syzbot


KASAN: use-after-free Read in fbcon_cursor
Status: fixed on 2020/09/25 01:17
Reported-by: syzbot+9116ecc1978ca3a12f43@syzkaller.appspotmail.com
Fix commit: f8d1653d vt: defer kfree() of vc_screenbuf in vc_do_resize()
First crash: 518d, last: 273d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Read in fbcon_putcs (log)
Repro: syz .config

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in fbcon_cursor syz inconclusive 3 342d 518d 0/1 upstream: reported syz repro on 2019/12/15 04:16
linux-4.19 KASAN: use-after-free Read in fbcon_cursor syz done 4 259d 518d 1/1 fixed on 2020/09/30 06:27

Sample crash report:

Crashes (10):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2019/12/15 07:04 upstream 07c4b9e9 eef6e580 .config log report syz
ci-upstream-kasan-gce-root 2019/12/15 05:47 upstream 07c4b9e9 eef6e580 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2019/12/25 14:54 linux-next 7ddd09fc be5c2c81 .config log report syz
ci-upstream-kasan-gce-selinux-root 2020/08/16 02:53 upstream c9c9735c 424dd8e7 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/03 10:19 upstream 5a30a789 196277c4 .config log report
ci-upstream-kasan-gce-smack-root 2020/05/14 00:19 upstream 24085f70 a885920d .config log report
ci-upstream-kasan-gce-smack-root 2020/05/03 15:23 upstream f66ed1eb 58ae5e18 .config log report
ci-upstream-kasan-gce-selinux-root 2020/04/23 19:42 upstream c578ddb3 2e44d63e .config log report
ci-upstream-kasan-gce-386 2020/08/15 01:42 upstream b923f124 424dd8e7 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/03/12 05:19 linux-next 770fbb32 e7caca8e .config log report