Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp111550pxb; Wed, 18 Nov 2020 18:09:30 -0800 (PST) X-Received: by 2002:a17:906:a299:: with SMTP id i25mr5503178ejz.64.1605751769645; Wed, 18 Nov 2020 18:09:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJxpfcTtyYYds1BaBiZfZjeuoQI9VhQvJeG+cb1YTf2D/bNnEOsuv4BY8YhOdMmCE+CR4Esi X-Received: by 2002:a17:906:a299:: with SMTP id i25mr5503082ejz.64.1605751768788; Wed, 18 Nov 2020 18:09:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605751768; cv=none; d=google.com; s=arc-20160816; b=ac33Ah93XJpwh/+vwX8/inDDN2aK1+nX8i4rMqwQvMjwDwcsfOVazQKbilhO0nQRzf XAbVfJiiYllfjwakJsAg0Aj4/GYK/X2IrvLqmf6iACZ2ALo/u3X6Q2g3yM1I2QYrM03y s5JPjqXc8IpI6upCjosB6XvmamCX6YlDSZcbDQBbwWLnPE1buQTnQKxZsDj/PUevmq5h t3WS53qQCl70LrZV3Ecd3VLvbKbR4eLOhS9FNAtcy8wtQigO9bzRObNXaujgxwBlqd24 PdFLGtURNsLBeKq05O+XUv5gloMt5ly9O3amBscpX3aT+3eetwRACndXKXsYtZ/DI/MN eZ4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:from:subject:message-id:in-reply-to:date :mime-version; bh=C3VJue3RGqKKiz/dey+cwbB/cJZLcFnQvx6oQYKE/kA=; b=PGKJEkCDkr16HB6pGm4WSGllxWSN9DMR3ZPrWHVs5ISZblhG+65oaDuAtucm8rXQFG S6Tbf27JsE5NNi7e07oF9LVB5NSzi+urLdwEL79S0cHiNc4gw27CmGqxEFxupalf3au5 iWpmgW4Jt3pA+Q1snbFHFw/4OuU+OatpuyROSSqNsdncmyBi+/mv6u8vV5A1PPrEKLxb xPeAICyJuRCm5crKcvFO/SPZwCmWfTPu3tyBIVDj0NhbD8eiGtYBjkrJUnPLhqGNwkym 17u4lxoZJhSLrZD10GctchFxcWjRsGEN1uIqGNI6Zcr9rfGrnvLN6RcCIRQzz+yYEibK tYEQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s15si17379248edj.165.2020.11.18.18.08.51; Wed, 18 Nov 2020 18:09:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727486AbgKSCHM (ORCPT + 99 others); Wed, 18 Nov 2020 21:07:12 -0500 Received: from mail-io1-f69.google.com ([209.85.166.69]:45951 "EHLO mail-io1-f69.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727307AbgKSCHK (ORCPT ); Wed, 18 Nov 2020 21:07:10 -0500 Received: by mail-io1-f69.google.com with SMTP id o17so3148919ioo.12 for ; Wed, 18 Nov 2020 18:07:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id:subject :from:to; bh=C3VJue3RGqKKiz/dey+cwbB/cJZLcFnQvx6oQYKE/kA=; b=an5asg5ouoqnZ4V2rRM/aMjLFXPde0B2RKTSBR6L1GkSTeEXWJVM+VEwGDIdWAeb99 Ug8pzhAA4JnosJadLKf8qr+U/odhbodsUeDjD+cRfGswN/bVml+uupzVlyTNBLndI/+5 aXWGnKHjFLH36aJ6E4CnMifowA3fbQALN/pxFW40pDzbtSnyK/YHjVMcELRU1Dfbcyrv nJ+Czk+nXI6FBIMPjUBnPcqNbsQXUFAZJr0Iqqp4Sm7u3R9lreS23VqOdhWmv0+eqrhi EtTiDXY928/caA5Q5f2AzcTrUGxLlfDB/cTVII5wm0LVu5D4F0D8sjlAYFqm91p9NU/m ZF6A== X-Gm-Message-State: AOAM533pWAIT9TDqnsVCd7pUkw8VtdROXOsHjLDsvkNPH1nSzMQHtcBD LGVJ09cHDjOitgFyXBGsg5l+JBYEODJ463jw5AvRKn07uafr MIME-Version: 1.0 X-Received: by 2002:a92:6e0a:: with SMTP id j10mr3269284ilc.272.1605751627741; Wed, 18 Nov 2020 18:07:07 -0800 (PST) Date: Wed, 18 Nov 2020 18:07:07 -0800 In-Reply-To: <00000000000055348705b43c701d@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000005e834e05b46c2f37@google.com> Subject: Re: KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2) From: syzbot To: andreyknvl@google.com, ath9k-devel@qca.qualcomm.com, davem@davemloft.net, johannes.berg@intel.com, johannes@sipsolutions.net, kuba@kernel.org, kvalo@codeaurora.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org syzbot has bisected this issue to: commit dcd479e10a0510522a5d88b29b8f79ea3467d501 Author: Johannes Berg Date: Fri Oct 9 12:17:11 2020 +0000 mac80211: always wind down STA state bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=100c9c16500000 start commit: 0fa8ee0d Merge branch 'for-linus' of git://git.kernel.org/.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=120c9c16500000 console output: https://syzkaller.appspot.com/x/log.txt?x=140c9c16500000 kernel config: https://syzkaller.appspot.com/x/.config?x=75292221eb79ace2 dashboard link: https://syzkaller.appspot.com/bug?extid=03110230a11411024147 userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1587f841500000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ec0fe6500000 Reported-by: syzbot+03110230a11411024147@syzkaller.appspotmail.com Fixes: dcd479e10a05 ("mac80211: always wind down STA state") For information about bisection process see: https://goo.gl/tpsmEJ#bisection