[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F5F9CC2-803C-4E18-968C-A46B32528F1F@kernel.org>
Date: Tue, 18 Jul 2023 21:18:05 -0700
From: Kees Cook <kees@...nel.org>
To: syzbot <syzbot+98d3ceb7e01269e7bf4f@...kaller.appspotmail.com>,
andriy.shevchenko@...ux.intel.com, keescook@...omium.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [hfs?] kernel BUG in hfsplus_show_options
On July 18, 2023 6:27:23 PM PDT, syzbot <syzbot+98d3ceb7e01269e7bf4f@...kaller.appspotmail.com> wrote:
>syzbot has bisected this issue to:
>
>commit c30417b20f4993e49406f3f6d986355c6e943aa2
>Author: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
>Date: Mon Jul 17 09:33:32 2023 +0000
>
> seq_file: Replace strncpy()+nul by strscpy()
Uh... Wat. Is this a bug in strscpy fortification? It's copying out of a (recast) be32... It shouldn't expect to find a NUL because it hit the max copy size already...
Looking...
-Kees
>
>bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17488c1aa80000
>start commit: aeba456828b4 Add linux-next specific files for 20230718
>git tree: linux-next
>final oops: https://syzkaller.appspot.com/x/report.txt?x=14c88c1aa80000
>console output: https://syzkaller.appspot.com/x/log.txt?x=10c88c1aa80000
>kernel config: https://syzkaller.appspot.com/x/.config?x=e7ec534f91cfce6c
>dashboard link: https://syzkaller.appspot.com/bug?extid=98d3ceb7e01269e7bf4f
>syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ecf646a80000
>C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1476f30aa80000
>
>Reported-by: syzbot+98d3ceb7e01269e7bf4f@...kaller.appspotmail.com
>Fixes: c30417b20f49 ("seq_file: Replace strncpy()+nul by strscpy()")
>
>For information about bisection process see: https://goo.gl/tpsmEJ#bisection
--
Kees Cook
Powered by blists - more mailing lists