syzbot


INFO: task hung in tty_ioctl (2)
Status: upstream: reported syz repro on 2021/10/14 09:44
Reported-by: syzbot+9a1e55b8c30bfecdf654@syzkaller.appspotmail.com
First crash: 55d, last: 10d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Read in n_tty_receive_buf_common (log)
Repro: syz .config
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in tty_ioctl 6 1106d 1173d 0/22 auto-closed as invalid on 2019/05/20 08:04
android-44 INFO: task hung in tty_ioctl C 4 1059d 963d 0/2 public: reported C repro on 2019/04/13 00:00
android-414 INFO: task hung in tty_ioctl C 3 1110d 964d 0/1 public: reported C repro on 2019/04/12 00:01
android-49 INFO: task hung in tty_ioctl C 22 733d 962d 0/3 public: reported C repro on 2019/04/14 00:00

Sample crash report:

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2021/11/21 05:40 upstream 923dcc5eb0c1 838e7e2c .config log report syz
Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2021/10/10 09:33 upstream 7fd2bf83d59a 838e7e2c .config log report syz INFO: task hung in tty_ioctl
ci-upstream-linux-next-kasan-gce-root 2021/10/22 05:10 linux-next 3196a52aff93 55f90bc6 .config log report info INFO: task hung in tty_ioctl
ci-upstream-linux-next-kasan-gce-root 2021/10/07 10:30 linux-next f8dc23b3dc0c 62ee0987 .config log report info INFO: task hung in tty_ioctl