Re: [syzbot] Re: [syzbot] [f2fs?] KASAN: null-ptr-deref Write in f2fs_stop_gc_thread
From: syzbot
Date: Thu Jul 25 2024 - 03:28:00 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: Re: [syzbot] [f2fs?] KASAN: null-ptr-deref Write in f2fs_stop_gc_thread
Author: lizhi.xu@xxxxxxxxxxxxx
before thread stop and free gc_thread, set sbi->gc_thread to NULL,
and add lock for reentry f2fs_stop_gc_thread.
#syz test: upstream 2c9b3512402e
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index 6066c6eecf41..9d7b10831d88 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -204,13 +204,16 @@ int f2fs_start_gc_thread(struct f2fs_sb_info *sbi)
void f2fs_stop_gc_thread(struct f2fs_sb_info *sbi)
{
struct f2fs_gc_kthread *gc_th = sbi->gc_thread;
+ static DEFINE_MUTEX(gct_mutex);
if (!gc_th)
return;
+ mutex_lock(&gct_mutex);
kthread_stop(gc_th->f2fs_gc_task);
wake_up_all(&gc_th->fggc_wq);
- kfree(gc_th);
sbi->gc_thread = NULL;
+ kfree(gc_th);
+ mutex_unlock(&gct_mutex);
}
static int select_gc_type(struct f2fs_sb_info *sbi, int gc_type)