program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x1010000, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xdb1, &(0x7f0000001bc0)="$eJzs3UtvG8cdAPBZirT8Si3HSq26ru3GTaM+LMWO0PRWBXAPQYGgQD5B4DqpUyV9OD0kcAA7h15rIMgHaJB7D336EMDIyUUuLfoFgpx6cYMAaWsUSFRImqGov8kuKUuiKP5+wHC4+9/dmSGXS3Jfk4Cx1Vh9XFiYqVJ6+9ZbF++dbv5nZczp9hRnVh+beWgxpdRqz5fSVFje4uRa/tkn1y515p/nvEoXUpWq9vj07N32vIdSStfTmXQ7TaXnPj5+86UPnll679iNYxffmL2zPa0HAIDxcu8H7/78L49//9rR//721GKabI8vv88X8/Dh/Lt/sVobzln7f0DVkVcdw8W+MF0zp0aYbqLLdJ3ltMJ0zR7l7wvLbfWYbrKm/ImOcd3aDaNs/X981ZjbMNxozM2t/Sdf8eHEvmrulStLL1wdUkWBLffp6byLT5KksUvLR4a9BQJYE48b3ud63LPwYNpLa/ZX/t2nG93nhy2w0+u/8ker/Hdv2OKwdfbq2lTaVT5Hh/NwPI7QDPMN+vkvy4vHI1p91rPXcYRROb7Qq54TO1yPzepV/7he7FVfyXl5HU6FeOfnJ76no/IeA93ds/9fksY2LQ97AwTsWvG8ueWsxON5fTE+WRPfXxM/UBM/WBM/VBOHcfa7V3+dblbr//Pjf/pB94eV/WwP5fwLA9Yn7o8ctPx43u+gHrT8eD4x7Gqz/z756S9v/zWe//95OP//bP4uncobiLK/MO5Xb5/7Hy4MbvSY7uFQnYe6TL/6fHrjdNX0+nJSeztTtT+M7XrMbJzvSK/6ntw43VSY7mD+LbI/1Df+PjkY5iu/P8p2tbxezdDe1oZ2rG/HSj3KO3M05/tDe472alfYkb0vTNfK6Vho13Ro1yNhvi+GdlUzG9vVDAdASn2Oh3LicZIyXXjb7vteiu9FvC7j0Zy/mfN3cv5+zj/qUu44Kutjr/P/y/o5k1rVC1eWLj+Rh8t6emeiNbky/vwO1xt4cP1e/zOTNl7/c7g9vtXo3C4cWR9fdW4XpsL4Cz3GP5mHy/fZjycOrI6fu/TTpR9tdeNhzF197fWfPL+0dPkXnngyvCcrq+IuqIYn60+GvWUCttv8qy//bP7qa6+fu/Ly8y9efvHyK+ef+O53nnzqqYX51V/1852/7YG9Zf1Lf9g1AQAAAAAAAAAAAPpWHeg+Oud197ct15OX69Pj9fGMhvK+lbWh3MegXP/Z674u5frNoztQR7beTlxONOw2At390/1/JWls0/Kyu/gDu8Ow+/8r9z0s+eFzfz+6kspkd5/euL2M9y+EB7Hb+59T/t7q/6/d/1Xf27/QY9bU5sr9/b0Df+soNp3ot/zY/nIf2OnByv9DLr+05rHUX/nLvwnlxxuV9umPofyDfZZ/X/tPbq78P+Xyy8s2e7bf8tdqXDU21iPuNy73AYz7jYs/h/aXe/sN3P5NdtR2K5cP42xU+pkc1Kj0/9lLWW7ZDubNc/s4Xbn/duzvYND6l/t+l++BR8Lyq5rvN/1/jra6/j/L+jev/0/Ycz50/E/aramcVDbseuzhtLy8PNSuT8a135XdYtiv/7B/Qw67/GG//nVi/5/x/1Ls/zPGY/+fMR77/4zx2L9WjMf+P+PrGfv/jPHjYbmxf9CZmviXauInauJfromfrInH/28xfqYmfqomfrom/nBN/NGa+Nma+Ndq4o/VxB+vic/+n/g47AP4as57vT7A3hX7jfT5h/FRjv/0+vxP18SB0RX7dY6f76/XxIHRVc7z8PmGMVR1v2NH3N9e9uO+mfN3cv5+zj/atgqyE76R82/m/Fs5/3bOz+V8LufzOdc35Gj71T9OnLpZrZ/ndyTE+z2fNF4PEO8Tc77P+sTjc4Oez3q8z3K2q/xNXg4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDIaq48LCzNVSm/feuviv6a/98OVMafbU5xZfWzmocWUUiulVOXhZlje9cm1/LNPrl3qllfpwupjGU7P3m3Pe2hl/nQm3U5T6bmPj9986YNnlt47duPYxTdm72xP6wEAAGA8/C8AAP//SeHjuQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {&(0x7f0000000000)=[0x6, 0x3, 0x200000, 0x1], 0x4, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 83.810011][ T4669] Bluetooth: hci0: command tx timeout [ 83.981565][ T5325] loop0: detected capacity change from 0 to 4096 [ 84.042091][ T5325] NILFS (loop0): invalid segment: Checksum error in segment payload [ 84.055349][ T5325] NILFS (loop0): trying rollback from an earlier position [ 84.100298][ T5325] NILFS (loop0): recovery complete [ 84.135678][ T5332] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.167700][ T5325] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 84.173135][ T5325] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 84.177677][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.181752][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.186059][ T5325] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 84.189544][ T5325] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff [ 84.198678][ T5325] RSP: 0018:ffffc9000dc87708 EFLAGS: 00010206 [ 84.202139][ T5325] RAX: 0000000000000006 RBX: ffff888047bdc7a8 RCX: 0000000000000002 [ 84.205922][ T5325] RDX: ffff88804183a4c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.209523][ T5325] RBP: 0000000000000000 R08: ffff88804183a4c0 R09: 0000000000000003 [ 84.213858][ T5325] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 84.218337][ T5325] R13: dffffc0000000000 R14: ffff88801244cd40 R15: ffff888047bdbc48 [ 84.222171][ T5325] FS: 00007ff1ef1f56c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 84.226325][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.229636][ T5325] CR2: 00007ff1f2f064d0 CR3: 00000000379a2000 CR4: 0000000000352ef0 [ 84.233585][ T5325] Call Trace: [ 84.235208][ T5325] [ 84.236665][ T5325] nilfs_clean_segments+0x162/0xa50 [ 84.239013][ T5325] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 84.241774][ T5325] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 84.244691][ T5325] ? _copy_from_user+0x94/0xb0 [ 84.246543][ T5325] nilfs_ioctl+0x261f/0x2780 [ 84.248703][ T5325] ? __pfx_nilfs_ioctl+0x10/0x10 [ 84.250736][ T5325] ? kasan_save_track+0x4f/0x80 [ 84.252755][ T5325] ? kasan_save_track+0x3e/0x80 [ 84.255182][ T5325] ? kasan_save_free_info+0x46/0x50 [ 84.257742][ T5325] ? __kasan_slab_free+0x5c/0x80 [ 84.260137][ T5325] ? kfree+0x1c1/0x630 [ 84.262267][ T5325] ? tomoyo_path_number_perm+0x501/0x630 [ 84.265156][ T5325] ? security_file_ioctl+0xc3/0x2a0 [ 84.267479][ T5325] ? __se_sys_ioctl+0x47/0x170 [ 84.269447][ T5325] ? do_syscall_64+0x14d/0xf80 [ 84.271849][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.275108][ T5325] ? kasan_quarantine_put+0xbb/0x1f0 [ 84.277964][ T5325] ? tomoyo_path_number_perm+0x219/0x630 [ 84.280628][ T5325] ? tomoyo_path_number_perm+0x219/0x630 [ 84.283108][ T5325] ? do_vfs_ioctl+0x1166/0x1530 [ 84.285017][ T5325] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.287976][ T5325] ? do_futex+0x333/0x420 [ 84.290617][ T5325] ? __fget_files+0x2a/0x420 [ 84.292961][ T5325] ? __fget_files+0x2a/0x420 [ 84.295134][ T5325] ? __fget_files+0x3a0/0x420 [ 84.297163][ T5325] ? __fget_files+0x2a/0x420 [ 84.299375][ T5325] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.301440][ T5325] ? __pfx_nilfs_ioctl+0x10/0x10 [ 84.303583][ T5325] __se_sys_ioctl+0xfc/0x170 [ 84.305639][ T5325] do_syscall_64+0x14d/0xf80 [ 84.307755][ T5325] ? trace_irq_disable+0x3b/0x150 [ 84.310085][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.313052][ T5325] ? clear_bhb_loop+0x40/0x90 [ 84.315415][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.318737][ T5325] RIP: 0033:0x7ff1f2d9c819 [ 84.321409][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.329884][ T5325] RSP: 002b:00007ff1ef1f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.333993][ T5325] RAX: ffffffffffffffda RBX: 00007ff1f3015fa0 RCX: 00007ff1f2d9c819 [ 84.338301][ T5325] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 84.342503][ T5325] RBP: 00007ff1f2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 84.345997][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.349543][ T5325] R13: 00007ff1f3016038 R14: 00007ff1f3015fa0 R15: 00007ffcd4416268 [ 84.353111][ T5325] [ 84.354440][ T5325] Modules linked in: [ 84.356976][ T5325] ---[ end trace 0000000000000000 ]--- [ 84.366628][ T5325] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 84.369964][ T5325] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff [ 84.380398][ T5325] RSP: 0018:ffffc9000dc87708 EFLAGS: 00010206 [ 84.384859][ T5325] RAX: 0000000000000006 RBX: ffff888047bdc7a8 RCX: 0000000000000002 [ 84.388384][ T5325] RDX: ffff88804183a4c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.392604][ T5325] RBP: 0000000000000000 R08: ffff88804183a4c0 R09: 0000000000000003 [ 84.397714][ T5325] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 84.401015][ T5325] R13: dffffc0000000000 R14: ffff88801244cd40 R15: ffff888047bdbc48 [ 84.405197][ T5325] FS: 00007ff1ef1f56c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 84.409464][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.413021][ T5325] CR2: 00007ff1f2f064d0 CR3: 00000000379a2000 CR4: 0000000000352ef0 [ 84.419382][ T5325] Kernel panic - not syncing: Fatal exception [ 84.422666][ T5325] Kernel Offset: disabled [ 84.424454][ T5325] Rebooting in 86400 seconds..