program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xdbe, &(0x7f0000000e00)="$eJzs3ctvG8f9APBZSrT8ys9yrPysuq6txk2jPizFjtD0VgVwD0GBoED+gsB1UqdK+nB6SOAAdg691kCQP6BB7j306UMAIycXvrToPxDk1IsbBEhbo0CiQtIMRX1FYklZEkXx8wGWw93v7M4MuVyS+5oEjKzG6uPCwnSV0ru337n04Oz4f1amnG3lmFl9HM9jiymlZmu+lCbD8hYn1tLPP71+uT39IqdVupiqVLWmp+fvt+Y9klK6kWbSnTSZXvjk5K1X7j239MGJmycuvTV7d2daDwAAo+XBD97/+V+e/P714//97ZnFNNGaXn6fL+bxo/l3/2K1Np6T1v+Aqi2t2saLAyHfeB4aId9Yh3zt5TRDvvEu5R8Iy212yTdRU/5Y27RO7YZhtv4/vmrMbRhvNObm1v6Tr/ho7EA199rVpZeuDaiiwLb77GzexWcwGEZuWD426C0QwJp43HCTG3HPwsNpLW28t/LvP9voPD9sg91e/5U/XOW/f9MWh+2zX9em0q7yOTqax+NxhPEwX7+f/7K8eDyi2WM9ux1HGJbjC93qObbL9diqbvWP68V+9ZWcltfhTIi3f37iezos7zHQ2QP7/w2GkR2WB70BAvaseN7cclbi8by+GJ+oiR+siR+qiR+uiR+picMo+93rv063qvX/+fE/fb/7w8p+tkdy+n991ifuj+y3/Hjeb78etvx4PjHsabP/Pv3ZL+/8NZ7//0U4//9c/i6dzBuIsr8w7ldvnfsfLgxudMn3aKjOIx3yrz6f2pivmlpfTmrbzmyqx/TG+Y51y3d6Y77JkO9w/i1yMNQ3/j45HOYrvz/KdrW8XuOhvc3QjgOhHuWdOZ7Tg6E9x7u1K+zIPhDyNfNwIrRrKrTrsTDf/4d2VdMb2xX3n5f6nAzT43GSki+8bZu+l+J7Ea/LeDynb+f0vZx+mNOPO5RbU+S+VNbHbuf/l/VzOjWrl64uXXkqj5f19O5Yc2Jl+oVdrjfw8Hq9/mc6bbz+52hrerPRvl04tj69at8uTIbpF7tMfzqPl++zH48dWp0+d/mnSz/a7sbDiLv2xps/eXFp6covPPFkjzy5l9fNvVKf0Xwy4A0TsOPmX3/1Z/PX3njz/NVXX3z5ystXXrvw1He/8/QzzyzMr/6qn2//bQ/sL+tf+oOuCQAAAAAAAAAAANCz6lDnyTmtu79tuZ68XJ8er49nOJT3rawN5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejsn+7/a9jXw9geqMPeHZaXR+I2R8AQGHT/f+W+hyU9ev7vx1eGku3+sxu3l/H+hfAw9nr/c8rfX/3/tfq/6nn7F3rMmtxaub9/cOhvbcWmU72WH9tf7gM71V/5f8jll9Y8kXorf/k3ofx4o9Ie/TGUf7jH8je1//TWyv9TLr+8bLPnei1/rcZVY2M94n7jch/AuN+4+HNof7m3X9/t32JHbbdz+TDKhqWfyX4NS/+f3ZTllu1g3jy3jtOV+2/H/g76rX+573f5HngsLL+q+X7T/+dwq+v/s6x/8/r/hH3nI8f/9tKwtkkdfD3WKrIH6mHY2WF5eXlnd2jVGGjhDPz1H/RvyEGXP+jXv07s/zP+X4r9f8Z47P8zxmP/nzF+aEOuzfHY/2d8PWP/nzF+Miw39g86XRP/Uk38VE38yzXx0zXx+P8txmdq4mdq4mdr4o/WxB+viZ+riX+tJv5ETfzJmvhsTXy/+2pOR7X9MMpiv5E+/zA6yvGfbp//qZo4MLza+nVe/YjHz/fX1+OpUxwYXuU8D59vGEFV5zt2xP3xZT/u2zl9L6cf5vTjHasgu+EbOf1mTr+V02/n9HxO53I6n1N9Qw63X/3j1Jlb1fp5fsdCvNfzSeP1APE+MRd6rE88Ptfv+awneyxnp8rf4uUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOjsfq4sDBdpfTu7Xcu/Wvqez9cmXK2lWNm9XE8jy2mlJoppSqPj4fl3ZhYSz//9PrlTmmVLq4+lvH0/P3WvEdW5k8z6U6aTC98cvLWK/eeW/rgxM0Tl96avbszrQcAAIDR8L8AAAD//xgm4vo=") r0 = syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000580)={0x53, 0xffffffffffffffff, 0x6, 0x4, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000500)="35000002236b", 0x0, 0x80, 0x4, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r1, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0x10d, 0xe2}, {&(0x7f0000000040)=[{0xf, 0x1000000000000}], 0x1, 0x10, 0x20e, 0x1c1b}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0xb], 0x1, 0x8, 0x9af, 0xffff}}) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x6, 0x4) [ 104.047871][ T5324] loop0: detected capacity change from 0 to 4096 [ 104.081278][ T5302] Bluetooth: hci0: command tx timeout [ 104.201350][ T5324] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.205340][ T5324] NILFS (loop0): trying rollback from an earlier position [ 104.240656][ T5324] NILFS (loop0): recovery complete [ 104.268957][ T5331] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.302512][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 104.308960][ T5324] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 104.312853][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.316865][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.322656][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 104.326462][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e af 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 af 84 fe 49 8b 34 24 4c 89 ff [ 104.335349][ T5324] RSP: 0018:ffffc9000f48f708 EFLAGS: 00010206 [ 104.338759][ T5324] RAX: 0000000000000006 RBX: ffff8880489507a8 RCX: 0000000000000002 [ 104.343077][ T5324] RDX: ffff88801abd0000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.346610][ T5324] RBP: 0000000000000000 R08: ffff88801abd0000 R09: 0000000000000003 [ 104.350161][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 104.353615][ T5324] R13: dffffc0000000000 R14: ffff888013011540 R15: ffff88804892fc48 [ 104.357634][ T5324] FS: 00007f89e520d6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 104.362033][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.364877][ T5324] CR2: 00007f89e4609ba0 CR3: 00000000346a1000 CR4: 0000000000352ef0 [ 104.368536][ T5324] Call Trace: [ 104.370201][ T5324] [ 104.371869][ T5324] nilfs_clean_segments+0x162/0xa50 [ 104.375217][ T5324] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 104.378982][ T5324] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 104.381836][ T5324] ? _copy_from_user+0x94/0xb0 [ 104.384037][ T5324] nilfs_ioctl+0x261f/0x2780 [ 104.386195][ T5324] ? __pfx_nilfs_ioctl+0x10/0x10 [ 104.388536][ T5324] ? kasan_save_track+0x4f/0x80 [ 104.390839][ T5324] ? kasan_save_track+0x3e/0x80 [ 104.393093][ T5324] ? kasan_save_free_info+0x46/0x50 [ 104.395421][ T5324] ? __kasan_slab_free+0x5c/0x80 [ 104.399625][ T5324] ? kfree+0x1c1/0x630 [ 104.401770][ T5324] ? tomoyo_path_number_perm+0x501/0x630 [ 104.404312][ T5324] ? security_file_ioctl+0xc3/0x2a0 [ 104.406992][ T5324] ? __se_sys_ioctl+0x47/0x170 [ 104.409423][ T5324] ? do_syscall_64+0x14d/0xf80 [ 104.412338][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.415145][ T5324] ? kasan_quarantine_put+0xbb/0x1f0 [ 104.417725][ T5324] ? tomoyo_path_number_perm+0x219/0x630 [ 104.420685][ T5324] ? tomoyo_path_number_perm+0x219/0x630 [ 104.423428][ T5324] ? do_vfs_ioctl+0x1166/0x1530 [ 104.425605][ T5324] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 104.427899][ T5324] ? do_futex+0x395/0x420 [ 104.429974][ T5324] ? __fget_files+0x2a/0x420 [ 104.432379][ T5324] ? __fget_files+0x2a/0x420 [ 104.435148][ T5324] ? __fget_files+0x3a0/0x420 [ 104.437811][ T5324] ? __fget_files+0x2a/0x420 [ 104.439941][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 104.442230][ T5324] ? __pfx_nilfs_ioctl+0x10/0x10 [ 104.444439][ T5324] __se_sys_ioctl+0xfc/0x170 [ 104.446907][ T5324] do_syscall_64+0x14d/0xf80 [ 104.449143][ T5324] ? trace_irq_disable+0x3b/0x150 [ 104.451976][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.455688][ T5324] ? clear_bhb_loop+0x40/0x90 [ 104.458148][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.460779][ T5324] RIP: 0033:0x7f89e439c799 [ 104.462645][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.471094][ T5324] RSP: 002b:00007f89e520cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.475528][ T5324] RAX: ffffffffffffffda RBX: 00007f89e4615fa0 RCX: 00007f89e439c799 [ 104.479498][ T5324] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000005 [ 104.482963][ T5324] RBP: 00007f89e4432c99 R08: 0000000000000000 R09: 0000000000000000 [ 104.486289][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.489814][ T5324] R13: 00007f89e4616038 R14: 00007f89e4615fa0 R15: 00007fff0a520c18 [ 104.494121][ T5324] [ 104.495823][ T5324] Modules linked in: [ 104.500502][ T5324] ---[ end trace 0000000000000000 ]--- [ 104.582490][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 104.586392][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e af 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 af 84 fe 49 8b 34 24 4c 89 ff [ 104.599631][ T5324] RSP: 0018:ffffc9000f48f708 EFLAGS: 00010206 [ 104.603121][ T5324] RAX: 0000000000000006 RBX: ffff8880489507a8 RCX: 0000000000000002 [ 104.606758][ T5324] RDX: ffff88801abd0000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.612465][ T5324] RBP: 0000000000000000 R08: ffff88801abd0000 R09: 0000000000000003 [ 104.616989][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 104.622068][ T5324] R13: dffffc0000000000 R14: ffff888013011540 R15: ffff88804892fc48 [ 104.625998][ T5324] FS: 00007f89e520d6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 104.631373][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.635220][ T5324] CR2: 000055b8918fec48 CR3: 00000000346a1000 CR4: 0000000000352ef0 [ 104.639928][ T5324] Kernel panic - not syncing: Fatal exception [ 104.643161][ T5324] Kernel Offset: disabled [ 104.645233][ T5324] Rebooting in 86400 seconds..