program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003880)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x2, @loopback}, 0x1c, 0x0}}], 0x1, 0x24044084)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xda8, &(0x7f0000000e00)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvd+lQ+Osar8t4NKdv5vSdnL6f0486lDuKyuex2/n/5fM5nZrVC1eWLz+Rx8vn9M5Yc2J1+vldrjfw4Hq9/mc6bb7+52hrerPRvl44tjG9al8vTIbpF7pMfzKPl9+zn44dWps+f+nnyz/Z7sbDiLv62us/e355+fKvPPHEE09aTwa9ZgJ22sKrL/9i4eprr5+78vLzL15+8fIr55/4/veefOqpxYW1rfqF9m17YH/Z+NEfdE0AAAAAAAAAAACAnlWHOk/Oad39bcv15OX69Hh9PMOhvG/l01DuY1Cu/+x2X5dy/ebxXagj2283LicadBuBzv49LPf/LRscg66HwbCPhpUVd/EH9oZB9/9X7ntY0qPn/nl8dSjZ7j69eX0Z718ID2Kv9z+n/P3V/1+r/6ue13+hx6zJrZX7x3uH/tFWbDrVa/mx/eU+sFP9lf+nXH5pzWOpt/JXfhfKjzcq7dGfQ/mHeyz/vvaf3lr5f8nll5dt7myv5a/XuGpsrkfcb1zuAxj3Gxd/De0v9/bru/1b7KjtVi4fRtmw9DPZr2Hp/7ObstyyHsyr59ZxunL/7djfQb/1L/f9Lr8Dj4TlVzW/b/r/HG51/X+Wz9+C/j9h3/lw7x3/21j1Dr4uBsO+HlZWVgba9cmo9ruyVwz69R/0NuSgyx/0618n9v8Z/y/F/j9jPPb/GeOx/88Yj/1rxXjs/zO+nrH/zxg/GZYb+wedrol/pSZ+qib+1Zr46Zp4/P8W47M18TM18Zma+MM18Udr4mdr4t+oiT9WE3+8Jj5XE9/vvp7TUW0/jLLYb6TvP4yOcvyn2/d/qiYODK/Yr3P8fn+zJg4Mr3Keh+83jKCq8x074v72sh/3zZy+k9P3c/rRjlWQ3fCtnH47p9/J6Xdzei6n8zldyKm+IYfbb/516szNauM8v2Mh3uv5pPF6gHifmPM91icen+v3fNaTPZazU+Vv8XIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKHRWHtcXJyuUnr71lsX/zP1gx+vTplp5ZhdexzPY0sppWZKqcrj42F51yfW088+uXapU1qlC2uPZTw9e7c175HV+dNsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAAMBo+CIAAP//0oXmQQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r2, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {&(0x7f0000000300)=[{0x1, 0x700}], 0x1f, 0x10, 0x20c, 0xfffffffffffffff8}, {0x0, 0x0, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000003c0)=[0x9], 0x1, 0x8, 0x98f, 0xffff}})
ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000))
sendto$inet6(r0, &(0x7f0000000200)="ae", 0x1, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)

[   85.171546][ T4665] Bluetooth: hci0: command tx timeout
[   85.513694][ T5321] loop0: detected capacity change from 0 to 4096
[   85.567597][ T5321] NILFS (loop0): invalid segment: Checksum error in segment payload
[   85.571510][ T5321] NILFS (loop0): trying rollback from an earlier position
[   85.629937][ T5321] NILFS (loop0): recovery complete
[   85.648512][ T5328] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   85.666847][ T5321] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
[   85.672436][ T5321] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[   85.677313][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.681512][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.686033][ T5321] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[   85.689539][ T5321] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff
[   85.699245][ T5321] RSP: 0018:ffffc9000e4df708 EFLAGS: 00010206
[   85.701988][ T5321] RAX: 0000000000000006 RBX: ffff888047fa47a8 RCX: 0000000000000002
[   85.705964][ T5321] RDX: ffff888040af24c0 RSI: 0000000000000000 RDI: 0000000000000000
[   85.710008][ T5321] RBP: 0000000000000000 R08: ffff888040af24c0 R09: 0000000000000003
[   85.713537][ T5321] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[   85.716948][ T5321] R13: dffffc0000000000 R14: ffff88803436c540 R15: ffff888047fa3c48
[   85.720615][ T5321] FS:  00007f6e10e276c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[   85.725028][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.728529][ T5321] CR2: 00007ff15abcf000 CR3: 00000000366ed000 CR4: 0000000000352ef0
[   85.732711][ T5321] Call Trace:
[   85.734405][ T5321]  <TASK>
[   85.735932][ T5321]  nilfs_clean_segments+0x162/0xa50
[   85.739003][ T5321]  ? nilfs_ioctl_move_blocks+0x94b/0xda0
[   85.741898][ T5321]  ? __pfx_nilfs_clean_segments+0x10/0x10
[   85.744529][ T5321]  ? _copy_from_user+0x94/0xb0
[   85.746919][ T5321]  nilfs_ioctl+0x261f/0x2780
[   85.748964][ T5321]  ? __pfx_nilfs_ioctl+0x10/0x10
[   85.751165][ T5321]  ? kasan_save_track+0x4f/0x80
[   85.753249][ T5321]  ? kasan_save_track+0x3e/0x80
[   85.755319][ T5321]  ? kasan_save_free_info+0x46/0x50
[   85.757594][ T5321]  ? __kasan_slab_free+0x5c/0x80
[   85.759865][ T5321]  ? kfree+0x1c1/0x630
[   85.761746][ T5321]  ? tomoyo_path_number_perm+0x501/0x630
[   85.764258][ T5321]  ? security_file_ioctl+0xc3/0x2a0
[   85.767559][ T5321]  ? __se_sys_ioctl+0x47/0x170
[   85.770723][ T5321]  ? do_syscall_64+0x14d/0xf80
[   85.773077][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.775876][ T5321]  ? kasan_quarantine_put+0xbb/0x1f0
[   85.778223][ T5321]  ? tomoyo_path_number_perm+0x219/0x630
[   85.780760][ T5321]  ? tomoyo_path_number_perm+0x219/0x630
[   85.783680][ T5321]  ? do_vfs_ioctl+0x1166/0x1530
[   85.786230][ T5321]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   85.788723][ T5321]  ? do_futex+0x395/0x420
[   85.790592][ T5321]  ? __fget_files+0x2a/0x420
[   85.792578][ T5321]  ? __fget_files+0x2a/0x420
[   85.794694][ T5321]  ? __fget_files+0x3a0/0x420
[   85.797203][ T5321]  ? __fget_files+0x2a/0x420
[   85.799917][ T5321]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.802408][ T5321]  ? __pfx_nilfs_ioctl+0x10/0x10
[   85.805041][ T5321]  __se_sys_ioctl+0xfc/0x170
[   85.807445][ T5321]  do_syscall_64+0x14d/0xf80
[   85.809557][ T5321]  ? trace_irq_disable+0x3b/0x150
[   85.812110][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.815456][ T5321]  ? clear_bhb_loop+0x40/0x90
[   85.817584][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.820197][ T5321] RIP: 0033:0x7f6e0ff9c819
[   85.822122][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.831385][ T5321] RSP: 002b:00007f6e10e26fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.834965][ T5321] RAX: ffffffffffffffda RBX: 00007f6e10215fa0 RCX: 00007f6e0ff9c819
[   85.838502][ T5321] RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000006
[   85.842247][ T5321] RBP: 00007f6e10032c91 R08: 0000000000000000 R09: 0000000000000000
[   85.846155][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.849596][ T5321] R13: 00007f6e10216038 R14: 00007f6e10215fa0 R15: 00007fff752a3be8
[   85.852915][ T5321]  </TASK>
[   85.854454][ T5321] Modules linked in:
[   85.857309][ T5321] ---[ end trace 0000000000000000 ]---
[   85.929636][ T5321] RIP: 0010:nilfs_mdt_save_to_shadow_map+0x141/0x1c0
[   85.932542][ T5321] Code: 3f 4c 8d 63 d8 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 9e 74 84 fe 4d 8b 24 24 49 83 c4 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 80 74 84 fe 49 8b 34 24 4c 89 ff
[   85.947980][ T5321] RSP: 0018:ffffc9000e4df708 EFLAGS: 00010206
[   85.951268][ T5321] RAX: 0000000000000006 RBX: ffff888047fa47a8 RCX: 0000000000000002
[   85.955625][ T5321] RDX: ffff888040af24c0 RSI: 0000000000000000 RDI: 0000000000000000
[   85.959275][ T5321] RBP: 0000000000000000 R08: ffff888040af24c0 R09: 0000000000000003
[   85.962755][ T5321] R10: 0000000000000406 R11: 0000000000000002 R12: 0000000000000030
[   85.967208][ T5321] R13: dffffc0000000000 R14: ffff88803436c540 R15: ffff888047fa3c48
[   85.971300][ T5321] FS:  00007f6e10e276c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[   85.975486][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.978320][ T5321] CR2: 0000200000b63fe4 CR3: 00000000366ed000 CR4: 0000000000352ef0
[   85.982467][ T5321] Kernel panic - not syncing: Fatal exception
[   85.985992][ T5321] Kernel Offset: disabled
[   85.987893][ T5321] Rebooting in 86400 seconds..