lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACT4Y+aO-uckeUghahSJP+6VwwYCNRKCobhvb41n1RXL8Pxsiw@mail.gmail.com>
Date:   Wed, 28 Sep 2022 09:35:29 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     syzbot <syzbot+8346a1aeed52cb04c9ba@...kaller.appspotmail.com>,
        Miklos Szeredi <miklos@...redi.hu>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>
Cc:     linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] unexpected kernel reboot (8)

On Wed, 28 Sept 2022 at 04:03, syzbot
<syzbot+8346a1aeed52cb04c9ba@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    1707c39ae309 Merge tag 'driver-core-6.0-rc7' of git://git...
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=17324288880000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
> dashboard link: https://syzkaller.appspot.com/bug?extid=8346a1aeed52cb04c9ba
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15ca1f54880000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=155622df080000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+8346a1aeed52cb04c9ba@...kaller.appspotmail.com
>
> fuseblk: Unknown parameter '                                                                Decompressing Linux... Parsing ELF... done.                                                                                     Booting the kernel.                                                                                                                                                                                                                                                             Decompressing Linux... Parsing ELF... done.                                                                                     Booting the kernel.

+fuse maintainers

This one is somewhat funny. The fuzzer tricked the kernel into
printing the rebooting message via normal logging. So on the console
it looks like the kernel started rebooting.

But it looks like the kernel is reading/printing something it
shouldn't. The reproducer doesn't pass the "Decompressing Linux"
string in mount options. So the kernel is reading random memory
out-of-bounds? a non-0-terminated string somewhere?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ