KASAN: use-after-free Read in ath9k_hif_usb_rx

KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2)
Status: upstream: reported C repro on 2020/11/16 17:09
Reported-by: syzbot+03110230a11411024147@syzkaller.appspotmail.com
First crash: 432d, last: now

Cause bisection: introduced by (bisect log) :
commit dcd479e10a0510522a5d88b29b8f79ea3467d501
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Oct 9 12:17:11 2020 +0000

mac80211: always wind down STA state

Crash: BUG: sleeping function called from invalid context in sta_info_move_state (log)
Repro: C syz .config

duplicates (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)	C	error		1131	14m	542d	0/22	closed as dup on 2021/01/13 11:30

similar bugs (4):
Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb	C		2849	433d	668d	17/22	fixed on 2020/11/16 12:12
upstream	KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3)	C	unreliable	7	9d16h	382d	0/22	upstream: reported C repro on 2021/01/05 16:03
upstream	KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)	C	error	1131	14m	542d	0/22	closed as dup on 2021/01/13 11:30
upstream	general protection fault in ath9k_hif_usb_rx_cb (2)	C	error	1379	1d07h	554d	0/22	upstream: reported C repro on 2020/07/17 18:56

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/08/04 18:57	18m	paskripkin@gmail.com	patch	upstream	OK
2021/06/17 21:59	14m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/06/17 17:38	16m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/06/17 12:27	12m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/03/12 08:39	9m	mail@anirudhrb.com		linux-next	report log

Sample crash report:

==================================================================
BUG: KASAN: use-after-free in ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:636 [inline]
BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xe36/0x10b0 drivers/net/wireless/ath/ath9k/hif_usb.c:680
Read of size 4 at addr ffff88801cbec278 by task swapper/1/0

CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.16.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247
 __kasan_report mm/kasan/report.c:433 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:450
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:636 [inline]
 ath9k_hif_usb_rx_cb+0xe36/0x10b0 drivers/net/wireless/ath/ath9k/hif_usb.c:680
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1726
 dummy_timer+0x11f9/0x32b0 drivers/usb/gadget/udc/dummy_hcd.c:1987
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:110 [inline]
RIP: 0010:acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553
Code: 89 de e8 ad b5 30 f8 84 db 75 ac e8 c4 b1 30 f8 e8 af f1 36 f8 eb 0c e8 b8 b1 30 f8 0f 00 2d 91 35 ca 00 e8 ac b1 30 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 27 b4 30 f8 48 85 db
RSP: 0018:ffffc90000d57d18 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888010e85700 RSI: ffffffff8946e694 RDI: 0000000000000000
RBP: ffff888011a79864 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff817dd868 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888011a79800 R14: ffff888011a79864 R15: ffff88801830d004
 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:688
 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351
 call_cpuidle kernel/sched/idle.c:158 [inline]
 cpuidle_idle_call kernel/sched/idle.c:239 [inline]
 do_idle+0x3e8/0x590 kernel/sched/idle.c:306
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:403
 start_secondary+0x265/0x340 arch/x86/kernel/smpboot.c:272
 secondary_startup_64_no_verify+0xb0/0xbb
 </TASK>

The buggy address belongs to the page:
page:ffffea000072fb00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cbec
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 ffffea000072fb08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 2507, ts 50589008206, free_ts 51674800893
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 alloc_pages+0x1a7/0x300 mm/mempolicy.c:2190
 kmalloc_order+0x34/0xf0 mm/slab_common.c:949
 kmalloc_order_trace+0x14/0x120 mm/slab_common.c:965
 kmalloc include/linux/slab.h:595 [inline]
 kzalloc include/linux/slab.h:724 [inline]
 wiphy_new_nm+0x6f0/0x1e40 net/wireless/core.c:449
 ieee80211_alloc_hw_nm+0x373/0x2270 net/mac80211/main.c:585
 ieee80211_alloc_hw include/net/mac80211.h:4315 [inline]
 ath9k_htc_probe_device+0x97/0x1f00 drivers/net/wireless/ath/ath9k/htc_drv_init.c:939
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1022
 process_one_work+0x9b2/0x1660 kernel/workqueue.c:2298
 worker_thread+0x65d/0x1130 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1338 [inline]
 free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 device_release+0x9f/0x240 drivers/base/core.c:2230
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1c8/0x540 lib/kobject.c:753
 put_device+0x1b/0x30 drivers/base/core.c:3501
 ath9k_htc_probe_device+0x1c7/0x1f00 drivers/net/wireless/ath/ath9k/htc_drv_init.c:976
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1022
 process_one_work+0x9b2/0x1660 kernel/workqueue.c:2298
 worker_thread+0x65d/0x1130 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Memory state around the buggy address:
 ffff88801cbec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88801cbec180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88801cbec200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                ^
 ffff88801cbec280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88801cbec300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
----------------
Code disassembly (best guess):
   0:	89 de                	mov    %ebx,%esi
   2:	e8 ad b5 30 f8       	callq  0xf830b5b4
   7:	84 db                	test   %bl,%bl
   9:	75 ac                	jne    0xffffffb7
   b:	e8 c4 b1 30 f8       	callq  0xf830b1d4
  10:	e8 af f1 36 f8       	callq  0xf836f1c4
  15:	eb 0c                	jmp    0x23
  17:	e8 b8 b1 30 f8       	callq  0xf830b1d4
  1c:	0f 00 2d 91 35 ca 00 	verw   0xca3591(%rip)        # 0xca35b4
  23:	e8 ac b1 30 f8       	callq  0xf830b1d4
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	9c                   	pushfq <-- trapping instruction
  2b:	5b                   	pop    %rbx
  2c:	81 e3 00 02 00 00    	and    $0x200,%ebx
  32:	fa                   	cli
  33:	31 ff                	xor    %edi,%edi
  35:	48 89 de             	mov    %rbx,%rsi
  38:	e8 27 b4 30 f8       	callq  0xf830b464
  3d:	48 85 db             	test   %rbx,%rbx

Crashes (17583):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2022/01/08 12:01	upstream	d1587f7bfe9a	2ca0d385	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2022/01/07 19:57	upstream	ddec8ed2d490	2ca0d385	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2022/01/05 09:44	upstream	c9e6606c7fe9	0a2584dd	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2022/01/04 10:16	upstream	c9e6606c7fe9	7f723fbe	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/31 10:48	upstream	74c78b4291b4	36bd2e48	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/28 12:23	upstream	a8ad9a2434dc	6b3c5e64	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/27 15:27	upstream	fc74e0a40e4f	5140bd58	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/26 15:19	upstream	438645193e59	e4f103c4	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/25 10:46	upstream	b927dfc67d05	6caa12e4	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/12/14 07:15	upstream	5472f14a3742	5d14b1ea	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/10/25 18:08	upstream	87066fdd2e30	4f0000ee	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/10/24 07:23	upstream	9c0c4d24ac00	282f03fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/30 21:22	upstream	7d2a07b76933	8f58a0ef	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/08/19 16:10	upstream	d6d09a694205	a2fe1cb5	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/09 13:04	upstream	66745863ecde	6972b106	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/06 22:32	upstream	902e7f373fff	f9e341e3	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/06 17:38	upstream	902e7f373fff	f9e341e3	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/04 06:26	upstream	d5ad8ec3cfb5	6c236867	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/07/22 10:53	upstream	7b6ae471e541	29c3f20f	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/07/13 00:48	upstream	7fef2edf7cc7	f415556d	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/07/09 00:44	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/07/08 23:42	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/25 20:33	upstream	44db63d1ad8d	ae6bf8dd	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/25 08:35	upstream	4a09d388f2ab	0edbbe31	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/06/17 11:49	upstream	6b00bc639f1f	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/03/05 10:27	upstream	cee407c5cc42	9d751681	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/07 18:11	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	601a5bc1aeef	2ca0d385	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/07 16:08	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	601a5bc1aeef	2ca0d385	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2022/01/07 14:33	linux-next	3770333b3f8c	6acc789a	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/04 05:57	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0f663729bb4a	7f723fbe	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/12/28 11:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ce1d37cb7697	6b3c5e64	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/12/27 10:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ce1d37cb7697	e4f103c4	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/12/13 17:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c45479ecd0c2	0304899b	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/12/12 10:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d598c3c46ea6	49ca1f59	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/12/12 00:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d598c3c46ea6	49ca1f59	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/10/18 04:06	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	660a92a59b9e	0c5d9412	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/08/09 13:56	linux-next	7999516e20bd	6972b106	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/19 08:50	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/19 05:29	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/16 16:26	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/07/07 16:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7756f1d6369e	4846d5c1	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/03 03:11	linux-next	a1f92694393a	55aa55c2	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-386	2020/11/18 16:30	upstream	0fa8ee0d9ab9	09323409	.config	log	report	syz	C
ci2-upstream-usb	2021/01/11 08:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	841081d89d5a	2c1f2513	.config	log	report	syz	C
ci2-upstream-usb	2020/11/16 16:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0fb2c41f992c	1bf9a662	.config	log	report	syz	C
ci2-upstream-usb	2021/12/07 16:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d598c3c46ea6	0230ba3e	.config	log	report	syz			KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2022/01/23 12:13	upstream	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2022/01/22 03:38	upstream	9b57f4589857	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2022/01/15 07:34	upstream	112450df61b7	723cfaf0	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2022/01/08 15:42	upstream	d1587f7bfe9a	2ca0d385	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-qemu-upstream	2021/06/20 07:55	upstream	913ec3c22ef4	aba2b2fb	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-386	2022/01/12 09:48	upstream	6f38be8f2ccd	44d1319a	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 11:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e783362eb54c	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 10:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 09:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 09:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 08:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 07:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 06:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 05:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 04:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 03:47	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 02:46	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 01:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/23 00:38	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 23:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 22:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 21:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 20:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 20:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 19:14	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 17:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 16:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 16:28	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 15:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 14:10	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 13:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1c52283265a4	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 12:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 11:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 11:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 10:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 09:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 08:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 06:59	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 05:59	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 05:55	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 04:52	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 03:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 01:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/22 00:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/21 23:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/21 23:42	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/21 22:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2022/01/21 21:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	c2c94b3b187d	214351e1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2022/01/18 13:20	linux-next	6f59bc242877	731a2d23	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2020/11/16 16:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0fb2c41f992c	1bf9a662	.config	log	report			info