Re: [syzbot] unexpected kernel reboot (8)
From: Dmitry Vyukov
Date: Wed Sep 28 2022 - 03:36:59 EST
On Wed, 28 Sept 2022 at 04:03, syzbot
<syzbot+8346a1aeed52cb04c9ba@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 1707c39ae309 Merge tag 'driver-core-6.0-rc7' of git://git...
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=17324288880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
> dashboard link: https://syzkaller.appspot.com/bug?extid=8346a1aeed52cb04c9ba
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ca1f54880000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=155622df080000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+8346a1aeed52cb04c9ba@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> fuseblk: Unknown parameter ' Decompressing Linux... Parsing ELF... done. Booting the kernel. Decompressing Linux... Parsing ELF... done. Booting the kernel.
+fuse maintainers
This one is somewhat funny. The fuzzer tricked the kernel into
printing the rebooting message via normal logging. So on the console
it looks like the kernel started rebooting.
But it looks like the kernel is reading/printing something it
shouldn't. The reproducer doesn't pass the "Decompressing Linux"
string in mount options. So the kernel is reading random memory
out-of-bounds? a non-0-terminated string somewhere?