F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
attempt to access beyond end of device
loop0: rw=2049, want=57344, limit=40427
attempt to access beyond end of device
loop0: rw=2049, want=57352, limit=40427
BUG: unable to handle kernel paging request at ffffed10953e622e
IP: datablock_addr fs/f2fs/f2fs.h:1919 [inline]
IP: get_dnode_of_data+0x6f5/0x1ca0 fs/f2fs/node.c:674
PGD 23fff2067 P4D 23fff2067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8033 Comm: syz-executor270 Not tainted 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
task: ffff888097f9a140 task.stack: ffff88808a520000
RIP: 0010:datablock_addr fs/f2fs/f2fs.h:1919 [inline]
RIP: 0010:get_dnode_of_data+0x6f5/0x1ca0 fs/f2fs/node.c:674
RSP: 0018:ffff88808a527898 EFLAGS: 00010a07
RAX: dffffc0000000000 RBX: ffff8884a9f31174 RCX: 0000000000000000
RDX: 1ffff110953e622e RSI: 0000000000000000 RDI: ffff888089c9d3d0
RBP: ffff8880aa331168 R08: 0000000000000000 R09: 0000000000000004
R10: 0000000000000000 R11: ffff888097f9a140 R12: 00000000fff00003
R13: 0000000000000012 R14: 0000000000000012 R15: ffff88808a527b10
FS: 00007fb2ee4e8700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed10953e622e CR3: 000000009f75b000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__clone_blkaddrs fs/f2fs/file.c:1038 [inline]
__exchange_data_block+0x7ca/0x30a0 fs/f2fs/file.c:1122
f2fs_move_file_range fs/f2fs/file.c:2330 [inline]
f2fs_ioc_move_range fs/f2fs/file.c:2376 [inline]
f2fs_ioctl+0x52b3/0x6b70 fs/f2fs/file.c:2698
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fb2f559f619
RSP: 002b:00007fb2ee4e82f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb2f56297b0 RCX: 00007fb2f559f619
RDX: 0000000020000100 RSI: 00000000c020f509 RDI: 0000000000000004
RBP: 00007fb2f55f65a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 0031656c69662f2e R14: f4ffffff00000000 R15: 00007fb2f56297b8
Code: 89 fe 45 39 ee 0f 84 27 11 00 00 e8 36 bd 89 fe e8 31 bd 89 fe 4a 8d 5c a5 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: datablock_addr fs/f2fs/f2fs.h:1919 [inline] RSP: ffff88808a527898
RIP: get_dnode_of_data+0x6f5/0x1ca0 fs/f2fs/node.c:674 RSP: ffff88808a527898
CR2: ffffed10953e622e
---[ end trace d6e9401cce709442 ]---
----------------
Code disassembly (best guess):
0: 89 fe mov %edi,%esi
2: 45 39 ee cmp %r13d,%r14d
5: 0f 84 27 11 00 00 je 0x1132
b: e8 36 bd 89 fe callq 0xfe89bd46
10: e8 31 bd 89 fe callq 0xfe89bd46
15: 4a 8d 5c a5 00 lea 0x0(%rbp,%r12,4),%rbx
1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
21: fc ff df
24: 48 89 da mov %rbx,%rdx
27: 48 c1 ea 03 shr $0x3,%rdx
* 2b: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction
2f: 48 89 d8 mov %rbx,%rax
32: 83 e0 07 and $0x7,%eax
35: 83 c0 03 add $0x3,%eax
38: 38 d0 cmp %dl,%al
3a: 7c 08 jl 0x44
3c: 84 d2 test %dl,%dl
3e: 0f .byte 0xf
3f: 85 .byte 0x85