program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xda9, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxoHm9pN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIht1UWfWSBFrFKxadUvgFh1kyIk2kaVwJXtc8bjf2Z0x47t8Xh+P+nOmXv/595zzjzu3Lmvk4Ch1Vh7XFycrlJ6+9ZbF+/NjP53dcpMK8fs2uNoHltKKTVb86U0Hpa3NLaefvbJtUvt6ec5rdKFVKWqNT09e7c177GU0vU0m26n8fTcx1M3X/rgmeX3Jm5MXHxj7s7utB4AAIbLvR+8+/O/Pv79ayf/97szS2msNb1sny/l8eN5u3+pWh/PSet/QNWWVm3jxaGQbzQPjZBvpEO+9nKaId9ol/IPheU2u+Qbqyl/pG1ap3bDINv4H1815jeNNxrz8+v/yVd9OHKomn/lyvILV/tUUWDHfTqTd/EZDIahG1ZO9HsNBLAuHje8z/W4Z+HBtJY22lv5d59udJ4fdsBef/6VP1jlv3vDGoedc1A/TaVd5Xt0PI/H4wijYb6tfv/L8uLxiGaP9ex2HGFQji90q+fIHtdju7rVP34uDqqv5LS8DmdCvP37E9/TQXmPgc7u2f9vMAztsNLvFRCwb8Xz5layEo/n9cX4WE38cE38SE38aE38WE0chtnvX/11ullt/M+P/+m3uj+s7Gd7KKdf2GJ94v7IrZYfz/vdqgctP55PDPva3H9Of/rL23+L5/9/Hs7/P5t/S8fzCqLsL4z71Vvn/ocLgxtd8j0cqvNQh/xrzyc356smN5aT2tYz99VjevN8J7rlO70533jIdzRvixwO9Y3bJ0fDfGX7o6xXy+s1GtrbDO04FOpR3pmTOT0c2nOyW7vCjuxDIV8zDxOhXZOhXY+E+b4Y2lVNb25X3H9e6jMVpsfjJCVfeNvu+12K70W8LuPRnL6Z03dy+n5OP+pQ7jAqn8du5/+Xz+d0alYvXFm+/EQeL5/TOyPNsdXp5/e43sCD6/X6n+m0+fqf463pzUb7euHExvSqfb0wHqZf6DL9yTxefs9+PHJkbfr8pZ8u/2inGw9D7uprr//k+eXly7/wxBNP9vTJkf1RjS5P+r1mAnbbwqsv/2zh6muvn7vy8vMvXn7x8ivnn/jud5586qnFhbWt+oX2bXvgYNn40e93TQAAAAAAAAAAAICeVUc6T85p3f1ty/Xk5fr0eH08g6G8b+XTUO5jUK7/7HZfl3L95sk9qCM7by8uJ+p3G4HO/uX+vwbD0A4rK+7iD+wP/e7/r9z3sKTHz/3j5OpQst19evP6Mt6/EB7Efu9/TvkHq/+/Vv9XPa//Qo9Z49sr9w/3jvy9rdh0qtfyY/vLfWAnt1b+H3P5pTWPpd7KX/lNKD/eqLRHfwrlH+2x/Pvaf3p75f85l19etrmzvZa/XuOqsbkecb9xuQ9g3G9c/CW0v9zbb8vt32ZHbbdy+TDMBqWfyVoTv900Oij9f3ZTllvWg3n13DpOV+6/Hfs72Gr9y32/y+/AI2H5Vc3vm/4/B1td/5/l87eg/084cD50/M9gGNphZWWlr12fDGu/K/tFv1//fm9D9rv8fr/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8amw3Ng/6HRN/Es18VM18S/XxE/XxOP/txifrYmfqYnP1MQfrok/WhM/WxP/Wk38sZr44zXxuZr4QffVnA5r+2GYxX4jff9heJTjP92+/5M1cWBwxX6d4/f76zVxYHCV8zx8v2EIVZ3v2BH3t5f9uG/m9J2cvp/Tj3atguyFb+T0mzn9Vk6/ndNzOZ3P6UJO9Q052H71z1NnblYb5/mdCPF4PumxuIB8Pmm8HiDeJ+Z8j/WJx+e2ej7rVI/l7Fb527wcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBgNNYeFxenq5TevvXWxX9Pfu+Hq1NmWjlm1x5H89hSSqmZUqry+GhY3vWx9fSzT65d6pRW6cLaYxlPz95tzXtsdf40m26n8fTcx1M3X/rgmeX3Jm5MXHxj7s7utB4AAACGw/8DAAD//2u35hw=") r0 = fanotify_init(0x222, 0x800) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fanotify_mark(r0, 0x101, 0x8001043, r2, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r3, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xe, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f0000000000)=[0x9, 0x6], 0x2, 0x8, 0x98f, 0x2000fffc}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68200, 0xa1) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, 0x0) [ 154.346847][ T46] Bluetooth: hci0: command tx timeout [ 154.443192][ T5343] loop0: detected capacity change from 0 to 4096 [ 154.474052][ T5343] NILFS (loop0): invalid segment: Checksum error in segment payload [ 154.483205][ T5343] NILFS (loop0): trying rollback from an earlier position [ 154.543347][ T5343] NILFS (loop0): recovery complete [ 154.562851][ T5345] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.579132][ T5343] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 154.586117][ T5343] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 154.589810][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 154.593605][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 154.597956][ T5343] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 154.601016][ T5343] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff [ 154.611899][ T5343] RSP: 0018:ffffc9000f4bf708 EFLAGS: 00010206 [ 154.614611][ T5343] RAX: 0000000000000006 RBX: ffff88805581c7a8 RCX: 0000000000000002 [ 154.618066][ T5343] RDX: ffff88803ccc4980 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.621806][ T5343] RBP: 0000000000000000 R08: ffff88803ccc4980 R09: 0000000000000003 [ 154.626125][ T5343] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 154.631156][ T5343] R13: dffffc0000000000 R14: ffff88801edc3d40 R15: ffff88805581bc48 [ 154.635053][ T5343] FS: 00007f2dcf32c6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 154.639143][ T5343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.642237][ T5343] CR2: 00007f2dce6064b0 CR3: 0000000012b9c000 CR4: 0000000000352ef0 [ 154.646282][ T5343] Call Trace: [ 154.648256][ T5343] [ 154.649915][ T5343] nilfs_clean_segments+0x162/0xa50 [ 154.652402][ T5343] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 154.655116][ T5343] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 154.658372][ T5343] ? _copy_from_user+0x94/0xb0 [ 154.661533][ T5343] nilfs_ioctl+0x261f/0x2780 [ 154.664268][ T5343] ? __pfx_nilfs_ioctl+0x10/0x10 [ 154.666677][ T5343] ? kasan_save_track+0x4f/0x80 [ 154.669038][ T5343] ? kasan_save_track+0x3e/0x80 [ 154.671431][ T5343] ? kasan_save_free_info+0x46/0x50 [ 154.673691][ T5343] ? __kasan_slab_free+0x5c/0x80 [ 154.675933][ T5343] ? kfree+0x1c1/0x630 [ 154.677996][ T5343] ? tomoyo_path_number_perm+0x501/0x630 [ 154.681147][ T5343] ? security_file_ioctl+0xc3/0x2a0 [ 154.684069][ T5343] ? __se_sys_ioctl+0x47/0x170 [ 154.686401][ T5343] ? do_syscall_64+0x14d/0xf80 [ 154.688418][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.691137][ T5343] ? kasan_quarantine_put+0xbb/0x1f0 [ 154.693458][ T5343] ? tomoyo_path_number_perm+0x219/0x630 [ 154.695660][ T5343] ? tomoyo_path_number_perm+0x219/0x630 [ 154.698059][ T5343] ? do_vfs_ioctl+0x1166/0x1530 [ 154.700592][ T5343] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 154.703439][ T5343] ? do_futex+0x395/0x420 [ 154.705626][ T5343] ? __fget_files+0x2a/0x420 [ 154.707587][ T5343] ? __fget_files+0x2a/0x420 [ 154.709603][ T5343] ? __fget_files+0x3a0/0x420 [ 154.711794][ T5343] ? __fget_files+0x2a/0x420 [ 154.713902][ T5343] ? bpf_lsm_file_ioctl+0x9/0x20 [ 154.716558][ T5343] ? __pfx_nilfs_ioctl+0x10/0x10 [ 154.719754][ T5343] __se_sys_ioctl+0xfc/0x170 [ 154.722064][ T5343] do_syscall_64+0x14d/0xf80 [ 154.724090][ T5343] ? trace_irq_disable+0x3b/0x150 [ 154.726265][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.729014][ T5343] ? clear_bhb_loop+0x40/0x90 [ 154.731435][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.734487][ T5343] RIP: 0033:0x7f2dce39c799 [ 154.737039][ T5343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 154.746925][ T5343] RSP: 002b:00007f2dcf32bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.750349][ T5343] RAX: ffffffffffffffda RBX: 00007f2dce615fa0 RCX: 00007f2dce39c799 [ 154.753838][ T5343] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000005 [ 154.758213][ T5343] RBP: 00007f2dce432c99 R08: 0000000000000000 R09: 0000000000000000 [ 154.762220][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 154.765651][ T5343] R13: 00007f2dce616038 R14: 00007f2dce615fa0 R15: 00007ffe08a3d898 [ 154.769545][ T5343] [ 154.771299][ T5343] Modules linked in: [ 154.774075][ T5343] ---[ end trace 0000000000000000 ]--- [ 154.784377][ T5343] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 154.788937][ T5343] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff [ 154.800341][ T5343] RSP: 0018:ffffc9000f4bf708 EFLAGS: 00010206 [ 154.803444][ T5343] RAX: 0000000000000006 RBX: ffff88805581c7a8 RCX: 0000000000000002 [ 154.807823][ T5343] RDX: ffff88803ccc4980 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.811296][ T5343] RBP: 0000000000000000 R08: ffff88803ccc4980 R09: 0000000000000003 [ 154.814796][ T5343] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030 [ 154.819115][ T5343] R13: dffffc0000000000 R14: ffff88801edc3d40 R15: ffff88805581bc48 [ 154.823868][ T5343] FS: 00007f2dcf32c6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 154.828176][ T5343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.831355][ T5343] CR2: 00007f2dcf30aff8 CR3: 0000000012b9c000 CR4: 0000000000352ef0 [ 154.835855][ T5343] Kernel panic - not syncing: Fatal exception [ 154.839416][ T5343] Kernel Offset: disabled [ 154.841529][ T5343] Rebooting in 86400 seconds..