KASAN: use-after-free Read in ath9k_hif_usb_rx

KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2)
Status: upstream: reported C repro on 2020/11/16 17:09
Reported-by: syzbot+03110230a11411024147@syzkaller.appspotmail.com
First crash: 307d, last: 1h12m

Cause bisection: introduced by (bisect log) :
commit dcd479e10a0510522a5d88b29b8f79ea3467d501
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Oct 9 12:17:11 2020 +0000

mac80211: always wind down STA state

Crash: BUG: sleeping function called from invalid context in sta_info_move_state (log)
Repro: C syz .config

duplicates (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)	C	error		266	2d04h	417d	0/22	closed as dup on 2021/01/13 11:30

similar bugs (4):
Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb	C		2849	307d	542d	17/22	fixed on 2020/11/16 12:12
upstream	KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3)	C	unreliable	6	28d	257d	0/22	upstream: reported C repro on 2021/01/05 16:03
upstream	KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)	C	error	266	2d04h	417d	0/22	closed as dup on 2021/01/13 11:30
upstream	general protection fault in ath9k_hif_usb_rx_cb (2)	C	error	1132	2h17m	429d	0/22	upstream: reported C repro on 2020/07/17 18:56

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/08/04 18:57	18m	paskripkin@gmail.com	patch	upstream	OK
2021/06/17 21:59	14m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/06/17 17:38	16m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/06/17 12:27	12m	fuzzybritches0@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 009c9aa5be652675a06d5211e1640e02bbb1c33d	report log
2021/03/12 08:39	9m	mail@anirudhrb.com		linux-next	report log

Sample crash report:

==================================================================
BUG: KASAN: use-after-free in ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:589 [inline]
BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xd1e/0x10b0 drivers/net/wireless/ath/ath9k/hif_usb.c:680
Read of size 4 at addr ffff888041d54244 by task kworker/0:1/7

CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
 print_address_description.constprop.0.cold+0x6c/0x2d6 mm/kasan/report.c:233
 __kasan_report mm/kasan/report.c:419 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:436
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:589 [inline]
 ath9k_hif_usb_rx_cb+0xd1e/0x10b0 drivers/net/wireless/ath/ath9k/hif_usb.c:680
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1726
 dummy_timer+0x11f9/0x32b0 drivers/usb/gadget/udc/dummy_hcd.c:1987
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:197
Code: 01 f0 4d 89 03 e9 63 fd ff ff b9 ff ff ff ff ba 08 00 00 00 4d 8b 03 48 0f bd ca 49 8b 45 00 48 63 c9 e9 64 ff ff ff 0f 1f 00 <65> 8b 05 29 11 8d 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffffc90000edf950 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888011e2a1c0 RSI: ffffffff815c8793 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8fcdb8e7
R10: ffffffff815c8789 R11: 0000000000000000 R12: ffffffff84c52c40
R13: 0000000000000200 R14: dffffc0000000000 R15: ffffc90000edf9b0
 console_unlock+0x7c9/0xc40 kernel/printk/printk.c:2653
 vprintk_emit+0x1ca/0x560 kernel/printk/printk.c:2174
 vprintk+0x8d/0x260 kernel/printk/printk_safe.c:392
 printk+0xba/0xed kernel/printk/printk.c:2216
 ath9k_htc_hw_init.cold+0x17/0x1c drivers/net/wireless/ath/ath9k/htc_hst.c:504
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1083
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Allocated by task 7:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 ____kasan_kmalloc mm/kasan/common.c:472 [inline]
 __kasan_kmalloc+0xa1/0xd0 mm/kasan/common.c:522
 kasan_kmalloc include/linux/kasan.h:264 [inline]
 __do_kmalloc mm/slab.c:3702 [inline]
 __kmalloc+0x214/0x4d0 mm/slab.c:3711
 kmalloc include/linux/slab.h:596 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 wiphy_new_nm+0x6f0/0x1e20 net/wireless/core.c:449
 ieee80211_alloc_hw_nm+0x373/0x2270 net/mac80211/main.c:585
 ieee80211_alloc_hw include/net/mac80211.h:4285 [inline]
 ath9k_htc_probe_device+0x97/0x1e80 drivers/net/wireless/ath/ath9k/htc_drv_init.c:939
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1083
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Freed by task 7:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46
 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360
 ____kasan_slab_free mm/kasan/common.c:366 [inline]
 ____kasan_slab_free mm/kasan/common.c:328 [inline]
 __kasan_slab_free+0xd1/0x110 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 __cache_free mm/slab.c:3445 [inline]
 kfree+0x10a/0x2c0 mm/slab.c:3803
 device_release+0x9f/0x240 drivers/base/core.c:2192
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1c8/0x540 lib/kobject.c:753
 put_device+0x1b/0x30 drivers/base/core.c:3463
 ath9k_htc_probe_device+0x1c7/0x1e80 drivers/net/wireless/ath/ath9k/htc_drv_init.c:976
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1083
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

The buggy address belongs to the object at ffff888041d50000
 which belongs to the cache kmalloc-32k of size 32768
The buggy address is located 16964 bytes inside of
 32768-byte region [ffff888041d50000, ffff888041d58000)
The buggy address belongs to the page:
page:ffffea0001075400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41d50
head:ffffea0001075400 order:4 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 ffffea0001075008 ffff888010841d50 ffff888010840c00
raw: 0000000000000000 ffff888041d50000 0000000100000001 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 4, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 7, ts 82116224628, free_ts 0
 prep_new_page mm/page_alloc.c:2436 [inline]
 get_page_from_freelist+0xa72/0x2f80 mm/page_alloc.c:4168
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5390
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 kmem_getpages mm/slab.c:1377 [inline]
 cache_grow_begin+0x75/0x460 mm/slab.c:2593
 cache_alloc_refill+0x27f/0x380 mm/slab.c:2965
 ____cache_alloc mm/slab.c:3048 [inline]
 ____cache_alloc mm/slab.c:3031 [inline]
 __do_cache_alloc mm/slab.c:3275 [inline]
 slab_alloc mm/slab.c:3316 [inline]
 __do_kmalloc mm/slab.c:3700 [inline]
 __kmalloc+0x3d5/0x4d0 mm/slab.c:3711
 kmalloc include/linux/slab.h:596 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 wiphy_new_nm+0x6f0/0x1e20 net/wireless/core.c:449
 ieee80211_alloc_hw_nm+0x373/0x2270 net/mac80211/main.c:585
 ieee80211_alloc_hw include/net/mac80211.h:4285 [inline]
 ath9k_htc_probe_device+0x97/0x1e80 drivers/net/wireless/ath/ath9k/htc_drv_init.c:939
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1083
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888041d54100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888041d54180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888041d54200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff888041d54280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888041d54300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
----------------
Code disassembly (best guess):
   0:	01 f0                	add    %esi,%eax
   2:	4d 89 03             	mov    %r8,(%r11)
   5:	e9 63 fd ff ff       	jmpq   0xfffffd6d
   a:	b9 ff ff ff ff       	mov    $0xffffffff,%ecx
   f:	ba 08 00 00 00       	mov    $0x8,%edx
  14:	4d 8b 03             	mov    (%r11),%r8
  17:	48 0f bd ca          	bsr    %rdx,%rcx
  1b:	49 8b 45 00          	mov    0x0(%r13),%rax
  1f:	48 63 c9             	movslq %ecx,%rcx
  22:	e9 64 ff ff ff       	jmpq   0xffffff8b
  27:	0f 1f 00             	nopl   (%rax)
* 2a:	65 8b 05 29 11 8d 7e 	mov    %gs:0x7e8d1129(%rip),%eax        # 0x7e8d115a <-- trapping instruction
  31:	89 c1                	mov    %eax,%ecx
  33:	48 8b 34 24          	mov    (%rsp),%rsi
  37:	81 e1 00 01 00 00    	and    $0x100,%ecx
  3d:	65                   	gs
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (5440):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-selinux-root	2021/08/30 21:22	upstream	7d2a07b76933	8f58a0ef	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/08/19 16:10	upstream	d6d09a694205	a2fe1cb5	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/09 13:04	upstream	66745863ecde	6972b106	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/06 22:32	upstream	902e7f373fff	f9e341e3	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/06 17:38	upstream	902e7f373fff	f9e341e3	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/08/04 06:26	upstream	d5ad8ec3cfb5	6c236867	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/07/22 10:53	upstream	7b6ae471e541	29c3f20f	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/07/13 00:48	upstream	7fef2edf7cc7	f415556d	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/07/09 00:44	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/07/08 23:42	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/25 20:33	upstream	44db63d1ad8d	ae6bf8dd	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/25 08:35	upstream	4a09d388f2ab	0edbbe31	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/19 17:04	upstream	b1edae0d5f2e	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/06/17 11:49	upstream	6b00bc639f1f	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/06/14 08:42	upstream	e4e453434a19	1ba81399	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/04 11:50	upstream	f88cd3fb9df2	0740de69	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/03 00:22	upstream	324c92e5e0ee	0740de69	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/06/02 02:30	upstream	c2131f7e73c9	032639db	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/06/01 21:48	upstream	c2131f7e73c9	032639db	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/05/31 20:01	upstream	8124c8a6b353	032639db	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/05/30 11:34	upstream	6799d4f2da49	325a8dab	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/05/30 09:59	upstream	6799d4f2da49	325a8dab	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/05/30 07:57	upstream	6799d4f2da49	325a8dab	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/05/29 12:37	upstream	5ff2756afde0	858ea628	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/05/27 12:22	upstream	7ac3a1c1ae51	858ea628	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/05/27 10:22	upstream	7ac3a1c1ae51	858ea628	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/04/30 02:57	upstream	d2b6f8a17919	77e2b668	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/04/28 20:07	upstream	acd3d2859453	77e2b668	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/03/05 10:27	upstream	cee407c5cc42	9d751681	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/08/09 13:56	linux-next	7999516e20bd	6972b106	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/19 08:50	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/19 05:29	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/16 16:26	linux-next	c1a6d08348fc	f115ae98	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/07/07 16:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7756f1d6369e	4846d5c1	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/07/03 03:11	linux-next	a1f92694393a	55aa55c2	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/06/23 12:13	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/06/20 19:02	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/06/20 17:34	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/06/20 15:15	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/04/17 05:57	linux-next	1216f02e46a4	7e2b734b	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/04/14 08:09	linux-next	dcf1b51d6b2a	a184b83e	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-linux-next-kasan-gce-root	2021/04/11 23:48	linux-next	e99d8a849517	bfeda1b1	.config	log	report	syz	C		KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-386	2020/11/18 16:30	upstream	0fa8ee0d9ab9	09323409	.config	log	report	syz	C
ci2-upstream-usb	2021/01/11 08:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	841081d89d5a	2c1f2513	.config	log	report	syz	C
ci2-upstream-usb	2020/11/16 16:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0fb2c41f992c	1bf9a662	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/06/10 06:38	upstream	cd1245d75ce9	1ba81399	.config	log	report	syz			KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/05/30 06:19	upstream	6799d4f2da49	325a8dab	.config	log	report	syz			KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/09/18 20:33	upstream	4357f03d6611	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce	2021/09/18 16:37	upstream	4357f03d6611	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-root	2021/09/17 20:46	upstream	ddf21bd8ab98	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/09/17 12:46	upstream	bdb575f87217	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-selinux-root	2021/09/16 16:08	upstream	ff1ffd71d5f0	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-smack-root	2021/09/06 14:30	upstream	0319b848b155	6ca60148	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-qemu-upstream	2021/06/20 07:55	upstream	913ec3c22ef4	aba2b2fb	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci-upstream-kasan-gce-386	2021/05/14 12:18	upstream	315d99318179	8bdd5343	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/20 06:09	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/20 04:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/20 03:01	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 23:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 21:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 20:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 18:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 16:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 14:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 12:46	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 10:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 08:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 07:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 04:01	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 01:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/19 00:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 23:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 19:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 14:20	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 08:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 07:29	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 05:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 04:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/18 02:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 23:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 22:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 18:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 17:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 16:04	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 13:50	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 10:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 08:48	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 07:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 06:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 04:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 02:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	5b989942	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/17 00:28	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 23:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 22:08	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 21:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 20:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 15:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 13:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	07e953c1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 10:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	07e953c1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 09:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	07e953c1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 06:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	07e953c1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2021/09/16 02:38	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	07e953c1	.config	log	report			info	KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
ci2-upstream-usb	2020/11/16 16:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	0fb2c41f992c	1bf9a662	.config	log	report			info