On Wed, Aug 24, 2022 at 11:35:22PM -0700, Vivek Kasireddy wrote: > When userspace tries to map the dmabuf and if for some reason > (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be > set to NULL. Otherwise, when the userspace subsequently closes the > dmabuf fd, we'd try to erroneously free the invalid sg table from > release_udmabuf resulting in the following crash reported by syzbot: > > general protection fault, probably for non-canonical address > 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ ... ] > Reported-by: [email protected] > Cc: Gerd Hoffmann <[email protected]> > Signed-off-by: Vivek Kasireddy <[email protected]> Pushed to drm-misc-next. thanks, Gerd
