syzbot

attempt to access beyond end of device
loop0: rw=12288, want=12296, limit=8309
attempt to access beyond end of device
loop0: rw=12288, want=12296, limit=8309
------------[ cut here ]------------
kernel BUG at fs/f2fs/checkpoint.c:127!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8964 Comm: syz-executor420 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:f2fs_get_meta_page_nofail+0x12d/0x150 fs/f2fs/checkpoint.c:127
Code: e0 07 38 c2 0f 9e c1 84 d2 0f 95 c0 84 c1 75 23 83 8b 84 00 00 00 08 4c 89 e6 4c 89 ef e8 3b d2 03 05 48 89 ef e8 f3 a7 02 00 <0f> 0b e8 1c e4 82 fe eb 80 be 04 00 00 00 e8 00 e8 82 fe eb d1 66
RSP: 0018:ffff88809499f880 EFLAGS: 00010293
RAX: ffff8880af0fc400 RBX: ffff88809449c6c0 RCX: ffffffff831805c1
RDX: 0000000000000000 RSI: ffffffff83157e3d RDI: 0000000000000005
RBP: ffff8880b30d1e00 R08: ffffffff8cd41ae0 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000074071 R12: 0000000000000286
R13: ffff8880b30d22f8 R14: 0000000000000080 R15: dffffc0000000000
FS:  00007f617c444700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f617c445000 CR3: 0000000098fd9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 get_current_sit_page fs/f2fs/segment.c:3524 [inline]
 build_sit_entries fs/f2fs/segment.c:3935 [inline]
 f2fs_build_segment_manager+0x5e97/0xad90 fs/f2fs/segment.c:4230
 f2fs_fill_super+0x31d9/0x7050 fs/f2fs/super.c:3016
 mount_bdev+0x2fc/0x3b0 fs/super.c:1158
 mount_fs+0xa3/0x310 fs/super.c:1261
 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x115c/0x2f50 fs/namespace.c:2822
 ksys_mount+0xcf/0x130 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f617c49935a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f617c444168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f617c49935a
RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00007f617c444180
RBP: 0000000000000045 R08: 00007f617c4441c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00007f617c4446b8
R13: 00007f617c444180 R14: 00007f617c4441c0 R15: 0000000000000000
Modules linked in:
---[ end trace 0f18206f9e4efdeb ]---
RIP: 0010:f2fs_get_meta_page_nofail+0x12d/0x150 fs/f2fs/checkpoint.c:127
Code: e0 07 38 c2 0f 9e c1 84 d2 0f 95 c0 84 c1 75 23 83 8b 84 00 00 00 08 4c 89 e6 4c 89 ef e8 3b d2 03 05 48 89 ef e8 f3 a7 02 00 <0f> 0b e8 1c e4 82 fe eb 80 be 04 00 00 00 e8 00 e8 82 fe eb d1 66
RSP: 0018:ffff88809499f880 EFLAGS: 00010293
RAX: ffff8880af0fc400 RBX: ffff88809449c6c0 RCX: ffffffff831805c1
RDX: 0000000000000000 RSI: ffffffff83157e3d RDI: 0000000000000005
RBP: ffff8880b30d1e00 R08: ffffffff8cd41ae0 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000074071 R12: 0000000000000286
R13: ffff8880b30d22f8 R14: 0000000000000080 R15: dffffc0000000000
FS:  00007f617c444700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f617c445000 CR3: 0000000098fd9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400