program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000000080)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f292516b331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c706219f1f9e0b030040f821e03bc0e8a497c4d5dde436000090a397637dedb2f3", @ANYBLOB="0153a3d6452251ef70dab16b6f68bd985c0991d5f19075f5073384165a0c9a72259abcc7b19ce4a472deaabddd653aedee499c0766e5e19bba280b02b1b80d74cd08a32b53ed71266dcc547e19a1ca3cb94bd2ecbe9c78103e5f8f4a000e3763dcdf540ce8ab8e31f09a35ee9ab4cb4736bd1c543c1ac6a3f72298d5f7cb3186a9ab8009508b5ff2fbcd1c79b4665593cb35be28179760e68911d81791b5ca0dde7b7b51596b31f79cb8726373942f83432618d2c5fc0af0cf55039cc118145f30040d1d18c8acae0b906e86007aeea0c89f42ae860d8b77b3"], 0x4, 0xd9f, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCV7bPGY//memdcWyPx/P7SWfO3Pu/955z5nHnzn2dBIysxtrj4uJ0ldLbt966eG9m/D+rY2ZaU8yuPY7noaWUUrM1X0qTYXlLE+v5Z59cu9Sef57zKl1IVapa49Ozd1vzHkkpXU+z6XaaTM99fPLmSx88s/zeiRsnLr4xd2dnWg8AAKPl3g/e/flfHv/+teP//e2ZpTTRGl+2z5fy8NG83b9UrQ/nrPU/oGrLq7bh4kCYbjynRphurMN07eU0w3TjXco/EJbb7DLdRE35Y23jOrUbhtnG//iqMb9puNGYn1//T77qw7ED1fwrV5ZfuDqgigLb7tOZvItPkqSRSyvHBr0GAlgXjxve53rcs/BgWksb7638u083Os8P22C3P//KH67y371hjcP22a+fptKu8j06mofjcYTxMF+/3/+yvHg8otljPbsdRxiW4wvd6jm2y/XYqm71j5+L/eorOS+vw5kQb//+xPd0WN5joLN79v9L0simlUGvgIA9K543t5KVeDyvL8YnauIHa+KHauKHa+JHauIwyn736q/TzWrjf378T9/v/rCyn+2hnH+hz/rE/ZH9lh/P++3Xg5YfzyeGPW3u36c//eXtv8bz/z8P5/+fzb+lk3kFUfYXxv3qrXP/w4XBjS7TPRyq81CH6deeT22erpraWE5qW8/cV4/pzfMd6zbd6c3TTYbpDudtkYOhvnH75HCYr2x/lPVqeb3GQ3uboR0HQj3KO3M85wdDe453a1fYkX0gTNfM6URo11Ro1yNhvi+GdlXTm9sV95+X+pwM4+NxkjJdeNvu+12K70W8LuPRnL+Z83dy/n7OP+pQ7igqn8du5/+Xz+d0alYvXFm+/EQeLp/TO2PNidXx53e53sCD6/X6n+m0+fqfo63xzUb7euHYxviqfb0wGcZf6DL+yTxcfs9+PHZobfz8pZ8u/2i7Gw8j7uprr//k+eXly7/wxBNPPGk9GfSaCdhpC6++/LOFq6+9fu7Ky8+/ePnFy6+cf+K733nyqacWF9a26hfat+2B/WXjR3/QNQEAAAAAAAAAAAB6Vh3qPDrndfe3LdeTl+vT4/XxDIfyvpVPQ7mPQbn+s9t9Xcr1m8d3oY5sv924nGjQbQQ6+6f7/0rSyKaVFXfxB/aGQff/V+57WPKj5/5+fDWVye4+vXl9Ge9fCA9ir/c/p/z91f9fq/+rntd/ocesya2V+/t7h/7WVmw61Wv5sf3lPrBT/ZX/h1x+ac1jqbfyV34Tyo83Ku3RH0P5h3ss/772n95a+X/K5ZeXbe5sr+Wv17hqbK5H3G9c7gMY9xsXfw7tL/f267v9W+yo7VYuH0bZsPQz2a9h6f+zm7Lcsh7Mq+fWcbpy/+3Y30G/9S/3/S6/A4+E5Vc1v2/6/xxudf1/ls/fgv4/Yd/50PG//5Mm9kAdJGnn0srKykC7PhnVflf2ikG//oPehhx0+YN+/evE/j/j/6XY/2eMx/4/Yzz2/xnjsX+tGI/9f8bXM/b/GeMnw3Jj/6DTNfEv1cRP1cS/XBM/XROP/99ifLYmfqYmPlMTf7gm/mhN/GxN/Gs18cdq4o/XxOdq4vvdV3M+qu2HURb7jfT9h9FRjv90+/5P1cSB4RX7dY7f76/XxIHhVc7z8P2GEVR1vmNH3N9e9uO+mfN3cv5+zj/asQqyG76R82/m/Fs5/3bOz+V8PucLOdc35HD71T9OnblZbZzndyzEez2fNF4PEO8Tc77H+sTjc/2ez3qyx3J2qvwtXg4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQaa4+Li9NVSm/feuviv6a+98PVMTOtKWbXHsfz0FJKqZlSqvLweFje9Yn1/LNPrl3qlFfpwtpjGU7P3m3Ne2R1/jSbbqfJ9NzHJ2++9MEzy++duHHi4htzd3am9QAAADAa/hcAAP//uqzlyA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0x7fffffffffffffff}, {&(0x7f0000000040)=[0x20, 0xbf], 0x2, 0x8, 0x1, 0x100002}, {0x0, 0x0, 0x28, 0x0, 0xfffffffffffffff7}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 110.547889][ T4668] Bluetooth: hci0: command tx timeout [ 110.761507][ T5327] loop0: detected capacity change from 0 to 4096 [ 110.815726][ T5327] NILFS (loop0): invalid segment: Checksum error in segment payload [ 110.820279][ T5327] NILFS (loop0): trying rollback from an earlier position [ 110.880946][ T5327] NILFS (loop0): recovery complete [ 110.901066][ T5334] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.917746][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 110.923434][ T5327] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 110.927993][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 110.932065][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 110.937163][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 110.940724][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 0e a1 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 f0 a0 84 fe 49 8b 34 24 4c 89 ff [ 110.949559][ T5327] RSP: 0018:ffffc9000e347708 EFLAGS: 00010206 [ 110.952966][ T5327] RAX: 0000000000000006 RBX: ffff888055c587a8 RCX: 0000000000000002 [ 110.957292][ T5327] RDX: ffff888000e18000 RSI: 0000000000000000 RDI: 0000000000000000 [ 110.960871][ T5327] RBP: 0000000000000000 R08: ffff888000e18000 R09: 0000000000000003 [ 110.964525][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 110.968304][ T5327] R13: dffffc0000000000 R14: ffff88804132b940 R15: ffff888011b2bc48 [ 110.972304][ T5327] FS: 00007fe5dae126c0(0000) GS:ffff88808ca4e000(0000) knlGS:0000000000000000 [ 110.977275][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.980415][ T5327] CR2: 00007fe5da207120 CR3: 000000001247f000 CR4: 0000000000352ef0 [ 110.984253][ T5327] Call Trace: [ 110.985923][ T5327] [ 110.987422][ T5327] nilfs_clean_segments+0x162/0xa50 [ 110.989742][ T5327] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 110.992231][ T5327] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 110.995061][ T5327] ? _copy_from_user+0x94/0xb0 [ 110.997494][ T5327] nilfs_ioctl+0x261f/0x2780 [ 110.999640][ T5327] ? __pfx_nilfs_ioctl+0x10/0x10 [ 111.001917][ T5327] ? kasan_save_track+0x4f/0x80 [ 111.004225][ T5327] ? kasan_save_track+0x3e/0x80 [ 111.006179][ T5327] ? kasan_save_free_info+0x46/0x50 [ 111.009902][ T5327] ? __kasan_slab_free+0x5c/0x80 [ 111.012154][ T5327] ? kfree+0x1c1/0x630 [ 111.014090][ T5327] ? tomoyo_path_number_perm+0x501/0x630 [ 111.016679][ T5327] ? security_file_ioctl+0xc3/0x2a0 [ 111.019452][ T5327] ? __se_sys_ioctl+0x47/0x170 [ 111.021712][ T5327] ? do_syscall_64+0x14d/0xf80 [ 111.023998][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.027152][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 111.030417][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 111.033424][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 111.036260][ T5327] ? do_vfs_ioctl+0x1166/0x1530 [ 111.038515][ T5327] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 111.040929][ T5327] ? do_futex+0x395/0x420 [ 111.043204][ T5327] ? __fget_files+0x2a/0x420 [ 111.045697][ T5327] ? __fget_files+0x2a/0x420 [ 111.047985][ T5327] ? __fget_files+0x3a0/0x420 [ 111.050129][ T5327] ? __fget_files+0x2a/0x420 [ 111.052407][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 111.055004][ T5327] ? __pfx_nilfs_ioctl+0x10/0x10 [ 111.057569][ T5327] __se_sys_ioctl+0xfc/0x170 [ 111.060197][ T5327] do_syscall_64+0x14d/0xf80 [ 111.062496][ T5327] ? trace_irq_disable+0x3b/0x150 [ 111.064841][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.067645][ T5327] ? clear_bhb_loop+0x40/0x90 [ 111.069856][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.073094][ T5327] RIP: 0033:0x7fe5d9f9c799 [ 111.075713][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.084718][ T5327] RSP: 002b:00007fe5dae11fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.089249][ T5327] RAX: ffffffffffffffda RBX: 00007fe5da215fa0 RCX: 00007fe5d9f9c799 [ 111.093254][ T5327] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 111.096885][ T5327] RBP: 00007fe5da032c99 R08: 0000000000000000 R09: 0000000000000000 [ 111.100692][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.104686][ T5327] R13: 00007fe5da216038 R14: 00007fe5da215fa0 R15: 00007ffdc532a818 [ 111.109228][ T5327] [ 111.110861][ T5327] Modules linked in: [ 111.116606][ T5327] ---[ end trace 0000000000000000 ]--- [ 111.183934][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 111.188350][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 0e a1 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 f0 a0 84 fe 49 8b 34 24 4c 89 ff [ 111.198486][ T5327] RSP: 0018:ffffc9000e347708 EFLAGS: 00010206 [ 111.201449][ T5327] RAX: 0000000000000006 RBX: ffff888055c587a8 RCX: 0000000000000002 [ 111.205664][ T5327] RDX: ffff888000e18000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.209562][ T5327] RBP: 0000000000000000 R08: ffff888000e18000 R09: 0000000000000003 [ 111.213278][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 111.217735][ T5327] R13: dffffc0000000000 R14: ffff88804132b940 R15: ffff888011b2bc48 [ 111.223186][ T5327] FS: 00007fe5dae126c0(0000) GS:ffff88808ca4e000(0000) knlGS:0000000000000000 [ 111.227634][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.230724][ T5327] CR2: 0000556a0c89f990 CR3: 000000001247f000 CR4: 0000000000352ef0 [ 111.234602][ T5327] Kernel panic - not syncing: Fatal exception [ 111.237778][ T5327] Kernel Offset: disabled [ 111.239896][ T5327] Rebooting in 86400 seconds..