program:
r0 = syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000000)='./file1\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x3, 0xda6, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTT/bvk+beqMYwPRn0mgnYaQuvvvyLhauvvX7uysvPv3j5xcuvnH/i+9978qmnFhfWtuoX2rftgf1l40d/0DUBAAAAAAAAAAAAelYd6jw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZvHd6GObL/duJxo0G0EOvu3+/8aDCM7rKy4iz+wNwy6/79y38OSHj33z+OrQ8l29+nN68t4/0J4EHu9/7kdKX9swOWn4Sl/u/v/a/V/1fP6L/SYNbm1cv9479A/2opNp3otP7a/3Ad2qr/y/5TLL615LPVW/srvQvnxRqU9+nMo/3CP5d/X/tNbK/8vufzyss2d7bX89RpXjc31iPuNy30A437j4q+h/eXefn23f4sdtd3K5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CRsPyq5vdN/5/Dra7/z/L5W9D/J+w7Hzr+ZzCM7LCysjLQrk9Gtd+VvWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b4ybDc2D/odE38KzXxUzXxr9bET9fE4/+3GJ+tiZ+pic/UxB+uiT9aEz9bE/9GTfyxmvjjNfG5mvh+9/Wcjmr7YZTFfiN9/2F0lOM/3b7/UzVxYHjFfp3j9/ubNXFgeJXzPHy/YQRVne/YEfe3l/24b+b0nZy+n9OPdqyC7IZv5fTbOf1OTr+b03M5nc/pQk71DTncfvOvU2duVhvn+R0L8V7PJ43XA8T7xJzvsT7x+Fy/57Oe7LGcnSp/i5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxtrj4uJ0ldLbt966+J+pH/x4dcpMK8fs2uN4HltKKTVTSlUeHw/Luz6xnn72ybVLndIqXVh7LOPp2buteY+szp9m0+00mZ77+OTNlz54Zvm9EzdOXHxj7s7OtB4AAABGwxcBAAD//3k+5V0=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r1, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x1, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f0000000080)=[0x9], 0x1, 0x8, 0x98f, 0xffff}}) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000034c0)={0x14, 0x36, 0x107, 0x3, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async)
ioctl$XFS_IOC_GET_RESBLKS(r3, 0x80105873, &(0x7f0000000140))
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x2, 0x0, {0xa, 0x20, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1001a}, [@FRA_DST={0x14, 0x1, @private1}, @FIB_RULE_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}, @FRA_SRC={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x29}}]}, 0x4c}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @dev, @void, {@ipv6={0x86dd, @udp={0x1, 0x6, "4e27de", 0x10, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0x38}, @private1, {[], {0x4e24, 0x4e23, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x4, 0x100}}}}}}}}, 0x0) (async)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000040))

[  104.157380][ T4671] Bluetooth: hci0: command tx timeout
[  104.379393][ T5329] loop0: detected capacity change from 0 to 4096
[  104.424620][ T5329] NILFS (loop0): invalid segment: Checksum error in segment payload
[  104.436142][ T5329] NILFS (loop0): trying rollback from an earlier position
[  104.473383][ T5329] NILFS (loop0): recovery complete
[  104.493594][ T5335] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  104.500544][ T5329] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[  104.506139][ T5329] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  104.510317][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  104.514458][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.518588][ T5329] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  104.521371][ T5329] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff
[  104.530705][ T5329] RSP: 0018:ffffc9000df67708 EFLAGS: 00010206
[  104.533507][ T5329] RAX: 0000000000000006 RBX: ffff8880481a07a8 RCX: 0000000000000000
[  104.536997][ T5329] RDX: ffff888041ab0000 RSI: 0000000000000000 RDI: 0000000000000000
[  104.540908][ T5329] RBP: 0000000000000000 R08: ffff888041ab0000 R09: 0000000000000003
[  104.545804][ T5329] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030
[  104.549553][ T5329] R13: dffffc0000000000 R14: ffff888012b86940 R15: ffff88800bb47c48
[  104.552666][ T5329] FS:  00007f5348c2f6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  104.556166][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.559040][ T5329] CR2: 000055555d1744e0 CR3: 0000000011e42000 CR4: 0000000000352ef0
[  104.563135][ T5329] Call Trace:
[  104.565020][ T5329]  <TASK>
[  104.566728][ T5329]  nilfs_clean_segments+0x162/0xa50
[  104.569695][ T5329]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[  104.572363][ T5329]  ? __pfx_nilfs_clean_segments+0x10/0x10
[  104.574988][ T5329]  ? _copy_from_user+0x94/0xb0
[  104.577177][ T5329]  nilfs_ioctl+0x261f/0x2780
[  104.579265][ T5329]  ? __pfx_nilfs_ioctl+0x10/0x10
[  104.581466][ T5329]  ? kasan_save_track+0x4f/0x80
[  104.583810][ T5329]  ? kasan_save_track+0x3e/0x80
[  104.586059][ T5329]  ? kasan_save_free_info+0x46/0x50
[  104.588492][ T5329]  ? __kasan_slab_free+0x5c/0x80
[  104.591070][ T5329]  ? kfree+0x1c1/0x630
[  104.593292][ T5329]  ? tomoyo_path_number_perm+0x501/0x630
[  104.595970][ T5329]  ? security_file_ioctl+0xc3/0x2a0
[  104.598034][ T5329]  ? __se_sys_ioctl+0x47/0x170
[  104.600039][ T5329]  ? do_syscall_64+0x14d/0xf80
[  104.602185][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.605107][ T5329]  ? kasan_quarantine_put+0xbb/0x1f0
[  104.608051][ T5329]  ? tomoyo_path_number_perm+0x219/0x630
[  104.610799][ T5329]  ? tomoyo_path_number_perm+0x219/0x630
[  104.613435][ T5329]  ? do_vfs_ioctl+0x1166/0x1530
[  104.615585][ T5329]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  104.617967][ T5329]  ? do_futex+0x333/0x420
[  104.620174][ T5329]  ? __fget_files+0x2a/0x420
[  104.623364][ T5329]  ? __fget_files+0x2a/0x420
[  104.625626][ T5329]  ? __fget_files+0x3a0/0x420
[  104.627613][ T5329]  ? __fget_files+0x2a/0x420
[  104.629720][ T5329]  ? bpf_lsm_file_ioctl+0x9/0x20
[  104.631958][ T5329]  ? __pfx_nilfs_ioctl+0x10/0x10
[  104.634425][ T5329]  __se_sys_ioctl+0xfc/0x170
[  104.637182][ T5329]  do_syscall_64+0x14d/0xf80
[  104.639366][ T5329]  ? trace_irq_disable+0x3b/0x150
[  104.642020][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.644667][ T5329]  ? clear_bhb_loop+0x40/0x90
[  104.646887][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.649483][ T5329] RIP: 0033:0x7f5347d9c799
[  104.651563][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.659916][ T5329] RSP: 002b:00007f5348c2efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  104.663447][ T5329] RAX: ffffffffffffffda RBX: 00007f5348015fa0 RCX: 00007f5347d9c799
[  104.668150][ T5329] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004
[  104.672050][ T5329] RBP: 00007f5347e32c99 R08: 0000000000000000 R09: 0000000000000000
[  104.675850][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.679427][ T5329] R13: 00007f5348016038 R14: 00007f5348015fa0 R15: 00007ffe37acd1f8
[  104.682875][ T5329]  </TASK>
[  104.684277][ T5329] Modules linked in:
[  104.686643][ T5329] ---[ end trace 0000000000000000 ]---
[  104.702821][ T5329] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  104.705960][ T5329] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff
[  104.715915][ T5329] RSP: 0018:ffffc9000df67708 EFLAGS: 00010206
[  104.718929][ T5329] RAX: 0000000000000006 RBX: ffff8880481a07a8 RCX: 0000000000000000
[  104.722437][ T5329] RDX: ffff888041ab0000 RSI: 0000000000000000 RDI: 0000000000000000
[  104.726310][ T5329] RBP: 0000000000000000 R08: ffff888041ab0000 R09: 0000000000000003
[  104.731202][ T5329] R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000030
[  104.734981][ T5329] R13: dffffc0000000000 R14: ffff888012b86940 R15: ffff88800bb47c48
[  104.739308][ T5329] FS:  00007f5348c2f6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  104.743072][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.745820][ T5329] CR2: 00007ffe37acca40 CR3: 0000000011e42000 CR4: 0000000000352ef0
[  104.751093][ T5329] Kernel panic - not syncing: Fatal exception
[  104.754138][ T5329] Kernel Offset: disabled
[  104.755781][ T5329] Rebooting in 86400 seconds..