In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid use f2fsbugon() in f2fsnewnode_page()
As Dipanjan Das mail.dipanjan.das@gmail.com reported, syzkaller found a f2fs bug as below:
RIP: 0010:f2fsnewnodepage+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: writeallxattrs fs/f2fs/xattr.c:487 [inline] _f2fssetxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fssetxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fsxattrgenericset+0x133/0x170 fs/f2fs/xattr.c:86 _vfssetxattr+0x115/0x180 fs/xattr.c:182 _vfssetxattrnoperm+0x125/0x5f0 fs/xattr.c:216 _vfssetxattrlocked+0x1cf/0x260 fs/xattr.c:277 vfssetxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 pathsetxattr+0x1a7/0x1d0 fs/xattr.c:630 _dosyslsetxattr fs/xattr.c:653 [inline] _sesyslsetxattr fs/xattr.c:649 [inline] _x64syslsetxattr+0xbd/0x150 fs/xattr.c:649 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x35/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x46/0xb0
NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULLADDR, it may trigger BUGON() in f2fsnewnode_page(), fix it.