program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xda6, &(0x7f0000000e00)="$eJzs3ctvXNX9APBzx544L35xiPnFTdPYJaW4j9gkWKW7GildoEqoEn8BSgMNNfQRugAFKUFqt42E+AOK2HfRZxZIEatUbFq1fwBi1U2KkGgbVQJXts8Zj7+Z0Z1xbI/H8/lId87c+z33nnPmcefOfZ0EjKzG2uPi4nSV0tu33rp4b2b8P6tTZlo5Ztcex/PYUkqp2ZovpcmwvKWJ9fSzT65dak8/z2mVLqQqVa3p6dm7rXmPpJSup9l0O02m5z4+efOlD55Zfu/EjRMX35i7szOtBwCA0XLve+/+9M+Pf/fa8f/+5sxSmmhNL9vnS3n8aN7uX6rWx3PS+h9QtaVV23hxIOQbz0Mj5BvrkK+9nGbIN96l/ANhuc0u+SZqyh9rm9ap3TDMNv7HV435TeONxvz8+n/yVR+OHajmX7my/MLVAVUU2HafzuRdfAaDYeSGlWODXgMBrIvHDe9zPe5ZeDCtpY33Vv7dpxud54dtsNuff+UPV/nv3rDGYfvs109TaVf5Hh3N4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvlemxVt/rHz8V+9aWcltfhTIi3f3/iezos7zHQ2T37/w2GkR1WBr0CAvaseN7cSlbi8by+GJ+oiR+siR+qiR+uiR+picMo++2rv0o3q43/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsaXP/Pv3pz2//JZ7//3k4//9s/i2dzCuIsr8w7ldvnfsfLgxudMn3cKjOQx3yrz2f2pyvmtpYTmpbz9xXj+nN8x3rlu/05nyTId/hvC1yMNQ3bp8cDvOV7Y+yXi2v13hobzO040CoR3lnjuf0YGjP8W7tCjuyD4R8zTycCO2aCu16JMz3/6Fd1fTmdsX956U+J8P0eJyk5Atv232/S/G9iNdlPJrTN3P6Tk7fz+lHHcodReXz2O38//L5nE7N6oUry5efyOPlc3pnrDmxOv38LtcbeHC9Xv8znTZf/3O0Nb3ZaF8vHNuYXrWvFybD9Atdpj+Zx8vv2Q/HDq1Nn7/04+UfbHfjYcRdfe31Hz2/vHz5Z5544oknrSeDXjMBO23h1Zd/snD1tdfPXXn5+Rcvv3j5lfNPfPtbTz711OLC2lb9Qvu2PbC/bPzoD7omAAAAAAAAAAAAQM+qQ50n57Tz/W3//ouSr1xPXq5Pj9fHMxzK+1Y+DeU+BuX6z273dSnXbx7fhTqy/XbjcqJBtxHo7J/u/2swjOywsuIu/sDeMOj+/8p9D0t69Nzfjq8OJdvdpzevL+P9C+FB7PX+55S/v/r/a/V/1fP6L/SYNbm1cn9379Bf24pNp3otP7a/3Ad2qr/yf5/LL615LPVW/sqvQ/nxRqU9+kMo/3CP5d/X/tNbK/+Pufzyss2d7bX89RpXjc31iPuNy30A437j4k+h/eXefn23f4sdtd3K5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CRsPyq5vdN/5/Dra7/z/L5W9D/J+w7Hzr+ZzDs6WHtt3mHlr2ysjLQrk9Gtd+VvWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b4ybDc2D/odE38CzXxUzXxL9bET9fE4/+3GJ+tiZ+pic/UxB+uiT9aEz9bE/9KTfyxmvjjNfG5mvh+9+Wcjmr7YZTFfiN9/2F0lOM/3b7/UzVxYHjFfp3j9/urNXFgeJXzPHy/YQRVne/YEfe3l/24b+b0nZy+n9OPdqyC7Iav5fTrOf1GTr+Z03M5nc/pQk71DTncfvmPU2duVhvn+R0L8V7PJ43XA8T7xJzvsT7x+Fy/57Oe7LGcnSp/i5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxtrj4uJ0ldLbt966+K+p73x/dcpMK8fs2uN4HltKKTVTSlUeHw/Luz6xnn72ybVLndIqXVh7LOPp2buteY+szp9m0+00mZ77+OTNlz54Zvm9EzdOXHxj7s7OtB4AAABGw/8CAAD//8tT5vc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x1, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f0000000000)=[0x9, 0x2], 0x2, 0x8, 0x98f, 0xffff}}) [ 104.280035][ T4666] Bluetooth: hci0: command tx timeout [ 104.510588][ T5324] loop0: detected capacity change from 0 to 4096 [ 104.551431][ T5324] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.555240][ T5324] NILFS (loop0): trying rollback from an earlier position [ 104.590149][ T5324] NILFS (loop0): recovery complete [ 104.613918][ T5332] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.640142][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 104.646074][ T5324] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 104.650580][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.654932][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.659487][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 104.662872][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 7e 82 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 60 82 84 fe 49 8b 34 24 4c 89 ff [ 104.670904][ T5324] RSP: 0018:ffffc9000f557708 EFLAGS: 00010206 [ 104.673524][ T5324] RAX: 0000000000000006 RBX: ffff8880119587a8 RCX: 0000000000000002 [ 104.676958][ T5324] RDX: ffff88803be38000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.680431][ T5324] RBP: 0000000000000000 R08: ffff88803be38000 R09: 0000000000000003 [ 104.683765][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 104.687091][ T5324] R13: dffffc0000000000 R14: ffff88801f552d40 R15: ffff888011957c48 [ 104.690407][ T5324] FS: 00007f5f439e46c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000 [ 104.694320][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.697258][ T5324] CR2: 00007ffc55d3698c CR3: 0000000041e76000 CR4: 0000000000352ef0 [ 104.701103][ T5324] Call Trace: [ 104.702597][ T5324] [ 104.704183][ T5324] nilfs_clean_segments+0x162/0xa50 [ 104.707839][ T5324] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 104.711397][ T5324] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 104.714508][ T5324] ? _copy_from_user+0x94/0xb0 [ 104.717362][ T5324] nilfs_ioctl+0x261f/0x2780 [ 104.719541][ T5324] ? __pfx_nilfs_ioctl+0x10/0x10 [ 104.721969][ T5324] ? kasan_save_track+0x4f/0x80 [ 104.724239][ T5324] ? kasan_save_track+0x3e/0x80 [ 104.726592][ T5324] ? kasan_save_free_info+0x46/0x50 [ 104.729167][ T5324] ? __kasan_slab_free+0x5c/0x80 [ 104.731534][ T5324] ? kfree+0x1c1/0x630 [ 104.733326][ T5324] ? tomoyo_path_number_perm+0x501/0x630 [ 104.735650][ T5324] ? security_file_ioctl+0xc3/0x2a0 [ 104.737856][ T5324] ? __se_sys_ioctl+0x47/0x170 [ 104.740092][ T5324] ? do_syscall_64+0x14d/0xf80 [ 104.742956][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.746438][ T5324] ? kasan_quarantine_put+0xbb/0x1f0 [ 104.748785][ T5324] ? tomoyo_path_number_perm+0x219/0x630 [ 104.751235][ T5324] ? tomoyo_path_number_perm+0x219/0x630 [ 104.753882][ T5324] ? do_vfs_ioctl+0x1166/0x1530 [ 104.755960][ T5324] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 104.758189][ T5324] ? do_futex+0x333/0x420 [ 104.760719][ T5324] ? __fget_files+0x2a/0x420 [ 104.763226][ T5324] ? __fget_files+0x2a/0x420 [ 104.765723][ T5324] ? __fget_files+0x3a0/0x420 [ 104.767786][ T5324] ? __fget_files+0x2a/0x420 [ 104.769786][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 104.772014][ T5324] ? __pfx_nilfs_ioctl+0x10/0x10 [ 104.774310][ T5324] __se_sys_ioctl+0xfc/0x170 [ 104.776552][ T5324] do_syscall_64+0x14d/0xf80 [ 104.779348][ T5324] ? trace_irq_disable+0x3b/0x150 [ 104.782040][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.784761][ T5324] ? clear_bhb_loop+0x40/0x90 [ 104.786913][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.789723][ T5324] RIP: 0033:0x7f5f42b9c819 [ 104.791924][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.801547][ T5324] RSP: 002b:00007f5f439e3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.805053][ T5324] RAX: ffffffffffffffda RBX: 00007f5f42e15fa0 RCX: 00007f5f42b9c819 [ 104.808430][ T5324] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 104.812801][ T5324] RBP: 00007f5f42c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 104.816529][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.819837][ T5324] R13: 00007f5f42e16038 R14: 00007f5f42e15fa0 R15: 00007ffc37e0dc58 [ 104.823682][ T5324] [ 104.825108][ T5324] Modules linked in: [ 104.827775][ T5324] ---[ end trace 0000000000000000 ]--- [ 104.838172][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 104.841205][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 7e 82 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 60 82 84 fe 49 8b 34 24 4c 89 ff [ 104.852030][ T5324] RSP: 0018:ffffc9000f557708 EFLAGS: 00010206 [ 104.856180][ T5324] RAX: 0000000000000006 RBX: ffff8880119587a8 RCX: 0000000000000002 [ 104.860577][ T5324] RDX: ffff88803be38000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.865031][ T5324] RBP: 0000000000000000 R08: ffff88803be38000 R09: 0000000000000003 [ 104.869292][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 104.872936][ T5324] R13: dffffc0000000000 R14: ffff88801f552d40 R15: ffff888011957c48 [ 104.876579][ T5324] FS: 00007f5f439e46c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000 [ 104.881704][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.884911][ T5324] CR2: 00007ffc55d3698c CR3: 0000000041e76000 CR4: 0000000000352ef0 [ 104.890065][ T5324] Kernel panic - not syncing: Fatal exception [ 104.893400][ T5324] Kernel Offset: disabled [ 104.895290][ T5324] Rebooting in 86400 seconds..