------------[ cut here ]------------ kernel BUG at fs/f2fs/file.c:105! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 PID: 7502 Comm: syz-executor.3 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:f2fs_vm_page_mkwrite+0x167e/0x1bb0 fs/f2fs/file.c:105 Code: e7 41 83 e7 01 4c 89 fe e8 ff b8 ca fd 4d 85 ff 0f 84 f6 f8 ff ff e8 c1 bd ca fd 49 83 ec 01 e9 eb f8 ff ff e8 b3 bd ca fd 90 <0f> 0b e8 ab bd ca fd e8 86 cb 3c fd e9 eb f1 ff ff 48 89 4c 24 08 RSP: 0000:ffffc900066c7a58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888000934680 RCX: ffffffff83c3c460 RDX: ffff888020908000 RSI: ffffffff83c3d21d RDI: 0000000000000007 RBP: ffffc900066c7d98 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000092 R12: ffffc900066c7ad8 R13: 0000000000000001 R14: ffffea00019744c0 R15: ffff888000934b28 FS: 0000000000000000(0000) GS:ffff88802c200000(0063) knlGS:0000000057972400 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020001140 CR3: 0000000063b9e000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_page_mkwrite+0x17d/0x390 mm/memory.c:3099 wp_page_shared mm/memory.c:3501 [inline] do_wp_page+0xc89/0x3290 mm/memory.c:3651 handle_pte_fault mm/memory.c:5396 [inline] __handle_mm_fault+0x2311/0x53f0 mm/memory.c:5523 handle_mm_fault+0x476/0xa00 mm/memory.c:5688 do_user_addr_fault+0x426/0xe50 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0023:0xf7303e8c Code: 00 00 00 00 83 ec 0c 50 8b 5c 24 18 e8 0d 9a 00 00 83 c4 10 85 c0 0f 85 1d fb ff ff 8b 84 24 e4 00 00 00 8b bc 24 e8 00 00 00 <89> b8 00 00 00 20 e9 04 fb ff ff 53 56 ff b4 24 44 01 00 00 ff b4 RSP: 002b:00000000fffa37e0 EFLAGS: 00010246 RAX: 0000000000001140 RBX: 00000000f743aff4 RCX: 000000005d54f455 RDX: 0000000057972334 RSI: 00000000f7303905 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:f2fs_vm_page_mkwrite+0x167e/0x1bb0 fs/f2fs/file.c:105 Code: e7 41 83 e7 01 4c 89 fe e8 ff b8 ca fd 4d 85 ff 0f 84 f6 f8 ff ff e8 c1 bd ca fd 49 83 ec 01 e9 eb f8 ff ff e8 b3 bd ca fd 90 <0f> 0b e8 ab bd ca fd e8 86 cb 3c fd e9 eb f1 ff ff 48 89 4c 24 08 RSP: 0000:ffffc900066c7a58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888000934680 RCX: ffffffff83c3c460 RDX: ffff888020908000 RSI: ffffffff83c3d21d RDI: 0000000000000007 RBP: ffffc900066c7d98 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000092 R12: ffffc900066c7ad8 R13: 0000000000000001 R14: ffffea00019744c0 R15: ffff888000934b28 FS: 0000000000000000(0000) GS:ffff88802c200000(0063) knlGS:0000000057972400 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00005613487d6110 CR3: 0000000063b9e000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 00 00 add %al,(%rax) 4: 83 ec 0c sub $0xc,%esp 7: 50 push %rax 8: 8b 5c 24 18 mov 0x18(%rsp),%ebx c: e8 0d 9a 00 00 call 0x9a1e 11: 83 c4 10 add $0x10,%esp 14: 85 c0 test %eax,%eax 16: 0f 85 1d fb ff ff jne 0xfffffb39 1c: 8b 84 24 e4 00 00 00 mov 0xe4(%rsp),%eax 23: 8b bc 24 e8 00 00 00 mov 0xe8(%rsp),%edi * 2a: 89 b8 00 00 00 20 mov %edi,0x20000000(%rax) <-- trapping instruction 30: e9 04 fb ff ff jmp 0xfffffb39 35: 53 push %rbx 36: 56 push %rsi 37: ff b4 24 44 01 00 00 push 0x144(%rsp) 3e: ff .byte 0xff 3f: b4 .byte 0xb4