Hi,
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag,
fixing commit: 5ba6c9ff961a drm/vgem: Fix mmaping.
The bot has tested the following trees: v4.20.12, v4.19.25, v4.14.103, v4.9.160.
v4.20.12: Build OK!
v4.19.25: Build OK!
v4.14.103: Build OK!
On Tue, Feb 26, 2019 at 09:01:29PM +, Chris Wilson wrote:
> Quoting Eric Biggers (2019-02-26 20:47:26)
> > From: Eric Biggers
> >
> > If drm_gem_handle_create() fails in vgem_gem_create(), then the
> > drm_vgem_gem_object is freed twice: once when the reference is dropped
> > by
Quoting Eric Biggers (2019-02-26 20:47:26)
> From: Eric Biggers
>
> If drm_gem_handle_create() fails in vgem_gem_create(), then the
> drm_vgem_gem_object is freed twice: once when the reference is dropped
> by drm_gem_object_put_unlocked(), and again by __vgem_gem_destroy().
>
> This was hit by
From: Eric Biggers
If drm_gem_handle_create() fails in vgem_gem_create(), then the
drm_vgem_gem_object is freed twice: once when the reference is dropped
by drm_gem_object_put_unlocked(), and again by __vgem_gem_destroy().
This was hit by syzkaller using fault injection.
Fix it by skipping the
