program: syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x0, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f292516351d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f300"/189], 0x1, 0xda9, &(0x7f00000006c0)="$eJzs3UtvXNUdAPBzxx47LxqHmMZN08QlpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDNn7v3fe885M3fuzNzXScDIaqw9Li7OVCm9feuti/fOjP9vdcyZ1hSza4/jeWgppdRszZfSVFje0uR6/tkn1y6155/nvEoXUpWq1vj07N3WvIdTStfTbLqdptJzH5+4+dIHzyy/d/zG8YtvzN3ZmdYDAMBoufejd3/5t8d/eO3Y/39/eilNtsaX3+dLefhI/t2/VK0P56z1P6Bqy6u24WIiTDeeUyNMN9ZhuvZymmG68S7lT4TlNrtMN1lT/ljbuE7thmG28T++asxvGm405ufX/5Ov+nBsopp/5cryC1cHVFFg2316Ju/ikyRp5NLK0UFvgQDWxeOG97ke9yw8mNbSxnsr/+7Tjc7zwzbY7fVf+cNV/rs3bHHYPvt1bSrtKp+jI3k4HkcYD/P1+/kvy4vHI5o91rPbcYRhOb7QrZ5ju1yPrepW/7he7Fdfy3l5HU6HePvnJ76nw/IeA53ds/9fkkY2rQx6AwTsWfG8uZWsxON5fTE+WRM/UBM/WBM/VBM/XBOHUfaHV3+bblYb//Pjf/p+94eV/WwP5fxLfdYn7o/st/x43m+/HrT8eD4x7Glz/z316a9v/z2e//95OP//bP4uncobiLK/MO5Xb537Hy4MbnSZ7uFQnYc6TL/2fHrzdNX0xnJS23bmvnrMbJ7vaLfpTm2ebipMdyj/FjkQ6ht/nxwK85XfH2W7Wl6v8dDeZmjHRKhHeWeO5fxAaM+xbu0KO7InwnTNnI6Hdk2Hdj0S5vtyaFc1s7ldcf95qc+JMD4eJynThbftvu+l+F7E6zIezfmbOX8n5+/n/KMO5Y6isj52O/+/rJ8zqVm9cGX58hN5uKynd8aak6vjz+9yvYEH1+v1PzNp8/U/R1rjm4327cLRjfFV+3ZhKoy/0GX8k3m4fJ/9dOzg2vj5Sz9f/sl2Nx5G3NXXXv/Z88vLl3/lyUg+WV0H9kA1PNlzTwa9ZQJ22sKrL/9i4eprr5+78vLzL15+8fIr55/4/veefOqpxYW1X/UL7b/tgf1l40t/0DUBAAAAAAAAAAAAelYd7Dw653X3ty3Xk5fr0+P18QyH8r6VtaHcx6Bc/9ntvi7l+s1ju1BHtt9uXE406DYCnf3b/X8laWTTyoq7+AN7w6D7/yv3PSz5kXP/PLaaymR3n968vYz3L4QHsdf7n1P+/ur/r9X/Vc/bv9Bj1tTWyv3jvYP/aCs2ney1/Nj+ch/Y6f7K/1Muv7TmsdRb+Su/C+XHG5X26M+h/EM9ln9f+09trfy/5PLLyzZ3ttfy12tcNTbXI+43LvcBjPuNi7+G9pd7+/Xd/i121HYrlw+jbFj6mezXsPT/2U1ZbtkO5s1z6zhduf/2RLh3db/1L/f9Lt8Dj4TlVzXfb/r/HG51/X+W9W9B/5+w73zo+J/UU2rrWWngdZG2K62srAy065NR7Xdlrxj06z/o35CDLn/Qr3+d2P9n/L8U+/+M8dj/Z4zH/j9jPPavFeOx/8/4esb+P2P8RFhu7B90pib+lZr4yZr4V2vip2ri8f9bjM/WxE/XxM/UxB+uiT9aEz9bE/9GTfyxmvjjNfG5mvh+9/Wcj2r7YZTFfiN9/mF0lOM/3T7/0zVxYHjFfp3j5/ubNXFgeJXzPHy+YQRVne/YEfe3l/24b+b8nZy/n/OPdqyC7IZv5fzbOf9Ozr+b83M5n8/5Qs71DTncfvOvk6dvVhvn+R0N8V7PJ43XA8T7xJzvsT7x+Fy/57Oe6LGcnSp/i5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxtrj4uJMldLbt966+J/pH/x4dcyZ1hSza4/jeWgppdRMKVV5eDws7/rkev7ZJ9cudcqrdGHtsQynZ++25j28On+aTbfTVHru4xM3X/rgmeX3jt84fvGNuTs703oAAAAYDV8EAAD//zf747A=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='rdma.current\x00', 0x26e1, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2f}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 84.083152][ T5300] Bluetooth: hci0: command tx timeout [ 84.330745][ T5322] loop0: detected capacity change from 0 to 4096 [ 84.371993][ T5322] NILFS (loop0): invalid segment: Checksum error in segment payload [ 84.375629][ T5322] NILFS (loop0): trying rollback from an earlier position [ 84.413163][ T5322] NILFS (loop0): recovery complete [ 84.426378][ T5329] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.454134][ T5322] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 84.459117][ T5322] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 84.462834][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.467303][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.472853][ T5322] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 84.475709][ T5322] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 2e a1 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 10 a1 84 fe 49 8b 34 24 4c 89 ff [ 84.483874][ T5322] RSP: 0018:ffffc9000dd5f708 EFLAGS: 00010206 [ 84.487178][ T5322] RAX: 0000000000000006 RBX: ffff8880129fc7a8 RCX: 0000000000000002 [ 84.491113][ T5322] RDX: ffff8880118ec980 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.494434][ T5322] RBP: 0000000000000000 R08: ffff8880118ec980 R09: 0000000000000003 [ 84.497760][ T5322] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 84.501191][ T5322] R13: dffffc0000000000 R14: ffff88801c318540 R15: ffff8880129fbc48 [ 84.504470][ T5322] FS: 00007fa9c51c16c0(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000 [ 84.509096][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.511966][ T5322] CR2: 00005593e61d2ab0 CR3: 000000001fcc7000 CR4: 0000000000352ef0 [ 84.515351][ T5322] Call Trace: [ 84.516772][ T5322] [ 84.518072][ T5322] nilfs_clean_segments+0x162/0xa50 [ 84.520188][ T5322] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 84.522500][ T5322] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 84.524843][ T5322] ? _copy_from_user+0x94/0xb0 [ 84.528080][ T5322] nilfs_ioctl+0x261f/0x2780 [ 84.530383][ T5322] ? __pfx_nilfs_ioctl+0x10/0x10 [ 84.532877][ T5322] ? kasan_save_track+0x4f/0x80 [ 84.535533][ T5322] ? kasan_save_track+0x3e/0x80 [ 84.538106][ T5322] ? kasan_save_free_info+0x46/0x50 [ 84.540574][ T5322] ? __kasan_slab_free+0x5c/0x80 [ 84.542718][ T5322] ? kfree+0x1c1/0x630 [ 84.544569][ T5322] ? tomoyo_path_number_perm+0x501/0x630 [ 84.547464][ T5322] ? security_file_ioctl+0xc3/0x2a0 [ 84.550136][ T5322] ? __se_sys_ioctl+0x47/0x170 [ 84.552694][ T5322] ? do_syscall_64+0x14d/0xf80 [ 84.554930][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.557765][ T5322] ? kasan_quarantine_put+0xbb/0x1f0 [ 84.560125][ T5322] ? tomoyo_path_number_perm+0x219/0x630 [ 84.562548][ T5322] ? tomoyo_path_number_perm+0x219/0x630 [ 84.565060][ T5322] ? do_vfs_ioctl+0x1166/0x1530 [ 84.567422][ T5322] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.570100][ T5322] ? do_futex+0x395/0x420 [ 84.572396][ T5322] ? __fget_files+0x2a/0x420 [ 84.574569][ T5322] ? __fget_files+0x2a/0x420 [ 84.576758][ T5322] ? __fget_files+0x3a0/0x420 [ 84.578992][ T5322] ? __fget_files+0x2a/0x420 [ 84.581768][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.584608][ T5322] ? __pfx_nilfs_ioctl+0x10/0x10 [ 84.587337][ T5322] __se_sys_ioctl+0xfc/0x170 [ 84.589549][ T5322] do_syscall_64+0x14d/0xf80 [ 84.591740][ T5322] ? trace_irq_disable+0x3b/0x150 [ 84.593978][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.596668][ T5322] ? clear_bhb_loop+0x40/0x90 [ 84.598787][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.601250][ T5322] RIP: 0033:0x7fa9c439c799 [ 84.603166][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.612812][ T5322] RSP: 002b:00007fa9c51c0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.615998][ T5322] RAX: ffffffffffffffda RBX: 00007fa9c4615fa0 RCX: 00007fa9c439c799 [ 84.619375][ T5322] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 84.622860][ T5322] RBP: 00007fa9c4432c99 R08: 0000000000000000 R09: 0000000000000000 [ 84.626805][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.631015][ T5322] R13: 00007fa9c4616038 R14: 00007fa9c4615fa0 R15: 00007ffeedb5e388 [ 84.634297][ T5322] [ 84.635614][ T5322] Modules linked in: [ 84.637809][ T5322] ---[ end trace 0000000000000000 ]--- [ 84.649114][ T5322] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 84.653178][ T5322] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 2e a1 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 10 a1 84 fe 49 8b 34 24 4c 89 ff [ 84.665189][ T5322] RSP: 0018:ffffc9000dd5f708 EFLAGS: 00010206 [ 84.668547][ T5322] RAX: 0000000000000006 RBX: ffff8880129fc7a8 RCX: 0000000000000002 [ 84.673849][ T5322] RDX: ffff8880118ec980 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.677582][ T5322] RBP: 0000000000000000 R08: ffff8880118ec980 R09: 0000000000000003 [ 84.681883][ T5322] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 84.685667][ T5322] R13: dffffc0000000000 R14: ffff88801c318540 R15: ffff8880129fbc48 [ 84.690308][ T5322] FS: 00007fa9c51c16c0(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000 [ 84.695655][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.698928][ T5322] CR2: 00007f213d11ed20 CR3: 000000001fcc7000 CR4: 0000000000352ef0 [ 84.703314][ T5322] Kernel panic - not syncing: Fatal exception [ 84.706755][ T5322] Kernel Offset: disabled [ 84.708719][ T5322] Rebooting in 86400 seconds..