Preventing a use after free discovered by syzkaller.
ok visa@
Reported-by: syzbot+a2649c1d77e9d2463f33@syzkaller.appspotmail.com
Reported-by: syzbot+182df9087f5f182daa44@syzkaller.appspotmail.com
Reported-by: syzbot+46d03139d7ed5e81ed2f@syzkaller.appspotmail.com
Reported-by: syzbot+892e886a6113db341da1@syzkaller.appspotmail.com
-/* $OpenBSD: vfs_lockf.c,v 1.45 2019/12/02 15:02:32 visa Exp $ */
+/* $OpenBSD: vfs_lockf.c,v 1.46 2022/04/27 18:01:23 anton Exp $ */
/* $NetBSD: vfs_lockf.c,v 1.7 1996/02/04 02:18:21 christos Exp $ */
/*
* Check for common starting point and different types.
*/
if (overlap->lf_type == lock->lf_type) {
+ if (!needtolink)
+ TAILQ_REMOVE(&lock->lf_state->ls_locks,
+ lock, lf_entry);
lf_free(lock);
lock = overlap; /* for debug output below */
break;