Hillf Danton <hdan...@sina.com> wrote: > On Sun, 13 Sep 2020 09:17:26 +0000 linmiaohe wrote: >> >> I reviewed the code carefully these days and I found vma_merge() do only >> fput() the vm_file of the linked vma in remove_next cases. >> This gpf is much likely because the ->mmap() callback can change >> vma->vm_file and fput the original file. But my previous commit failed to >> catch this case and always fput() the original file, hence add an extra >> fput(). >> The below patch would make the things right: >> > >Take another look at the Cc list and the link below. > >https://lore.kernel.org/lkml/20200911120222.gt87...@ziepe.ca/ >
Many thanks for your teach. I think I could send the proposed patch to the syzbot directly. Thanks again.:)
