Doublely-free in remove_self_from_waiters() #57
Description
Issue
In kernel/mutex.c, remove_self_from_waiters() calls list_remove() and free() at the same time, which free() has been called in the list_remove() may cause heap corruption or invalid free.
static bool remove_self_from_waiters(list_t *waiters)
{
...
while (curr && curr != waiters->tail) {
if (curr->data == self) {
list_remove(waiters, curr);
free(curr);
return true;
}
...
}