program: r0 = syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x4090, &(0x7f0000003280)=ANY=[], 0x1, 0xd9f, &(0x7f0000000e00)="$eJzs3UtvXFcdAPBzx544rxKncbEJITYNpeYRuwlesEG4UlhUSBVSP0EV0pLilkfKolUqJV2wJVLVD0DVPQueWVSKugrqBsQXqLpiE6pKBSKk1sj2OePxPzO6M47t8Xh+P+nOmXv/595zzjzu3Lmvk4CR1Vh/XFqaqVJ6+/Zbl+7Pjv93bcpsK8fc+uN4HltOKTVb86U0GZa3PLGRfvbJ9cvt6ec5rdLFVKWqNT09e68177GU0o00l+6kyfTcx9O3XvrgmZX3Tt08demN+bu703oAABgt93/47i/++uQPrp/83+/OLqeJ1vSyfb6cx4/n7f7lamM8J63/AVVbWrWNF4dCvvE8NEK+sQ752stphnzjXco/FJbb7JJvoqb8sbZpndoNw2zzf3zVWNgy3mgsLGz8J1/z4dihauGVqysvXBtQRYEd9+ls3sVnMBhGblg9Meg1EMCGeNzwATfinoWH01raeG/l33u60Xl+2AF7/flX/nCV/+5Naxx2zkH9NJV2le/R8TwejyOMh/n6/f6X5cXjEc0e69ntOMKwHF/oVs+xPa7HdnWrf/xcHFRfyWl5Hc6GePv3J76nw/IeA53dt//fYBjZYXXQKyBg34rnza1mJR7P64vxiZr44Zr4kZr40Zr4sZo4jLLfv/qbdKva/J8f/9P3uz+s7Gd7JKdf6LM+cX9kv+XH83779bDlx/OJYV+b/8+ZT39152/x/P/Pw/n/5/Jv6WReQZT9hXG/euvc/3BhcKNLvkdDdR7pkH/9+dTWfNXU5nJS23rmgXrMbJ3vRLd8Z7bmmwz5juZtkcOhvnH75GiYr2x/lPVqeb3GQ3uboR2HQj3KO3Myp4dDe052a1fYkX0o5Gvm4VRo11Ro12Nhvi+GdlUzW9sV95+X+kyH6fE4SckX3rYHfpfiexGvy3g8p2/m9J2cvp/TjzqUO4rK57Hb+f/l8zmTmtULV1euPJXHy+f07lhzYm36hT2uN/Dwer3+ZyZtvf7neGt6s9G+XjixOb1qXy9MhukXu0z/Th4vv2c/GTuyPn3h8s9WfrzTjYcRd+2113/6/MrKlV964oknnrSeDHrNBOy2xVdf/vnitddeP3/15edfvPLilVcuPPXdtelLi+tb9Yvt2/bAwbL5oz/omgAAAAAAAAAAAAA9q450npzTuvvbluvJy/Xp8fp4hkN538qnodzHoFz/2e2+LuX6zZN7UEd23l5cTjToNgKd/cv9fw2GkRu+l7//q6vu4g/sD4Pu/6/c97Ckx8//4+TaULLde3rr+jLevxAexn7vf075B6v/v1b/Vz2v/0KPWZPbK/cP94/8va3YdLrX8mP7y31gp/or/4+5/NKaJ1Jv5a/+NpQfb1Taoz+F8o/2WP4D7T+zvfL/nMsvL9v8uV7L36hx1dhaj7jfuNwHMO43Lv4S2l/u7dd3+7fZUdvtXD6MsmHpZ7Jfw9L/ZzdluWU9mFfPreN05f7bsb+Dfutf7vtdfgceC8uvan7f9P853Or6/yyfv0X9f8KB86HjfwbDyA6rq6sD7fpkVPtd2S8G/foPehty0OUP+vWvE/v/jP+XYv+fMR77/4zx2P9njMf+tWI89v8ZX8/Y/2eMT4flxv5BZ2riX6qJn66Jf7kmfqYmHv+/xfhcTfxsTXy2Jv5oTfzxmvi5mvjXauJP1MSfrInP18QPuq/mdFTbD6Ms9hvp+w+joxz/6fb9n6qJA8Mr9uscv99fb8XHOsaB4VXO8/D7DiOo6nzHjri/vezHfTOn7+T0/Zx+tGsVZC98I6ffzOm3cvrtnJ7P6UI+pLOYx/UNOdx+/c/TZ29Vm+f5nQjxXs8njdcDxPvEXOixPvH4XL/ns073WM5ulb/Ny0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhkZj/XFpaaZK6e3bb13699T3f7Q2ZbaVY279cTyPLaeUmimlKo+Ph+XdmNhIP/vk+uVOaZUurj+W8fTsvda8x9bmT3PpTppMz308feulD55Zee/UzVOX3pi/uzutBwAAgNHw/wAAAP//UjHk8Q==") ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r1, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x700, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 102.437555][ T5302] Bluetooth: hci0: command tx timeout [ 102.613803][ T5327] loop0: detected capacity change from 0 to 4096 [ 102.644266][ T5327] NILFS (loop0): invalid segment: Checksum error in segment payload [ 102.657071][ T5327] NILFS (loop0): trying rollback from an earlier position [ 102.692189][ T5327] NILFS (loop0): recovery complete [ 102.713830][ T5330] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 102.720943][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 102.726369][ T5327] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 102.730118][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 102.733995][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 102.739078][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 102.742375][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff [ 102.749857][ T5327] RSP: 0018:ffffc9000dea7708 EFLAGS: 00010206 [ 102.752371][ T5327] RAX: 0000000000000006 RBX: ffff8880481587a8 RCX: 0000000000000002 [ 102.756494][ T5327] RDX: ffff888040860000 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.760680][ T5327] RBP: 0000000000000000 R08: ffff888040860000 R09: 0000000000000003 [ 102.764194][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 102.767981][ T5327] R13: dffffc0000000000 R14: ffff888037c64940 R15: ffff888048157c48 [ 102.771213][ T5327] FS: 00007f8ed61f56c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 102.775079][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.778275][ T5327] CR2: 00007f8eda0107e0 CR3: 000000004232c000 CR4: 0000000000352ef0 [ 102.782016][ T5327] Call Trace: [ 102.783543][ T5327] [ 102.784877][ T5327] nilfs_clean_segments+0x162/0xa50 [ 102.787195][ T5327] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 102.789930][ T5327] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 102.793172][ T5327] ? _copy_from_user+0x94/0xb0 [ 102.796111][ T5327] nilfs_ioctl+0x261f/0x2780 [ 102.798388][ T5327] ? __pfx_nilfs_ioctl+0x10/0x10 [ 102.800683][ T5327] ? kasan_save_track+0x4f/0x80 [ 102.802830][ T5327] ? kasan_save_track+0x3e/0x80 [ 102.804910][ T5327] ? kasan_save_free_info+0x46/0x50 [ 102.807235][ T5327] ? __kasan_slab_free+0x5c/0x80 [ 102.809281][ T5327] ? kfree+0x1c1/0x630 [ 102.811011][ T5327] ? tomoyo_path_number_perm+0x501/0x630 [ 102.813268][ T5327] ? security_file_ioctl+0xc3/0x2a0 [ 102.815425][ T5327] ? __se_sys_ioctl+0x47/0x170 [ 102.817666][ T5327] ? do_syscall_64+0x14d/0xf80 [ 102.820038][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.823746][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 102.825992][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 102.828441][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 102.830725][ T5327] ? do_vfs_ioctl+0x1166/0x1530 [ 102.832562][ T5327] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 102.834623][ T5327] ? do_futex+0x333/0x420 [ 102.836233][ T5327] ? __fget_files+0x2a/0x420 [ 102.838167][ T5327] ? __fget_files+0x2a/0x420 [ 102.840122][ T5327] ? __fget_files+0x3a0/0x420 [ 102.842886][ T5327] ? __fget_files+0x2a/0x420 [ 102.845393][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 102.847479][ T5327] ? __pfx_nilfs_ioctl+0x10/0x10 [ 102.849680][ T5327] __se_sys_ioctl+0xfc/0x170 [ 102.851572][ T5327] do_syscall_64+0x14d/0xf80 [ 102.853428][ T5327] ? trace_irq_disable+0x3b/0x150 [ 102.855500][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.858175][ T5327] ? clear_bhb_loop+0x40/0x90 [ 102.861223][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.864760][ T5327] RIP: 0033:0x7f8ed9d9c819 [ 102.867051][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.874715][ T5327] RSP: 002b:00007f8ed61f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 102.877874][ T5327] RAX: ffffffffffffffda RBX: 00007f8eda015fa0 RCX: 00007f8ed9d9c819 [ 102.880803][ T5327] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 102.883706][ T5327] RBP: 00007f8ed9e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 102.886840][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.890405][ T5327] R13: 00007f8eda016038 R14: 00007f8eda015fa0 R15: 00007ffc22066258 [ 102.894304][ T5327] [ 102.895715][ T5327] Modules linked in: [ 102.898077][ T5327] ---[ end trace 0000000000000000 ]--- [ 102.909256][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 102.912887][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff [ 102.922996][ T5327] RSP: 0018:ffffc9000dea7708 EFLAGS: 00010206 [ 102.926994][ T5327] RAX: 0000000000000006 RBX: ffff8880481587a8 RCX: 0000000000000002 [ 102.930981][ T5327] RDX: ffff888040860000 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.934420][ T5327] RBP: 0000000000000000 R08: ffff888040860000 R09: 0000000000000003 [ 102.937879][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 102.941415][ T5327] R13: dffffc0000000000 R14: ffff888037c64940 R15: ffff888048157c48 [ 102.946290][ T5327] FS: 00007f8ed61f56c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 102.951214][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.953959][ T5327] CR2: 00007f8eda0107e0 CR3: 000000004232c000 CR4: 0000000000352ef0 [ 102.957973][ T5327] Kernel panic - not syncing: Fatal exception [ 102.960776][ T5327] Kernel Offset: disabled [ 102.962522][ T5327] Rebooting in 86400 seconds..