program:
syz_mount_image$nilfs2(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', 0x1014800, &(0x7f00000005c0)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYRES8=0x0, @ANYRES8=0x0, @ANYRESDEC, @ANYRESOCT, @ANYBLOB="65fb591cc8900dee25824c081a15", @ANYRES32], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x28011, r1, 0x0)
io_pgetevents(0x0, 0x7, 0x0, 0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000140)={[0x4]}, 0x8})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fe9000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffcf}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={0x0, 0x60}, 0x1, 0x7}, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='5', 0x1, 0x8080, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r3, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {0x0, 0x0, 0x8, 0x98f, 0xffff}})
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000240)={0x0, 0xd, 0x8, 0x1, 0x8001, 0x5, 0x6, 0x8, {<r4=>0x0, @in={{0x2, 0x4e22, @multicast2}}, 0x8, 0x7, 0xfff, 0x6, 0x7}}, &(0x7f0000000180)=0xb0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={r4, 0x7}, &(0x7f0000000300)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

[   84.294544][ T4670] Bluetooth: hci0: command tx timeout
[   84.496058][ T5324] loop0: detected capacity change from 0 to 4096
[   84.567561][ T5324] NILFS (loop0): invalid segment: Checksum error in segment payload
[   84.592626][ T5324] NILFS (loop0): trying rollback from an earlier position
[   84.633218][ T5324] NILFS (loop0): recovery complete
[   84.658212][ T5329] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   84.706482][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[   84.713396][ T5324] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[   84.718253][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.724152][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.730921][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[   84.734730][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff
[   84.745265][ T5324] RSP: 0018:ffffc9000f697708 EFLAGS: 00010206
[   84.747990][ T5324] RAX: 0000000000000006 RBX: ffff888047fb47a8 RCX: 0000000000000002
[   84.751360][ T5324] RDX: ffff88803cf58000 RSI: 0000000000000000 RDI: 0000000000000000
[   84.755250][ T5324] RBP: 0000000000000000 R08: ffff88803cf58000 R09: 0000000000000003
[   84.759561][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[   84.763098][ T5324] R13: dffffc0000000000 R14: ffff88803298b140 R15: ffff888047fb3c48
[   84.766823][ T5324] FS:  00007f3f2ea1b6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   84.770787][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.773755][ T5324] CR2: 000020000000c2c0 CR3: 0000000042dae000 CR4: 0000000000352ef0
[   84.777910][ T5324] Call Trace:
[   84.779623][ T5324]  <TASK>
[   84.781009][ T5324]  nilfs_clean_segments+0x162/0xa50
[   84.783579][ T5324]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[   84.785985][ T5324]  ? __pfx_nilfs_clean_segments+0x10/0x10
[   84.788540][ T5324]  ? _copy_from_user+0x94/0xb0
[   84.791159][ T5324]  nilfs_ioctl+0x261f/0x2780
[   84.793116][ T5324]  ? __pfx_nilfs_ioctl+0x10/0x10
[   84.795554][ T5324]  ? kasan_save_track+0x4f/0x80
[   84.797776][ T5324]  ? kasan_save_track+0x3e/0x80
[   84.799977][ T5324]  ? kasan_save_free_info+0x46/0x50
[   84.802248][ T5324]  ? __kasan_slab_free+0x5c/0x80
[   84.804446][ T5324]  ? kfree+0x1c1/0x630
[   84.806576][ T5324]  ? tomoyo_path_number_perm+0x501/0x630
[   84.809086][ T5324]  ? security_file_ioctl+0xc3/0x2a0
[   84.811418][ T5324]  ? __se_sys_ioctl+0x47/0x170
[   84.813504][ T5324]  ? do_syscall_64+0x14d/0xf80
[   84.815853][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.818746][ T5324]  ? kasan_quarantine_put+0xbb/0x1f0
[   84.821180][ T5324]  ? tomoyo_path_number_perm+0x219/0x630
[   84.823668][ T5324]  ? tomoyo_path_number_perm+0x219/0x630
[   84.826158][ T5324]  ? do_vfs_ioctl+0x1166/0x1530
[   84.828379][ T5324]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   84.831078][ T5324]  ? do_futex+0x395/0x420
[   84.833720][ T5324]  ? __fget_files+0x2a/0x420
[   84.836254][ T5324]  ? __fget_files+0x2a/0x420
[   84.838564][ T5324]  ? __fget_files+0x3a0/0x420
[   84.840683][ T5324]  ? __fget_files+0x2a/0x420
[   84.842654][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.844913][ T5324]  ? __pfx_nilfs_ioctl+0x10/0x10
[   84.847246][ T5324]  __se_sys_ioctl+0xfc/0x170
[   84.849320][ T5324]  do_syscall_64+0x14d/0xf80
[   84.851432][ T5324]  ? trace_irq_disable+0x3b/0x150
[   84.854066][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.857448][ T5324]  ? clear_bhb_loop+0x40/0x90
[   84.860230][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.862993][ T5324] RIP: 0033:0x7f3f2db9c799
[   84.865059][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.875552][ T5324] RSP: 002b:00007f3f2ea1afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.880121][ T5324] RAX: ffffffffffffffda RBX: 00007f3f2de15fa0 RCX: 00007f3f2db9c799
[   84.883786][ T5324] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000006
[   84.887826][ T5324] RBP: 00007f3f2dc32c99 R08: 0000000000000000 R09: 0000000000000000
[   84.892512][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.896226][ T5324] R13: 00007f3f2de16038 R14: 00007f3f2de15fa0 R15: 00007ffccb426eb8
[   84.899617][ T5324]  </TASK>
[   84.901197][ T5324] Modules linked in:
[   84.903789][ T5324] ---[ end trace 0000000000000000 ]---
[   84.942049][ T5324] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[   84.945436][ T5324] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 1e ac 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 00 ac 84 fe 49 8b 34 24 4c 89 ff
[   84.955168][ T5324] RSP: 0018:ffffc9000f697708 EFLAGS: 00010206
[   84.958005][ T5324] RAX: 0000000000000006 RBX: ffff888047fb47a8 RCX: 0000000000000002
[   84.962023][ T5324] RDX: ffff88803cf58000 RSI: 0000000000000000 RDI: 0000000000000000
[   84.966981][ T5324] RBP: 0000000000000000 R08: ffff88803cf58000 R09: 0000000000000003
[   84.971704][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[   84.975433][ T5324] R13: dffffc0000000000 R14: ffff88803298b140 R15: ffff888047fb3c48
[   84.979111][ T5324] FS:  00007f3f2ea1b6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   84.984159][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.987310][ T5324] CR2: 00007f3f2e9f9ff8 CR3: 0000000042dae000 CR4: 0000000000352ef0
[   84.991527][ T5324] Kernel panic - not syncing: Fatal exception
[   84.995296][ T5324] Kernel Offset: disabled
[   84.997570][ T5324] Rebooting in 86400 seconds..