syzbot


KASAN: use-after-free Write in __vb2_cleanup_fileio
Status: fixed on 2019/11/07 18:45
Reported-by: syzbot+4e12d2d56f8ccc65c180@syzkaller.appspotmail.com
Fix commit: d65842f7 media: vb2: add waiting_in_dqbuf flag
First crash: 476d, last: 473d

Cause bisection: introduced by (bisect log):

commit 4493b81bea24269df898339dee638d7c5cb2b2df
Author: Mahesh Bandewar <maheshb@google.com>
Date: Wed Mar 8 18:55:54 2017 +0000

  bonding: initialize work-queues during creation of bond

Crash: WARNING: ODEBUG bug in del_timer (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):

  d65842f7126a media: vb2: add waiting_in_dqbuf flag
  75480ebf4966 media: coda: set codec earlier
similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Write in __vb2_cleanup_fileio 2 208d 246d 0/1 auto-closed as invalid on 2019/11/21 17:15
linux-4.14 KASAN: use-after-free Write in __vb2_cleanup_fileio C 2 5d18h 135d 0/1 upstream: reported C repro on 2019/10/06 01:28

Sample crash report:

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-root 2018/10/29 18:10 upstream 9f51ae62 7df9db2e .config log report syz C hverkuil@xs4all.nl, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, mchehab@kernel.org, sakari.ailus@linux.intel.com, satendra.t@samsung.com, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386 2018/11/01 08:56 upstream 59fc453b 1f38e9ae .config log report syz C kyungmin.park@samsung.com, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, m.szyprowski@samsung.com, mchehab@kernel.org, pawel@osciak.com