program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xdb4, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxqHGOymaeySUtxHbBKs0l2NlC5QJVSJT4DSQEMNfYQuQEFKWHTbSIgPUMS+iz6zQIpYpWLTql8AseomRUi0jSqBK9vnjMd/z+iOHdvj8fx+0pkz9/7vveecedy5c18nAUOrsfq4sDBVpfTO7bcv3Z8e/e/KmOnWFDOrj6N5aDGl1GzNl9J4WN7i2Fr++afXL7fnX+S8ShdTlarW+PTcvda8x1JKN9JMupPG0/OfTN56+cNnl94/dfPUpTdn7+5O6wEAYLjc/+F7v/jrEz+4fvJ/vzu7mMZa48v2+WIePp63+xerteGctf4HVG151TZcHArTjebUCNONdJiuvZxmmG60S/mHwnKbXaYbqyl/pG1cp3bDIFv/H1815jYMNxpzc2v/yVd8NHKomnv16tKL1/pUUWDHfTadd/FJkjR0aflEv9dAAGviccNNbsQ9Cw+mtbTR3sq/90yj8/ywA/b686/8wSr/vZvWOOycg/ppKu0q36PjeTgeRxgN8231+1+WF49HNHusZ7fjCINyfKFbPUf2uB7b1a3+8XNxUH015+V1OBvi7d+f+J4OynsMdHbf/n9JGtq03O8VELBvxfPmlrMSj+f1xfhYTfxwTfxITfxoTfxYTRyG2e9f+026Va3/z4//6be6P6zsZ3so51/aYn3i/sitlh/P+92qBy0/nk8M+9rsf8589qs7f4vn/38Rzv8/l39Lx/MKouwvjPvVW+f+hwuDG12mezhU56EO068+n9g4XTWxvpzUtp7ZVI+pjfOd6DbdmY3TjYfpjuZtkcOhvnH75GiYr2x/lPVqeb1GQ3uboR2HQj3KO3My54dDe052a1fYkX0oTNfM6VRo10Ro1yNhvkdDu6qpje2K+89LfSbD+HicpEwX3rZNv0vxvYjXZTyW87dy/m7OP8j5xx3KHUbl89jt/P/y+ZxKzerFq0tXnszD5XN6d6Q5tjL+wh7XG3hwvV7/M5U2Xv9zvDW+2WhfL5xYH1+1rxfGw/iLXcY/lYfL79lPRo6sjp+7/LOlH+9042HIXXv9jZ++sLR05ZeeDOyTw/ujGp60P1nZcN4H1dj+k36vmYDdNv/aKz+fv/b6G+evvvLCS1deuvLqhSe/992nnn56YX51q36+fdseOFjWf/T7XRMAAAAAAAAAAACgZ9WRzqNzXnd/23I9ebk+PV4fz2Ao71v5NJT7GJTrP7vd16Vcv3lyD+rIztuLy4n63Uags3+5/68kDW1aXnYXf2B/6Hf/f+W+hyU/fv4fJ1dSmezeMxvXl/H+hfAg9nv/c8o/WP3/tfq/6nn9F3rMGt9euX+4f+TvbcWm072WH9tf7gM7sbXy/5jLL615PPVW/vJvQ/nxRqU9+lMo/2iP5W9q/5ntlf/nXH552WbP9Vr+Wo2rxsZ6xP3G5T6Acb9x8ZfQ/nJvvy23f5sdtd3O5cMwG5R+JrdqMPr/7N5bQVluWQ/m1XPrON2jXZbQW/3X7/Ne7vtdfgceCcuvan7f9P852Or6/yyfv3n9f8KB85Hjf7uc8i9J3+shSZvT8vJyX7s+GdZ+V/aLfr/+/d6G7Hf5/X7968T+P+P/pdj/Z4zH/j9jPPb/GeOxf60Yj/1/xtcz9v8Z45NhubF/0Kma+Jdr4qdr4l+piZ+picf/bzE+UxM/WxOfrok/XBN/rCZ+rmu8urHy+PWa+R+viT9RE5+tiR90X8v5sLYfhlnsN9L3H4ZHOf7T7fs/URMHBlfs1zl+v79REwcGVznPw/cbhlDV+Y4dcX972Y/7Vs7fzfkHOf941yrIXvhmzr+V82/n/Ds5P5/zuZzP51zfkIPt1/88ffZWtX6e34kQ7/V82Hg9QLxPzIUe6xOPz231fNzJHsvZrfK3eTkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMBorD4uLExVKb1z++1L/574/o9Wxky3pphZfRzNQ4sppWZKqcrDo2F5N8bW8s8/vX65U16li6uPZTg9d68177GV+dNMupPG0/OfTN56+cNnl94/dfPUpTdn7+5O6wEAAGA4/D8AAP//JuzmGg==") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@link_local, @random="1d5da714014a", @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x88, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x0, 0x0, 0x0, 0x2, 0x3}}}}}}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r2, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x3, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0x3b}, {&(0x7f00000003c0)=[0xc], 0x1, 0x8, 0x98c, 0xffff}}) [ 101.378761][ T5300] Bluetooth: hci0: command tx timeout [ 101.532699][ T5326] loop0: detected capacity change from 0 to 4096 [ 101.598918][ T5326] NILFS (loop0): invalid segment: Checksum error in segment payload [ 101.617361][ T5326] NILFS (loop0): trying rollback from an earlier position [ 101.654154][ T5326] NILFS (loop0): recovery complete [ 101.659086][ T5329] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 101.674377][ T5326] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 101.679173][ T5326] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 101.682505][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 101.686728][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 101.691912][ T5326] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 101.695040][ T5326] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e a5 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 a5 84 fe 49 8b 34 24 4c 89 ff [ 101.703695][ T5326] RSP: 0018:ffffc9000e7a7708 EFLAGS: 00010206 [ 101.706892][ T5326] RAX: 0000000000000006 RBX: ffff888023e547a8 RCX: 0000000000000002 [ 101.710535][ T5326] RDX: ffff8880326f0000 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.713911][ T5326] RBP: 0000000000000000 R08: ffff8880326f0000 R09: 0000000000000003 [ 101.717318][ T5326] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 101.721592][ T5326] R13: dffffc0000000000 R14: ffff88804104d940 R15: ffff888023e0fc48 [ 101.725961][ T5326] FS: 00007fbeb504c6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 101.730194][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.733455][ T5326] CR2: 00007fbeb44110c0 CR3: 0000000038245000 CR4: 0000000000352ef0 [ 101.737293][ T5326] Call Trace: [ 101.738968][ T5326] [ 101.740658][ T5326] nilfs_clean_segments+0x162/0xa50 [ 101.742674][ T5326] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 101.745132][ T5326] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 101.747493][ T5326] ? _copy_from_user+0x94/0xb0 [ 101.749265][ T5326] nilfs_ioctl+0x261f/0x2780 [ 101.751045][ T5326] ? __pfx_nilfs_ioctl+0x10/0x10 [ 101.753440][ T5326] ? kasan_save_track+0x4f/0x80 [ 101.756124][ T5326] ? kasan_save_track+0x3e/0x80 [ 101.758882][ T5326] ? kasan_save_free_info+0x46/0x50 [ 101.761393][ T5326] ? __kasan_slab_free+0x5c/0x80 [ 101.763687][ T5326] ? kfree+0x1c1/0x630 [ 101.765554][ T5326] ? tomoyo_path_number_perm+0x501/0x630 [ 101.768005][ T5326] ? security_file_ioctl+0xc3/0x2a0 [ 101.770557][ T5326] ? __se_sys_ioctl+0x47/0x170 [ 101.773025][ T5326] ? do_syscall_64+0x14d/0xf80 [ 101.775698][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.778481][ T5326] ? kasan_quarantine_put+0xbb/0x1f0 [ 101.780949][ T5326] ? tomoyo_path_number_perm+0x219/0x630 [ 101.783734][ T5326] ? tomoyo_path_number_perm+0x219/0x630 [ 101.786714][ T5326] ? do_vfs_ioctl+0x1166/0x1530 [ 101.789398][ T5326] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 101.791913][ T5326] ? do_futex+0x395/0x420 [ 101.793886][ T5326] ? __fget_files+0x2a/0x420 [ 101.795945][ T5326] ? __fget_files+0x2a/0x420 [ 101.798006][ T5326] ? __fget_files+0x3a0/0x420 [ 101.800197][ T5326] ? __fget_files+0x2a/0x420 [ 101.802395][ T5326] ? bpf_lsm_file_ioctl+0x9/0x20 [ 101.804915][ T5326] ? __pfx_nilfs_ioctl+0x10/0x10 [ 101.807515][ T5326] __se_sys_ioctl+0xfc/0x170 [ 101.809572][ T5326] do_syscall_64+0x14d/0xf80 [ 101.811607][ T5326] ? trace_irq_disable+0x3b/0x150 [ 101.813908][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.816818][ T5326] ? clear_bhb_loop+0x40/0x90 [ 101.818987][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.821606][ T5326] RIP: 0033:0x7fbeb419c799 [ 101.823600][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.832829][ T5326] RSP: 002b:00007fbeb504bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.836515][ T5326] RAX: ffffffffffffffda RBX: 00007fbeb4415fa0 RCX: 00007fbeb419c799 [ 101.839893][ T5326] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000006 [ 101.843435][ T5326] RBP: 00007fbeb4232c99 R08: 0000000000000000 R09: 0000000000000000 [ 101.847977][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.852159][ T5326] R13: 00007fbeb4416038 R14: 00007fbeb4415fa0 R15: 00007ffc45a69708 [ 101.855195][ T5326] [ 101.856420][ T5326] Modules linked in: [ 101.858300][ T5326] ---[ end trace 0000000000000000 ]--- [ 101.880176][ T5326] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 101.888661][ T5326] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e a5 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 a5 84 fe 49 8b 34 24 4c 89 ff [ 101.918381][ T5326] RSP: 0018:ffffc9000e7a7708 EFLAGS: 00010206 [ 101.921375][ T5326] RAX: 0000000000000006 RBX: ffff888023e547a8 RCX: 0000000000000002 [ 101.926233][ T5326] RDX: ffff8880326f0000 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.938339][ T5326] RBP: 0000000000000000 R08: ffff8880326f0000 R09: 0000000000000003 [ 101.948450][ T5326] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 101.968884][ T5326] R13: dffffc0000000000 R14: ffff88804104d940 R15: ffff888023e0fc48 [ 101.972772][ T5326] FS: 00007fbeb504c6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 101.988473][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.991382][ T5326] CR2: 00007fbeb44110c0 CR3: 0000000038245000 CR4: 0000000000352ef0 [ 101.994906][ T5326] Kernel panic - not syncing: Fatal exception [ 101.997812][ T5326] Kernel Offset: disabled [ 101.999855][ T5326] Rebooting in 86400 seconds..