Hello,
Syzkaller has triggered a kernel BUG when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
[<ffffffff818568d5>] construct_alloc_key security/keys/request_key.c:388 [inline]
[<ffffffff818568d5>] construct_key_and_link security/keys/request_key.c:479 [inline]
[<ffffffff818568d5>] request_key_and_link+0x49b/0x8c5 security/keys/request_key.c:594
[<ffffffff8184fb08>] SYSC_request_key security/keys/keyctl.c:213 [inline]
[<ffffffff8184fb08>] SyS_request_key+0x1ac/0x2a2 security/keys/keyctl.c:158
[<ffffffff832bec3a>] entry_SYSCALL_64_fastpath+0x31/0xb3
Could the following patches be applied to v4.4.y?
* 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open time")
* ede0fa98a900 ("KEYS: always initialize keyring_index_key::desc_len")
Note: queue-4.4 currently has a backport for "keys-always-initialize-keyring_index_key-desc_len.patch".
This request is to apply the 2 patches above instead of just one, to 4.4.y,
as the first patch is a bugfix as well. They apply cleanly if applied one after another.
Tests:
* Chrome OS tryjob
* Syzkaller reproducer
* Test to check if 4aa68e07d845 works as intended
Thanks,
- Zubin
