program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000180)='./file0\x00', 0x10, &(0x7f0000000040)={[{@discard}, {@errors_remount_ro}, {@order_relaxed}, {@nobarrier}, {@discard}]}, 0x1, 0xdba, &(0x7f0000001c40)="$eJzs3UtvXNUdAPBzx+M4T+IQ07hpGrukFPcRmwSrdFcjpQtUCVXiE6A00FBDH6ELUFATFt02EuIDFLHvos8skCJWqdi06hdArLpJERJto0rgyvY54/E/M70zjuPxeH4/6c6Ze//n3nPOPO7cua+TgJHVWHtcXJyuUnr75lsX7s40/7M6ZaaVY3btsZnHllJK4635UpoMy1uaWE8/++Tqxfb085xW6XyqUtWanp6905r3UErpWppNt9Jkeu7jEzde+uCZ5feOXz9+4Y252w+m9QAAMFrufv/dn/3l8e9dPfbf355eShOt6WX7fCmPH87b/UvV+nhOWv8Dqra0ahsv9oV8zTw0Qr6xDvnayxkP+Zpdyt8XljveJd9ETfljbdM6tRuG2cb/+Koxv2m80ZifX/9PvurDsX3V/CuXl1+4MqCKAtvu05m8i89gMIzcsHJ00GsggHXxuOE9rsU9C/entbRmb+XfebrReX7YBjv9+Vf+cJX/7nVrHLbPXv00lXaV79HhPB6PIzTDfP1+/8vy4vGI8R7r2e04wrAcX+hWz7EdrsdWdat//FzsVV/OaXkdTod4+/cnvqfD8h4Dnd21/99gGNlhZdArIGDXiufNrWQlHs/ri/GJmvj+mviBmvjBmvihmjiMst+9+ut0o9r4nx//0/e7P6zsZzuS04f6rE/cH9lv+fG8337db/nxfGLY1eb+ferTX9z6azz///Nw/v+Z/Fs6mVcQZX9h3K/eOvc/XBjc6JLv4VCdIx3yrz2f2pyvmtpYTmpbz9xTj+nN8x3tlu/U5nyTId/BvC2yP9Q3bp8cDPOV7Y+yXi2vVzO0t2xnPfTL9Y2TfaEe5Z05ltP9oT3HurUr7MjeF/KN5+F4aNdUaNcjYb4vhHZV05vbFfefl/qcCNPjcZKSL7xt9/wuxfciXpfxaE7fzOk7OX0/px91KHcUlc9jt/P/y+dzOo1XL1xevvREHi/ft9tj4xOr08/tcL2B+9fr9T/TafP1P4db08cb7euFoxvTq/b1wmSYfr7L9CfzePk9+9HYgbXp8xd/svzD7W48jLgrr73+4+eXly/93JOBPjmyO6qxd56s/rHYBdUY3ieDXjMBD9rCqy//dOHKa6+fvfzy8y9eevHSK+ee+M63n3zqqcWFta36hfZte2Bv2fjRH3RNAAAAAAAAAAAAgJ5VBzpPzmnd/W3L9eTl+vR4fTzDobxv5dNQ7mNQrv/sdl+Xcv3msR2oI9tvJy4nGnQbgc7+6f6/BsPIDisr7uIP7A6D7v+v3PewpIfP/v3Y6lCy3Xl68/oy3r8Q7sfu7n+uOfD+70a9/O3u/6/V/1XP67/QY9bk1sr9/d0Df2srNp3stfzY/nIf2Kn+yv9DLr+05rHUW/krvwnlxxuV9uiPofyDPZZ/T/tPba38P+Xyy8s2d6bX8tdrXDU21yPuNy73AYz7jYs/h/aXe/v13f4tdtR2M5cPo2xY+pnsV/f+P9e333dL/5/dlOWW9WBePbeO05X7b8f+Dvqtf7nvd/kdeCQsv6r5fdP/53Cr6/+zfP4W9P8Je86Hjv8ZDCM7rKysDLTrk1Htd2W3GPTrP+htyEGXP+jXv07s/zP+X4r9f8Z47P8zxmP/nzEe+9eK8dj/Z3w9Y/+fMX4iLDf2DzpdE/9iTfxkTfxLNfFTNfH4/y3GZ2vip2viMzXxh2vij9bEz9TEv1oTf6wm/nhNfK4mvtd9Jaej2n4YZbHfSN9/GB3l+E+37/9UTRwYXrFf5/j9/lpNHBhe5TwP328YQVXnO3bE/e1lP+6bOX0np+/n9KMHVkF2wtdz+o2cfjOn38rp2ZzO53Qhp/qGHG6/+sfJ0zeqjfP8joZ4r+eTxusB4n1izvVYn7WlNPsvvzjRYzn/t/y09fK3eDkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNBorD0uLk5XKb19860L/5r67g9Wp8y0csyuPTbz2FJKaTylVOXxZljetYn19LNPrl7slFbp/NpjGU/P3mnNe2h1/jSbbqXJ9NzHJ2689MEzy+8dv378whtztx9M6wEAAGA0/C8AAP//a3LnHQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dddbfb, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac04}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x41}, 0x0) ioctl$KVM_TDX_INIT_VCPU(r0, 0xc008aeba, &(0x7f0000000080)={0x2, 0x0, 0x9cf}) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {0x0, 0x0, 0x8, 0x98f, 0xffff}}) [ 155.162098][ T4666] Bluetooth: hci0: command tx timeout [ 155.290683][ T5344] loop0: detected capacity change from 0 to 4096 [ 155.331512][ T5344] NILFS (loop0): invalid segment: Checksum error in segment payload [ 155.340239][ T5344] NILFS (loop0): trying rollback from an earlier position [ 155.370915][ T5344] NILFS (loop0): recovery complete [ 155.387293][ T5346] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.406921][ T5344] netlink: 'syz.0.0': attribute type 11 has an invalid length. [ 155.410793][ T5344] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'. [ 155.427380][ T5344] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 155.432946][ T5344] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 155.436710][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 155.441820][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 155.446521][ T5344] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 155.449824][ T5344] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 6f 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 6f 84 fe 49 8b 34 24 4c 89 ff [ 155.458957][ T5344] RSP: 0018:ffffc9000f50f708 EFLAGS: 00010206 [ 155.461717][ T5344] RAX: 0000000000000006 RBX: ffff88804d8ac7a8 RCX: 0000000000000002 [ 155.465532][ T5344] RDX: ffff88801c354980 RSI: 0000000000000000 RDI: 0000000000000000 [ 155.470007][ T5344] RBP: 0000000000000000 R08: ffff88801c354980 R09: 0000000000000003 [ 155.473759][ T5344] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 155.477195][ T5344] R13: dffffc0000000000 R14: ffff88801fca9540 R15: ffff88804d8abc48 [ 155.480437][ T5344] FS: 00007f4907feb6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 155.484294][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.487309][ T5344] CR2: 00007fed035909c0 CR3: 000000001f102000 CR4: 0000000000352ef0 [ 155.492022][ T5344] Call Trace: [ 155.493786][ T5344] [ 155.495149][ T5344] nilfs_clean_segments+0x162/0xa50 [ 155.497425][ T5344] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 155.500153][ T5344] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 155.502649][ T5344] ? _copy_from_user+0x94/0xb0 [ 155.504684][ T5344] nilfs_ioctl+0x261f/0x2780 [ 155.506194][ T5344] ? __pfx_nilfs_ioctl+0x10/0x10 [ 155.507789][ T5344] ? kasan_save_track+0x4f/0x80 [ 155.509376][ T5344] ? kasan_save_track+0x3e/0x80 [ 155.511106][ T5344] ? kasan_save_free_info+0x46/0x50 [ 155.512867][ T5344] ? __kasan_slab_free+0x5c/0x80 [ 155.514538][ T5344] ? kfree+0x1c1/0x630 [ 155.516019][ T5344] ? tomoyo_path_number_perm+0x501/0x630 [ 155.518323][ T5344] ? security_file_ioctl+0xc3/0x2a0 [ 155.520694][ T5344] ? __se_sys_ioctl+0x47/0x170 [ 155.522931][ T5344] ? do_syscall_64+0x14d/0xf80 [ 155.525306][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.528563][ T5344] ? kasan_quarantine_put+0xbb/0x1f0 [ 155.531569][ T5344] ? tomoyo_path_number_perm+0x219/0x630 [ 155.534663][ T5344] ? tomoyo_path_number_perm+0x219/0x630 [ 155.537114][ T5344] ? do_vfs_ioctl+0x1166/0x1530 [ 155.539247][ T5344] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 155.541407][ T5344] ? do_futex+0x395/0x420 [ 155.543383][ T5344] ? __fget_files+0x2a/0x420 [ 155.545544][ T5344] ? __fget_files+0x2a/0x420 [ 155.547925][ T5344] ? __fget_files+0x2a/0x420 [ 155.550524][ T5344] ? __fget_files+0x3a0/0x420 [ 155.553415][ T5344] ? __fget_files+0x2a/0x420 [ 155.556117][ T5344] ? bpf_lsm_file_ioctl+0x9/0x20 [ 155.558404][ T5344] ? __pfx_nilfs_ioctl+0x10/0x10 [ 155.560543][ T5344] __se_sys_ioctl+0xfc/0x170 [ 155.562431][ T5344] do_syscall_64+0x14d/0xf80 [ 155.564445][ T5344] ? trace_irq_disable+0x3b/0x150 [ 155.566751][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.569516][ T5344] ? clear_bhb_loop+0x40/0x90 [ 155.572148][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.575298][ T5344] RIP: 0033:0x7f490719c819 [ 155.577297][ T5344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.585651][ T5344] RSP: 002b:00007f4907feafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.589461][ T5344] RAX: ffffffffffffffda RBX: 00007f4907415fa0 RCX: 00007f490719c819 [ 155.592897][ T5344] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 155.596497][ T5344] RBP: 00007f4907232c91 R08: 0000000000000000 R09: 0000000000000000 [ 155.600123][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.603915][ T5344] R13: 00007f4907416038 R14: 00007f4907415fa0 R15: 00007ffe3495b428 [ 155.607579][ T5344] [ 155.609033][ T5344] Modules linked in: [ 155.612232][ T5344] ---[ end trace 0000000000000000 ]--- [ 155.620836][ T5344] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 155.623737][ T5344] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 6f 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 6f 84 fe 49 8b 34 24 4c 89 ff [ 155.634463][ T5344] RSP: 0018:ffffc9000f50f708 EFLAGS: 00010206 [ 155.638514][ T5344] RAX: 0000000000000006 RBX: ffff88804d8ac7a8 RCX: 0000000000000002 [ 155.643070][ T5344] RDX: ffff88801c354980 RSI: 0000000000000000 RDI: 0000000000000000 [ 155.646641][ T5344] RBP: 0000000000000000 R08: ffff88801c354980 R09: 0000000000000003 [ 155.650339][ T5344] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 155.654682][ T5344] R13: dffffc0000000000 R14: ffff88801fca9540 R15: ffff88804d8abc48 [ 155.658611][ T5344] FS: 00007f4907feb6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 155.663395][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.666315][ T5344] CR2: 00007fed035909c0 CR3: 000000001f102000 CR4: 0000000000352ef0 [ 155.670131][ T5344] Kernel panic - not syncing: Fatal exception [ 155.673148][ T5344] Kernel Offset: disabled [ 155.674850][ T5344] Rebooting in 86400 seconds..