Re: [Kernel Bug] KASAN: slab-use-after-free Read in filemap_free_folio

From: Andrew Morton

Date: Tue Jun 30 2026 - 16:10:25 EST


On Tue, 30 Jun 2026 23:24:58 +0800 Longxing Li <coregee2000@xxxxxxxxx> wrote:

> Dear maintainers,
>
> I'm trying to fix this issue.

Great, thanks.

> The bug analysis and patch fix are as follows.
> ========================================================
> Bug Summary
>
> ext4_add_complete_io() queues i_rsv_conversion_work without holding an
> extra inode reference. If the inode is unlinked & evicted before the
> delayed work runs, ext4_do_flush_completed_IO() accesses a freed inode —
> use-after-free.

You omitted the ext4 developers!

scripts/get_maintainer.pl -f --no-rolestats fs/ext4

is a good way to find them.

Also, your email client is converting tabs to spaces.


So please fix those things up and resend?