[  410.524610] ==================================================================
[  410.534174] BUG: KASAN: use-after-free in f2fs_evict_inode+0xd4e/0x1000
[  410.542447] Read of size 4 at addr ffff8881ddffe910 by task syz-executor.5/17725
[  410.551391] 
[  410.553470] CPU: 1 PID: 17725 Comm: syz-executor.5 Not tainted 4.19.170-syzkaller #0
[  410.562527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  410.575324] Call Trace:
[  410.578980]  dump_stack+0x17c/0x226
[  410.583810]  print_address_description.cold.6+0x9/0x211
[  410.590565]  kasan_report.cold.7+0x242/0x2fe
[  410.597526]  ? f2fs_evict_inode+0xd4e/0x1000
[  410.603295]  __asan_report_load4_noabort+0x14/0x20
[  410.610287]  f2fs_evict_inode+0xd4e/0x1000
[  410.615790]  evict+0x29c/0x590
[  410.620371]  ? do_raw_spin_unlock+0x177/0x260
[  410.627033]  iput+0x378/0x6b0
[  410.631898]  dentry_unlink_inode+0x22d/0x2e0
[  410.636959]  __dentry_kill+0x2d1/0x550
[  410.641380]  dentry_kill+0x94/0x3f0
[  410.645704]  shrink_dentry_list+0x1fa/0x510
[  410.650864]  shrink_dcache_sb+0x110/0x1b0
[  410.657508]  ? shrink_dentry_list+0x510/0x510
[  410.664610]  ? kfree+0x116/0x220
[  410.669377]  ? f2fs_fill_super+0xee8/0x70c0
[  410.675396]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  410.681021]  ? kfree+0x116/0x220
[  410.684881]  ? f2fs_fill_super+0xee8/0x70c0
[  410.690446]  f2fs_fill_super+0xefd/0x70c0
[  410.695712]  ? enable_ptr_key_workfn+0x30/0x30
[  410.701644]  ? sget_userns+0x1a1/0xb70
[  410.706228]  ? f2fs_commit_super+0x380/0x380
[  410.711350]  ? snprintf+0x91/0xc0
[  410.715209]  ? vsprintf+0x20/0x20
[  410.719217]  ? set_bdev_super+0x140/0x140
[  410.724262]  mount_bdev+0x26f/0x330
[  410.728204]  ? f2fs_commit_super+0x380/0x380
[  410.733601]  f2fs_mount+0x10/0x20
[  410.738039]  mount_fs+0x7f/0x2b0
[  410.743081]  vfs_kern_mount.part.11+0x58/0x3d0
[  410.748609]  do_mount+0x376/0x2710
[  410.753094]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  410.759321]  ? copy_mount_string+0x20/0x20
[  410.766206]  ? copy_mount_options+0x138/0x270
[  410.772166]  ? copy_mount_options+0x55/0x270
[  410.778001]  ksys_mount+0xba/0xe0
[  410.783104]  __x64_sys_mount+0xb9/0x150
[  410.788352]  do_syscall_64+0xd0/0x4e0
[  410.793733]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  410.800963] RIP: 0033:0x4608aa
[  410.804803] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
[  410.829257] RSP: 002b:00007f85d0c39a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  410.839844] RAX: ffffffffffffffda RBX: 00007f85d0c39b20 RCX: 00000000004608aa
[  410.851459] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f85d0c39ae0
[  410.863253] RBP: 00007f85d0c39ae0 R08: 00007f85d0c39b20 R09: 0000000020000000
[  410.873971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
[  410.883422] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000880
[  410.894606] 
[  410.897741] Allocated by task 17725:
[  410.902247]  kasan_kmalloc.part.1+0x62/0xf0
[  410.907229]  kasan_kmalloc+0xaf/0xc0
[  410.911876]  kmem_cache_alloc_trace+0x152/0x3a0
[  410.918998]  f2fs_fill_super+0xe8/0x70c0
[  410.923842]  mount_bdev+0x26f/0x330
[  410.927840]  f2fs_mount+0x10/0x20
[  410.932211]  mount_fs+0x7f/0x2b0
[  410.936579]  vfs_kern_mount.part.11+0x58/0x3d0
[  410.942385]  do_mount+0x376/0x2710
[  410.947489]  ksys_mount+0xba/0xe0
[  410.952850]  __x64_sys_mount+0xb9/0x150
[  410.958389]  do_syscall_64+0xd0/0x4e0
[  410.962719]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  410.968483] 
[  410.970399] Freed by task 17725:
[  410.976403]  __kasan_slab_free+0x13c/0x220
[  410.984083]  kasan_slab_free+0xe/0x10
[  410.989917]  kfree+0xcf/0x220
[  410.993946]  f2fs_fill_super+0xee8/0x70c0
[  410.999590]  mount_bdev+0x26f/0x330
[  411.004225]  f2fs_mount+0x10/0x20
[  411.009321]  mount_fs+0x7f/0x2b0
[  411.015131]  vfs_kern_mount.part.11+0x58/0x3d0
[  411.020943]  do_mount+0x376/0x2710
[  411.024958]  ksys_mount+0xba/0xe0
[  411.028901]  __x64_sys_mount+0xb9/0x150
[  411.034424]  do_syscall_64+0xd0/0x4e0
[  411.039804]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  411.047235] 
[  411.049601] The buggy address belongs to the object at ffff8881ddffdbc0
[  411.049601]  which belongs to the cache kmalloc-8192 of size 8192
[  411.069149] The buggy address is located 3408 bytes inside of
[  411.069149]  8192-byte region [ffff8881ddffdbc0, ffff8881ddfffbc0)
[  411.085103] The buggy address belongs to the page:
[  411.092363] page:ffffea000777ff00 count:1 mapcount:0 mapping:ffff8881f6002080 index:0x0 compound_mapcount: 0
[  411.107201] flags: 0x17ff00000008100(slab|head)
[  411.114079] raw: 017ff00000008100 ffffea000760b508 ffffea00070f2808 ffff8881f6002080
[  411.125457] raw: 0000000000000000 ffff8881ddffdbc0 0000000100000001 0000000000000000
[  411.136337] page dumped because: kasan: bad access detected
[  411.144324] 
[  411.146722] Memory state around the buggy address:
[  411.153995]  ffff8881ddffe800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.165214]  ffff8881ddffe880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.175553] >ffff8881ddffe900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.186082]                          ^
[  411.190813]  ffff8881ddffe980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.200999]  ffff8881ddffea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.211701] ==================================================================
[  411.220614] Disabling lock debugging due to kernel taint
[  411.233570] Kernel panic - not syncing: panic_on_warn set ...
[  411.233570] 
[  411.242444] CPU: 1 PID: 17725 Comm: syz-executor.5 Tainted: G    B             4.19.170-syzkaller #0
[  411.254145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.264796] Call Trace:
[  411.267989]  dump_stack+0x17c/0x226
[  411.272497]  panic+0x1cd/0x375
[  411.276260]  ? __warn_printk+0xd6/0xd6
[  411.280309]  ? ___preempt_schedule+0x16/0x18
[  411.285185]  kasan_end_report+0x47/0x4f
[  411.290320]  kasan_report.cold.7+0x76/0x2fe
[  411.298438]  ? f2fs_evict_inode+0xd4e/0x1000
[  411.305714]  __asan_report_load4_noabort+0x14/0x20
[  411.314200]  f2fs_evict_inode+0xd4e/0x1000
[  411.321489]  evict+0x29c/0x590
[  411.325768]  ? do_raw_spin_unlock+0x177/0x260
[  411.332669]  iput+0x378/0x6b0
[  411.338234]  dentry_unlink_inode+0x22d/0x2e0
[  411.344435]  __dentry_kill+0x2d1/0x550
[  411.350428]  dentry_kill+0x94/0x3f0
[  411.354225]  shrink_dentry_list+0x1fa/0x510
[  411.359384]  shrink_dcache_sb+0x110/0x1b0
[  411.364673]  ? shrink_dentry_list+0x510/0x510
[  411.370506]  ? kfree+0x116/0x220
[  411.374876]  ? f2fs_fill_super+0xee8/0x70c0
[  411.379513]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  411.385184]  ? kfree+0x116/0x220
[  411.390233]  ? f2fs_fill_super+0xee8/0x70c0
[  411.395926]  f2fs_fill_super+0xefd/0x70c0
[  411.400885]  ? enable_ptr_key_workfn+0x30/0x30
[  411.407488]  ? sget_userns+0x1a1/0xb70
[  411.412668]  ? f2fs_commit_super+0x380/0x380
[  411.418403]  ? snprintf+0x91/0xc0
[  411.423545]  ? vsprintf+0x20/0x20
[  411.428161]  ? set_bdev_super+0x140/0x140
[  411.433372]  mount_bdev+0x26f/0x330
[  411.438603]  ? f2fs_commit_super+0x380/0x380
[  411.444750]  f2fs_mount+0x10/0x20
[  411.449155]  mount_fs+0x7f/0x2b0
[  411.454126]  vfs_kern_mount.part.11+0x58/0x3d0
[  411.459776]  do_mount+0x376/0x2710
[  411.464343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  411.471071]  ? copy_mount_string+0x20/0x20
[  411.477264]  ? copy_mount_options+0x138/0x270
[  411.483801]  ? copy_mount_options+0x55/0x270
[  411.489645]  ksys_mount+0xba/0xe0
[  411.494318]  __x64_sys_mount+0xb9/0x150
[  411.500228]  do_syscall_64+0xd0/0x4e0
[  411.505579]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  411.511735] RIP: 0033:0x4608aa
[  411.515901] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
[  411.542132] RSP: 002b:00007f85d0c39a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  411.552411] RAX: ffffffffffffffda RBX: 00007f85d0c39b20 RCX: 00000000004608aa
[  411.562241] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f85d0c39ae0
[  411.572118] RBP: 00007f85d0c39ae0 R08: 00007f85d0c39b20 R09: 0000000020000000
[  411.581194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
[  411.590554] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000880
[  411.602633] Kernel Offset: disabled
[  411.606839] Rebooting in 86400 seconds..