program:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
setresuid(0xee00, 0x0, 0x0)
ioprio_set$uid(0x3, 0xee00, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000140)={0x283})
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f00000006c0)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447ae63331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed31f9e0b867840f821e039c0e8a497c4d5dde436000090a393637dedb2f30000000000000000008edc2ea43c8b67170ab70b1fff415e7de4ae2de4f9ec084907735354c9200ee6e37a1786570997c651d1c4778a0474f90904d21dad8fa11ad00cbf7254ca59d5b346d3af13870b0e3312a1295cc4f6a86b08e025de6fcf8325cdc21a1fd37d553d913e73128b1d72fe59caf4ff31dbb12d45a8147497ba3ca62ef6682363d3e5dd2c4c79e512cffebba4f8c860679d892c455ea0402dab4d541f5d22f14c0cc3aa77e066ef45c4a0db460b3a98a9654e9075faae18d9ce0d20dfdae5ce671fddff52de0b538a33dd06ba135fb893c1a15d14bd8df5be34ce5f3b40a85964d69e4bd9ad92bd67d21900129f74140c0e41ddb311a88499322793995bc534384369c99d04dd66903d1c4a714e1209d7246ce7e3d3fbd4d510baba97c3adb57f4df88bbc900ecbb4c34cf1051e8c65cae159b75d84ad9b036080e12bcba10471fa35f34125f84aaf715f3ec35eb273727c9e3291577bbabf3b"], 0x1, 0xdaa, &(0x7f0000001bc0)="$eJzs3ctrXNf9APBzRxrLr/wsRcpPqutaatw06sNS7IimuyrgLkIhFLIvBNdJnSrpw+kiwQE7i25rCPkDGrLvok8vAiYrl2xa+g+EQKEbNwTS1hQSFUnnjEZfa7gzsqzRaD4fOHPm3u+995wzjzt37uskYGg11h+XlmaqlN6++daFu7Oj/1kbM9uaYm79cTQPLaeUmq35UhoPy1se28g/++Tqxfb885xX6XyqUtUan56905r3WErpWppLt9J4eu7j6RsvffDMynuT1ycvvDF/+8G0HgAAhsvd7737sz8//t2rE//9zenlNNYaX7bPl/Pw8bzdv1xtDOes9T+gasurtuHiUJhuNKdGmG5km+nay2mG6UY7lH8oLLfZYbqxmvJH2sZt124YZJv/46vGwpbhRmNhYeM/+ZoPRw5VC69cXnnhSp8qCuy6T2fzLj5JkoYurZ7o9xoIYEM8bniPa3HPwv1pLW20u/LvPN3Yfn7YBXv9+Vf+YJX/7nVrHHbPQf00lXaV79HxPByPI4yG+Xr9/pflxeMRzS7r2ek4wqAcX+hUz5E9rsdOdap//FwcVF/KeXkdTod4+/cnvqeD8h4D27tr/78kDW1a7fcKCNi34nlzq1mJx/P6YnysJn64Jn6kJn60Jn6sJg7D7Lev/irdqDb/58f/9L3uDyv72R7K+f/1WJ+4P7LX8uN5v7263/Lj+cSwr83/+9Snv7j1l3j+/+fh/P8z+bd0PK8gyv7CuF+9de5/uDC40WG6h0N1Htpm+vXnU1unq6Y2l5Pa1jP31GNm63wnOk13aut042G6o3lb5HCob9w+ORrmK9sfZb1aXq/R0N5maMehUI/yzkzk/HBoz0SndoUd2YfCdM2cJkO7pkK7Hgnz/X9oVzWztV1x/3mpz3QYH4+TlOnC23bP71J8L+J1GY/m/M2cv5Pz93P+0TblDqPyeex0/n/5fM6kZvXC5ZVLT+Th8jm9PdIcWxt/bo/rDdy/bq//mUlbr/853hrfbLSvF05sjq/a1wvjYfz5DuOfzMPl9+xHI0fWxy9c/MnKD3e78TDkrrz2+o+fX1m59HNPPPHEk9aTfq+ZgAdt8dWXf7p45bXXz15++fkXL7146ZVzT3z7W08+9dTS4vpW/WL7tj1wsGz+6Pe7JgAAAAAAAAAAAEDXqo0r2I/E0Tmvu79tuZ68XJ8er49nMJT3rXwOyn0MyvWfne7rUq7fnNiDOrL79uJyon63EdjeP3f3/r/Nft/PVJKk7tPqqrv4A/tDv/v/K/c9LPnxs3+bWEtlsjtPb11fxvsXwv3Y7/3PKf9g9f/X6v+q6/Vf6DFrfGfl/u7ukb+2FZtOdlt+bH+5D+xUb+X/PpdfWvNY6q781V+H8uONSrv0h1D+0S7Lv6f9p3ZW/h9z+eVlmz/TbfkbNa4aW+sR9xuX+wDG/cbFn0L7y739em7/Djtqu5nLh2E2KP1M9mpQ+v/spCy3rAfz6rl1nK7cfzv2d9Br/ct9v8vvwCNh+VXN75v+PwdbXf+f5fO3qP9POHA+1P+nJA1tWl1d7WvXJ8Pa78p+0e/Xv9/bkP0uv9+vf53Y/2f8vxT7/4zx2P9njMf+P2M89q8V47H/z/h6xv4/Y3w6LDf2DzpTE/9CTfxkTfyLNfFTNfH4/y3G52rip2viszXxh2vij9bEz9TEv1ITf6wm/nhNfL4mftB9OefD2n4YZrHfSN9/GB7l+E+n7/9UTRwYXLFf5/j9/mpNHBhc5TwP328YQtX2d+yI+9vLftw3c/5Ozt/P+UcPrILsha/l/Os5/0bOv5nzszlfyPlizvUNOdh++Y+Tp29Um+f5nQjxbs8njdcDxPvEnOuyPvH4XK/ns053WU7v5f/g792Uv8PLQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRmP9cWlppkrp7ZtvXfjX1He+vzZmtjXF3PrjaB5aTik1U0pVHh4Ny7s2tpF/9snVi9vlVTq//liG07N3WvMeW5s/zaVbaTw99/H0jZc+eGblvcnrkxfemL/9YFoPAAAAw+F/AQAA//9DseYz")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1d}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4a}, 0x90)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r2, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x700, 0x700}], 0x1, 0x10, 0x20f, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}})
getsockopt$SO_J1939_PROMISC(r2, 0x6b, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)

[  155.903794][ T4670] Bluetooth: hci0: command tx timeout
[  156.105544][ T5348] loop0: detected capacity change from 0 to 4096
[  156.156431][ T5348] NILFS (loop0): invalid segment: Checksum error in segment payload
[  156.165429][ T5348] NILFS (loop0): trying rollback from an earlier position
[  156.195035][ T5348] NILFS (loop0): recovery complete
[  156.210852][ T5351] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.237479][ T5348] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[  156.242912][ T5348] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  156.246419][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  156.250220][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  156.254578][ T5348] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  156.258779][ T5348] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 6f 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 6f 84 fe 49 8b 34 24 4c 89 ff
[  156.267518][ T5348] RSP: 0018:ffffc9000f5bf708 EFLAGS: 00010206
[  156.269892][ T5348] RAX: 0000000000000006 RBX: ffff888011ef07a8 RCX: 0000000000000002
[  156.273260][ T5348] RDX: ffff888032784980 RSI: 0000000000000000 RDI: 0000000000000000
[  156.276587][ T5348] RBP: 0000000000000000 R08: ffff888032784980 R09: 0000000000000003
[  156.280228][ T5348] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  156.284167][ T5348] R13: dffffc0000000000 R14: ffff88801abe1540 R15: ffff888011f27c48
[  156.287774][ T5348] FS:  00007ff97c2516c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[  156.291594][ T5348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  156.294414][ T5348] CR2: 00007fe52549a000 CR3: 0000000039bbf000 CR4: 0000000000352ef0
[  156.298083][ T5348] Call Trace:
[  156.299855][ T5348]  <TASK>
[  156.301519][ T5348]  nilfs_clean_segments+0x162/0xa50
[  156.304210][ T5348]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[  156.306881][ T5348]  ? __pfx_nilfs_clean_segments+0x10/0x10
[  156.309473][ T5348]  ? _copy_from_user+0x94/0xb0
[  156.311622][ T5348]  nilfs_ioctl+0x261f/0x2780
[  156.313651][ T5348]  ? __pfx_nilfs_ioctl+0x10/0x10
[  156.316014][ T5348]  ? kasan_save_track+0x4f/0x80
[  156.318622][ T5348]  ? kasan_save_track+0x3e/0x80
[  156.320837][ T5348]  ? kasan_save_free_info+0x46/0x50
[  156.323584][ T5348]  ? __kasan_slab_free+0x5c/0x80
[  156.326962][ T5348]  ? kfree+0x1c1/0x630
[  156.329682][ T5348]  ? tomoyo_path_number_perm+0x501/0x630
[  156.332076][ T5348]  ? security_file_ioctl+0xc3/0x2a0
[  156.334458][ T5348]  ? __se_sys_ioctl+0x47/0x170
[  156.336527][ T5348]  ? do_syscall_64+0x14d/0xf80
[  156.338839][ T5348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.341558][ T5348]  ? kasan_quarantine_put+0xbb/0x1f0
[  156.343905][ T5348]  ? tomoyo_path_number_perm+0x219/0x630
[  156.346361][ T5348]  ? tomoyo_path_number_perm+0x219/0x630
[  156.349388][ T5348]  ? do_vfs_ioctl+0x1166/0x1530
[  156.351813][ T5348]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  156.353968][ T5348]  ? do_futex+0x395/0x420
[  156.356066][ T5348]  ? __fget_files+0x2a/0x420
[  156.358224][ T5348]  ? __fget_files+0x2a/0x420
[  156.360786][ T5348]  ? __fget_files+0x3a0/0x420
[  156.363645][ T5348]  ? __fget_files+0x2a/0x420
[  156.366144][ T5348]  ? bpf_lsm_file_ioctl+0x9/0x20
[  156.368923][ T5348]  ? __pfx_nilfs_ioctl+0x10/0x10
[  156.371167][ T5348]  __se_sys_ioctl+0xfc/0x170
[  156.373219][ T5348]  do_syscall_64+0x14d/0xf80
[  156.375346][ T5348]  ? trace_irq_disable+0x3b/0x150
[  156.377794][ T5348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.380439][ T5348]  ? clear_bhb_loop+0x40/0x90
[  156.382496][ T5348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.385320][ T5348] RIP: 0033:0x7ff97b39c819
[  156.387412][ T5348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  156.397157][ T5348] RSP: 002b:00007ff97c250fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.400761][ T5348] RAX: ffffffffffffffda RBX: 00007ff97b615fa0 RCX: 00007ff97b39c819
[  156.403931][ T5348] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000006
[  156.407225][ T5348] RBP: 00007ff97b432c91 R08: 0000000000000000 R09: 0000000000000000
[  156.410447][ T5348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  156.414043][ T5348] R13: 00007ff97b616038 R14: 00007ff97b615fa0 R15: 00007ffc4dc3aa28
[  156.419217][ T5348]  </TASK>
[  156.420665][ T5348] Modules linked in:
[  156.422959][ T5348] ---[ end trace 0000000000000000 ]---
[  156.451637][ T5348] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  156.456870][ T5348] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 6f 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 6f 84 fe 49 8b 34 24 4c 89 ff
[  156.466615][ T5348] RSP: 0018:ffffc9000f5bf708 EFLAGS: 00010206
[  156.470702][ T5348] RAX: 0000000000000006 RBX: ffff888011ef07a8 RCX: 0000000000000002
[  156.474562][ T5348] RDX: ffff888032784980 RSI: 0000000000000000 RDI: 0000000000000000
[  156.479852][ T5348] RBP: 0000000000000000 R08: ffff888032784980 R09: 0000000000000003
[  156.484593][ T5348] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  156.490326][ T5348] R13: dffffc0000000000 R14: ffff88801abe1540 R15: ffff888011f27c48
[  156.495127][ T5348] FS:  00007ff97c2516c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[  156.500455][ T5348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  156.504024][ T5348] CR2: 00007ff97c22fff8 CR3: 0000000039bbf000 CR4: 0000000000352ef0
[  156.508904][ T5348] Kernel panic - not syncing: Fatal exception
[  156.512172][ T5348] Kernel Offset: disabled
[  156.514200][ T5348] Rebooting in 86400 seconds..