syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3806] 🐞 Invalid [8177] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KASAN: use-after-free Read in si470x_int_in_callback (2)
Status: upstream: reported C repro on 2019/10/18 14:53
Reported-by: syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com
First crash: 951d, last: 3d06h

Cause bisection: failed (bisect log)
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in si470x_int_in_callback C 25 963d 1052d 14/22 fixed on 2019/10/15 23:40
Patch testing requests:
Created Duration User Patch Repo Result
2019/12/04 15:03 17m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/28 11:10 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/27 18:07 16m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/27 10:27 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/21 12:01 14m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/20 10:32 12m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/18 13:44 9m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log

Sample crash report:
radio-si470x 1-1:0.0: non-zero urb status (-71)
==================================================================
BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
Read of size 8 at addr ffff88801dc94b48 by task kworker/0:1/14

CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 5.18.0-rc2-syzkaller-00351-ga2c29ccd9477 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313
 print_report mm/kasan/report.c:429 [inline]
 kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491
 si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1747
 dummy_timer+0x11f9/0x32b0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:200
Code: 48 89 ef 5d e9 c1 ec 4a 00 5d be 03 00 00 00 e9 96 bb 74 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 54 89 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffffc90000136f58 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888010f09d00 RSI: ffffffff815fd568 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff90033907
R10: ffffffff815fd55e R11: 0000000000000000 R12: ffffffff84e254b0
R13: 0000000000000200 R14: ffffc90000136fb8 R15: dffffc0000000000
 console_unlock+0x82e/0xdd0 kernel/printk/printk.c:2779
 vprintk_emit+0x1b4/0x5f0 kernel/printk/printk.c:2272
 vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
 _printk+0xba/0xed kernel/printk/printk.c:2293
 call_driver_probe drivers/base/dd.c:558 [inline]
 really_probe.cold+0xb1/0x17a drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>

Allocated by task 14:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:436 [inline]
 ____kasan_kmalloc mm/kasan/common.c:515 [inline]
 ____kasan_kmalloc mm/kasan/common.c:474 [inline]
 __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
 kmalloc include/linux/slab.h:581 [inline]
 kzalloc include/linux/slab.h:714 [inline]
 si470x_usb_driver_probe+0x51/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:573
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298

Freed by task 14:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track+0x21/0x30 mm/kasan/common.c:45
 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
 ____kasan_slab_free mm/kasan/common.c:366 [inline]
 ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1728 [inline]
 slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1754
 slab_free mm/slub.c:3510 [inline]
 kfree+0xd6/0x4d0 mm/slub.c:4552
 si470x_usb_driver_probe+0xb3d/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:760
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:542 [inline]
 really_probe+0x23e/0xb20 drivers/base/dd.c:621
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298

The buggy address belongs to the object at ffff88801dc94000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2888 bytes inside of
 4096-byte region [ffff88801dc94000, ffff88801dc95000)

The buggy address belongs to the physical page:
page:ffffea0000772400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dc90
head:ffffea0000772400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3591, tgid 3591 (udevd), ts 36430954443, free_ts 35772194595
 prep_new_page mm/page_alloc.c:2441 [inline]
 get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408
 alloc_pages+0x1aa/0x310 mm/mempolicy.c:2272
 alloc_slab_page mm/slub.c:1799 [inline]
 allocate_slab+0x26c/0x3c0 mm/slub.c:1944
 new_slab mm/slub.c:2004 [inline]
 ___slab_alloc+0x8df/0xf20 mm/slub.c:3005
 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092
 slab_alloc_node mm/slub.c:3183 [inline]
 slab_alloc mm/slub.c:3225 [inline]
 __kmalloc+0x318/0x350 mm/slub.c:4410
 kmalloc include/linux/slab.h:586 [inline]
 kernfs_file_read_iter fs/kernfs/file.c:190 [inline]
 kernfs_fop_read_iter+0x4ef/0x6f0 fs/kernfs/file.c:237
 call_read_iter include/linux/fs.h:2044 [inline]
 new_sync_read+0x384/0x5f0 fs/read_write.c:401
 vfs_read+0x492/0x5d0 fs/read_write.c:482
 ksys_read+0x127/0x250 fs/read_write.c:620
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1356 [inline]
 free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1406
 free_unref_page_prepare mm/page_alloc.c:3328 [inline]
 free_unref_page+0x19/0x6a0 mm/page_alloc.c:3423
 __unfreeze_partials+0x17c/0x1a0 mm/slub.c:2523
 qlink_free mm/kasan/quarantine.c:157 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446
 kasan_slab_alloc include/linux/kasan.h:224 [inline]
 slab_post_alloc_hook mm/slab.h:749 [inline]
 slab_alloc_node mm/slub.c:3217 [inline]
 slab_alloc mm/slub.c:3225 [inline]
 __kmalloc+0x200/0x350 mm/slub.c:4410
 kmalloc include/linux/slab.h:586 [inline]
 tomoyo_add_entry security/tomoyo/common.c:2022 [inline]
 tomoyo_supervisor+0xce6/0xf00 security/tomoyo/common.c:2094
 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline]
 tomoyo_path_number_perm+0x419/0x590 security/tomoyo/file.c:734
 security_file_ioctl+0x50/0xb0 security/security.c:1557
 __do_sys_ioctl fs/ioctl.c:864 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0xb3/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Memory state around the buggy address:
 ffff88801dc94a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801dc94a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88801dc94b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                              ^
 ffff88801dc94b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801dc94c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
----------------
Code disassembly (best guess):
   0:	48 89 ef             	mov    %rbp,%rdi
   3:	5d                   	pop    %rbp
   4:	e9 c1 ec 4a 00       	jmpq   0x4aecca
   9:	5d                   	pop    %rbp
   a:	be 03 00 00 00       	mov    $0x3,%esi
   f:	e9 96 bb 74 02       	jmpq   0x274bbaa
  14:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  1a:	48 8b be a8 01 00 00 	mov    0x1a8(%rsi),%rdi
  21:	e8 b4 ff ff ff       	callq  0xffffffda
  26:	31 c0                	xor    %eax,%eax
  28:	c3                   	retq
  29:	90                   	nop
* 2a:	65 8b 05 39 54 89 7e 	mov    %gs:0x7e895439(%rip),%eax        # 0x7e89546a <-- trapping instruction
  31:	89 c1                	mov    %eax,%ecx
  33:	48 8b 34 24          	mov    (%rsp),%rsi
  37:	81 e1 00 01 00 00    	and    $0x100,%ecx
  3d:	65                   	gs
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2021/10/14 14:17 upstream 348949d9a444 f415556d .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/09/14 13:56 upstream d0ee23f9d78b f415556d .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/08/15 13:15 upstream 0aa78d17099b f415556d .config log report syz C
Crashes (5902):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2022/04/17 23:50 upstream a2c29ccd9477 8bcc32a6 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/27 17:32 upstream f022814633e1 89bc8608 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/27 00:43 upstream 52d543b5497c 89bc8608 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/21 09:48 upstream f443e374ae13 e2d91b1d .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2021/12/29 00:31 upstream ecf71de775a0 76c8cf06 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/10/15 19:03 upstream ec681c53f8d2 0c5d9412 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2021/07/13 09:44 upstream 7fef2edf7cc7 f415556d .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/06/04 18:54 upstream f88cd3fb9df2 966a236b .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/06/02 19:02 upstream 231bc5390667 0740de69 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/05/30 09:40 upstream 6799d4f2da49 325a8dab .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2021/05/29 13:37 upstream 5ff2756afde0 858ea628 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/05/29 08:33 upstream 5ff2756afde0 858ea628 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/05/26 12:52 upstream ad9f25d33860 54f0bcf1 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2021/02/17 02:27 upstream f40ddce88593 98682e5e .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2021/02/16 13:48 upstream f40ddce88593 98682e5e .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/01/01 18:56 linux-next ea586a076e8a e1768e9c .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/26 02:04 linux-next a1f92694393a ae6bf8dd .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/23 10:03 linux-next a1f92694393a aba2b2fb .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/20 01:53 linux-next a1f92694393a aba2b2fb .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2020/12/12 02:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a256e24021bf bca53db9 .config log report syz C
ci2-upstream-usb 2020/12/10 10:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8010622c86ca c090b4da .config log report syz C
ci2-upstream-usb 2020/06/20 17:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f c655ec77 .config log report syz C
ci2-upstream-usb 2020/06/19 21:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f 123cf502 .config log report syz C
ci2-upstream-usb 2020/06/08 21:13 https://github.com/google/kasan.git usb-fuzzer 2089c6ed5a17 7604bb03 .config log report syz C
ci2-upstream-usb 2020/05/14 03:37 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c a885920d .config log report syz C
ci2-upstream-usb 2020/03/24 19:22 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 68660b21 .config log report syz C
ci2-upstream-usb 2020/03/23 17:45 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 84f999d6 .config log report syz C
ci2-upstream-usb 2020/03/21 12:07 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 aa6c6a55 .config log report syz C
ci2-upstream-usb 2020/03/10 13:03 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 35f53e45 .config log report syz C
ci2-upstream-usb 2020/03/08 01:06 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 2e9971bb .config log report syz C
ci2-upstream-usb 2020/03/06 17:49 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 7fb694ef .config log report syz C
ci2-upstream-usb 2020/03/02 07:48 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 4a4e0509 .config log report syz C
ci2-upstream-usb 2020/02/29 01:27 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config log report syz C
ci2-upstream-usb 2020/02/28 19:34 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config log report syz C
ci2-upstream-usb 2020/02/27 09:21 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 40bcfdd5 .config log report syz C
ci2-upstream-usb 2020/02/26 21:51 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 251aabb7 .config log report syz C
ci2-upstream-usb 2020/02/24 18:14 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 1253d6f0 .config log report syz C
ci2-upstream-usb 2020/02/10 19:43 https://github.com/google/kasan.git usb-fuzzer e5cd56e94edd d9e55b05 .config log report syz C
ci2-upstream-usb 2020/02/07 21:07 https://github.com/google/kasan.git usb-fuzzer e5cd56e94edd 06150bf1 .config log report syz C
ci2-upstream-usb 2020/01/23 00:22 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3334d684 .config log report syz C
ci2-upstream-usb 2019/12/20 00:05 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 36650b4b .config log report syz C
ci2-upstream-usb 2019/12/16 20:59 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 0ae38e44 .config log report syz C
ci2-upstream-usb 2019/12/12 20:53 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 08003f64 .config log report syz C
ci2-upstream-usb 2019/12/11 15:49 https://github.com/google/kasan.git usb-fuzzer a38cc9afab8a 0d368675 .config log report syz C
ci2-upstream-usb 2019/10/18 11:53 https://github.com/google/kasan.git usb-fuzzer 22be26f76193 8c88c9c1 .config log report syz C
ci-upstream-kasan-gce 2022/05/23 18:43 upstream 4b0986a3613c 4c7657cb .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2022/05/19 18:50 upstream f993aed406ea 50c53f39 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/05/19 18:30 upstream f993aed406ea 50c53f39 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/05/18 21:21 upstream ef1302160bfb 50c53f39 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/05/17 06:38 upstream 42226c989789 744a39e2 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/05/15 19:49 upstream bc403203d65a 744a39e2 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/05/15 18:17 upstream bc403203d65a 744a39e2 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/18 11:23 upstream b2d229d4ddb1 8bcc32a6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/17 23:17 upstream a2c29ccd9477 8bcc32a6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/17 08:23 upstream 90ea17a9e27b 8bcc32a6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/15 04:27 upstream b9b4c79e5830 b17b2923 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2022/04/13 01:03 upstream ce522ba9ef7e dacb3f1c .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/10 16:39 upstream e1f700ebd6be e22c3da3 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/09 10:18 upstream 6c7376da2358 e22c3da3 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/08 08:33 upstream 42e7a03d3bad c6ff3e05 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/08 06:07 upstream 42e7a03d3bad c6ff3e05 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/07 19:17 upstream 3e732ebf7316 c6ff3e05 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/07 14:22 upstream 3e732ebf7316 c6ff3e05 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/07 01:53 upstream 3e732ebf7316 97582466 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/06 23:05 upstream 3e732ebf7316 97582466 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/06 06:28 upstream ce4c854ee868 0127c10f .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/04 19:21 upstream 312310928417 5915c2cb .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/04 08:55 upstream 09bb8856d4a7 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/04/03 18:09 upstream be2d3ecedd99 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2022/04/02 18:30 upstream 88e6c0207623 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2022/03/29 22:00 upstream 1930a6e739c4 6bdac766 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-386 2022/03/13 18:55 upstream aad611a868d1 9e8eaa75 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/27 02:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ef94b2664a25 1fa34c1b .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/26 19:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ef94b2664a25 1fa34c1b .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/26 17:22 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 1fa34c1b .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/26 09:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 1fa34c1b .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/26 05:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 152baedd .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/25 20:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 152baedd .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/23 23:23 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 131df97d .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/23 11:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bdddc253b093 131df97d .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/22 10:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5c29e8649997 2738b391 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/22 07:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5c29e8649997 2738b391 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/19 15:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 312310928417 33fc6ed6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/17 11:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 312310928417 8bcc32a6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/04/05 02:34 linux-next 696206280c5e 5915c2cb .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/04 16:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 312310928417 5915c2cb .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/03 06:27 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e8b767f5e040 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/04/02 17:16 linux-next e5071887cd22 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/02 11:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e8b767f5e040 79a2a8fc .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/01 10:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d888c83fcec7 68fc921a .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/04/01 06:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d888c83fcec7 68fc921a .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/03/30 21:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d888c83fcec7 42718dd6 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/03/28 22:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ae085d7f9365 6bdac766 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2021/01/10 06:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 841081d89d5a 2c1f2513 .config log report info