syzbot


KASAN: use-after-free Read in tty_open
Status: fixed on 2020/05/10 10:41
Reported-by: syzbot+9af6d43c1beabec8fd05@syzkaller.appspotmail.com
Fix commit: ca4463bf vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
First crash: 294d, last: 182d

Cause bisection: introduced by (bisect log):

commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
Author: Russell Currey <ruscur@russell.cc>
Date: Mon Feb 8 04:08:20 2016 +0000

  powerpc/powernv: Remove support for p5ioc2

Crash: BUG: spinlock lockup suspected in nf_conntrack_lock (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log):

commit ca4463bf8438b403596edd0ec961ca0d4fbe0220
Author: Eric Biggers <ebiggers@google.com>
Date: Sun Mar 22 03:43:04 2020 +0000

  vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in tty_open C fix 5 192d 294d 1/1 fixed on 2020/04/13 10:52
linux-4.19 KASAN: use-after-free Read in tty_open C fix 2 188d 295d 1/1 fixed on 2020/04/17 06:51

Sample crash report:

Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Maintainers
ci-upstream-kasan-gce-root 2019/12/15 09:11 upstream 07c4b9e9 eef6e580 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-selinux-root 2019/12/14 15:43 upstream e31736d9 eef6e580 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-root 2019/12/04 04:17 upstream 76bb8b05 ae13a849 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-root 2019/12/03 22:19 upstream 76bb8b05 ae13a849 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-selinux-root 2019/12/03 21:20 upstream 76bb8b05 ae13a849 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386 2019/12/04 00:07 upstream 76bb8b05 ae13a849 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root 2019/12/26 04:47 linux-next 7ddd09fc be5c2c81 .config log report syz C gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root 2020/03/24 22:22 linux-next 770fbb32 68660b21 .config log report gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org