From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 06E1CC54E5D for ; Wed, 13 Mar 2024 01:31:29 +0000 (UTC) Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rkDSq-0007GX-1X; Wed, 13 Mar 2024 01:31:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rkDSo-0007GP-QK for linux-f2fs-devel@lists.sourceforge.net; Wed, 13 Mar 2024 01:31:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8SNcXRsTlBGmAxsdet2zjZJ0BjeXRpSBi9IGMQnYtXg=; b=T4GihWqinZH/ABqHhVseDWOPhq 4R3zS/QDHLn2zPWxYouSqss/z0x6Q2sbcqMtjHXr1vQiWK1HoIzjx1eQucndHP4zSyc+WsH4kflPO e1HTqd3LW2wvqKtQSV2F3l23i7WHj50wgunFPmHyY428uH3ovf/n3StHztm+2QGauIG8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8SNcXRsTlBGmAxsdet2zjZJ0BjeXRpSBi9IGMQnYtXg=; b=XVHkpxP9HpbqiYvYqhPY5e1uNv 4qS8RW1EDVzNgzyWhMuY/ZHgVaN6Hmc1D3+xglBbIcaiUQmF3Ff+MTCpU2FL7A9D0f2/w5yY3laJE 9oAkCgVdu4YiFGV7fI9RbQHtx8H8hQ3LE3Hpr054tMXHc+7TdGOs2yEnoATSbbiDP//I=; Received: from dfw.source.kernel.org ([139.178.84.217]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rkDSe-00027Z-I3 for linux-f2fs-devel@lists.sourceforge.net; Wed, 13 Mar 2024 01:31:27 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 4481E612C4; Wed, 13 Mar 2024 01:31:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4B22C433C7; Wed, 13 Mar 2024 01:31:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710293471; bh=XSxgWVMGm0WFpPL9jfo/9EH6x7yKmpMZTIzFFuPvzSk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Q0TCvmlSVcvL9YpDVE8vvTYK7U4h9vzF8G+8XHKsxwudxp/pUtirWjpmPmmPqfOX4 JwGt9+gtS5lUWz1RxYwmXWY0KrnMGUxIiObDPhng4wWpjmt/LOV6oLF6RVjsxYqnkD hxxVmvYDJUIiIgYjJpDkS4wwloTakPLQfUjh+qYcoNBU37a/Pzo1LXVDjTJ7bNRYtx oBYe5Au46nymEQxWNQBlqXSXn86SDEg3h0M7h3s6uwUGULIRp1m+wkE3aDuMlHV9OO ufecOpetpg/qgvgDoZBJTnwTwq1KPhvHWHQaJ5OQCetisx6fYRke3rnf5VrOMsPjaU MxW+VgUP204yQ== Date: Tue, 12 Mar 2024 18:31:10 -0700 From: Jaegeuk Kim To: Ed Tsai =?utf-8?B?KOiUoeWul+i7kik=?= Message-ID: References: <0000000000000b4e27060ef8694c@google.com> <20240115120535.850-1-hdanton@sina.com> <4bbab168407600a07e1a0921a1569c96e4a1df31.camel@mediatek.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4bbab168407600a07e1a0921a1569c96e4a1df31.camel@mediatek.com> X-Headers-End: 1rkDSe-00027Z-I3 Subject: Re: [f2fs-dev] [syzbot] [f2fs?] KASAN: slab-use-after-free Read in f2fs_filemap_fault X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "hdanton@sina.com" , Chun-Hung Wu =?utf-8?B?KOW3q+mnv+Wujyk=?= , "linux-kernel@vger.kernel.org" , Light Hsieh =?utf-8?B?KOisneaYjueHiCk=?= , "linux-f2fs-devel@lists.sourceforge.net" , "linux-fsdevel@vger.kernel.org" , Freddy Hsin =?utf-8?B?KOi+m+aBkuixkCk=?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net T24gMDMvMTIsIEVkIFRzYWkgKOiUoeWul+i7kikgd3JvdGU6Cj4gT24gTW9uLCAyMDI0LTAxLTE1 IGF0IDIwOjA1ICswODAwLCBIaWxsZiBEYW50b24gd3JvdGU6Cj4gPiAKPiA+IC4uLgo+ID4gCj4g PiAtLS0geC9mcy9mMmZzL2ZpbGUuYwo+ID4gKysrIHkvZnMvZjJmcy9maWxlLmMKPiA+IEBAIC0z OSw2ICszOSw3IEBACj4gPiAgc3RhdGljIHZtX2ZhdWx0X3QgZjJmc19maWxlbWFwX2ZhdWx0KHN0 cnVjdCB2bV9mYXVsdCAqdm1mKQo+ID4gIHsKPiA+ICAgICAgICAgc3RydWN0IGlub2RlICppbm9k ZSA9IGZpbGVfaW5vZGUodm1mLT52bWEtPnZtX2ZpbGUpOwo+ID4gKyAgICAgICB2bV9mbGFnc190 IGZsYWdzID0gdm1mLT52bWEtPnZtX2ZsYWdzOwo+ID4gICAgICAgICB2bV9mYXVsdF90IHJldDsK PiA+ICAKPiA+ICAgICAgICAgcmV0ID0gZmlsZW1hcF9mYXVsdCh2bWYpOwo+ID4gQEAgLTQ2LDcg KzQ3LDcgQEAgc3RhdGljIHZtX2ZhdWx0X3QgZjJmc19maWxlbWFwX2ZhdWx0KHN0cgo+ID4gICAg ICAgICAgICAgICAgIGYyZnNfdXBkYXRlX2lvc3RhdChGMkZTX0lfU0IoaW5vZGUpLCBpbm9kZSwK PiA+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBUFBfTUFQUEVEX1JF QURfSU8sCj4gPiBGMkZTX0JMS1NJWkUpOwo+ID4gIAo+ID4gLSAgICAgICB0cmFjZV9mMmZzX2Zp bGVtYXBfZmF1bHQoaW5vZGUsIHZtZi0+cGdvZmYsIHZtZi0+dm1hLQo+ID4gPnZtX2ZsYWdzLCBy ZXQpOwo+ID4gKyAgICAgICB0cmFjZV9mMmZzX2ZpbGVtYXBfZmF1bHQoaW5vZGUsIHZtZi0+cGdv ZmYsIGZsYWdzLCByZXQpOwo+ID4gIAo+ID4gICAgICAgICByZXR1cm4gcmV0Owo+ID4gIH0KPiA+ IC0tCj4gCj4gSGkgSmFlZ2V1aywKPiAKPiBXZSByZWNlbnRseSBlbmNvdW50ZXJlZCB0aGlzIHNs YWJlLXVzZS1hZnRlci1mcmVlIGlzc3VlIGluIEtBU0FOIGFzCj4gd2VsbC4gQ291bGQgeW91IHBs ZWFzZSByZXZpZXcgdGhlIHBhdGNoIGFib3ZlIGFuZCBtZXJnZSBpdCBpbnRvIGYyZnM/CgpXaGVy ZSBpcyB0aGUgcGF0Y2g/Cgo+IAo+IEJlc3QsCj4gRWQKPiAKPiA9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KPiBbMjkxOTUu MzY5OTY0XVtUMzE3MjBdIEJVRzogS0FTQU46IHNsYWItdXNlLWFmdGVyLWZyZWUgaW4KPiBmMmZz X2ZpbGVtYXBfZmF1bHQrMHg1MC8weGUwCj4gWzI5MTk1LjM3MDk3MV1bVDMxNzIwXSBSZWFkIGF0 IGFkZHIgZjdmZmZmODA0NTRlYmRlMCBieSB0YXNrIEFzeW5jVGFzawo+ICMxMS8zMTcyMAo+IFsy OTE5NS4zNzE4ODFdW1QzMTcyMF0gUG9pbnRlciB0YWc6IFtmN10sIG1lbW9yeSB0YWc6IFtmMV0K PiBbMjkxOTUuMzcyNTQ5XVtUMzE3MjBdIAo+IFsyOTE5NS4zNzI4MzhdW1QzMTcyMF0gQ1BVOiAy IFBJRDogMzE3MjAgQ29tbTogQXN5bmNUYXNrICMxMSBUYWludGVkOgo+IEcgICAgICAgIFcgIE9F ICAgICAgNi42LjE3LWFuZHJvaWQxNS0wLWdjYjViYTcxOGE1MjUgIzEKPiBbMjkxOTUuMzc0ODYy XVtUMzE3MjBdIENhbGwgdHJhY2U6Cj4gWzI5MTk1LjM3NTI2OF1bVDMxNzIwXSAgZHVtcF9iYWNr dHJhY2UrMHhlYy8weDEzOAo+IFsyOTE5NS4zNzU4NDhdW1QzMTcyMF0gIHNob3dfc3RhY2srMHgx OC8weDI0Cj4gWzI5MTk1LjM3NjM2NV1bVDMxNzIwXSAgZHVtcF9zdGFja19sdmwrMHg1MC8weDZj Cj4gWzI5MTk1LjM3Njk0M11bVDMxNzIwXSAgcHJpbnRfcmVwb3J0KzB4MWIwLzB4NzE0Cj4gWzI5 MTk1LjM3NzUyMF1bVDMxNzIwXSAga2FzYW5fcmVwb3J0KzB4YzQvMHgxMjQKPiBbMjkxOTUuMzc4 MDc2XVtUMzE3MjBdICBfX2RvX2tlcm5lbF9mYXVsdCsweGI4LzB4MjZjCj4gWzI5MTk1LjM3ODY5 NF1bVDMxNzIwXSAgZG9fYmFkX2FyZWErMHgzMC8weGRjCj4gWzI5MTk1LjM3OTIyNl1bVDMxNzIw XSAgZG9fdGFnX2NoZWNrX2ZhdWx0KzB4MjAvMHgzNAo+IFsyOTE5NS4zNzk4MzRdW1QzMTcyMF0g IGRvX21lbV9hYm9ydCsweDU4LzB4MTA0Cj4gWzI5MTk1LjM4MDM4OF1bVDMxNzIwXSAgZWwxX2Fi b3J0KzB4M2MvMHg1Ywo+IFsyOTE5NS4zODA4OTldW1QzMTcyMF0gIGVsMWhfNjRfc3luY19oYW5k bGVyKzB4NTQvMHg5MAo+IFsyOTE5NS4zODE1MjldW1QzMTcyMF0gIGVsMWhfNjRfc3luYysweDY4 LzB4NmMKPiBbMjkxOTUuMzgyMDY5XVtUMzE3MjBdICBmMmZzX2ZpbGVtYXBfZmF1bHQrMHg1MC8w eGUwCj4gWzI5MTk1LjM4MjY3OF1bVDMxNzIwXSAgX19kb19mYXVsdCsweGM4LzB4ZmMKPiBbMjkx OTUuMzgzMjA5XVtUMzE3MjBdICBoYW5kbGVfbW1fZmF1bHQrMHhiNDQvMHgxMGM0Cj4gWzI5MTk1 LjM4MzgxNl1bVDMxNzIwXSAgZG9fcGFnZV9mYXVsdCsweDI5NC8weDQ4Ywo+IFsyOTE5NS4zODQz OTVdW1QzMTcyMF0gIGRvX3RyYW5zbGF0aW9uX2ZhdWx0KzB4MzgvMHg1NAo+IFsyOTE5NS4zODUw MjNdW1QzMTcyMF0gIGRvX21lbV9hYm9ydCsweDU4LzB4MTA0Cj4gWzI5MTk1LjM4NTU3N11bVDMx NzIwXSAgZWwwX2RhKzB4NDQvMHg3OAo+IFsyOTE5NS4zODYwNTddW1QzMTcyMF0gIGVsMHRfNjRf c3luY19oYW5kbGVyKzB4OTgvMHhiYwo+IFsyOTE5NS4zODY2ODhdW1QzMTcyMF0gIGVsMHRfNjRf c3luYysweDFhOC8weDFhYwo+IFsyOTE5NS4zODcyNDldW1QzMTcyMF0gCj4gWzI5MTk1LjM4NzUz NF1bVDMxNzIwXSBBbGxvY2F0ZWQgYnkgdGFzayAxNDc4NDoKPiBbMjkxOTUuMzg4MDg1XVtUMzE3 MjBdICBrYXNhbl9zYXZlX3N0YWNrKzB4NDAvMHg3MAo+IFsyOTE5NS4zODg2NzJdW1QzMTcyMF0g IHNhdmVfc3RhY2tfaW5mbysweDM0LzB4MTI4Cj4gWzI5MTk1LjM4OTI1OV1bVDMxNzIwXSAga2Fz YW5fc2F2ZV9hbGxvY19pbmZvKzB4MTQvMHgyMAo+IFsyOTE5NS4zODk5MDFdW1QzMTcyMF0gIF9f a2FzYW5fc2xhYl9hbGxvYysweDE2OC8weDE3NAo+IFsyOTE5NS4zOTA1MzBdW1QzMTcyMF0gIHNs YWJfcG9zdF9hbGxvY19ob29rKzB4ODgvMHgzYTQKPiBbMjkxOTUuMzkxMTY4XVtUMzE3MjBdICBr bWVtX2NhY2hlX2FsbG9jKzB4MThjLzB4MmM4Cj4gWzI5MTk1LjM5MTc3MV1bVDMxNzIwXSAgdm1f YXJlYV9hbGxvYysweDJjLzB4ZTgKPiBbMjkxOTUuMzkyMzI3XVtUMzE3MjBdICBtbWFwX3JlZ2lv bisweDQ0MC8weGE5NAo+IFsyOTE5NS4zOTI4ODhdW1QzMTcyMF0gIGRvX21tYXArMHgzZDAvMHg1 MjQKPiBbMjkxOTUuMzkzMzk5XVtUMzE3MjBdICB2bV9tbWFwX3Bnb2ZmKzB4MWEwLzB4MWY4Cj4g WzI5MTk1LjM5Mzk4MF1bVDMxNzIwXSAga3N5c19tbWFwX3Bnb2ZmKzB4NzgvMHhmNAo+IFsyOTE5 NS4zOTQ1NTddW1QzMTcyMF0gIF9fYXJtNjRfc3lzX21tYXArMHgzNC8weDQ0Cj4gWzI5MTk1LjM5 NTEzOF1bVDMxNzIwXSAgaW52b2tlX3N5c2NhbGwrMHg1OC8weDExNAo+IFsyOTE5NS4zOTU3Mjdd W1QzMTcyMF0gIGVsMF9zdmNfY29tbW9uKzB4ODAvMHhlMAo+IFsyOTE5NS4zOTYyOTJdW1QzMTcy MF0gIGRvX2VsMF9zdmMrMHgxYy8weDI4Cj4gWzI5MTk1LjM5NjgxMl1bVDMxNzIwXSAgZWwwX3N2 YysweDM4LzB4NjgKPiBbMjkxOTUuMzk3MzAyXVtUMzE3MjBdICBlbDB0XzY0X3N5bmNfaGFuZGxl cisweDY4LzB4YmMKPiBbMjkxOTUuMzk3OTMyXVtUMzE3MjBdICBlbDB0XzY0X3N5bmMrMHgxYTgv MHgxYWMKPiBbMjkxOTUuMzk4NDkyXVtUMzE3MjBdIAo+IFsyOTE5NS4zOTg3NzhdW1QzMTcyMF0g RnJlZWQgYnkgdGFzayAwOgo+IFsyOTE5NS4zOTkyNDBdW1QzMTcyMF0gIGthc2FuX3NhdmVfc3Rh Y2srMHg0MC8weDcwCj4gWzI5MTk1LjM5OTgyNV1bVDMxNzIwXSAgc2F2ZV9zdGFja19pbmZvKzB4 MzQvMHgxMjgKPiBbMjkxOTUuNDAwNDEyXVtUMzE3MjBdICBrYXNhbl9zYXZlX2ZyZWVfaW5mbysw eDE4LzB4MjgKPiBbMjkxOTUuNDAxMDQzXVtUMzE3MjBdICBfX19fa2FzYW5fc2xhYl9mcmVlKzB4 MjU0LzB4MjVjCj4gWzI5MTk1LjQwMTY4Ml1bVDMxNzIwXSAgX19rYXNhbl9zbGFiX2ZyZWUrMHgx MC8weDIwCj4gWzI5MTk1LjQwMjI3OF1bVDMxNzIwXSAgc2xhYl9mcmVlX2ZyZWVsaXN0X2hvb2sr MHgxNzQvMHgxZTAKPiBbMjkxOTUuNDAyOTYxXVtUMzE3MjBdICBrbWVtX2NhY2hlX2ZyZWUrMHhj NC8weDM0OAo+IFsyOTE5NS40MDM1NDRdW1QzMTcyMF0gIF9fdm1fYXJlYV9mcmVlKzB4ODQvMHhh NAo+IFsyOTE5NS40MDQxMDNdW1QzMTcyMF0gIHZtX2FyZWFfZnJlZV9yY3VfY2IrMHgxMC8weDIw Cj4gWzI5MTk1LjQwNDcxOV1bVDMxNzIwXSAgcmN1X2RvX2JhdGNoKzB4MjE0LzB4NzIwCj4gWzI5 MTk1LjQwNTI4NF1bVDMxNzIwXSAgcmN1X2NvcmUrMHgxYjAvMHg0MDgKPiBbMjkxOTUuNDA1ODAw XVtUMzE3MjBdICByY3VfY29yZV9zaSsweDEwLzB4MjAKPiBbMjkxOTUuNDA2MzQ4XVtUMzE3MjBd ICBfX2RvX3NvZnRpcnErMHgxMjAvMHgzZjQKPiBbMjkxOTUuNDA2OTA3XVtUMzE3MjBdIAo+IFsy OTE5NS40MDcxOTFdW1QzMTcyMF0gVGhlIGJ1Z2d5IGFkZHJlc3MgYmVsb25ncyB0byB0aGUgb2Jq ZWN0IGF0Cj4gZmZmZmZmODA0NTRlYmRjMAo+IFsyOTE5NS40MDcxOTFdW1QzMTcyMF0gIHdoaWNo IGJlbG9uZ3MgdG8gdGhlIGNhY2hlIHZtX2FyZWFfc3RydWN0IG9mCj4gc2l6ZSAxNzYKPiBbMjkx OTUuNDA4OTc4XVtUMzE3MjBdIFRoZSBidWdneSBhZGRyZXNzIGlzIGxvY2F0ZWQgMzIgYnl0ZXMg aW5zaWRlIG9mCj4gWzI5MTk1LjQwODk3OF1bVDMxNzIwXSAgMTc2LWJ5dGUgcmVnaW9uIFtmZmZm ZmY4MDQ1NGViZGMwLAo+IGZmZmZmZjgwNDU0ZWJlNzApCj4gWzI5MTk1LjQxMDYyNV1bVDMxNzIw XSAKPiBbMjkxOTUuNDEwOTExXVtUMzE3MjBdIFRoZSBidWdneSBhZGRyZXNzIGJlbG9uZ3MgdG8g dGhlIHBoeXNpY2FsIHBhZ2U6Cj4gWzI5MTk1LjQxMTcwOV1bVDMxNzIwXSBwYWdlOjAwMDAwMDAw NThmMGYyZjEgcmVmY291bnQ6MSBtYXBjb3VudDowCj4gbWFwcGluZzowMDAwMDAwMDAwMDAwMDAw IGluZGV4OjB4MCBwZm46MHhjNTRlYgo+IFsyOTE5NS40MTI5ODBdW1QzMTcyMF0gYW5vbiBmbGFn czoKPiAweDQwMDAwMDAwMDAwMDA4MDAoc2xhYnx6b25lPTF8a2FzYW50YWc9MHgwKQo+IFsyOTE5 NS40MTM4ODBdW1QzMTcyMF0gcGFnZV90eXBlOiAweGZmZmZmZmZmKCkKPiBbMjkxOTUuNDE0NDE4 XVtUMzE3MjBdIHJhdzogNDAwMDAwMDAwMDAwMDgwMCBmNmZmZmY4MDAyOTA0NTAwCj4gZmZmZmZm ZmUwNzZmYzhjMCBkZWFkMDAwMDAwMDAwMDA3Cj4gWzI5MTk1LjQxNTQ4OF1bVDMxNzIwXSByYXc6 IDAwMDAwMDAwMDAwMDAwMDAgMDAwMDAwMDAwMDE3MDAxNwo+IDAwMDAwMDAxZmZmZmZmZmYgMDAw MDAwMDAwMDAwMDAwMAoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fCkxpbnV4LWYyZnMtZGV2ZWwgbWFpbGluZyBsaXN0CkxpbnV4LWYyZnMtZGV2ZWxAbGlz dHMuc291cmNlZm9yZ2UubmV0Cmh0dHBzOi8vbGlzdHMuc291cmNlZm9yZ2UubmV0L2xpc3RzL2xp c3RpbmZvL2xpbnV4LWYyZnMtZGV2ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EB30AD56; Wed, 13 Mar 2024 01:31:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710293472; cv=none; b=l0YvECfSk2Tw2zmTGrqdty8eJ/sYmSnuj8yhuQcRqKZ+0JUtY2x8h8wpQ71Drm4z2zW9sgN7B8TYXkKwzeuDIk1YJKi4eq6UHlSx0AUmUZdS5k7dBi9PbwFhSpFz0OOermZuKzgxyK+BubO04p2Wzo4VB3FQZOUiNNyv0w4QRKg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710293472; c=relaxed/simple; bh=XSxgWVMGm0WFpPL9jfo/9EH6x7yKmpMZTIzFFuPvzSk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=oWzvegOEYGZ9vOz7+IxhCeqXmzX1cfdo/InlQnJq29V+GjRMOW6kvPChVLc9BTE0VfN6QaO3PaJl4oxcO6eNGc25Nr1ohXjedFOPRyndfhWAIAHqxciK+UqneAIQN6AsjIvfJBq9Z5+Y2sFAGwZiX5OOYKvwLz/OhOQj3o0N7Ls= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Q0TCvmlS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Q0TCvmlS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4B22C433C7; Wed, 13 Mar 2024 01:31:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710293471; bh=XSxgWVMGm0WFpPL9jfo/9EH6x7yKmpMZTIzFFuPvzSk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Q0TCvmlSVcvL9YpDVE8vvTYK7U4h9vzF8G+8XHKsxwudxp/pUtirWjpmPmmPqfOX4 JwGt9+gtS5lUWz1RxYwmXWY0KrnMGUxIiObDPhng4wWpjmt/LOV6oLF6RVjsxYqnkD hxxVmvYDJUIiIgYjJpDkS4wwloTakPLQfUjh+qYcoNBU37a/Pzo1LXVDjTJ7bNRYtx oBYe5Au46nymEQxWNQBlqXSXn86SDEg3h0M7h3s6uwUGULIRp1m+wkE3aDuMlHV9OO ufecOpetpg/qgvgDoZBJTnwTwq1KPhvHWHQaJ5OQCetisx6fYRke3rnf5VrOMsPjaU MxW+VgUP204yQ== Date: Tue, 12 Mar 2024 18:31:10 -0700 From: Jaegeuk Kim To: Ed Tsai =?utf-8?B?KOiUoeWul+i7kik=?= Cc: "hdanton@sina.com" , Light Hsieh =?utf-8?B?KOisneaYjueHiCk=?= , "linux-kernel@vger.kernel.org" , "linux-f2fs-devel@lists.sourceforge.net" , Freddy Hsin =?utf-8?B?KOi+m+aBkuixkCk=?= , "linux-fsdevel@vger.kernel.org" , Chun-Hung Wu =?utf-8?B?KOW3q+mnv+Wujyk=?= Subject: Re: [syzbot] [f2fs?] KASAN: slab-use-after-free Read in f2fs_filemap_fault Message-ID: References: <0000000000000b4e27060ef8694c@google.com> <20240115120535.850-1-hdanton@sina.com> <4bbab168407600a07e1a0921a1569c96e4a1df31.camel@mediatek.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4bbab168407600a07e1a0921a1569c96e4a1df31.camel@mediatek.com> On 03/12, Ed Tsai (蔡宗軒) wrote: > On Mon, 2024-01-15 at 20:05 +0800, Hillf Danton wrote: > > > > ... > > > > --- x/fs/f2fs/file.c > > +++ y/fs/f2fs/file.c > > @@ -39,6 +39,7 @@ > > static vm_fault_t f2fs_filemap_fault(struct vm_fault *vmf) > > { > > struct inode *inode = file_inode(vmf->vma->vm_file); > > + vm_flags_t flags = vmf->vma->vm_flags; > > vm_fault_t ret; > > > > ret = filemap_fault(vmf); > > @@ -46,7 +47,7 @@ static vm_fault_t f2fs_filemap_fault(str > > f2fs_update_iostat(F2FS_I_SB(inode), inode, > > APP_MAPPED_READ_IO, > > F2FS_BLKSIZE); > > > > - trace_f2fs_filemap_fault(inode, vmf->pgoff, vmf->vma- > > >vm_flags, ret); > > + trace_f2fs_filemap_fault(inode, vmf->pgoff, flags, ret); > > > > return ret; > > } > > -- > > Hi Jaegeuk, > > We recently encountered this slabe-use-after-free issue in KASAN as > well. Could you please review the patch above and merge it into f2fs? Where is the patch? > > Best, > Ed > > ================================================================== > [29195.369964][T31720] BUG: KASAN: slab-use-after-free in > f2fs_filemap_fault+0x50/0xe0 > [29195.370971][T31720] Read at addr f7ffff80454ebde0 by task AsyncTask > #11/31720 > [29195.371881][T31720] Pointer tag: [f7], memory tag: [f1] > [29195.372549][T31720] > [29195.372838][T31720] CPU: 2 PID: 31720 Comm: AsyncTask #11 Tainted: > G W OE 6.6.17-android15-0-gcb5ba718a525 #1 > [29195.374862][T31720] Call trace: > [29195.375268][T31720] dump_backtrace+0xec/0x138 > [29195.375848][T31720] show_stack+0x18/0x24 > [29195.376365][T31720] dump_stack_lvl+0x50/0x6c > [29195.376943][T31720] print_report+0x1b0/0x714 > [29195.377520][T31720] kasan_report+0xc4/0x124 > [29195.378076][T31720] __do_kernel_fault+0xb8/0x26c > [29195.378694][T31720] do_bad_area+0x30/0xdc > [29195.379226][T31720] do_tag_check_fault+0x20/0x34 > [29195.379834][T31720] do_mem_abort+0x58/0x104 > [29195.380388][T31720] el1_abort+0x3c/0x5c > [29195.380899][T31720] el1h_64_sync_handler+0x54/0x90 > [29195.381529][T31720] el1h_64_sync+0x68/0x6c > [29195.382069][T31720] f2fs_filemap_fault+0x50/0xe0 > [29195.382678][T31720] __do_fault+0xc8/0xfc > [29195.383209][T31720] handle_mm_fault+0xb44/0x10c4 > [29195.383816][T31720] do_page_fault+0x294/0x48c > [29195.384395][T31720] do_translation_fault+0x38/0x54 > [29195.385023][T31720] do_mem_abort+0x58/0x104 > [29195.385577][T31720] el0_da+0x44/0x78 > [29195.386057][T31720] el0t_64_sync_handler+0x98/0xbc > [29195.386688][T31720] el0t_64_sync+0x1a8/0x1ac > [29195.387249][T31720] > [29195.387534][T31720] Allocated by task 14784: > [29195.388085][T31720] kasan_save_stack+0x40/0x70 > [29195.388672][T31720] save_stack_info+0x34/0x128 > [29195.389259][T31720] kasan_save_alloc_info+0x14/0x20 > [29195.389901][T31720] __kasan_slab_alloc+0x168/0x174 > [29195.390530][T31720] slab_post_alloc_hook+0x88/0x3a4 > [29195.391168][T31720] kmem_cache_alloc+0x18c/0x2c8 > [29195.391771][T31720] vm_area_alloc+0x2c/0xe8 > [29195.392327][T31720] mmap_region+0x440/0xa94 > [29195.392888][T31720] do_mmap+0x3d0/0x524 > [29195.393399][T31720] vm_mmap_pgoff+0x1a0/0x1f8 > [29195.393980][T31720] ksys_mmap_pgoff+0x78/0xf4 > [29195.394557][T31720] __arm64_sys_mmap+0x34/0x44 > [29195.395138][T31720] invoke_syscall+0x58/0x114 > [29195.395727][T31720] el0_svc_common+0x80/0xe0 > [29195.396292][T31720] do_el0_svc+0x1c/0x28 > [29195.396812][T31720] el0_svc+0x38/0x68 > [29195.397302][T31720] el0t_64_sync_handler+0x68/0xbc > [29195.397932][T31720] el0t_64_sync+0x1a8/0x1ac > [29195.398492][T31720] > [29195.398778][T31720] Freed by task 0: > [29195.399240][T31720] kasan_save_stack+0x40/0x70 > [29195.399825][T31720] save_stack_info+0x34/0x128 > [29195.400412][T31720] kasan_save_free_info+0x18/0x28 > [29195.401043][T31720] ____kasan_slab_free+0x254/0x25c > [29195.401682][T31720] __kasan_slab_free+0x10/0x20 > [29195.402278][T31720] slab_free_freelist_hook+0x174/0x1e0 > [29195.402961][T31720] kmem_cache_free+0xc4/0x348 > [29195.403544][T31720] __vm_area_free+0x84/0xa4 > [29195.404103][T31720] vm_area_free_rcu_cb+0x10/0x20 > [29195.404719][T31720] rcu_do_batch+0x214/0x720 > [29195.405284][T31720] rcu_core+0x1b0/0x408 > [29195.405800][T31720] rcu_core_si+0x10/0x20 > [29195.406348][T31720] __do_softirq+0x120/0x3f4 > [29195.406907][T31720] > [29195.407191][T31720] The buggy address belongs to the object at > ffffff80454ebdc0 > [29195.407191][T31720] which belongs to the cache vm_area_struct of > size 176 > [29195.408978][T31720] The buggy address is located 32 bytes inside of > [29195.408978][T31720] 176-byte region [ffffff80454ebdc0, > ffffff80454ebe70) > [29195.410625][T31720] > [29195.410911][T31720] The buggy address belongs to the physical page: > [29195.411709][T31720] page:0000000058f0f2f1 refcount:1 mapcount:0 > mapping:0000000000000000 index:0x0 pfn:0xc54eb > [29195.412980][T31720] anon flags: > 0x4000000000000800(slab|zone=1|kasantag=0x0) > [29195.413880][T31720] page_type: 0xffffffff() > [29195.414418][T31720] raw: 4000000000000800 f6ffff8002904500 > fffffffe076fc8c0 dead000000000007 > [29195.415488][T31720] raw: 0000000000000000 0000000000170017 > 00000001ffffffff 0000000000000000