syzbot


KASAN: use-after-free Write in __vb2_cleanup_fileio
Status: fixed on 2019/11/07 18:45
Reported-by: syzbot+4e12d2d56f8ccc65c180@syzkaller.appspotmail.com
Fix commit: d65842f7126a media: vb2: add waiting_in_dqbuf flag
First crash: 1136d, last: 1133d

Cause bisection: introduced by (bisect log) :
commit 4493b81bea24269df898339dee638d7c5cb2b2df
Author: Mahesh Bandewar <maheshb@google.com>
Date: Wed Mar 8 18:55:54 2017 +0000

  bonding: initialize work-queues during creation of bond

Crash: WARNING: ODEBUG bug in del_timer (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  d65842f7126a media: vb2: add waiting_in_dqbuf flag
  75480ebf4966 media: coda: set codec earlier
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Write in __vb2_cleanup_fileio 2 868d 906d 0/1 auto-closed as invalid on 2019/11/21 17:15
linux-4.14 KASAN: use-after-free Write in __vb2_cleanup_fileio C error 2 635d 795d 0/1 upstream: reported C repro on 2019/10/06 01:28

Sample crash report:

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2018/10/29 18:10 upstream 9f51ae62c84a 7df9db2e .config log report syz C
ci-upstream-kasan-gce-386 2018/11/01 08:56 upstream 59fc453b21f7 1f38e9ae .config log report syz C