Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)

From: syzbot
Date: Mon Jun 03 2024 - 02:10:26 EST

Next message: MD Danish Anwar: "Re: [PATCH net-next v8 2/2] net: ti: icssg_prueth: add TAPRIO offload support"
Previous message: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
In reply to: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
Next in thread: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> please test file uaf in udmabuf_create
>
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git

want either no args or 2 args (repo, branch), got 1

> 0e1980c40b6e
> ---
> drivers/dma-buf/udmabuf.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
> index afa8bfd2a2a9..53035c601e92 100644
> --- a/drivers/dma-buf/udmabuf.c
> +++ b/drivers/dma-buf/udmabuf.c
> @@ -382,6 +382,7 @@ static long udmabuf_create(struct miscdevice *device,
>
> kfree(folios);
> fput(memfd);
> + memfd = NULL;
> }
>
> flags = head->flags & UDMABUF_FLAGS_CLOEXEC ? O_CLOEXEC : 0;
> --

Next message: MD Danish Anwar: "Re: [PATCH net-next v8 2/2] net: ti: icssg_prueth: add TAPRIO offload support"
Previous message: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
In reply to: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
Next in thread: syzbot: "Re: [syzbot] [squashfs?] VFS: Close: file count is zero (use-after-free)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]