On 4/20/19 7:42 PM, Dan Robertson wrote: > Given bad input to the io_uring_register syscall the io_ring_ctx > user_files member is cleaned up in io_sqe_files_register, but a > following call to io_uring_release will result in a double-free.
This was already fixed for -rc5 last week, in this commit: commit 25adf50fe25d506d3fc12070a5ff4be858a1ac1b Author: Jens Axboe <[email protected]> Date: Wed Apr 3 09:52:40 2019 -0600 io_uring: fix double free in case of fileset regitration failure -- Jens Axboe
