program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xda8, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzxzNxXjQOMY2bpklKSkkfsUmISnc1UrpAlVAlPgFKAw019BG6AAUpYdFtIyE+QBH7LvrMAililYpNq34BxKqbFCHRNqoERrbPGc/8PaM7k9gej+f3k+6cufd/7z3nzOPOnfs4JwETq7H6eOHCXJXS27feunjvZPN/K1NOtuc4tfrYzGOLKaVWe7mUZsL6FqfX0s8+uXapM/08p1U6n6pUtaenZ++2lz2QUrqeTqXbaSY99/HRmy998MzSe0duHLn4xpk7W1N7AACYLPd+9O4v//b4D68d/v/vTyym6fb0sn++mMcP5v3+xWptPCft/wFVR1p1jBd7wnzNPDTCfFM95uvMpxXma/bJf09Yb6vPfNM1+U91TOtVbxhn6//jq8Z813ijMT+/9p98xYdTe6r5V64svXB1RAUFNt2nJ/MhPoPBMHHD8qFRb4EA1sTzhhtcj0cWHkx7bc3B8r/7dKP38rAJtvvzL//xyv/dG7Y4bJ7d+mkq9Srfo4N5PJ5HaIblhv3+l/XF8xGtAcvZ7zzCuJxf6FfOqW0ux/3qV/74uditvpbT8jqcCPHO7098T8flPQZ6u+f4v8EwscPyqDdAwI4Vr5tbzko8XtcX49M18b018X018f018QM1cZhkf3j1t+lmtf4/P/6nH/Z4WDnO9lBOvzRkeeLxyGHzj9f9DutB84/XE8OOdua/xz/99e2/x+v/Pw/X/5/Ov6UzeQNRjhfG4+rta//DjcGNPvM9HIrzUI/5V5/Pds9Xza6vJ3VsZzaUY657uUP95jvePd9MmG9/3hfZG8ob90/2h+XK/kfZrpbXqxnq2+qoR9Vc346VcpR35nBO94b6HO5Xr3Age0+Yr5WHI6Fes6Fej4TlvhzqVc111ysePy/lORqmx/MkZb7wtm34XYrvRbwv49GcvpnTd3L6fk4/6pHvJCqfx37X/5fP51xqVS9cWbr8RB4v37c7U63plenntrncwIMb9P6fudR9/8/B9vRWo3O7cGh9etW5XZgJ08/3mf5kHi+/Zz+d2rc6ff7Sz5d+stmVhwl39bXXf/b80tLlX3niiSeetJ+MessEbLWFV1/+xcLV114/e+Xl51+8/OLlV8498f3vPfnUUxcWVvfqFzr37YHdZf1Hf9QlAQAAAAAAAAAAAAZW7es9Oad17duW+8nL/enx/njGQ3nfyqehtGNQ7v/s165LuX/z8DaUkc23HbcTjbqOQG//1v6vwTCxw/KyVvyBnWHU/f+Vdg9LevDsPw+vDGW2u093by9j+4XwIHZ6/3Py3139/7X7vxp4+xd6zJq5v3z/eG/fPzqyTccGzT/Wv7QDO1ubZVeTpH/K+ZfaPJYGy3/5dyH/2FDpgP4c8t8/YP4b6n98mFzXD8X9JedfXrYzpwfNf63EVaO7HPG4cWkHMB43Lv4a6l/a9hu6/vfZUdutnD9MsnHpZ3JY49L/Zz9lvWU7mDfP7fN0pf3t2N/BsOUv7X6X34FHwvqrmt83/X+Ot7r+P8vnb0H/n7DrfOj8n8EwscPy8vJIuz6Z1H5XdopRv/6j3occdf6jfv27bewWM/b/Gf8vxf4/Yzz2/xnjsf/PGI/9a8V47P8zvp6x/88YPxrWG/sHnauJf6Umfqwm/tWa+PGaePz/FuOnauInauIna+IP18QfrYmfrol/oyb+WE388Zr4mZr4bvf1nE5q/WGSxX4jff9hcpTzP/2+/7M1cWB8xX6d4/f7mzVxYHyV6zx8v2ECVb1b7IjH28tx3Ddz+k5O38/pR1tWQLbDt3L67Zx+J6ffzenZnM7ndCGn+oYcb7/517ETN6v16/wOhfig15NW4cxcbCfm3IDliefnhr2e9eiA+WxV/vd5OwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2GisPl64MFel9Patty7+Z/YHP16ZcrI9x6nVx2YeW0wptVJKVR5vhvVdn15LP/vk2qVeaZXOrz6W8fTs3fayB1aWT6fS7TSTnvv46M2XPnhm6b0jN45cfOPMna2pPQAAAEyGLwIAAP//azHnOw==") getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0xfff}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={r0, 0x1}, &(0x7f00000000c0)=0x8) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r1, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0x200d, 0xe2}, {&(0x7f0000000300)=[{0x1f, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 103.384121][ T5307] Bluetooth: hci0: command tx timeout [ 103.594948][ T5331] loop0: detected capacity change from 0 to 4096 [ 103.640982][ T5331] NILFS (loop0): invalid segment: Checksum error in segment payload [ 103.654015][ T5331] NILFS (loop0): trying rollback from an earlier position [ 103.681820][ T5331] NILFS (loop0): recovery complete [ 103.696024][ T5336] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.706268][ T5332] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 103.712442][ T5332] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 103.717183][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 103.721095][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 103.725637][ T5332] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 103.728650][ T5332] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff [ 103.739962][ T5332] RSP: 0018:ffffc9000efa7708 EFLAGS: 00010206 [ 103.742674][ T5332] RAX: 0000000000000006 RBX: ffff888012eb87a8 RCX: 0000000000000000 [ 103.746939][ T5332] RDX: ffff88801f64a4c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.750760][ T5332] RBP: 0000000000000000 R08: ffff88801f64a4c0 R09: 0000000000000003 [ 103.754090][ T5332] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030 [ 103.757776][ T5332] R13: dffffc0000000000 R14: ffff88801246b140 R15: ffff888012ea7c48 [ 103.762878][ T5332] FS: 00007f3263c756c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 103.767155][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.770003][ T5332] CR2: 00007f3263c74ff8 CR3: 00000000444e8000 CR4: 0000000000352ef0 [ 103.774180][ T5332] Call Trace: [ 103.775887][ T5332] [ 103.776988][ T5332] nilfs_clean_segments+0x162/0xa50 [ 103.779073][ T5332] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 103.781995][ T5332] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 103.784986][ T5332] ? _copy_from_user+0x94/0xb0 [ 103.787542][ T5332] nilfs_ioctl+0x261f/0x2780 [ 103.789902][ T5332] ? __pfx_nilfs_ioctl+0x10/0x10 [ 103.792029][ T5332] ? kasan_save_track+0x4f/0x80 [ 103.794300][ T5332] ? kasan_save_track+0x3e/0x80 [ 103.796719][ T5332] ? kasan_save_free_info+0x46/0x50 [ 103.799417][ T5332] ? __kasan_slab_free+0x5c/0x80 [ 103.802173][ T5332] ? kfree+0x1c1/0x630 [ 103.804236][ T5332] ? tomoyo_path_number_perm+0x501/0x630 [ 103.806889][ T5332] ? security_file_ioctl+0xc3/0x2a0 [ 103.809697][ T5332] ? __se_sys_ioctl+0x47/0x170 [ 103.812423][ T5332] ? do_syscall_64+0x14d/0xf80 [ 103.814739][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.817529][ T5332] ? kasan_quarantine_put+0xbb/0x1f0 [ 103.819981][ T5332] ? tomoyo_path_number_perm+0x219/0x630 [ 103.823010][ T5332] ? tomoyo_path_number_perm+0x219/0x630 [ 103.825983][ T5332] ? do_vfs_ioctl+0x1166/0x1530 [ 103.828163][ T5332] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 103.830410][ T5332] ? do_futex+0x333/0x420 [ 103.832098][ T5332] ? __fget_files+0x2a/0x420 [ 103.833932][ T5332] ? __fget_files+0x2a/0x420 [ 103.836095][ T5332] ? __fget_files+0x3a0/0x420 [ 103.838937][ T5332] ? __fget_files+0x2a/0x420 [ 103.841559][ T5332] ? bpf_lsm_file_ioctl+0x9/0x20 [ 103.844407][ T5332] ? __pfx_nilfs_ioctl+0x10/0x10 [ 103.846640][ T5332] __se_sys_ioctl+0xfc/0x170 [ 103.849062][ T5332] do_syscall_64+0x14d/0xf80 [ 103.851163][ T5332] ? trace_irq_disable+0x3b/0x150 [ 103.853476][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.856121][ T5332] ? clear_bhb_loop+0x40/0x90 [ 103.858437][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.861310][ T5332] RIP: 0033:0x7f3262d9c799 [ 103.863695][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.873280][ T5332] RSP: 002b:00007f3263c74fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.877063][ T5332] RAX: ffffffffffffffda RBX: 00007f3263016090 RCX: 00007f3262d9c799 [ 103.880781][ T5332] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004 [ 103.884175][ T5332] RBP: 00007f3262e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 103.887696][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.892006][ T5332] R13: 00007f3263016128 R14: 00007f3263016090 R15: 00007ffd0898c988 [ 103.895984][ T5332] [ 103.897602][ T5332] Modules linked in: [ 103.902278][ T5332] ---[ end trace 0000000000000000 ]--- [ 103.924095][ T5332] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 103.927475][ T5332] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff [ 103.938419][ T5332] RSP: 0018:ffffc9000efa7708 EFLAGS: 00010206 [ 103.941265][ T5332] RAX: 0000000000000006 RBX: ffff888012eb87a8 RCX: 0000000000000000 [ 103.945599][ T5332] RDX: ffff88801f64a4c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.950071][ T5332] RBP: 0000000000000000 R08: ffff88801f64a4c0 R09: 0000000000000003 [ 103.954327][ T5332] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030 [ 103.957813][ T5332] R13: dffffc0000000000 R14: ffff88801246b140 R15: ffff888012ea7c48 [ 103.962328][ T5332] FS: 00007f3263c756c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 103.967164][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.970274][ T5332] CR2: 00007f15bbf8dd30 CR3: 00000000444e8000 CR4: 0000000000352ef0 [ 103.974189][ T5332] Kernel panic - not syncing: Fatal exception [ 103.977676][ T5332] Kernel Offset: disabled [ 103.980127][ T5332] Rebooting in 86400 seconds..