Re: [PATCH] workqueue: unregister wq lockdep on error path in alloc_workqueue()

On 2019/3/8 22:45, Bart Van Assche wrote: > On 3/7/19 11:37 PM, Kefeng Wang wrote: >> syzkaller report an issue "KASAN: use-after-free Read in alloc_workqueue", >> >> alloc_workqueue >>   - kzalloc wq >>   - wq_init_lockdep(wq); >>     - lockdep_register_key(>key);  // add to hlist >>   - kfree

Re: [PATCH] workqueue: unregister wq lockdep on error path in alloc_workqueue()

On 3/7/19 11:37 PM, Kefeng Wang wrote: syzkaller report an issue "KASAN: use-after-free Read in alloc_workqueue", alloc_workqueue - kzalloc wq - wq_init_lockdep(wq); - lockdep_register_key(>key); // add to hlist - kfree wq But forget to call

[PATCH] workqueue: unregister wq lockdep on error path in alloc_workqueue()

syzkaller report an issue "KASAN: use-after-free Read in alloc_workqueue", alloc_workqueue - kzalloc wq - wq_init_lockdep(wq); - lockdep_register_key(>key); // add to hlist - kfree wq But forget to call wq_unregister_lockdep()->lockdep_unregister_key(), it will delete the entry from