================================================================== BUG: KASAN: use-after-free in data_blkaddr fs/f2fs/f2fs.h:2849 [inline] BUG: KASAN: use-after-free in is_alive fs/f2fs/gc.c:1050 [inline] BUG: KASAN: use-after-free in gc_data_segment fs/f2fs/gc.c:1468 [inline] BUG: KASAN: use-after-free in do_garbage_collect+0x4fff/0x62f0 fs/f2fs/gc.c:1673 Read of size 4 at addr ffff88812564f150 by task kworker/u4:1/10 CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted 5.15.74-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description+0x87/0x3b0 mm/kasan/report.c:256 __kasan_report mm/kasan/report.c:435 [inline] kasan_report+0x179/0x1c0 mm/kasan/report.c:452 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308 data_blkaddr fs/f2fs/f2fs.h:2849 [inline] is_alive fs/f2fs/gc.c:1050 [inline] gc_data_segment fs/f2fs/gc.c:1468 [inline] do_garbage_collect+0x4fff/0x62f0 fs/f2fs/gc.c:1673 f2fs_gc+0x8aa/0x17e0 fs/f2fs/gc.c:1766 f2fs_balance_fs+0x341/0x3f0 fs/f2fs/segment.c:531 f2fs_write_inode+0x553/0x5d0 fs/f2fs/inode.c:734 write_inode fs/fs-writeback.c:1475 [inline] __writeback_single_inode+0x4c2/0xa70 fs/fs-writeback.c:1680 writeback_sb_inodes+0xb2e/0x1910 fs/fs-writeback.c:1892 wb_writeback+0x3b9/0x9e0 fs/fs-writeback.c:2066 wb_do_writeback fs/fs-writeback.c:2209 [inline] wb_workfn+0x3d9/0x1110 fs/fs-writeback.c:2250 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2313 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2460 kthread+0x421/0x510 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 The buggy address belongs to the page: page:ffffea00049593c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12564f flags: 0x4000000000000000(zone=1) raw: 4000000000000000 ffffea00049593c8 ffffea00049593c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88812564f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812564f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812564f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812564f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812564f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================