syzbot

 sign-in | mailing list | source | docs
🐞 Open [1445]
Subsystems
🐞 Fixed [5832]
🐞 Invalid [14247]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: use-after-free Read in si470x_int_in_callback (2)

Status: fixed on 2023/02/24 13:50
Subsystems: usb media
[Documentation on labels]
Reported-by: syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com
Fix commit: 7d21e0b1b41b media: si470x: Fix use-after-free in si470x_int_in_callback()
First crash: 1863d, last: 706d
Cause bisection: failed (error log, bisect log)
  
Discussions (12)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 6.0 01/73] drm/etnaviv: add missing quirks for GC300 75 (75) 2022/12/24 00:35
[PATCH AUTOSEL 5.15 01/46] drm/etnaviv: add missing quirks for GC300 48 (48) 2022/12/24 00:29
[PATCH AUTOSEL 6.1 01/85] drm/etnaviv: add missing quirks for GC300 86 (86) 2022/12/19 01:08
[PATCH AUTOSEL 4.9 01/20] wifi: ath9k: verify the expected usb_endpoints are present 20 (20) 2022/12/18 16:23
[PATCH AUTOSEL 4.14 01/23] wifi: ath9k: verify the expected usb_endpoints are present 23 (23) 2022/12/18 16:21
[PATCH AUTOSEL 4.19 01/26] wifi: ath9k: verify the expected usb_endpoints are present 26 (26) 2022/12/18 16:20
[PATCH AUTOSEL 5.4 01/30] drm/etnaviv: add missing quirks for GC300 30 (30) 2022/12/18 16:18
[PATCH AUTOSEL 5.10 01/39] drm/etnaviv: add missing quirks for GC300 39 (39) 2022/12/18 16:15
[PATCH] media: si470x: Fix use-after-free in si470x_int_in_callback() 1 (1) 2022/11/22 18:51
[PATCH] fs/ntfs3: fix negative shift size in true_sectors_per_clst() 13 (13) 2022/09/30 16:34
KASAN: use-after-free Read in si470x_int_in_callback (2) 15 (23) 2019/12/04 18:17
Reminder: 45 active syzbot reports in usb subsystem 1 (1) 2019/11/19 04:27
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in si470x_int_in_callback usb media C 25 1875d 1964d 13/28 fixed on 2019/10/15 23:40
Last patch testing requests (7)
Created Duration User Patch Repo Result
2019/12/04 15:03 17m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/28 11:10 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/27 18:07 16m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/27 10:27 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/21 12:01 14m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/20 10:32 12m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/18 13:44 9m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2021/10/14 13:56 21m bisect fix upstream OK (0) job log log
2021/09/14 13:35 20m bisect fix upstream OK (0) job log log
2021/08/15 12:50 24m bisect fix upstream OK (0) job log log

Sample crash report:
radio-si470x 1-1:0.0: non-zero urb status (-71)
==================================================================
BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
Read of size 8 at addr ffff8880745f8ac0 by task kworker/0:1/15

CPU: 0 PID: 15 Comm: kworker/0:1 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:317 [inline]
 print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
 kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
 si470x_int_in_callback.cold+0x96/0xbf drivers/media/radio/si470x/radio-si470x-usb.c:378
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:200
Code: 48 89 ef 5d e9 f1 c4 4c 00 5d be 03 00 00 00 e9 d6 43 84 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 f9 24 87 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffffc90000146e70 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888011a73b00 RSI: ffffffff8160ec05 RDI: 0000000000000007
RBP: ffffc90000147018 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: 69732d6f69646172 R12: 0000000000000001
R13: ffffffff9119cda0 R14: 0000000000000200 R15: ffffffff8ca38e58
 console_emit_next_record.constprop.0+0x4fb/0x840 arch/x86/include/asm/irqflags.h:45
 console_flush_all kernel/printk/printk.c:2794 [inline]
 console_unlock+0x37a/0x5a0 kernel/printk/printk.c:2861
 vprintk_emit+0x1b9/0x5f0 kernel/printk/printk.c:2271
 vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
 _printk+0xba/0xed kernel/printk/printk.c:2292
 call_driver_probe drivers/base/dd.c:576 [inline]
 really_probe.cold+0x69/0x175 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_set_configuration+0x1019/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd4/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x26c7/0x45e0 drivers/usb/core/hub.c:5735
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Allocated by task 15:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:437 [inline]
 ____kasan_kmalloc mm/kasan/common.c:516 [inline]
 ____kasan_kmalloc mm/kasan/common.c:475 [inline]
 __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:733 [inline]
 si470x_usb_driver_probe+0x51/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:573
 usb_probe_interface+0x30b/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_set_configuration+0x1019/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd4/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x26c7/0x45e0 drivers/usb/core/hub.c:5735
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

Freed by task 15:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track+0x21/0x30 mm/kasan/common.c:45
 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
 ____kasan_slab_free mm/kasan/common.c:367 [inline]
 ____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1759 [inline]
 slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785
 slab_free mm/slub.c:3539 [inline]
 kfree+0xe2/0x580 mm/slub.c:4567
 si470x_usb_driver_probe+0xb3d/0xf90 drivers/media/radio/si470x/radio-si470x-usb.c:760
 usb_probe_interface+0x30b/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_set_configuration+0x1019/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd4/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d0/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xbd5/0x1e90 drivers/base/core.c:3517
 usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x26c7/0x45e0 drivers/usb/core/hub.c:5735
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

The buggy address belongs to the object at ffff8880745f8000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2752 bytes inside of
 4096-byte region [ffff8880745f8000, ffff8880745f9000)

The buggy address belongs to the physical page:
page:ffffea0001d17e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880745fa000 pfn:0x745f8
head:ffffea0001d17e00 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 ffffea0001d50e08 ffffea0001d8c608 ffff888011842140
raw: ffff8880745fa000 0000000000040001 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3002, tgid 3002 (v4l_id), ts 13703109583, free_ts 9844300769
 prep_new_page mm/page_alloc.c:2532 [inline]
 get_page_from_freelist+0x109b/0x2ce0 mm/page_alloc.c:4283
 __alloc_pages+0x1c7/0x510 mm/page_alloc.c:5549
 alloc_pages+0x1a6/0x270 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:1829 [inline]
 allocate_slab+0x27e/0x3d0 mm/slub.c:1974
 new_slab mm/slub.c:2034 [inline]
 ___slab_alloc+0x84f/0xe80 mm/slub.c:3036
 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3123
 slab_alloc_node mm/slub.c:3214 [inline]
 slab_alloc mm/slub.c:3256 [inline]
 __kmalloc+0x32b/0x340 mm/slub.c:4425
 kmalloc include/linux/slab.h:605 [inline]
 tomoyo_realpath_from_path+0xbf/0x600 security/tomoyo/realpath.c:251
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x21b/0x400 security/tomoyo/file.c:822
 security_inode_getattr+0xcf/0x140 security/security.c:1347
 vfs_getattr fs/stat.c:158 [inline]
 vfs_statx+0x16e/0x430 fs/stat.c:233
 vfs_fstatat+0x8c/0xb0 fs/stat.c:267
 __do_sys_newfstatat+0x94/0x120 fs/stat.c:437
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1449 [inline]
 free_pcp_prepare+0x5e4/0xd20 mm/page_alloc.c:1499
 free_unref_page_prepare mm/page_alloc.c:3380 [inline]
 free_unref_page+0x19/0x4d0 mm/page_alloc.c:3476
 free_contig_range+0xb1/0x180 mm/page_alloc.c:9457
 destroy_args+0xa8/0x646 mm/debug_vm_pgtable.c:1031
 debug_vm_pgtable+0x2945/0x29d6 mm/debug_vm_pgtable.c:1354
 do_one_initcall+0xfe/0x650 init/main.c:1296
 do_initcall_level init/main.c:1369 [inline]
 do_initcalls init/main.c:1385 [inline]
 do_basic_setup init/main.c:1404 [inline]
 kernel_init_freeable+0x6b1/0x73a init/main.c:1623
 kernel_init+0x1a/0x1d0 init/main.c:1512
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

Memory state around the buggy address:
 ffff8880745f8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880745f8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880745f8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff8880745f8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880745f8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
----------------
Code disassembly (best guess):
   0:	48 89 ef             	mov    %rbp,%rdi
   3:	5d                   	pop    %rbp
   4:	e9 f1 c4 4c 00       	jmpq   0x4cc4fa
   9:	5d                   	pop    %rbp
   a:	be 03 00 00 00       	mov    $0x3,%esi
   f:	e9 d6 43 84 02       	jmpq   0x28443ea
  14:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  1a:	48 8b be a8 01 00 00 	mov    0x1a8(%rsi),%rdi
  21:	e8 b4 ff ff ff       	callq  0xffffffda
  26:	31 c0                	xor    %eax,%eax
  28:	c3                   	retq
  29:	90                   	nop
* 2a:	65 8b 05 f9 24 87 7e 	mov    %gs:0x7e8724f9(%rip),%eax        # 0x7e87252a <-- trapping instruction
  31:	89 c1                	mov    %eax,%ecx
  33:	48 8b 34 24          	mov    (%rsp),%rsi
  37:	81 e1 00 01 00 00    	and    $0x100,%ecx
  3d:	65                   	gs
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (7303):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/17 14:49 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/10/09 07:11 upstream a6afa4199d3d aea5da89 .config strace log report syz C ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/09/10 02:44 upstream 9b4509495418 356d8217 .config strace log report syz C ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2022/07/16 01:32 upstream 9b59ec8d50a1 95cb00d1 .config strace log report syz C ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/07/06 05:36 upstream e35e5b6f695d bff65f44 .config strace log report syz C ci-upstream-kasan-gce-selinux-root KASAN: use-after-free Read in si470x_int_in_callback
2022/06/03 19:34 upstream 50fd82b3a9a9 eee80d3c .config strace log report syz C ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/05/31 21:16 upstream 8ab2afa23bd1 af70c3a9 .config strace log report syz C ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2022/04/17 23:50 upstream a2c29ccd9477 8bcc32a6 .config console log report syz C ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/03/27 17:32 upstream f022814633e1 89bc8608 .config console log report syz C ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2022/03/27 00:43 upstream 52d543b5497c 89bc8608 .config console log report syz C ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2022/03/21 09:48 upstream f443e374ae13 e2d91b1d .config console log report syz C ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2021/12/29 00:31 upstream ecf71de775a0 76c8cf06 .config console log report syz C ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2021/10/15 19:03 upstream ec681c53f8d2 0c5d9412 .config console log report syz C ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/07/13 09:44 upstream 7fef2edf7cc7 f415556d .config console log report syz C ci-upstream-kasan-gce-selinux-root KASAN: use-after-free Read in si470x_int_in_callback
2021/06/04 18:54 upstream f88cd3fb9df2 966a236b .config console log report syz C ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2021/06/02 19:02 upstream 231bc5390667 0740de69 .config console log report syz C ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2021/05/30 09:40 upstream 6799d4f2da49 325a8dab .config console log report syz C ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/05/29 13:37 upstream 5ff2756afde0 858ea628 .config console log report syz C ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2021/05/29 08:33 upstream 5ff2756afde0 858ea628 .config console log report syz C ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2021/05/26 12:52 upstream ad9f25d33860 54f0bcf1 .config console log report syz C ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/02/17 02:27 upstream f40ddce88593 98682e5e .config console log report syz C ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2021/02/16 13:48 upstream f40ddce88593 98682e5e .config console log report syz C ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2022/11/16 11:14 linux-next 3c1f24109dfc 3a127a31 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/06/03 07:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97fa5887cf28 02dddea8 .config console log report syz C ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/05/27 04:49 linux-next b1d84fc09a96 3037caa9 .config strace log report syz C ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/01/01 18:56 linux-next ea586a076e8a e1768e9c .config console log report syz C ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/06/26 02:04 linux-next a1f92694393a ae6bf8dd .config console log report syz C ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/06/23 10:03 linux-next a1f92694393a aba2b2fb .config console log report syz C ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2021/06/20 01:53 linux-next a1f92694393a aba2b2fb .config console log report syz C ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2020/12/12 02:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a256e24021bf bca53db9 .config console log report syz C ci2-upstream-usb
2020/12/10 10:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8010622c86ca c090b4da .config console log report syz C ci2-upstream-usb
2020/06/20 17:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f c655ec77 .config console log report syz C ci2-upstream-usb
2020/06/19 21:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f 123cf502 .config console log report syz C ci2-upstream-usb
2020/06/08 21:13 https://github.com/google/kasan.git usb-fuzzer 2089c6ed5a17 7604bb03 .config console log report syz C ci2-upstream-usb
2020/05/14 03:37 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c a885920d .config console log report syz C ci2-upstream-usb
2020/03/24 19:22 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 68660b21 .config console log report syz C ci2-upstream-usb
2020/03/23 17:45 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 84f999d6 .config console log report syz C ci2-upstream-usb
2020/03/21 12:07 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 aa6c6a55 .config console log report syz C ci2-upstream-usb
2020/03/10 13:03 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 35f53e45 .config console log report syz C ci2-upstream-usb
2020/03/08 01:06 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 2e9971bb .config console log report syz C ci2-upstream-usb
2020/03/06 17:49 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 7fb694ef .config console log report syz C ci2-upstream-usb
2020/03/02 07:48 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 4a4e0509 .config console log report syz C ci2-upstream-usb
2020/02/29 01:27 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config console log report syz C ci2-upstream-usb
2019/10/18 11:53 https://github.com/google/kasan.git usb-fuzzer 22be26f76193 8c88c9c1 .config console log report syz C ci2-upstream-usb
2022/10/09 05:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 aea5da89 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in si470x_int_in_callback
2022/12/14 06:16 upstream 764822972d64 e660de91 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/12 13:46 upstream 830b3c68c1fb 67be1ae7 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/11 09:00 upstream 296a7b7eb792 67be1ae7 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 13:09 upstream 3ecc37918c80 67be1ae7 .config console log report info ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in si470x_int_in_callback
2022/12/09 07:26 upstream f3e8416619ce 1034e5fa .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/08 06:12 upstream 479174d402bc d88f3abb .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/05 21:16 upstream 76dcd734eca2 045cbb84 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 23:41 upstream bdaa78c6aa86 e080de16 .config console log report info ci-upstream-kasan-gce-root KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 17:23 upstream a4412fdd49dc e080de16 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 07:52 upstream a4412fdd49dc e080de16 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in si470x_int_in_callback
2022/09/09 08:11 upstream 506357871c18 f3027468 .config console log report info ci-upstream-kasan-gce-selinux-root KASAN: use-after-free Read in si470x_int_in_callback
2022/06/25 02:21 upstream cbe232ab07ab a371c43c .config console log report info ci-qemu-upstream KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 14:47 upstream 3ecc37918c80 67be1ae7 .config console log report info ci-upstream-kasan-gce-386 KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 08:46 upstream 3ecc37918c80 67be1ae7 .config console log report info ci-qemu-upstream-386 KASAN: use-after-free Read in si470x_int_in_callback
2022/12/18 14:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/18 10:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/18 05:04 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/18 02:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 20:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 17:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 15:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 14:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 12:16 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/17 06:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 05494336 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/16 11:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 6f9c033e .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/16 07:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 6f9c033e .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/15 23:26 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 6f9c033e .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/15 17:40 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 6f9c033e .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/15 07:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 b18f0a64 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/14 12:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 f6511626 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/14 10:33 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 f6511626 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/14 07:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 f6511626 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/11 10:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 11:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 07:45 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/10 00:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/09 16:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 81c25247a2a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/08 01:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 d88f3abb .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/07 16:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 d88f3abb .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/07 13:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 d88f3abb .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/07 02:41 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 d88f3abb .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/05 15:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 045cbb84 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/05 06:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/05 01:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/04 23:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/04 13:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/04 06:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 21:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 19:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/03 02:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1524ceb14dd5 e080de16 .config console log report info ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2022/12/02 15:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7428a253315c e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb KASAN: use-after-free Read in si470x_int_in_callback
2021/01/10 06:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 841081d89d5a 2c1f2513 .config console log report info ci2-upstream-usb
2022/09/24 22:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in si470x_int_in_callback
* Struck through repros no longer work on HEAD.