Re: [syzbot] [hfs?] kernel BUG in hfsplus_show_options
From: Kees Cook
Date: Wed Jul 19 2023 - 00:18:46 EST
On July 18, 2023 6:27:23 PM PDT, syzbot <syzbot+98d3ceb7e01269e7bf4f@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>syzbot has bisected this issue to:
>
>commit c30417b20f4993e49406f3f6d986355c6e943aa2
>Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
>Date: Mon Jul 17 09:33:32 2023 +0000
>
> seq_file: Replace strncpy()+nul by strscpy()
Uh... Wat. Is this a bug in strscpy fortification? It's copying out of a (recast) be32... It shouldn't expect to find a NUL because it hit the max copy size already...
Looking...
-Kees
>
>bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17488c1aa80000
>start commit: aeba456828b4 Add linux-next specific files for 20230718
>git tree: linux-next
>final oops: https://syzkaller.appspot.com/x/report.txt?x=14c88c1aa80000
>console output: https://syzkaller.appspot.com/x/log.txt?x=10c88c1aa80000
>kernel config: https://syzkaller.appspot.com/x/.config?x=e7ec534f91cfce6c
>dashboard link: https://syzkaller.appspot.com/bug?extid=98d3ceb7e01269e7bf4f
>syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ecf646a80000
>C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1476f30aa80000
>
>Reported-by: syzbot+98d3ceb7e01269e7bf4f@xxxxxxxxxxxxxxxxxxxxxxxxx
>Fixes: c30417b20f49 ("seq_file: Replace strncpy()+nul by strscpy()")
>
>For information about bisection process see: https://goo.gl/tpsmEJ#bisection
--
Kees Cook