Received: by 2002:a05:7412:8d11:b0:fa:4934:9f with SMTP id bj17csp488121rdb; Mon, 15 Jan 2024 04:06:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IG/lfL3+dKwXNpPof5dGlvLZWA+PfxanEibYFVlt89j9UNe4pCGlr2szOOurXEvR1AJJzoy X-Received: by 2002:a17:906:ca01:b0:a2d:bc66:6af9 with SMTP id jt1-20020a170906ca0100b00a2dbc666af9mr1356135ejb.11.1705320401795; Mon, 15 Jan 2024 04:06:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705320401; cv=none; d=google.com; s=arc-20160816; b=ezt42L+fNgLDKdXgHkvcvNzxFxEiCMO/uSYTdXYA+9IlVXv0Wo6SO+47l+Kj/OoOGX D/QPwImI49cT+HKYobn2QRGc39FLpdoKUH4GKgJnFwpBpqWu6HWk3sxapvHoOA3fsI17 PshbQnSOePZzU8SCoCHD7/zdI4KfHpEksWjnDdX0RDOKqcZkRe1qCg2Vy0bsgSs/6AKq DNFHNN58C5NJsX2gl1eCtRZWTAP0NpC072BTmQ87d+URlpgZKHcf4SQ/P7eks11HDEhF TWJBBzumB5ZtSQe5zcfSlfpQn6n+Swu6Pat9BlSsW/vqU/jSlj+RNPXT3kCVL+zwqWub HUtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=RkVmpOtyyIMawhPNsOLZMJqmIzfRvYu7xYqkIp526cM=; fh=wFE6UPOMBxr/nG/y0hwqvsU34p+OR9r61Qba26+UZFo=; b=rdE9zzLTGLYHI8+qmgi7y5UXrUGiUe4D7NanR5Ox2aPzaeLc9pgjN2XqyabgiKxPs6 mOJ/9QEySIK14/62XDSCUGypwPb+v+8l9x75Ke/sH4Own9rZb0QN3x11fzMrpFR4iCTI xtg7BqeMantn27QU8Pmaend8fMIJytzqPbWqF7D94ScIXz77PtsBbQeEI3IeFkQzxXNz 8GlOzSDNK2zlcA7kbZRkDb8/yrNnMJ/3iQQ7RuxhnVmwS+7afcuAbjxICgOKkRcaIDfX wGjpGTZzp+mz1r2EuDE6owQp7EQshGOcZd+R/8+TRyMU+yA9r0kD4gbdXen9xdoH4/jK wQ/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-25951-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25951-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id d14-20020a170906370e00b00a28aa2aca42si3659058ejc.413.2024.01.15.04.06.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 04:06:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-25951-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-25951-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25951-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 600311F21DF2 for ; Mon, 15 Jan 2024 12:06:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4C6902C699; Mon, 15 Jan 2024 12:06:34 +0000 (UTC) Received: from mail115-171.sinamail.sina.com.cn (mail115-171.sinamail.sina.com.cn [218.30.115.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 274C21E867 for ; Mon, 15 Jan 2024 12:06:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.25.116.10]) by sina.com (172.16.235.25) with ESMTP id 65A51F9900001FD2; Mon, 15 Jan 2024 20:05:48 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 34782034210327 X-SMAIL-UIID: 754D622253F1446BB3F950B09A81D287-20240115-200548-1 From: Hillf Danton To: syzbot Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [f2fs?] KASAN: slab-use-after-free Read in f2fs_filemap_fault Date: Mon, 15 Jan 2024 20:05:35 +0800 Message-Id: <20240115120535.850-1-hdanton@sina.com> In-Reply-To: <0000000000000b4e27060ef8694c@google.com> References: <0000000000000b4e27060ef8694c@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Mon, 15 Jan 2024 01:12:17 -0800 > HEAD commit: 052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke.. > git tree: upstream > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1422d5ebe80000 #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master --- x/fs/f2fs/file.c +++ y/fs/f2fs/file.c @@ -39,6 +39,7 @@ static vm_fault_t f2fs_filemap_fault(struct vm_fault *vmf) { struct inode *inode = file_inode(vmf->vma->vm_file); + vm_flags_t flags = vmf->vma->vm_flags; vm_fault_t ret; ret = filemap_fault(vmf); @@ -46,7 +47,7 @@ static vm_fault_t f2fs_filemap_fault(str f2fs_update_iostat(F2FS_I_SB(inode), inode, APP_MAPPED_READ_IO, F2FS_BLKSIZE); - trace_f2fs_filemap_fault(inode, vmf->pgoff, vmf->vma->vm_flags, ret); + trace_f2fs_filemap_fault(inode, vmf->pgoff, flags, ret); return ret; } --