KASAN: use-after-free Write in __vb2_cleanup_fileio
Status: fixed on 2019/11/07 18:45
Fix commit: d65842f7 media: vb2: add waiting_in_dqbuf flag
First crash: 585d, last: 583d

Cause bisection: introduced by (bisect log):

commit 4493b81bea24269df898339dee638d7c5cb2b2df
Author: Mahesh Bandewar <>
Date: Wed Mar 8 18:55:54 2017 +0000

  bonding: initialize work-queues during creation of bond

Crash: WARNING: ODEBUG bug in del_timer (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):

  d65842f7126a media: vb2: add waiting_in_dqbuf flag
  75480ebf4966 media: coda: set codec earlier
similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Write in __vb2_cleanup_fileio 2 317d 355d 0/1 auto-closed as invalid on 2019/11/21 17:15
linux-4.14 KASAN: use-after-free Write in __vb2_cleanup_fileio C fix 2 85d 244d 0/1 upstream: reported C repro on 2019/10/06 01:28

Sample crash report:

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-root 2018/10/29 18:10 upstream 9f51ae62 7df9db2e .config log report syz C,,,,,,
ci-upstream-kasan-gce-386 2018/11/01 08:56 upstream 59fc453b 1f38e9ae .config log report syz C,,,,,