program:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x37}, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000000)={'ip6tnl0\x00', <r3=>r2, 0x2f, 0x3, 0x5, 0x6, 0x11, @mcast1, @empty, 0x7800, 0x7, 0xfff, 0x7}})
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x40000, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0x3, 0xffff}, {0xffe5, 0xfff3}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}]}, 0x2c}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[], 0x1, 0xd9a, &(0x7f00000014c0)="$eJzs3UtvXNUdAPBzx544LxqHmMZN08QlpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kap+gCL2XfTJAililYpNq34BxKqbFCHRNqoEg2yfMx7/M6M749gej+f3k+6cufd/7j3nzOPO3OdJwNhqrD0uLc1WrWp9yuT/Vh/PtnPMrU/NY8sppWZ7vpSmw/KWp9bTTz++frkz/SynVbqYqlS1p6dn77bnPZJSupHm0u00nZ776OStl95/ZuXdEzdPXHpj/s4ONB0AAMbOvR+8/fO/Pf7968f///szy2mqPb38P1/O40fz//7lvJWQk/Z2QNWRVh3jxYGQbzIPjZBvoku+znKaId9kj/IPhOU2e+Sbqil/omNat3bDKNvYjq8aC5vGG42FhfVt8lUfTByoFl65uvLCtSFVFNh2n5zNu/gMBsPYDa1jw14DAayLxw3vcyPuWXgw7aVN9lf+3acb3eeHbbDbn3/lj1b5b9+0xmH77NdPU2lX+R4dzePxOMJkmG/Q739ZXjwe0eyznr2OI4zK8YVe9ZzY5XpsVa/6x8/FfvWVnJbX4UyId35/4ns6Ku8x0N09+/8NhrEdWsNeAQF7VjxvrpWVeDyvL8anauIHa+KHauKHa+JHauIwzv7w6q/TrWpjOz9u0w+6P6zsZ3sop18YsD5xf+Sg5cfzfgf1oOXH84lhT5v/7+lPfnn77/H8/8/C+f/n8m/pdF5BlP2Fcb96+9z/cGFwo0e+h0N1HuqSf+35zOZ81czGclLHeua+esxunu9Yr3ynN+ebDvkO5/8iB0N94/+Tw2G+8v+jrFfL6zUZ2tsM7TgQ6lHemeM5PRjac7xXu8KO7AMhXzMPJ0K7ZkK7HgnzfTG0q5rd3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38rpezn9sEu546h8Hnud/18+n7OpWb1wdeXKE3m8fE7vTDSnVqdf2OV6Aw+u3+t/ZtPm63+Otqc3G53rhWMb06vO9cJ0mH6xx/Qn83j5PfvxxKG16QuXf7ryo+1uPIy5a6+9/pPnV1au/MITTzzxpP1k2GsmYKctvvryzxavvfb6+asvP//ilRevvHLhie9+58mnnlpaXPtXv9j53x7YXzZ+9IddEwAAAAAAAAAAAKBv1aHuk3Nad3/bcj15uT49Xh/PaCjvW/k0lPsYlOs/e93XpVy/eXwX6sj2243LiYbdRqC7f7v/r8EwtkOr5S7+wN4w7P7/yn0PS3r0/D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r93/V9/ov9Jg1vbVy/3jv0D86ik2n+i0/tr/cB3ZmsPL/lMsvrXks9Vd+63eh/Hij0j79OZR/uM/y72v/6a2V/5dcfnnZ5s/1W/56javG5nrE/cblPoBxv3Hx19D+cm+/gdu/xY7a3snlwzgblX4mBzUq/X/2UpZb1oN59dw+Tlfuvx37Oxi0/uW+3+V34JGw/Krm903/n6Otrv/P8vlb1P8n7DsfOP43nkPpaGPY9TAMdWi1WkPt+mRc+13ZK4b9+g/7P+Swyx/2618n9v8Zt5di/58xHvv/jPHY/2eMx/61Yjz2/xlfz9j/Z4yfDMuN/YPO1sS/VBM/VRP/ck38dE08br/F+FxN/ExN/GxN/OGa+KM18XM18a/VxB+riT9eE5+vie93X83puLYfxlnsN9L3H8ZHOf7T6/s/UxMHRlfs1zl+v79eEwdGVznPw/cbxlDV/Y4dcX972Y/7Zk7fyul7Of1wxyrIbvhGTr+Z02/l9Ns5PZ/ThZwu5lTfkKPtV/86deZWtXGe37EQ7/d80ng9QLxPzIU+6xOPzw16PuvJPsvZqfK3eDkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMhorD0uLc1WKf32nd9c+s/M9364OuVsO8fc2uNkHltOKTVTSlUenwzLuzG1nn768fXL3dIqXVx7LOPp2bvteY+szp/m0u00nZ776OStl95/ZuXdEzdPXHpj/s7OtB4AAADGw+cBAAD//9Y840c=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ftruncate(r4, 0x7fff)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r5, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x5, 0x700}], 0x1, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x10000000002}, {0x0, 0x0, 0x28, 0xfffe, 0x1000000000000101}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newtfilter={0x124, 0x2c, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {}, {0xa, 0xc}}, [@filter_kind_options=@f_u32={{0x8}, {0xf8, 0x2, [@TCA_U32_SEL={0xe4, 0x5, {0x4, 0x6, 0xd, 0x61, 0x400, 0x8a42, 0x3, 0x711, [{0x40000, 0x7d, 0x7fcd, 0x6}, {0x8, 0xaa, 0x6, 0x6}, {0x1, 0x5, 0x5, 0x1}, {0x8, 0x8, 0x1ff, 0x8}, {0xb13, 0x15, 0xc49, 0x100}, {0xffff, 0xffffff30, 0x8, 0x2}, {0x7, 0x2, 0x7, 0x2}, {0x4d642409, 0x2, 0x401, 0xe}, {0xe, 0xd8, 0xffff0001, 0xffffffe5}, {0x7fff, 0xe3, 0x1, 0xfffffffe}, {0x7fff, 0xffffffe5, 0x7, 0x1c71c30d}, {0x7, 0xc6, 0x9d, 0x8001}, {0x8000, 0x5b4, 0xe, 0xefee}]}}, @TCA_U32_MARK={0x10, 0xa, {0x0, 0x7}}]}}]}, 0x124}, 0x1, 0x0, 0x0, 0x40800}, 0x14)

[  102.203228][ T5308] Bluetooth: hci0: command tx timeout
[  102.477796][ T5333] loop0: detected capacity change from 0 to 4096
[  102.517916][ T5333] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  102.544834][ T5333] NILFS (loop0): mounting unchecked fs
[  102.602934][ T5333] NILFS (loop0): recovery complete
[  102.609240][ T5301] udevd[5301]: incorrect nilfs2 checksum on /dev/loop0
[  102.626605][ T5337] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  102.670360][ T5332] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[  102.676915][ T5332] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  102.680322][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.684091][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.688755][ T5332] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  102.692104][ T5332] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 6e 90 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 50 90 84 fe 49 8b 34 24 4c 89 ff
[  102.700051][ T5332] RSP: 0018:ffffc9000f547708 EFLAGS: 00010206
[  102.702937][ T5332] RAX: 0000000000000006 RBX: ffff888047bd87a8 RCX: 0000000000000002
[  102.707283][ T5332] RDX: ffff888012afc980 RSI: 0000000000000000 RDI: 0000000000000000
[  102.710838][ T5332] RBP: 0000000000000000 R08: ffff888012afc980 R09: 0000000000000003
[  102.714416][ T5332] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  102.717738][ T5332] R13: dffffc0000000000 R14: ffff888034044540 R15: ffff888047bd7c48
[  102.720987][ T5332] FS:  00007f23188546c0(0000) GS:ffff88808ca4e000(0000) knlGS:0000000000000000
[  102.724508][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.727578][ T5332] CR2: 00007f15ca1909c0 CR3: 000000001ed6f000 CR4: 0000000000352ef0
[  102.731041][ T5332] Call Trace:
[  102.732595][ T5332]  <TASK>
[  102.733985][ T5332]  nilfs_clean_segments+0x162/0xa50
[  102.736464][ T5332]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[  102.739015][ T5332]  ? __pfx_nilfs_clean_segments+0x10/0x10
[  102.741621][ T5332]  ? _copy_from_user+0x94/0xb0
[  102.743872][ T5332]  nilfs_ioctl+0x261f/0x2780
[  102.746066][ T5332]  ? __pfx_nilfs_ioctl+0x10/0x10
[  102.748391][ T5332]  ? kasan_save_track+0x4f/0x80
[  102.750642][ T5332]  ? kasan_save_track+0x3e/0x80
[  102.752851][ T5332]  ? kasan_save_free_info+0x46/0x50
[  102.755149][ T5332]  ? __kasan_slab_free+0x5c/0x80
[  102.757399][ T5332]  ? kfree+0x1c1/0x630
[  102.759346][ T5332]  ? tomoyo_path_number_perm+0x501/0x630
[  102.761845][ T5332]  ? security_file_ioctl+0xc3/0x2a0
[  102.764339][ T5332]  ? __se_sys_ioctl+0x47/0x170
[  102.766590][ T5332]  ? do_syscall_64+0x14d/0xf80
[  102.768948][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.771692][ T5332]  ? kasan_quarantine_put+0xbb/0x1f0
[  102.773964][ T5332]  ? tomoyo_path_number_perm+0x219/0x630
[  102.776543][ T5332]  ? tomoyo_path_number_perm+0x219/0x630
[  102.779418][ T5332]  ? do_vfs_ioctl+0x1166/0x1530
[  102.781931][ T5332]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  102.784504][ T5332]  ? do_futex+0x333/0x420
[  102.786579][ T5332]  ? __fget_files+0x2a/0x420
[  102.788766][ T5332]  ? __fget_files+0x2a/0x420
[  102.791134][ T5332]  ? __fget_files+0x3a0/0x420
[  102.793878][ T5332]  ? __fget_files+0x2a/0x420
[  102.796336][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[  102.798540][ T5332]  ? __pfx_nilfs_ioctl+0x10/0x10
[  102.800723][ T5332]  __se_sys_ioctl+0xfc/0x170
[  102.802929][ T5332]  do_syscall_64+0x14d/0xf80
[  102.805589][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.808689][ T5332]  ? clear_bhb_loop+0x40/0x90
[  102.810767][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.813276][ T5332] RIP: 0033:0x7f231799c819
[  102.815317][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.824078][ T5332] RSP: 002b:00007f2318853fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  102.828319][ T5332] RAX: ffffffffffffffda RBX: 00007f2317c15fa0 RCX: 00007f231799c819
[  102.832305][ T5332] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000008
[  102.835966][ T5332] RBP: 00007f2317a32c91 R08: 0000000000000000 R09: 0000000000000000
[  102.839715][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.843866][ T5332] R13: 00007f2317c16038 R14: 00007f2317c15fa0 R15: 00007ffd0c7e4768
[  102.847619][ T5332]  </TASK>
[  102.849067][ T5332] Modules linked in:
[  102.851445][ T5332] ---[ end trace 0000000000000000 ]---
[  102.861591][ T5332] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  102.865161][ T5332] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 6e 90 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 50 90 84 fe 49 8b 34 24 4c 89 ff
[  102.875336][ T5332] RSP: 0018:ffffc9000f547708 EFLAGS: 00010206
[  102.879998][ T5332] RAX: 0000000000000006 RBX: ffff888047bd87a8 RCX: 0000000000000002
[  102.884872][ T5332] RDX: ffff888012afc980 RSI: 0000000000000000 RDI: 0000000000000000
[  102.888608][ T5332] RBP: 0000000000000000 R08: ffff888012afc980 R09: 0000000000000003
[  102.893348][ T5332] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  102.897319][ T5332] R13: dffffc0000000000 R14: ffff888034044540 R15: ffff888047bd7c48
[  102.901470][ T5332] FS:  00007f23188546c0(0000) GS:ffff88808ca4e000(0000) knlGS:0000000000000000
[  102.906685][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.909742][ T5332] CR2: 00007f15ca1909c0 CR3: 000000001ed6f000 CR4: 0000000000352ef0
[  102.914253][ T5332] Kernel panic - not syncing: Fatal exception
[  102.918224][ T5332] Kernel Offset: disabled
[  102.920323][ T5332] Rebooting in 86400 seconds..