program:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0xa, 0x0, &(0x7f0000000300)=0x9b)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[], 0xfd, 0xda0, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/u2eHtW2qPVAPw/4dVlbcxR/YGwbd/1+572FJj5775/HVoWS7+/Tm9WW8fyE8iL3e/5zy91f/f63+r3pe/4Uesya3Vu4f7x36R1ux6VSv5cf2l/vATvVX/p9y+aU1j6Xeyl/5XSg/3qi0R38O5R/usfz72n96a+X/JZdfXra5s72Wv17jqrG5HnG/cbkPYNxvXPw1tL/c26/v9m+xo7ZbuXwYZcPSz2S/hqX/z27Kcst6MK+eW8fpyv23Y38H/da/3Pe7/A48EpZf1fy+6f9zuNX1/1k+fwv6/4R950PH/wyGkR1WVlYG2vXJqPa7slcM+vUf9DbkoMsf9OtfJ/b/Gf8vxf4/Yzz2/xnjsf/PGI/9a8V47P8zvp6x/88YPxmWG/sHna6Jf6Umfqom/tWa+OmaePz/FuOzNfEzNfGZmvjDNfFHa+Jna+LfqIk/VhN/vCY+VxPf776e01FtP4yy2G+k7z+MjnL8p9v3f6omDgyv2K9z/H5/syYODK9ynofvN4ygqvMdO+L+9rIf982cvpPT93P60Y5VkN3wrZx+O6ffyel3c3oup/M5XcipviGH22/+derMzWrjPL9jId7r+aTxeoB4n5jzPdYnHp/r93zWkz2Ws1Plb/FyEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICh0Vh7XFycrlJ6+9ZbF/8z9YMfr06ZaeWYXXscz2NLKaVmSqnK4+Nhedcn1tPPPrl2qVNapQtrj2U8PXu3Ne+R1fnTbLqdJtNzH5+8+dIHzyy/d+LGiYtvzN3ZmdYDAADAaPgiAAD//3Po5ag=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r1, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xe, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f0000000000)=[0x9, 0x6], 0x2, 0x8, 0x98f, 0x2000fffc}})

[  103.365859][ T5306] Bluetooth: hci0: command tx timeout
[  103.623722][ T5327] loop0: detected capacity change from 0 to 4096
[  103.688387][ T5327] NILFS (loop0): invalid segment: Checksum error in segment payload
[  103.697135][ T5327] NILFS (loop0): trying rollback from an earlier position
[  103.761697][ T5327] NILFS (loop0): recovery complete
[  103.785319][ T5336] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  103.808824][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[  103.815379][ T5327] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  103.819178][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.823429][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.828658][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  103.832395][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 ce 80 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 b0 80 84 fe 49 8b 34 24 4c 89 ff
[  103.841477][ T5327] RSP: 0018:ffffc9000f56f708 EFLAGS: 00010206
[  103.844855][ T5327] RAX: 0000000000000006 RBX: ffff888055c087a8 RCX: 0000000000000002
[  103.848751][ T5327] RDX: ffff88801fab24c0 RSI: 0000000000000000 RDI: 0000000000000000
[  103.852458][ T5327] RBP: 0000000000000000 R08: ffff88801fab24c0 R09: 0000000000000003
[  103.856016][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  103.860101][ T5327] R13: dffffc0000000000 R14: ffff888011e77140 R15: ffff888055c07c48
[  103.863600][ T5327] FS:  00007f3aa7f356c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[  103.867335][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.870364][ T5327] CR2: 00007fdf19d68000 CR3: 0000000012039000 CR4: 0000000000352ef0
[  103.874950][ T5327] Call Trace:
[  103.876842][ T5327]  <TASK>
[  103.878259][ T5327]  nilfs_clean_segments+0x162/0xa50
[  103.880303][ T5327]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[  103.882812][ T5327]  ? __pfx_nilfs_clean_segments+0x10/0x10
[  103.885376][ T5327]  ? _copy_from_user+0x94/0xb0
[  103.888023][ T5327]  nilfs_ioctl+0x261f/0x2780
[  103.890487][ T5327]  ? __pfx_nilfs_ioctl+0x10/0x10
[  103.892974][ T5327]  ? kasan_save_track+0x4f/0x80
[  103.895091][ T5327]  ? kasan_save_track+0x3e/0x80
[  103.897230][ T5327]  ? kasan_save_free_info+0x46/0x50
[  103.899469][ T5327]  ? __kasan_slab_free+0x5c/0x80
[  103.901950][ T5327]  ? kfree+0x1c1/0x630
[  103.904436][ T5327]  ? tomoyo_path_number_perm+0x501/0x630
[  103.907481][ T5327]  ? security_file_ioctl+0xc3/0x2a0
[  103.910025][ T5327]  ? __se_sys_ioctl+0x47/0x170
[  103.912029][ T5327]  ? do_syscall_64+0x14d/0xf80
[  103.915274][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.918498][ T5327]  ? kasan_quarantine_put+0xbb/0x1f0
[  103.921079][ T5327]  ? tomoyo_path_number_perm+0x219/0x630
[  103.924007][ T5327]  ? tomoyo_path_number_perm+0x219/0x630
[  103.926819][ T5327]  ? do_vfs_ioctl+0x1166/0x1530
[  103.928901][ T5327]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  103.931483][ T5327]  ? do_futex+0x395/0x420
[  103.933741][ T5327]  ? __fget_files+0x2a/0x420
[  103.936576][ T5327]  ? __fget_files+0x2a/0x420
[  103.939751][ T5327]  ? __fget_files+0x3a0/0x420
[  103.942243][ T5327]  ? __fget_files+0x2a/0x420
[  103.944522][ T5327]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.947088][ T5327]  ? __pfx_nilfs_ioctl+0x10/0x10
[  103.949922][ T5327]  __se_sys_ioctl+0xfc/0x170
[  103.951922][ T5327]  do_syscall_64+0x14d/0xf80
[  103.954248][ T5327]  ? trace_irq_disable+0x3b/0x150
[  103.956844][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.959605][ T5327]  ? clear_bhb_loop+0x40/0x90
[  103.961925][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.964594][ T5327] RIP: 0033:0x7f3aa6f9c819
[  103.966854][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.976477][ T5327] RSP: 002b:00007f3aa7f34fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.980495][ T5327] RAX: ffffffffffffffda RBX: 00007f3aa7215fa0 RCX: 00007f3aa6f9c819
[  103.984381][ T5327] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000005
[  103.987970][ T5327] RBP: 00007f3aa7032c91 R08: 0000000000000000 R09: 0000000000000000
[  103.991684][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.995558][ T5327] R13: 00007f3aa7216038 R14: 00007f3aa7215fa0 R15: 00007ffcb574a428
[  103.999066][ T5327]  </TASK>
[  104.000687][ T5327] Modules linked in:
[  104.003797][ T5327] ---[ end trace 0000000000000000 ]---
[  104.103562][ T5327] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[  104.107300][ T5327] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 ce 80 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 b0 80 84 fe 49 8b 34 24 4c 89 ff
[  104.117075][ T5327] RSP: 0018:ffffc9000f56f708 EFLAGS: 00010206
[  104.119989][ T5327] RAX: 0000000000000006 RBX: ffff888055c087a8 RCX: 0000000000000002
[  104.123791][ T5327] RDX: ffff88801fab24c0 RSI: 0000000000000000 RDI: 0000000000000000
[  104.129000][ T5327] RBP: 0000000000000000 R08: ffff88801fab24c0 R09: 0000000000000003
[  104.133182][ T5327] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[  104.137983][ T5327] R13: dffffc0000000000 R14: ffff888011e77140 R15: ffff888055c07c48
[  104.142117][ T5327] FS:  00007f3aa7f356c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[  104.146159][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.150312][ T5327] CR2: 000055fde09b4a18 CR3: 0000000012039000 CR4: 0000000000352ef0
[  104.154802][ T5327] Kernel panic - not syncing: Fatal exception
[  104.157919][ T5327] Kernel Offset: disabled
[  104.159872][ T5327] Rebooting in 86400 seconds..