syzbot

 sign-in | mailing list | source | docs
🐞 Open [950] 🐞 Fixed [4020] 🐞 Invalid [8931] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KASAN: use-after-free Read in si470x_int_in_callback (2)

Status: upstream: reported C repro on 2019/10/18 14:53
Reported-by: syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com
First crash: 1076d, last: 14h02m

Cause bisection: failed (bisect log)
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in si470x_int_in_callback C 25 1088d 1177d 14/24 fixed on 2019/10/15 23:40
Patch testing requests:
Created Duration User Patch Repo Result
2019/12/04 15:03 17m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/28 11:10 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/27 18:07 16m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 22be26f7 OK
2019/11/27 10:27 11m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/21 12:01 14m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/20 10:32 12m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log
2019/11/18 13:44 9m oneukum@suse.com patch https://github.com/google/kasan.git 22be26f7 report log

Sample crash report:
radio-si470x 1-1:0.0: non-zero urb status (-71)
==================================================================
BUG: KASAN: use-after-free in si470x_int_in_callback+0xb4c/0x1550 drivers/media/radio/si470x/radio-si470x-usb.c:378
Read of size 8 at addr ffff88802301aac0 by task kworker/1:3/2936

CPU: 1 PID: 2936 Comm: kworker/1:3 Not tainted 6.0.0-rc4-syzkaller-00204-g9b4509495418 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_address_description+0x65/0x4b0 mm/kasan/report.c:317
 print_report+0x108/0x220 mm/kasan/report.c:433
 kasan_report+0xfb/0x130 mm/kasan/report.c:495
 si470x_int_in_callback+0xb4c/0x1550 drivers/media/radio/si470x/radio-si470x-usb.c:378
 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671
 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x76a/0x980 kernel/time/timer.c:1790
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
 __do_softirq+0x382/0x793 kernel/softirq.c:571
 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:console_emit_next_record+0x8b6/0xa60 kernel/printk/printk.c:2741
Code: 10 04 1c 00 48 8b 44 24 48 42 80 3c 20 00 44 8a 6c 24 17 4c 8b 74 24 28 48 8b 5c 24 38 74 08 4c 89 f7 e8 3d b0 6f 00 49 ff 06 <48> c7 84 24 80 00 00 00 0e 36 e0 45 49 c7 04 1c 00 00 00 00 49 c7
RSP: 0018:ffffc9000bf86780 EFLAGS: 00000293
RAX: ffffffff816d94c8 RBX: 1ffff920017f0d00 RCX: ffff88807f9ebb00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000bf869b0 R08: ffffffff816d949f R09: fffffbfff1ff4409
R10: fffffbfff1ff4409 R11: 1ffffffff1ff4408 R12: dffffc0000000000
R13: 0000000000000201 R14: 0000000000000046 R15: 0000000000000200
 console_unlock+0x26b/0x6f0 kernel/printk/printk.c:2861
 vprintk_emit+0xd1/0x1e0 kernel/printk/printk.c:2271
 _printk+0xcf/0x10f kernel/printk/printk.c:2292
 call_driver_probe+0x1fe/0x250 drivers/base/dd.c:576
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_set_configuration+0x1a5f/0x20e0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x131/0x260 drivers/usb/core/driver.c:293
 call_driver_probe+0x96/0x250
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_new_device+0xbc2/0x18b0 drivers/usb/core/hub.c:2573
 hub_port_connect+0x105b/0x2930 drivers/usb/core/hub.c:5353
 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5497
 port_event+0xec6/0x13b0 drivers/usb/core/hub.c:5653
 hub_event+0x5c1/0xd80 drivers/usb/core/hub.c:5735
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30
 </TASK>

Allocated by task 2936:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:437 [inline]
 ____kasan_kmalloc+0xdc/0x110 mm/kasan/common.c:516
 kasan_kmalloc include/linux/kasan.h:234 [inline]
 kmem_cache_alloc_trace+0x97/0x310 mm/slub.c:3284
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:733 [inline]
 si470x_usb_driver_probe+0x56/0x26e0 drivers/media/radio/si470x/radio-si470x-usb.c:573
 usb_probe_interface+0x66e/0xb60 drivers/usb/core/driver.c:396
 call_driver_probe+0x96/0x250
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_set_configuration+0x1a5f/0x20e0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x131/0x260 drivers/usb/core/driver.c:293
 call_driver_probe+0x96/0x250
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_new_device+0xbc2/0x18b0 drivers/usb/core/hub.c:2573
 hub_port_connect+0x105b/0x2930 drivers/usb/core/hub.c:5353
 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5497
 port_event+0xec6/0x13b0 drivers/usb/core/hub.c:5653
 hub_event+0x5c1/0xd80 drivers/usb/core/hub.c:5735
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

Freed by task 2936:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x70 mm/kasan/common.c:45
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:367
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1754 [inline]
 slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1780
 slab_free mm/slub.c:3534 [inline]
 kfree+0xda/0x210 mm/slub.c:4562
 si470x_usb_driver_probe+0x5a5/0x26e0 drivers/media/radio/si470x/radio-si470x-usb.c:760
 usb_probe_interface+0x66e/0xb60 drivers/usb/core/driver.c:396
 call_driver_probe+0x96/0x250
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_set_configuration+0x1a5f/0x20e0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x131/0x260 drivers/usb/core/driver.c:293
 call_driver_probe+0x96/0x250
 really_probe+0x24c/0x9f0 drivers/base/dd.c:639
 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:778
 driver_probe_device+0x50/0x240 drivers/base/dd.c:808
 __device_attach_driver+0x272/0x3c0 drivers/base/dd.c:936
 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
 __device_attach+0x372/0x5a0 drivers/base/dd.c:1008
 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
 device_add+0xb20/0xf90 drivers/base/core.c:3517
 usb_new_device+0xbc2/0x18b0 drivers/usb/core/hub.c:2573
 hub_port_connect+0x105b/0x2930 drivers/usb/core/hub.c:5353
 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5497
 port_event+0xec6/0x13b0 drivers/usb/core/hub.c:5653
 hub_event+0x5c1/0xd80 drivers/usb/core/hub.c:5735
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

The buggy address belongs to the object at ffff88802301a000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2752 bytes inside of
 4096-byte region [ffff88802301a000, ffff88802301b000)

The buggy address belongs to the physical page:
page:ffffea00008c0600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23018
head:ffffea00008c0600 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012042140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2974, tgid 2974 (udevd), ts 50113061805, free_ts 50060267188
 prep_new_page mm/page_alloc.c:2532 [inline]
 get_page_from_freelist+0x72b/0x7a0 mm/page_alloc.c:4283
 __alloc_pages+0x259/0x560 mm/page_alloc.c:5515
 alloc_slab_page+0x70/0xf0 mm/slub.c:1824
 allocate_slab+0x5e/0x520 mm/slub.c:1969
 new_slab mm/slub.c:2029 [inline]
 ___slab_alloc+0x42e/0xce0 mm/slub.c:3031
 __slab_alloc mm/slub.c:3118 [inline]
 slab_alloc_node mm/slub.c:3209 [inline]
 slab_alloc mm/slub.c:3251 [inline]
 __kmalloc+0x2bd/0x370 mm/slub.c:4420
 kmalloc include/linux/slab.h:605 [inline]
 tomoyo_realpath_from_path+0xd8/0x5f0 security/tomoyo/realpath.c:254
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x270/0x6b0 security/tomoyo/file.c:822
 tomoyo_path_unlink+0xcc/0x100 security/tomoyo/tomoyo.c:149
 security_path_unlink+0xc3/0x140 security/security.c:1173
 do_unlinkat+0x3fe/0x9a0 fs/namei.c:4293
 __do_sys_unlink fs/namei.c:4345 [inline]
 __se_sys_unlink fs/namei.c:4343 [inline]
 __x64_sys_unlink+0x45/0x50 fs/namei.c:4343
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1449 [inline]
 free_pcp_prepare+0x812/0x900 mm/page_alloc.c:1499
 free_unref_page_prepare mm/page_alloc.c:3380 [inline]
 free_unref_page+0x7d/0x630 mm/page_alloc.c:3476
 free_slab mm/slub.c:2068 [inline]
 discard_slab mm/slub.c:2074 [inline]
 __unfreeze_partials+0x1ab/0x200 mm/slub.c:2548
 put_cpu_partial+0x116/0x180 mm/slub.c:2624
 qlist_free_all+0x2b/0x70 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x169/0x180 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x2f/0xe0 mm/kasan/common.c:447
 kasan_slab_alloc include/linux/kasan.h:224 [inline]
 slab_post_alloc_hook mm/slab.h:727 [inline]
 slab_alloc_node mm/slub.c:3243 [inline]
 slab_alloc mm/slub.c:3251 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3258 [inline]
 kmem_cache_alloc+0x1a6/0x310 mm/slub.c:3268
 getname_flags+0xb8/0x4e0 fs/namei.c:139
 user_path_at_empty+0x2a/0x1a0 fs/namei.c:2875
 do_readlinkat+0x11b/0x3b0 fs/stat.c:456
 __do_sys_readlink fs/stat.c:489 [inline]
 __se_sys_readlink fs/stat.c:486 [inline]
 __x64_sys_readlink+0x7b/0x90 fs/stat.c:486
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Memory state around the buggy address:
 ffff88802301a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802301aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802301aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88802301ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802301ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
----------------
Code disassembly (best guess):
   0:	10 04 1c             	adc    %al,(%rsp,%rbx,1)
   3:	00 48 8b             	add    %cl,-0x75(%rax)
   6:	44 24 48             	rex.R and $0x48,%al
   9:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   e:	44 8a 6c 24 17       	mov    0x17(%rsp),%r13b
  13:	4c 8b 74 24 28       	mov    0x28(%rsp),%r14
  18:	48 8b 5c 24 38       	mov    0x38(%rsp),%rbx
  1d:	74 08                	je     0x27
  1f:	4c 89 f7             	mov    %r14,%rdi
  22:	e8 3d b0 6f 00       	callq  0x6fb064
  27:	49 ff 06             	incq   (%r14)
* 2a:	48 c7 84 24 80 00 00 	movq   $0x45e0360e,0x80(%rsp) <-- trapping instruction
  31:	00 0e 36 e0 45
  36:	49 c7 04 1c 00 00 00 	movq   $0x0,(%r12,%rbx,1)
  3d:	00
  3e:	49                   	rex.WB
  3f:	c7                   	.byte 0xc7

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2021/10/14 14:17 upstream 348949d9a444 f415556d .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/09/14 13:56 upstream d0ee23f9d78b f415556d .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/08/15 13:15 upstream 0aa78d17099b f415556d .config log report syz C
* Struck through repros no longer work on HEAD.
Crashes (6815):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/09/10 02:44 upstream 9b4509495418 356d8217 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2022/07/16 01:32 upstream 9b59ec8d50a1 95cb00d1 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2022/07/06 05:36 upstream e35e5b6f695d bff65f44 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/06/03 19:34 upstream 50fd82b3a9a9 eee80d3c .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2022/05/31 21:16 upstream 8ab2afa23bd1 af70c3a9 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2022/04/17 23:50 upstream a2c29ccd9477 8bcc32a6 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/27 17:32 upstream f022814633e1 89bc8608 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/27 00:43 upstream 52d543b5497c 89bc8608 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/03/21 09:48 upstream f443e374ae13 e2d91b1d .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2021/12/29 00:31 upstream ecf71de775a0 76c8cf06 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/10/15 19:03 upstream ec681c53f8d2 0c5d9412 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2021/07/13 09:44 upstream 7fef2edf7cc7 f415556d .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/06/04 18:54 upstream f88cd3fb9df2 966a236b .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/06/02 19:02 upstream 231bc5390667 0740de69 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/05/30 09:40 upstream 6799d4f2da49 325a8dab .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2021/05/29 13:37 upstream 5ff2756afde0 858ea628 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-smack-root 2021/05/29 08:33 upstream 5ff2756afde0 858ea628 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2021/05/26 12:52 upstream ad9f25d33860 54f0bcf1 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2021/02/17 02:27 upstream f40ddce88593 98682e5e .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2021/02/16 13:48 upstream f40ddce88593 98682e5e .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/06/03 07:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97fa5887cf28 02dddea8 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/05/27 04:49 linux-next b1d84fc09a96 3037caa9 .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/01/01 18:56 linux-next ea586a076e8a e1768e9c .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/26 02:04 linux-next a1f92694393a ae6bf8dd .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/23 10:03 linux-next a1f92694393a aba2b2fb .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2021/06/20 01:53 linux-next a1f92694393a aba2b2fb .config log report syz C KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2020/12/12 02:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a256e24021bf bca53db9 .config log report syz C
ci2-upstream-usb 2020/12/10 10:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8010622c86ca c090b4da .config log report syz C
ci2-upstream-usb 2020/06/20 17:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f c655ec77 .config log report syz C
ci2-upstream-usb 2020/06/19 21:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f 123cf502 .config log report syz C
ci2-upstream-usb 2020/06/08 21:13 https://github.com/google/kasan.git usb-fuzzer 2089c6ed5a17 7604bb03 .config log report syz C
ci2-upstream-usb 2020/05/14 03:37 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c a885920d .config log report syz C
ci2-upstream-usb 2020/03/24 19:22 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 68660b21 .config log report syz C
ci2-upstream-usb 2020/03/23 17:45 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 84f999d6 .config log report syz C
ci2-upstream-usb 2020/03/21 12:07 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 aa6c6a55 .config log report syz C
ci2-upstream-usb 2020/03/10 13:03 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 35f53e45 .config log report syz C
ci2-upstream-usb 2020/03/08 01:06 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 2e9971bb .config log report syz C
ci2-upstream-usb 2020/03/06 17:49 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 7fb694ef .config log report syz C
ci2-upstream-usb 2020/03/02 07:48 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 4a4e0509 .config log report syz C
ci2-upstream-usb 2020/02/29 01:27 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config log report syz C
ci2-upstream-usb 2020/02/28 19:34 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config log report syz C
ci2-upstream-usb 2020/02/27 09:21 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 40bcfdd5 .config log report syz C
ci2-upstream-usb 2020/02/26 21:51 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 251aabb7 .config log report syz C
ci2-upstream-usb 2019/10/18 11:53 https://github.com/google/kasan.git usb-fuzzer 22be26f76193 8c88c9c1 .config log report syz C
ci-upstream-kasan-gce 2022/09/28 06:04 upstream 46452d3786a8 75c78242 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce 2022/09/24 20:54 upstream a63f2e7cb110 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-root 2022/09/22 22:25 upstream dc164f4fb00a 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-selinux-root 2022/09/09 08:11 upstream 506357871c18 f3027468 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-qemu-upstream 2022/06/25 02:21 upstream cbe232ab07ab a371c43c .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-kasan-gce-386 2022/09/16 01:17 upstream 3245cb65fd91 dd9a85ff .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/28 03:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bce2b0539933 75c78242 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 16:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 0495cd9ea24f 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 14:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 0495cd9ea24f 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 12:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 11:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 10:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 09:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 07:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 06:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 05:16 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 10323ddf .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 03:45 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 03:41 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 02:40 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 01:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/27 00:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 23:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 22:58 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 21:41 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 20:38 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 19:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 18:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 17:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 16:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 14:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 13:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 11:48 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 10:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a8be6b6ee959 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 08:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 d59ba983 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 05:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 05:04 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 04:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 02:26 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 01:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/26 00:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 23:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 22:42 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 21:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 20:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 18:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 17:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 16:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 15:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 13:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 12:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 11:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2022/09/25 10:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ad5dbfc123e6 0042f2b4 .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci-upstream-linux-next-kasan-gce-root 2022/09/18 01:35 linux-next e47eb90a0a9a dd9a85ff .config log report info KASAN: use-after-free Read in si470x_int_in_callback
ci2-upstream-usb 2021/01/10 06:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 841081d89d5a 2c1f2513 .config log report info
ci-upstream-gce-arm64 2022/09/24 22:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info BUG: unable to handle kernel NULL pointer dereference in si470x_int_in_callback
* Struck through repros no longer work on HEAD.