On 03/09/2018 02:48 PM, Cong Wang wrote:
On Fri, Mar 9, 2018 at 1:59 PM, syzbot
<syzbot+0502b00edac2a0680b61@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello,
syzbot hit the following crash on net-next commit
617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +0000)
Merge tag 'usercopy-v4.16-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
So far this crash happened 12 times on net-next, upstream.
C reproducer is attached.
syzkaller reproducer is attached.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0502b00edac2a0680b61@xxxxxxxxxxxxxxxxxxxxxxxxx
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
audit: type=1400 audit(1518223777.419:7): avc: denied { map } for
pid=4159 comm="syzkaller598581" path="/root/syzkaller598581546" dev="sda1"
ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
------------[ cut here ]------------
name len 0
WARNING: CPU: 0 PID: 4159 at fs/proc/generic.c:354 __proc_create+0x696/0x880
fs/proc/generic.c:354
We need to reject empty names.
I sent a patch a while back, but Pablo/Florian wanted more than that
simple fix.
We also need to filter special characters like '/'
Or maybe I am mixing with something else.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html