On Mon, 12 Jul 2021 20:14:24 -0700 syzbot <syzbot+5872a520e0ce0a7c7230@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 92510a7f Add linux-next specific files for 20210709 > git tree: linux-next > console output: > https://syzkaller.appspot.com/x/log.txt?x=16c50180300000 kernel > config: https://syzkaller.appspot.com/x/.config?x=505de2716f052686 > dashboard link: > https://syzkaller.appspot.com/bug?extid=5872a520e0ce0a7c7230 syz > repro: > https://syzkaller.appspot.com/x/repro.syz?x=1639a73c300000 C > reproducer: https://syzkaller.appspot.com/x/repro.c?x=15fcd5e4300000 > > IMPORTANT: if you fix the issue, please add the following tag to the > commit: Reported-by: > syzbot+5872a520e0ce0a7c7230@xxxxxxxxxxxxxxxxxxxxxxxxx > Hmm, bisection is wrong this time. It should be e02a3b945816 ("staging: rtl8712: fix memory leak in rtl871x_load_fw_cb") #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master I guess, this should work With regards, Pavel Skripkin
>From 954ffa9067907a5f6d4d6d2b72a98b8773cac11e Mon Sep 17 00:00:00 2001 From: Pavel Skripkin <paskripkin@xxxxxxxxx> Date: Tue, 13 Jul 2021 11:52:17 +0300 Subject: [PATCH] staging: rtl8712: fix UAF in r871xu_dev_remove /* .... */ Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx> --- drivers/staging/rtl8712/hal_init.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/rtl8712/hal_init.c b/drivers/staging/rtl8712/hal_init.c index 22974277afa0..c06d31784cd4 100644 --- a/drivers/staging/rtl8712/hal_init.c +++ b/drivers/staging/rtl8712/hal_init.c @@ -43,6 +43,7 @@ static void rtl871x_load_fw_cb(const struct firmware *firmware, void *context) r8712_free_drv_sw(adapter); adapter->dvobj_deinit(adapter); complete(&adapter->rtl8712_fw_ready); + shedule(); /* to not trigger UAF in wait_for_completion() */ free_netdev(adapter->pnetdev); return; } -- 2.32.0
