com/google/kasan.git usb-fuzzer	4cc301ee04d9	3334d684	.config	log	report	syz	C
ci2-upstream-usb	2019/12/20 00:05	https://github.com/google/kasan.git usb-fuzzer	ecdf2214f472	36650b4b	.config	log	report	syz	C
ci2-upstream-usb	2019/12/16 20:59	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	0ae38e44	.config	log	report	syz	C
ci2-upstream-usb	2019/12/12 20:53	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	08003f64	.config	log	report	syz	C
ci2-upstream-usb	2019/12/11 15:49	https://github.com/google/kasan.git usb-fuzzer	a38cc9afab8a	0d368675	.config	log	report	syz	C
ci2-upstream-usb	2019/10/18 11:53	https://github.com/google/kasan.git usb-fuzzer	22be26f76193	8c88c9c1	.config	log	report	syz	C
ci-upstream-kasan-gce	2022/05/15 19:49	upstream	bc403203d65a	744a39e2	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/05/15 18:17	upstream	bc403203d65a	744a39e2	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/18 11:23	upstream	b2d229d4ddb1	8bcc32a6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/17 23:17	upstream	a2c29ccd9477	8bcc32a6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/17 08:23	upstream	90ea17a9e27b	8bcc32a6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/15 04:27	upstream	b9b4c79e5830	b17b2923	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root	2022/04/13 01:03	upstream	ce522ba9ef7e	dacb3f1c	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/10 16:39	upstream	e1f700ebd6be	e22c3da3	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/09 10:18	upstream	6c7376da2358	e22c3da3	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/08 08:33	upstream	42e7a03d3bad	c6ff3e05	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/08 06:07	upstream	42e7a03d3bad	c6ff3e05	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/07 19:17	upstream	3e732ebf7316	c6ff3e05	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/07 14:22	upstream	3e732ebf7316	c6ff3e05	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/07 01:53	upstream	3e732ebf7316	97582466	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/06 23:05	upstream	3e732ebf7316	97582466	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/06 06:28	upstream	ce4c854ee868	0127c10f	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/04 19:21	upstream	312310928417	5915c2cb	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/04 08:55	upstream	09bb8856d4a7	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/04/03 18:09	upstream	be2d3ecedd99	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root	2022/04/02 18:30	upstream	88e6c0207623	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root	2022/03/29 22:00	upstream	1930a6e739c4	6bdac766	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/03/26 12:11	upstream	52d543b5497c	89bc8608	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/03/25 04:55	upstream	52deda9551a0	89bc8608	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/03/21 21:06	upstream	f443e374ae13	e2d91b1d	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/03/21 12:27	upstream	f443e374ae13	e2d91b1d	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce	2022/03/21 02:03	upstream	f443e374ae13	e2d91b1d	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-386	2022/03/13 18:55	upstream	aad611a868d1	9e8eaa75	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/27 02:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ef94b2664a25	1fa34c1b	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/26 19:50	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ef94b2664a25	1fa34c1b	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/26 17:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	1fa34c1b	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/26 09:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	1fa34c1b	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/26 05:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	152baedd	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/25 20:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	152baedd	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/23 23:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	131df97d	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/23 11:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bdddc253b093	131df97d	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/22 10:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	5c29e8649997	2738b391	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/22 07:00	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	5c29e8649997	2738b391	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/19 15:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	312310928417	33fc6ed6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/17 11:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	312310928417	8bcc32a6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2022/04/05 02:34	linux-next	696206280c5e	5915c2cb	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/04 16:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	312310928417	5915c2cb	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/03 06:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e8b767f5e040	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root	2022/04/02 17:16	linux-next	e5071887cd22	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/02 11:11	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e8b767f5e040	79a2a8fc	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/01 10:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d888c83fcec7	68fc921a	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/04/01 06:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d888c83fcec7	68fc921a	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/30 21:52	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d888c83fcec7	42718dd6	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/28 22:05	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae085d7f9365	6bdac766	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/26 20:14	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	46d2c20b0b10	89bc8608	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/25 21:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	46d2c20b0b10	89bc8608	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/25 10:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	46d2c20b0b10	89bc8608	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/23 12:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	46d2c20b0b10	5ff41e94	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2022/03/23 11:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	46d2c20b0b10	5ff41e94	.config	log	report			info	KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb	2021/01/10 06:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	841081d89d5a	2c1f2513	.config	log	report			info