Created attachment 300827 [details] case.c, a c file containing file operations to reproduce the bug I have encountered a bug in the kernel v5.17 when testing file systems. I have uploaded the system call sequence as case.c, and a modified image can be found on google net disk (https://drive.google.com/file/d/1HugsHyHXHKKHtFE7Ja9mJYbu__LiyBAW/view?usp=sharing). The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can reproduce the bug by running the following commands: gcc -o case case.c losetup /dev/loop0 case.img mount -o "disable_roll_forward,nouser_xattr,noacl,noinline_data,inline_dentry,flush_merge,nobarrier,fastboot,data_flush,usrquota,alloc_mode=reuse,fsync_mode=nobarrier,test_dummy_encryption" /dev/loop0 /root/mnt ./case The kernel message is shown below: 1,815,118207471,-;BUG: kernel NULL pointer dereference, address: 0000000000000000 1,816,118207481,-;#PF: supervisor instruction fetch in kernel mode 1,817,118207484,-;#PF: error_code(0x0010) - not-present page 6,818,118207487,-;PGD 0 P4D 0 4,819,118207492,-;Oops: 0010 [#1] PREEMPT SMP KASAN PTI 4,820,118207496,-;CPU: 5 PID: 1489 Comm: case Not tainted 5.17.0 #3 4,821,118207501,-;Hardware name: Dell Inc. OptiPlex 9020/03CPWF, BIOS A14 09/14/2015 4,822,118207503,-;RIP: 0010:0x0 4,823,118207509,-;Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. 4,824,118207511,-;RSP: 0018:ffff888128857640 EFLAGS: 00010246 4,825,118207515,-;RAX: 0000000000000000 RBX: ffffffff888bdf60 RCX: ffffffff85891e03 4,826,118207518,-;RDX: 1ffffffff1117bef RSI: 0000000000000008 RDI: ffffea0005391740 4,827,118207520,-;RBP: ffffea0005391740 R08: 0000000000000001 R09: fffff94000a722e9 4,828,118207523,-;R10: ffffea0005391747 R11: fffff94000a722e8 R12: ffff8881681209b0 4,829,118207525,-;R13: ffff88814e45d000 R14: 0000000000000000 R15: ffffea0005391740 4,830,118207528,-;FS: 00007f9b80e14540(0000) GS:ffff8881d5740000(0000) knlGS:0000000000000000 4,831,118207531,-;CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 4,832,118207533,-;CR2: ffffffffffffffd6 CR3: 0000000114cdc005 CR4: 00000000001706e0 4,833,118207536,-;Call Trace: 4,834,118207538,-; <TASK> 4,835,118207540,-; folio_mark_dirty+0x99/0x130 4,836,118207548,-; f2fs_add_regular_entry+0xa1f/0xcb0 4,837,118207555,-; ? f2fs_init_inode_metadata+0xdb0/0xdb0 4,838,118207559,-; ? __f2fs_setup_filename.part.0+0x9d/0xe0 4,839,118207563,-; ? memset+0x20/0x40 4,840,118207568,-; ? __f2fs_setup_filename.part.0+0xe0/0xe0 4,841,118207572,-; f2fs_add_dentry+0x184/0x210 4,842,118207577,-; f2fs_do_add_link+0x1e7/0x290 4,843,118207581,-; ? f2fs_add_dentry+0x210/0x210 4,844,118207585,-; ? f2fs_find_entry+0x8f/0x170 4,845,118207589,-; ? __f2fs_find_entry+0x810/0x810 4,846,118207593,-; ? unlock_new_inode+0x75/0xb0 4,847,118207599,-; __recover_dot_dentries+0x344/0x400 4,848,118207602,-; ? f2fs_link+0x1340/0x1340 4,849,118207606,-; f2fs_lookup+0x833/0xab0 4,850,118207610,-; ? f2fs_rmdir+0x50/0x50 4,851,118207613,-; ? __d_lookup+0x297/0x490 4,852,118207617,-; ? selinux_inode_permission+0x250/0x3c0 4,853,118207622,-; __lookup_slow+0x18c/0x370 4,854,118207627,-; ? vfs_rmdir+0x560/0x560 4,855,118207631,-; ? security_inode_permission+0x73/0xb0 4,856,118207635,-; walk_component+0x35e/0x5f0 4,857,118207639,-; ? handle_dots.part.0+0x16c0/0x16c0 4,858,118207643,-; ? path_init+0xb8/0x1590 4,859,118207647,-; ? walk_component+0x5f0/0x5f0 4,860,118207650,-; ? __is_insn_slot_addr+0x82/0xd0 4,861,118207656,-; path_lookupat.isra.0+0x11e/0x4a0 4,862,118207661,-; filename_lookup+0x19e/0x3b0 4,863,118207664,-; ? may_linkat+0x1a0/0x1a0 4,864,118207668,-; ? _raw_spin_lock_irqsave+0x88/0xe0 4,865,118207673,-; ? create_object+0x39/0xaf0 4,866,118207676,-; ? kmem_cache_alloc+0xc4/0x220 4,867,118207680,-; ? _raw_spin_unlock_irqrestore+0x3d/0x70 4,868,118207683,-; ? create_object+0x649/0xaf0 4,869,118207686,-; ? kasan_unpoison+0x23/0x50 4,870,118207690,-; ? strncpy_from_user+0x44/0x220 4,871,118207695,-; ? kmem_cache_alloc+0x10f/0x220 4,872,118207698,-; ? getname_flags+0xf8/0x4e0 4,873,118207702,-; user_path_at_empty+0x35/0x50 4,874,118207705,-; do_fchownat+0xa7/0x140 4,875,118207709,-; ? chown_common+0x3c0/0x3c0 4,876,118207712,-; ? __ia32_sys_utimes_time32+0x70/0x70 4,877,118207717,-; ? fpregs_assert_state_consistent+0x45/0xb0 4,878,118207721,-; __x64_sys_lchown+0x75/0xb0 4,879,118207725,-; ? syscall_exit_to_user_mode+0x1d/0x40 4,880,118207730,-; do_syscall_64+0x3b/0x90 4,881,118207734,-; entry_SYSCALL_64_after_hwframe+0x44/0xae 4,882,118207738,-;RIP: 0033:0x7f9b80d3976d 4,883,118207741,-;Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f3 36 0d 00 f7 d8 64 89 01 48 4,884,118207744,-;RSP: 002b:00007fff62196da8 EFLAGS: 00000217 ORIG_RAX: 000000000000005e 4,885,118207748,-;RAX: ffffffffffffffda RBX: 000056261616d9e0 RCX: 00007f9b80d3976d 4,886,118207751,-;RDX: 0000000000000003 RSI: 0000000000000008 RDI: 00007fff62196f84 4,887,118207753,-;RBP: 00007fff625973a0 R08: 00007fff62597498 R09: 00007fff62597498 4,888,118207755,-;R10: 00007fff62597498 R11: 0000000000000217 R12: 000056261616c0a0 4,889,118207758,-;R13: 00007fff62597490 R14: 0000000000000000 R15: 0000000000000000 4,890,118207761,-; </TASK> 4,891,118207763,-;Modules linked in: x86_pkg_temp_thermal efivarfs 4,892,118207769,-;CR2: 0000000000000000 4,893,118207773,-;---[ end trace 0000000000000000 ]--- 4,894,118207775,-;RIP: 0010:0x0 4,895,118207778,-;Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. 4,896,118207780,-;RSP: 0018:ffff888128857640 EFLAGS: 00010246 4,897,118207783,-;RAX: 0000000000000000 RBX: ffffffff888bdf60 RCX: ffffffff85891e03 4,898,118207786,-;RDX: 1ffffffff1117bef RSI: 0000000000000008 RDI: ffffea0005391740 4,899,118207788,-;RBP: ffffea0005391740 R08: 0000000000000001 R09: fffff94000a722e9 4,900,118207791,-;R10: ffffea0005391747 R11: fffff94000a722e8 R12: ffff8881681209b0 4,901,118207793,-;R13: ffff88814e45d000 R14: 0000000000000000 R15: ffffea0005391740 4,902,118207795,-;FS: 00007f9b80e14540(0000) GS:ffff8881d5740000(0000) knlGS:0000000000000000 4,903,118207798,-;CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 4,904,118207801,-;CR2: ffffffffffffffd6 CR3: 0000000114cdc005 CR4: 00000000001706e0