| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67d2a835.050a0220.14e108.0031.GAE@google.com>
Date: Thu, 13 Mar 2025 02:41:09 -0700
From: syzbot <syzbot+353d7b75658a95aa955a@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [kernel?] upstream test error: KASAN:
slab-use-after-free Write in binderfs_evict_inode
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: Re: [syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binderfs_evict_inode
Author: lizhi.xu@...driver.com
#syz test
diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index 94c6446604fc..21fd218796d6 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -271,13 +271,13 @@ static void binderfs_evict_inode(struct inode *inode)
mutex_lock(&binderfs_minors_mutex);
--info->device_count;
ida_free(&binderfs_minors, device->miscdev.minor);
- mutex_unlock(&binderfs_minors_mutex);
if (refcount_dec_and_test(&device->ref)) {
hlist_del_init(&device->hlist);
kfree(device->context.name);
kfree(device);
}
+ mutex_unlock(&binderfs_minors_mutex);
}
static int binderfs_fs_context_parse_param(struct fs_context *fc,
Powered by blists - more mailing lists