Re: [syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks

From: syzbot
Date: Sat Nov 25 2023 - 08:10:42 EST

Next message: Christian Brauner: "Re: [GIT PULL] vfs fixes"
Previous message: Christian Brauner: "Re: [GIT PULL] vfs fixes"
In reply to: syzbot: "Re: [syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Next in thread: syzbot: "Re: [syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: [udf?] KASAN: slab-use-after-free Read in udf_free_blocks
Author: eadavis@xxxxxx

please test uaf in udf_free_blocks

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 123212f53f3e

diff --git a/fs/open.c b/fs/open.c
index 02dc608d40d8..bc2d1db2fcba 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1441,11 +1441,11 @@ static long do_sys_openat2(int dfd, const char __user *filename,
if (IS_ERR(f)) {
put_unused_fd(fd);
fd = PTR_ERR(f);
+ putname(tmp);
} else {
fd_install(fd, f);
}
}
- putname(tmp);
return fd;
}

Next message: Christian Brauner: "Re: [GIT PULL] vfs fixes"
Previous message: Christian Brauner: "Re: [GIT PULL] vfs fixes"
In reply to: syzbot: "Re: [syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Next in thread: syzbot: "Re: [syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]