KASAN: use-after-free Read in fbcon_cursor
Status: fixed on 2020/09/25 01:17
Fix commit: f8d1653daec0 vt: defer kfree() of vc_screenbuf in vc_do_resize()
First crash: 724d, last: 480d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Read in fbcon_putcs (log)
Repro: syz .config

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in fbcon_cursor syz inconclusive 3 548d 725d 0/1 upstream: reported syz repro on 2019/12/15 04:16
linux-4.19 KASAN: use-after-free Read in fbcon_cursor syz done 4 465d 725d 1/1 fixed on 2020/09/30 06:27

Sample crash report:

Crashes (10):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2019/12/15 07:04 upstream 07c4b9e9f71a eef6e580 .config log report syz
ci-upstream-kasan-gce-root 2019/12/15 05:47 upstream 07c4b9e9f71a eef6e580 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2019/12/25 14:54 linux-next 7ddd09fc4b74 be5c2c81 .config log report syz
ci-upstream-kasan-gce-selinux-root 2020/08/16 02:53 upstream c9c9735c46f5 424dd8e7 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/03 10:19 upstream 5a30a78924ec 196277c4 .config log report
ci-upstream-kasan-gce-smack-root 2020/05/14 00:19 upstream 24085f70a6e1 a885920d .config log report
ci-upstream-kasan-gce-smack-root 2020/05/03 15:23 upstream f66ed1ebbfde 58ae5e18 .config log report
ci-upstream-kasan-gce-selinux-root 2020/04/23 19:42 upstream c578ddb39e56 2e44d63e .config log report
ci-upstream-kasan-gce-386 2020/08/15 01:42 upstream b923f1247b72 424dd8e7 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/03/12 05:19 linux-next 770fbb32d34e e7caca8e .config log report