On Wed, 28 Sept 2022 at 04:03, syzbot <syzbot+8346a1aeed52cb04c9ba@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 1707c39ae309 Merge tag 'driver-core-6.0-rc7' of git://git... > git tree: upstream > console+strace: https://syzkaller.appspot.com/x/log.txt?x=17324288880000 > kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb > dashboard link: https://syzkaller.appspot.com/bug?extid=8346a1aeed52cb04c9ba > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ca1f54880000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=155622df080000 > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+8346a1aeed52cb04c9ba@xxxxxxxxxxxxxxxxxxxxxxxxx > > fuseblk: Unknown parameter ' Decompressing Linux... Parsing ELF... done. Booting the kernel. Decompressing Linux... Parsing ELF... done. Booting the kernel. +fuse maintainers This one is somewhat funny. The fuzzer tricked the kernel into printing the rebooting message via normal logging. So on the console it looks like the kernel started rebooting. But it looks like the kernel is reading/printing something it shouldn't. The reproducer doesn't pass the "Decompressing Linux" string in mount options. So the kernel is reading random memory out-of-bounds? a non-0-terminated string somewhere?
