program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x2002, 0x0)
ioctl$TIOCMGET(r1, 0x5415, 0x0) (async)
ioctl$TIOCMGET(r1, 0x5415, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "6d4dfdeb8cf7bbfe143803bec2ce783e04cd32308cdd8dde", "c71cb8adfce542a4bc5a026c208fd0c45787e4aa384e3d26b21ea41cc128364c"}}}}}}, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000100)) (async)
io_setup(0x202, &(0x7f0000000100)=<r6=>0x0)
io_submit(r6, 0x20000000000002c9, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x4000}])
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r3)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r7, 0x20, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4004050) (async)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r7, 0x20, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4004050)
r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r10 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r10, 0x2007ffb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r10, 0x0)
ioctl$KDGKBLED(r2, 0x4b64, &(0x7f00000000c0)) (async)
ioctl$KDGKBLED(r2, 0x4b64, &(0x7f00000000c0))

[   75.631706][ T5307] Bluetooth: hci0: command tx timeout
[   75.660301][ T5327] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   75.680613][ T5327] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   75.684894][ T5327] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   75.689036][ T5327] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   75.745842][ T5327] loop0: detected capacity change from 0 to 2048
[   75.784615][ T5327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.804897][ T5329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[   75.808983][ T5329] openvswitch: netlink: push_nsh: missing base or metadata attributes
[   75.813733][ T5329] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.879149][ T5328] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   76.397013][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.400629][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.488690][ T5326] ------------[ cut here ]------------
[   76.491625][ T5326] kernel BUG at fs/ext4/inode.c:2746!
[   76.502507][ T5326] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   76.506656][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) 
[   76.511707][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.517131][ T5326] RIP: 0010:ext4_do_writepages+0x3f2b/0x3f30
[   76.520579][ T5326] Code: c1 0f 8c 2a fd ff ff 4c 89 e7 e8 90 31 b0 ff e9 1d fd ff ff e8 26 b0 4c ff 90 0f 0b e8 1e b0 4c ff 90 0f 0b e8 16 b0 4c ff 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66
[   76.529473][ T5326] RSP: 0018:ffffc9000ece74a0 EFLAGS: 00010293
[   76.532340][ T5326] RAX: ffffffff827315fa RBX: 0000004a10000000 RCX: ffff88801c640000
[   76.538417][ T5326] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
[   76.542478][ T5326] RBP: ffffc9000ece78b0 R08: ffff888043e99377 R09: 1ffff110087d326e
[   76.546134][ T5326] R10: dffffc0000000000 R11: ffffed10087d326f R12: 0000000000000001
[   76.549973][ T5326] R13: 0000000000400040 R14: 0000004000000000 R15: ffffc9000ece7900
[   76.553747][ T5326] FS:  0000555576a0e500(0000) GS:ffff88808d27b000(0000) knlGS:0000000000000000
[   76.557879][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.561175][ T5326] CR2: 00005621bbe85168 CR3: 00000000426ca000 CR4: 0000000000352ef0
[   76.565996][ T5326] Call Trace:
[   76.567912][ T5326]  <TASK>
[   76.569476][ T5326]  ? __lock_acquire+0xab9/0xd20
[   76.571734][ T5326]  ? is_bpf_text_address+0x26/0x2b0
[   76.574203][ T5326]  ? __lock_acquire+0xab9/0xd20
[   76.576357][ T5326]  ? __pfx_ext4_do_writepages+0x10/0x10
[   76.579042][ T5326]  ? look_up_lock_class+0x74/0x170
[   76.581620][ T5326]  ? register_lock_class+0x51/0x320
[   76.584842][ T5326]  ? __lock_acquire+0xab9/0xd20
[   76.587746][ T5326]  ? rcu_read_lock_any_held+0xb3/0x120
[   76.590248][ T5326]  ext4_writepages+0x205/0x350
[   76.592418][ T5326]  ? __pfx_ext4_writepages+0x10/0x10
[   76.594719][ T5326]  ? do_raw_spin_unlock+0x4d/0x240
[   76.597150][ T5326]  ? __pfx_ext4_writepages+0x10/0x10
[   76.599603][ T5326]  do_writepages+0x32e/0x550
[   76.601781][ T5326]  ? do_raw_spin_unlock+0x4d/0x240
[   76.604276][ T5326]  filemap_flush+0x189/0x220
[   76.607672][ T5326]  ? __pfx_filemap_flush+0x10/0x10
[   76.610892][ T5326]  ? __pfx___might_resched+0x10/0x10
[   76.613520][ T5326]  ? rcu_is_watching+0x15/0xb0
[   76.616110][ T5326]  ext4_release_file+0x82/0x310
[   76.618370][ T5326]  ? __pfx_ext4_release_file+0x10/0x10
[   76.620731][ T5326]  __fput+0x449/0xa70
[   76.622432][ T5326]  task_work_run+0x1d1/0x260
[   76.624556][ T5326]  ? __pfx_task_work_run+0x10/0x10
[   76.626899][ T5326]  ? exit_to_user_mode_loop+0x40/0x110
[   76.629328][ T5326]  exit_to_user_mode_loop+0xec/0x110
[   76.631795][ T5326]  do_syscall_64+0x2bd/0x3b0
[   76.634413][ T5326]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.637101][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.639906][ T5326]  ? clear_bhb_loop+0x60/0xb0
[   76.642052][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.644839][ T5326] RIP: 0033:0x7fd104d8e9a9
[   76.647228][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.656402][ T5326] RSP: 002b:00007ffdfc0d6548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   76.660097][ T5326] RAX: 0000000000000000 RBX: 00007fd104fb7ba0 RCX: 00007fd104d8e9a9
[   76.663974][ T5326] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   76.668311][ T5326] RBP: 00007fd104fb7ba0 R08: 0000000000000000 R09: 00000020fc0d683f
[   76.671585][ T5326] R10: 00007fd104fb7ac0 R11: 0000000000000246 R12: 0000000000012a1a
[   76.674868][ T5326] R13: 00007fd104fb5fa0 R14: ffffffffffffffff R15: 00007ffdfc0d6660
[   76.678611][ T5326]  </TASK>
[   76.680177][ T5326] Modules linked in:
[   76.682634][ T5326] ---[ end trace 0000000000000000 ]---
[   76.901361][ T5326] RIP: 0010:ext4_do_writepages+0x3f2b/0x3f30
[   76.912033][ T5326] Code: c1 0f 8c 2a fd ff ff 4c 89 e7 e8 90 31 b0 ff e9 1d fd ff ff e8 26 b0 4c ff 90 0f 0b e8 1e b0 4c ff 90 0f 0b e8 16 b0 4c ff 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66
[   76.930750][ T5326] RSP: 0018:ffffc9000ece74a0 EFLAGS: 00010293
[   76.933993][ T5326] RAX: ffffffff827315fa RBX: 0000004a10000000 RCX: ffff88801c640000
[   76.937254][ T5326] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
[   76.940553][ T5326] RBP: ffffc9000ece78b0 R08: ffff888043e99377 R09: 1ffff110087d326e
[   76.955268][ T5326] R10: dffffc0000000000 R11: ffffed10087d326f R12: 0000000000000001
[   76.958760][ T5326] R13: 0000000000400040 R14: 0000004000000000 R15: ffffc9000ece7900
[   76.971520][ T5326] FS:  0000555576a0e500(0000) GS:ffff88808d27b000(0000) knlGS:0000000000000000
[   76.975474][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.989072][ T5326] CR2: 00005621bbe85168 CR3: 00000000426ca000 CR4: 0000000000352ef0
[   76.993039][ T5326] Kernel panic - not syncing: Fatal exception
[   76.996156][ T5326] Kernel Offset: disabled
[   76.998521][ T5326] Rebooting in 86400 seconds..