program: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f00000001c0)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xdb3, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx56YPGic2DRumiYuKcV9xCbBKt3VSOkCVUKV+AQoDTTU0EfoAhSkhEW3jYT4AEUsuuuizyyQIlap2LTqF0CsukkREm2jSuDK9jnj8T8zujOO7fF4fj/pzJl7z7n3nDNz5859nwSMrMba6+LiTJXS27feunjvzPh/V8ecaeWYXXsdz0NLKaVma7qUJsP8libW488+uXapPf48x1W6kKpUtcanZ++2pj2cUrqeZtPtNJme+/jEzZc+eGb5vakbUxffmLuzM60HAIDRcu8H7/78r49//9qx//3u9FKaaI0v2+dLefhI3u5fqtaHc9TaD6ja4qptuDgQ8o3n0Aj5xjrkay+nGfKNdyn/QJhvs0u+iZryx9rGdWo3DLON/fiqMb9puNGYn1/fJ1/14diBav6VK8svXB1QRYFt9+mZfIhPEISRCytHB70GAlgXzxve53o8svBgWnMb7638u083Ok8P22C3l3/lD1f5796wxmH77NelqbSr/I6O5OF4HmE8TNfv77/ML56PaPZYz27nEYbl/EK3eo7tcj22qlv943KxX30lx+VzOB3S238/8Tsdlu8Y6Oye4/+CMLJhZdArIGDPitfNrWQlPV7XF9MnatIfqkk/WJN+qCb9cE06jLLfv/rrdLPa2M+P+/T9Hg8rx9kezvEX+qxPPB7Zb/nxut9+PWj58Xpi2NPm/nPq01/e/lu8/v/zcP3/2fxfOplXEOV4YTyu3rr2P9wY3OiS73iozsMd8q+9n96cr5remE9qW8/cV4+ZzdMd7Zbv1OZ8kyHfobwt8lCob9w+ORSmK9sfZb1aPq/x0N5maMeBUI/yzRzL8UOhPce6tSscyD4Q8jVzmArtmg7teiRM98XQrmpmc7vi8fNSnxNhfDxPUvKFr+2+/6X4XcT7Mh7N8Zs5fifH7+f4ow7ljqKyPHa7/r8snzOpWb1wZfnyE3m4LKd3xpoTq+PP73K9gQfX6/0/M2nz/T9HWuObjfb1wtGN8VX7emEyjL/QZfyTebj8n/147ODa+PlLP13+0XY3Hkbc1dde/8nzy8uXfzF8b8rm316pjzfe7KM3A14xATtu4dWXf7Zw9bXXz115+fkXL794+ZXzT3z3O08+9dTiwtpW/UL7tj2wv2z86Q+6JgAAAAAAAAAAAEDPqoOdR+e47vm25X7ycn96vD+e4VC+t7I0lOcYlPs/uz3Xpdy/eWwX6sj2243biQbdRqCzf3n+rzA04bdTg6/D/gorK57iD+wNg+7/rzz3sMRHzv3j2Goo2e4+vXl9eTyl1Lmi0L+93v+c8vdX/3+t/q96Xv+FHrMmt1buH+4d/Htbselkr+XH9pfnwE73V/4fc/mlNY+l3spf+U0oPz6otEd/CuUf6rH8+9p/amvl/zmXXz62ubO9lr9e46qxuR7xuHF5DmA8blz8JbS/PNuv7/ZvsaO2W7l8GGXD0s9kv4al/89uynzLejCvnlvn6crzt2N/B/3Wvzz3u/wPPBLmX9X8v+n/c7jV9f9Zlr8F/X/CvvOh83+CMPCw9l86gHJXVlYG2vXJqPa7slcM+vMf9DbkoMsf9OdfJ/b/GfeXYv+fMT32/xnTY/+fMT32rxXTY/+f8fOM/X/G9BNhvrF/0Jma9C/VpJ+sSf9yTfqpmvS4/xbTZ2vST9ekn6lJP94pvW3n+dGa6c/WpH+tJv2xmvTHa9LnatL3u6/meFTbD6Ms9hvp9w+jo5z/6fb7n65JB4ZX7Nc5/r6/XpMODK9ynYffN4ygqvMTO+Lx9nIc980cv5Pj93P80Y5VkN3wjRx/M8ffyvG3c3wux/M5XsixviGH26/+efL0zWrjOr+jIb3X60nj/QDxOTHne6xPPD/X7/WsJ3osZ6fK3+LtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDo7H2urg4U6X09q23Lv57+ns/XB1zppVjdu11PA8tpZSaKaUqD4+H+V2fWI8/++TapU5xlS6svZbh9Ozd1rSHV6dPs+l2mkzPfXzi5ksfPLP83tSNqYtvzN3ZmdYDAADAaPh/AAAA///fpeBc") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000240)={r3, 0x1, 0x6, @remote}, 0x10) (async) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0x7fffffffffffffff}, {&(0x7f0000000040)=[0x20, 0xbf], 0x2, 0x8, 0x1, 0x100002}, {0x0, 0x0, 0x28, 0x0, 0xfffffffffffffff7}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) [ 83.369144][ T4670] Bluetooth: hci0: command tx timeout [ 83.379793][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 83.383581][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 83.570154][ T5328] loop0: detected capacity change from 0 to 4096 [ 83.617545][ T5328] NILFS (loop0): invalid segment: Checksum error in segment payload [ 83.633517][ T5328] NILFS (loop0): trying rollback from an earlier position [ 83.680895][ T5328] NILFS (loop0): recovery complete [ 83.690987][ T5333] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.728509][ T5328] batadv_slave_0: entered promiscuous mode [ 83.739570][ T5329] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 83.745499][ T5329] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 83.749211][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 83.753288][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 83.758338][ T5329] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 83.761377][ T5329] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 7e 82 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 60 82 84 fe 49 8b 34 24 4c 89 ff [ 83.770355][ T5329] RSP: 0018:ffffc9000f5e7708 EFLAGS: 00010206 [ 83.773054][ T5329] RAX: 0000000000000006 RBX: ffff888055c307a8 RCX: 0000000000000000 [ 83.776613][ T5329] RDX: ffff888036328000 RSI: 0000000000000000 RDI: 0000000000000000 [ 83.781186][ T5329] RBP: 0000000000000000 R08: ffff888036328000 R09: 0000000000000003 [ 83.785036][ T5329] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030 [ 83.788537][ T5329] R13: dffffc0000000000 R14: ffff888033c0d540 R15: ffff888055c2fc48 [ 83.792282][ T5329] FS: 00007f04d8dd16c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000 [ 83.796858][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.799807][ T5329] CR2: 00007ffc30f29a6c CR3: 000000001f35a000 CR4: 0000000000352ef0 [ 83.803308][ T5329] Call Trace: [ 83.804894][ T5329] [ 83.806319][ T5329] nilfs_clean_segments+0x162/0xa50 [ 83.809136][ T5329] ? nilfs_ioctl_move_blocks+0x94b/0xda0 [ 83.812240][ T5329] ? __pfx_nilfs_clean_segments+0x10/0x10 [ 83.814763][ T5329] ? _copy_from_user+0x94/0xb0 [ 83.816984][ T5329] nilfs_ioctl+0x261f/0x2780 [ 83.819108][ T5329] ? __pfx_nilfs_ioctl+0x10/0x10 [ 83.821470][ T5329] ? kasan_save_track+0x4f/0x80 [ 83.823953][ T5329] ? kasan_save_track+0x3e/0x80 [ 83.826545][ T5329] ? kasan_save_free_info+0x46/0x50 [ 83.829045][ T5329] ? __kasan_slab_free+0x5c/0x80 [ 83.831283][ T5329] ? kfree+0x1c1/0x630 [ 83.833140][ T5329] ? tomoyo_path_number_perm+0x501/0x630 [ 83.835996][ T5329] ? security_file_ioctl+0xc3/0x2a0 [ 83.838838][ T5329] ? __se_sys_ioctl+0x47/0x170 [ 83.841110][ T5329] ? do_syscall_64+0x14d/0xf80 [ 83.843312][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.846150][ T5329] ? kasan_quarantine_put+0xbb/0x1f0 [ 83.848976][ T5329] ? tomoyo_path_number_perm+0x219/0x630 [ 83.851659][ T5329] ? tomoyo_path_number_perm+0x219/0x630 [ 83.853949][ T5329] ? do_vfs_ioctl+0x1166/0x1530 [ 83.856238][ T5329] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 83.858811][ T5329] ? do_futex+0x395/0x420 [ 83.861141][ T5329] ? __fget_files+0x2a/0x420 [ 83.863398][ T5329] ? __fget_files+0x2a/0x420 [ 83.865473][ T5329] ? __fget_files+0x3a0/0x420 [ 83.867614][ T5329] ? __fget_files+0x2a/0x420 [ 83.869905][ T5329] ? bpf_lsm_file_ioctl+0x9/0x20 [ 83.872631][ T5329] ? __pfx_nilfs_ioctl+0x10/0x10 [ 83.875181][ T5329] __se_sys_ioctl+0xfc/0x170 [ 83.877361][ T5329] do_syscall_64+0x14d/0xf80 [ 83.879475][ T5329] ? trace_irq_disable+0x3b/0x150 [ 83.881927][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.885334][ T5329] ? clear_bhb_loop+0x40/0x90 [ 83.887784][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.890487][ T5329] RIP: 0033:0x7f04d7f9c819 [ 83.892516][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 83.901918][ T5329] RSP: 002b:00007f04d8dd0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.905907][ T5329] RAX: ffffffffffffffda RBX: 00007f04d8216090 RCX: 00007f04d7f9c819 [ 83.910027][ T5329] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000006 [ 83.913412][ T5329] RBP: 00007f04d8032c91 R08: 0000000000000000 R09: 0000000000000000 [ 83.917335][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.921728][ T5329] R13: 00007f04d8216128 R14: 00007f04d8216090 R15: 00007ffd2815b348 [ 83.925314][ T5329] [ 83.926743][ T5329] Modules linked in: [ 83.928988][ T5329] ---[ end trace 0000000000000000 ]--- [ 84.031148][ T5329] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0 [ 84.034131][ T5329] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 7e 82 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 60 82 84 fe 49 8b 34 24 4c 89 ff [ 84.043017][ T5329] RSP: 0018:ffffc9000f5e7708 EFLAGS: 00010206 [ 84.045851][ T5329] RAX: 0000000000000006 RBX: ffff888055c307a8 RCX: 0000000000000000 [ 84.049525][ T5329] RDX: ffff888036328000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.052951][ T5329] RBP: 0000000000000000 R08: ffff888036328000 R09: 0000000000000003 [ 84.056669][ T5329] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030 [ 84.060921][ T5329] R13: dffffc0000000000 R14: ffff888033c0d540 R15: ffff888055c2fc48 [ 84.064488][ T5329] FS: 00007f04d8dd16c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000 [ 84.069076][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.072211][ T5329] CR2: 00007ffc30f29a6c CR3: 000000001f35a000 CR4: 0000000000352ef0 [ 84.075709][ T5329] Kernel panic - not syncing: Fatal exception [ 84.078747][ T5329] Kernel Offset: disabled [ 84.080715][ T5329] Rebooting in 86400 seconds..