last executing test programs:

183.81731ms ago: executing program 2 (id=3):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
utimensat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x40, 0x4)

164.273051ms ago: executing program 3 (id=4):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7902})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
write$cgroup_int(r1, &(0x7f00000000c0)=0xa7, 0x12)

129.500563ms ago: executing program 2 (id=6):
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1], 0x20)

80.967166ms ago: executing program 0 (id=1):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000df28008000430000000100000000000000"], 0x18}}], 0x2, 0x8004)
ppoll(0x0, 0x0, &(0x7f0000002fc0)={0x7fffffffffffffff}, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

65.144616ms ago: executing program 4 (id=5):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000001180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='-'], 0x27)

49.979367ms ago: executing program 1 (id=2):
syz_emit_ethernet(0x42, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004800003400020000020690780a210104ac1414aa070909904b30ad2bb700000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c3000b764a8b4"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = inotify_init()
r1 = epoll_create1(0x80000)
r2 = epoll_create1(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18030000000000000000000000100000851000000600000018000000000000000000000e323e9e6cf2e7831ab9496d00000000650000000000000018000000000000000000000000000000953700000000000000540200000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0xa0000001})
inotify_rm_watch(r0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
r4 = io_uring_setup(0x3450, &(0x7f0000000080))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x0, <r5=>0x0}, 0x6)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r5, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000180)={r6, 0x20, &(0x7f0000000100)={&(0x7f0000000380)=""/238, 0xfffffffffffffd97, 0x0, 0x0}}, 0x1e)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r7, &(0x7f0000000540), 0xfffffdd8)
unshare(0x20060400)
openat(0xffffffffffffff9c, 0x0, 0x800c4, 0xf7)
openat(0xffffffffffffff9c, 0x0, 0x1c1202, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
r8 = socket$inet(0x2, 0x3, 0xa)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
r10 = dup(r9)
ioctl$PTP_EXTTS_REQUEST2(r10, 0x40043d0d, 0x0)
sendmmsg$inet(r8, &(0x7f0000000900)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000000000034"], 0x20}}], 0x1, 0x24000004)

444.54µs ago: executing program 4 (id=7):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noauto_da_alloc}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x559, &(0x7f00000005c0)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfITW+6dknarMuWznw+cMs5uTc595t7v6fn5N6QAAbWePanEPFyRHyTRByKiCRfNxz5yvG17VYfXJvJliTq9U//ShrbZfXmazWfdyCvvBQRv30VcaLQ2m51eWW+VC6ni3l9orZweaK6vHLy4kJpLp1LL01NT59+e3rqvXff6Vmsb5z75/tP7nx4+utjq9/9cu/wrSTOxMF83cY4nsD1jZXxGM/fk5E488iGkz1obDdJ+r0D7MhQnucjkfUBh2Ioz3rg/+/LiKgDAyqR/zCgmuOA5ty+R/Pg58b9D9YmQK3xD699NhJ7G3Oj/avJpplRNt8d60H7WRu//nn7VrZE7z6HANjW9RsRcWp4uLX/S/L+b+dOdbHNo23o/+DZuZONf95sN/4prI9/os3450Cb3N2J7fO/cK8HzXSUjf/eb45/N330vX7Ramwor73QGPONJBcultOsb3sxIo7HyJ6svtX1nNOrd+ud1m0c/2VLth/NsWC+H/eG92x+zmypVtpZtK3u34h4pe34N1k//kmb45+9H+e6bONoevu1Tuu2j//pqv8U8Xrb+c/DK1rJ1tcnJxrnw0TzrGj1982jv3dqv9/xZ8d//9bxjyUbr9dWH7+NH/f+m3Zatyn+6P78H00+a5RH88eulmq1xcmI0eTj1senHj63WW9un8V//NjW/V+7839fRHzeZfw3j/z8alfx9+n4zz7W8X/8wt2PvvihU/vd9X9vNUrH80e66f+63cEnee8AAAAAAABgtylExMFICsX1cqFQLK7d33Ek9hfKlWrtxIXK0qXZaHxXdixGCs0r3Yc23A8xmd8P26xPPVKfjojDEfHt0L5GvThTKc/2O3gAAAAAAAAAAAAAAAAAAADYJQ50+P5/5o+hfu8d8NT5yW8YXNvmfy9+6QnYlfz/h8El/2FwyX8YXPIfBpf8h8El/2FwyX8YXPIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeurc2bPZUl99cG0mq89eWV6ar1w5OZtW54sLSzPFmcri5eJcpTJXToszlYXtXq9cqVyenIqlqxO1tFqbqC6vnF+oLF2qnb+4UJpLz6cjEaPPJDAAAAAAAAAAAAAAAAAAAAB4jlSXV+ZL5XK6qKCwo8Lw7tgNhR4X+t0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//ZdYzKA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000001040)=ANY=[], 0x841, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0xf4ff, 0xfff})

129.29µs ago: executing program 2 (id=8):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[], 0xfc}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
preadv(r4, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000780)=""/4096, 0x1000}], 0x2, 0x12c, 0x0)

0s ago: executing program 3 (id=9):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)=ANY=[@ANYBLOB="200e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000580)=ANY=[@ANYBLOB="e71a0d"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r0, 0x0, &(0x7f00000000c0)={0x44, &(0x7f0000000780)={0x0, 0x17, 0x1, "04"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

  T28] audit: type=1400 audit(1774548320.319:62): avc:  denied  { rlimitinh } for  pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   12.911478][   T28] audit: type=1400 audit(1774548320.319:63): avc:  denied  { siginh } for  pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts.
[   19.754544][   T28] audit: type=1400 audit(1774548327.179:64): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   19.756083][  T275] cgroup: Unknown subsys name 'net'
[   19.777820][   T28] audit: type=1400 audit(1774548327.179:65): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.805289][   T28] audit: type=1400 audit(1774548327.209:66): avc:  denied  { unmount } for  pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.805524][  T275] cgroup: Unknown subsys name 'devices'
[   19.950123][  T275] cgroup: Unknown subsys name 'hugetlb'
[   19.955794][  T275] cgroup: Unknown subsys name 'rlimit'
[   20.060771][   T28] audit: type=1400 audit(1774548327.489:67): avc:  denied  { setattr } for  pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.084174][   T28] audit: type=1400 audit(1774548327.489:68): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.093578][  T277] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   20.109250][   T28] audit: type=1400 audit(1774548327.489:69): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   20.142675][   T28] audit: type=1400 audit(1774548327.539:70): avc:  denied  { relabelto } for  pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.169125][   T28] audit: type=1400 audit(1774548327.539:71): avc:  denied  { write } for  pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.206257][   T28] audit: type=1400 audit(1774548327.629:72): avc:  denied  { read } for  pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.206772][  T275] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.232851][   T28] audit: type=1400 audit(1774548327.629:73): avc:  denied  { open } for  pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.040040][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.047096][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.054705][  T283] device bridge_slave_0 entered promiscuous mode
[   21.062536][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.069742][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.077061][  T283] device bridge_slave_1 entered promiscuous mode
[   21.083772][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.090942][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.098472][  T284] device bridge_slave_0 entered promiscuous mode
[   21.106582][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.113762][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.121132][  T284] device bridge_slave_1 entered promiscuous mode
[   21.234239][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.241625][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.249420][  T285] device bridge_slave_0 entered promiscuous mode
[   21.256361][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.263715][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.271110][  T285] device bridge_slave_1 entered promiscuous mode
[   21.317676][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.324969][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.332683][  T287] device bridge_slave_0 entered promiscuous mode
[   21.343165][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.350310][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.357825][  T287] device bridge_slave_1 entered promiscuous mode
[   21.419752][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.426816][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.434731][  T286] device bridge_slave_0 entered promiscuous mode
[   21.442813][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.450000][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.457474][  T286] device bridge_slave_1 entered promiscuous mode
[   21.500275][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.507491][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.514909][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.521960][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.530516][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.537650][  T283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.545032][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.552359][  T283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.648892][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.655954][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.663508][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.670733][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.680911][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.687980][  T286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.695241][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.702281][  T286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.740683][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.749562][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.757066][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.764719][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.772487][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.779942][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.787495][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.795104][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.803054][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   21.810714][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.833261][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.841618][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.848749][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.856320][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.864860][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.872043][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.882518][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.897939][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.933915][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.942152][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.950212][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.957777][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.966392][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.973730][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.981455][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.990023][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.997043][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.004606][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.012734][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.021042][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.028092][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.035738][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.044175][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.051708][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.059389][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.067722][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.074947][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.082542][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.091359][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.098464][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.125087][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.133500][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.141948][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.151050][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.161730][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.169003][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.176619][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.185287][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.193573][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.202047][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.210296][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.217310][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.224999][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.233342][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.241578][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.249784][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.258158][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.266678][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.275386][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   22.292567][  T283] device veth0_vlan entered promiscuous mode
[   22.302670][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.311296][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.319419][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.327760][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.336486][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.345183][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.354014][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.362411][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.370661][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.378414][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.396112][  T283] device veth1_macvtap entered promiscuous mode
[   22.408026][  T284] device veth0_vlan entered promiscuous mode
[   22.414479][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.422942][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.431563][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.439967][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.448834][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.457046][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.465797][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.474163][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.482447][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.490942][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.498683][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.516544][  T286] device veth0_vlan entered promiscuous mode
[   22.529359][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.538853][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.547377][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.556151][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.564285][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.572838][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.581370][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.590052][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.598692][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.607266][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.614997][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.624724][  T287] device veth0_vlan entered promiscuous mode
[   22.634421][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.644058][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.652083][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.666621][  T284] device veth1_macvtap entered promiscuous mode
[   22.679858][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.688791][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.696999][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.705280][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.714156][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.728274][  T287] device veth1_macvtap entered promiscuous mode
[   22.742792][  T285] device veth0_vlan entered promiscuous mode
[   22.750329][  T286] device veth1_macvtap entered promiscuous mode
[   22.758601][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.767092][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.775659][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.784411][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.793033][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.801458][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.810104][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.819109][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.827111][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.835716][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.843646][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.858848][  T283] request_module fs-gadgetfs succeeded, but still no fs?
[   22.867757][  T285] device veth1_macvtap entered promiscuous mode
[   22.876858][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.886204][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.895134][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.905288][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.913934][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.925350][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.933767][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.949270][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.957769][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.978314][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.992050][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.007749][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.023650][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.033008][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.041389][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.132779][  T324] loop4: detected capacity change from 0 to 1024
[   23.151278][  T324] =======================================================
[   23.151278][  T324] WARNING: The mand mount option has been deprecated and
[   23.151278][  T324]          and is ignored by this kernel. Remove the mand
[   23.151278][  T324]          option from the mount to silence this warning.
[   23.151278][  T324] =======================================================
[   23.278856][  T324] EXT4-fs: Ignoring removed oldalloc option
[   23.284848][  T324] EXT4-fs: Ignoring removed orlov option
[   23.300578][  T324] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   23.420826][   T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   23.450973][  T324] ==================================================================
[   23.459164][  T324] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[   23.466590][  T324] Read of size 4 at addr ffff888122a3d018 by task syz.4.7/324
[   23.474154][  T324] 
[   23.476503][  T324] CPU: 1 PID: 324 Comm: syz.4.7 Not tainted syzkaller #0
[   23.483872][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   23.494297][  T324] Call Trace:
[   23.497763][  T324]  <TASK>
[   23.500707][  T324]  __dump_stack+0x21/0x24
[   23.505170][  T324]  dump_stack_lvl+0x110/0x170
[   23.510003][  T324]  ? __cfi_dump_stack_lvl+0x8/0x8
[   23.515075][  T324]  ? ext4_find_extent+0xbeb/0xe20
[   23.520149][  T324]  ? ext4_find_extent+0xbeb/0xe20
[   23.525207][  T324]  print_address_description+0x71/0x200
[   23.530881][  T324]  print_report+0x4a/0x60
[   23.535357][  T324]  kasan_report+0x122/0x150
[   23.539923][  T324]  ? ext4_find_extent+0xbeb/0xe20
[   23.545172][  T324]  __asan_report_load4_noabort+0x14/0x20
[   23.550833][  T324]  ext4_find_extent+0xbeb/0xe20
[   23.555895][  T324]  ext4_ext_remove_space+0x2de/0x40d0
[   23.561793][  T324]  ? release_firmware_map_entry+0x190/0x190
[   23.567822][  T324]  ? __es_remove_extent+0xe01/0x1770
[   23.573245][  T324]  ? __kasan_check_read+0x11/0x20
[   23.578296][  T324]  ? preempt_schedule_common+0xbe/0xf0
[   23.583786][  T324]  ? preempt_schedule+0xbc/0xd0
[   23.588661][  T324]  ? __cfi_preempt_schedule+0x10/0x10
[   23.594141][  T324]  ? ext4_es_insert_extent+0x2d60/0x2d60
[   23.599796][  T324]  ? preempt_schedule_thunk+0x16/0x18
[   23.605197][  T324]  ? __cfi_ext4_ext_remove_space+0x10/0x10
[   23.611647][  T324]  ext4_punch_hole+0x77c/0xbd0
[   23.616453][  T324]  ext4_fallocate+0x2b6/0x1dc0
[   23.621530][  T324]  ? preempt_schedule_thunk+0x16/0x18
[   23.627027][  T324]  ? file_start_write+0x198/0x1e0
[   23.632172][  T324]  vfs_fallocate+0x4c5/0x5a0
[   23.636939][  T324]  do_vfs_ioctl+0x19cb/0x1cd0
[   23.641694][  T324]  ? preempt_schedule_irq+0xca/0x120
[   23.647008][  T324]  ? __ia32_compat_sys_ioctl+0x860/0x860
[   23.652756][  T324]  ? irqentry_exit+0x37/0x40
[   23.657451][  T324]  ? sysvec_reschedule_ipi+0x78/0x80
[   23.662902][  T324]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   23.668619][  T324]  ? ioctl_has_perm+0x3e6/0x4f0
[   23.673475][  T324]  ? has_cap_mac_admin+0x370/0x370
[   23.678593][  T324]  ? __schedule+0xbae/0x1500
[   23.683170][  T324]  ? __kasan_check_read+0x11/0x20
[   23.688179][  T324]  ? preempt_schedule_irq+0xca/0x120
[   23.693495][  T324]  ? selinux_file_ioctl+0x3a0/0x4d0
[   23.698718][  T324]  ? __cfi_selinux_file_ioctl+0x10/0x10
[   23.704340][  T324]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[   23.710497][  T324]  ? irqentry_exit+0x37/0x40
[   23.715456][  T324]  ? sysvec_reschedule_ipi+0x78/0x80
[   23.721123][  T324]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   23.726778][  T324]  ? security_file_ioctl+0x95/0xc0
[   23.731907][  T324]  __se_sys_ioctl+0x9f/0x1b0
[   23.736817][  T324]  __x64_sys_ioctl+0x7b/0x90
[   23.741418][  T324]  x64_sys_call+0x58b/0x9a0
[   23.745927][  T324]  do_syscall_64+0x4c/0xa0
[   23.750342][  T324]  ? clear_bhb_loop+0x30/0x80
[   23.755019][  T324]  ? clear_bhb_loop+0x30/0x80
[   23.759716][  T324]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   23.765697][  T324] RIP: 0033:0x7fa7b079c799
[   23.770296][  T324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   23.790081][  T324] RSP: 002b:00007fa7b16d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   23.798595][  T324] RAX: ffffffffffffffda RBX: 00007fa7b0a15fa0 RCX: 00007fa7b079c799
[   23.806647][  T324] RDX: 00002000000000c0 RSI: 0000000040305829 RDI: 0000000000000005
[   23.814693][  T324] RBP: 00007fa7b0832c99 R08: 0000000000000000 R09: 0000000000000000
[   23.822654][  T324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   23.830724][  T324] R13: 00007fa7b0a16038 R14: 00007fa7b0a15fa0 R15: 00007ffe142b3e78
[   23.838696][  T324]  </TASK>
[   23.841732][  T324] 
[   23.844042][  T324] The buggy address belongs to the physical page:
[   23.850532][  T324] page:ffffea00048a8f40 refcount:1 mapcount:0 mapping:ffff8881335f94f8 index:0x2bc pfn:0x122a3d
[   23.860942][  T324] memcg:ffff88810023b0c0
[   23.865304][  T324] aops:shmem_aops ino:13 dentry name(?):"bus"
[   23.871413][  T324] flags: 0x580000000008001e(referenced|uptodate|dirty|lru|swapbacked|zone=1)
[   23.880180][  T324] raw: 580000000008001e ffffea00048a8f08 ffffea00048a8f88 ffff8881335f94f8
[   23.888845][  T324] raw: 00000000000002bc 0000000000000000 00000001ffffffff ffff88810023b0c0
[   23.897531][  T324] page dumped because: kasan: bad access detected
[   23.903935][  T324] page_owner tracks the page as allocated
[   23.909734][  T324] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 320, tgid 319 (syz.1.2), ts 23515570017, free_ts 20348924874
[   23.927182][  T324]  post_alloc_hook+0x1f5/0x210
[   23.932121][  T324]  prep_new_page+0x1c/0x110
[   23.936630][  T324]  get_page_from_freelist+0x2d12/0x2d80
[   23.942244][  T324]  __alloc_pages+0x1fa/0x610
[   23.946826][  T324]  __folio_alloc+0x12/0x40
[   23.951366][  T324]  shmem_alloc_and_acct_folio+0x6dd/0x8c0
[   23.957084][  T324]  shmem_get_folio_gfp+0x119f/0x2230
[   23.962440][  T324]  shmem_write_begin+0xea/0x2c0
[   23.967273][  T324]  generic_perform_write+0x32d/0x740
[   23.972971][  T324]  __generic_file_write_iter+0x17a/0x230
[   23.978621][  T324]  generic_file_write_iter+0xae/0x310
[   23.983977][  T324]  vfs_write+0x603/0xce0
[   23.988320][  T324]  ksys_write+0x149/0x250
[   23.992665][  T324]  __x64_sys_write+0x7b/0x90
[   23.997335][  T324]  x64_sys_call+0x27b/0x9a0
[   24.001925][  T324]  do_syscall_64+0x4c/0xa0
[   24.006342][  T324] page last free stack trace:
[   24.011115][  T324]  free_unref_page_prepare+0x742/0x750
[   24.016750][  T324]  free_unref_page_list+0x117/0x8c0
[   24.021954][  T324]  release_pages+0xaf2/0xb50
[   24.026807][  T324]  free_pages_and_swap_cache+0x86/0xa0
[   24.032269][  T324]  tlb_finish_mmu+0x1aa/0x370
[   24.036950][  T324]  unmap_region+0x2b7/0x320
[   24.041620][  T324]  do_mas_align_munmap+0xbed/0x1320
[   24.046830][  T324]  do_mas_munmap+0x241/0x2b0
[   24.051508][  T324]  __vm_munmap+0x1bd/0x330
[   24.055922][  T324]  __x64_sys_munmap+0x6b/0x80
[   24.060680][  T324]  x64_sys_call+0x8a/0x9a0
[   24.065188][  T324]  do_syscall_64+0x4c/0xa0
[   24.069590][  T324]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   24.075723][  T324] 
[   24.078031][  T324] Memory state around the buggy address:
[   24.083683][  T324]  ffff888122a3cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.091816][  T324]  ffff888122a3cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.099864][  T324] >ffff888122a3d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.107927][  T324]                             ^
[   24.112859][  T324]  ffff888122a3d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.120994][  T324]  ffff888122a3d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.129039][  T324] ==================================================================
[   24.150821][  T324] Disabling lock debugging due to kernel taint
[   24.157264][  T324] ------------[ cut here ]------------
[   24.162933][  T324] kernel BUG at fs/ext4/extents.c:3190!
[   24.169155][  T324] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   24.175355][  T324] CPU: 1 PID: 324 Comm: syz.4.7 Tainted: G    B              syzkaller #0
[   24.184085][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   24.194150][  T324] RIP: 0010:ext4_split_extent_at+0xf62/0xf80
[   24.200260][  T324] Code: ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c 3f fb ff ff 4c 89 f7 49 89 f7 e8 9b b7 cf ff 4c 89 fe e9 2c fb ff ff e8 4e 7b 8a ff <0f> 0b e8 47 7b 8a ff 0f 0b e8 40 7b 8a ff 0f 0b e8 39 7b 8a ff 0f
[   24.220213][  T324] RSP: 0018:ffffc9000dc9f4c0 EFLAGS: 00010246
[   24.226382][  T324] RAX: ffffffff81e6f382 RBX: 0000000000000000 RCX: 0000000000080000
[   24.234339][  T324] RDX: ffffc90003a73000 RSI: 000000000007ffff RDI: 0000000000080000
[   24.242582][  T324] RBP: ffffc9000dc9f630 R08: 0000000000000000 R09: 0000000050000028
[   24.250720][  T324] R10: dffffc0000000000 R11: fffffbfff0f6e4fd R12: dffffc0000000000
[   24.258697][  T324] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8881336ec600
[   24.266759][  T324] FS:  00007fa7b16d86c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   24.275851][  T324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.282535][  T324] CR2: 00007fa7b07e9e80 CR3: 0000000132f9f000 CR4: 00000000003506a0
[   24.290695][  T324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.298759][  T324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.306716][  T324] Call Trace:
[   24.310420][  T324]  <TASK>
[   24.313363][  T324]  ? __asan_report_load4_noabort+0x14/0x20
[   24.319161][  T324]  ? ext4_ext_try_to_merge_right+0x820/0x820
[   24.325223][  T324]  ext4_ext_remove_space+0x652/0x40d0
[   24.330585][  T324]  ? release_firmware_map_entry+0x190/0x190
[   24.336475][  T324]  ? __es_remove_extent+0xe01/0x1770
[   24.341761][  T324]  ? __kasan_check_read+0x11/0x20
[   24.346779][  T324]  ? preempt_schedule_common+0xbe/0xf0
[   24.352522][  T324]  ? preempt_schedule+0xbc/0xd0
[   24.357368][  T324]  ? __cfi_preempt_schedule+0x10/0x10
[   24.362736][  T324]  ? ext4_es_insert_extent+0x2d60/0x2d60
[   24.368357][  T324]  ? preempt_schedule_thunk+0x16/0x18
[   24.373805][  T324]  ? __cfi_ext4_ext_remove_space+0x10/0x10
[   24.379629][  T324]  ext4_punch_hole+0x77c/0xbd0
[   24.384482][  T324]  ext4_fallocate+0x2b6/0x1dc0
[   24.389294][  T324]  ? preempt_schedule_thunk+0x16/0x18
[   24.394837][  T324]  ? file_start_write+0x198/0x1e0
[   24.399853][  T324]  vfs_fallocate+0x4c5/0x5a0
[   24.404511][  T324]  do_vfs_ioctl+0x19cb/0x1cd0
[   24.409298][  T324]  ? preempt_schedule_irq+0xca/0x120
[   24.414586][  T324]  ? __ia32_compat_sys_ioctl+0x860/0x860
[   24.420381][  T324]  ? irqentry_exit+0x37/0x40
[   24.424962][  T324]  ? sysvec_reschedule_ipi+0x78/0x80
[   24.430228][  T324]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   24.435844][  T324]  ? ioctl_has_perm+0x3e6/0x4f0
[   24.440692][  T324]  ? has_cap_mac_admin+0x370/0x370
[   24.446050][  T324]  ? __schedule+0xbae/0x1500
[   24.450634][  T324]  ? __kasan_check_read+0x11/0x20
[   24.455640][  T324]  ? preempt_schedule_irq+0xca/0x120
[   24.461185][  T324]  ? selinux_file_ioctl+0x3a0/0x4d0
[   24.466376][  T324]  ? __cfi_selinux_file_ioctl+0x10/0x10
[   24.471908][  T324]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[   24.478067][  T324]  ? irqentry_exit+0x37/0x40
[   24.482732][  T324]  ? sysvec_reschedule_ipi+0x78/0x80
[   24.488009][  T324]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   24.493826][  T324]  ? security_file_ioctl+0x95/0xc0
[   24.498935][  T324]  __se_sys_ioctl+0x9f/0x1b0
[   24.503511][  T324]  __x64_sys_ioctl+0x7b/0x90
[   24.508094][  T324]  x64_sys_call+0x58b/0x9a0
[   24.512682][  T324]  do_syscall_64+0x4c/0xa0
[   24.517082][  T324]  ? clear_bhb_loop+0x30/0x80
[   24.521738][  T324]  ? clear_bhb_loop+0x30/0x80
[   24.526399][  T324]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   24.532447][  T324] RIP: 0033:0x7fa7b079c799
[   24.536847][  T324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   24.556696][  T324] RSP: 002b:00007fa7b16d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   24.565181][  T324] RAX: ffffffffffffffda RBX: 00007fa7b0a15fa0 RCX: 00007fa7b079c799
[   24.573314][  T324] RDX: 00002000000000c0 RSI: 0000000040305829 RDI: 0000000000000005
[   24.581281][  T324] RBP: 00007fa7b0832c99 R08: 0000000000000000 R09: 0000000000000000
[   24.589235][  T324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.597408][  T324] R13: 00007fa7b0a16038 R14: 00007fa7b0a15fa0 R15: 00007ffe142b3e78
[   24.605385][  T324]  </TASK>
[   24.608423][  T324] Modules linked in:
[   24.619053][  T324] ---[ end trace 0000000000000000 ]---
[   24.624629][  T324] RIP: 0010:ext4_split_extent_at+0xf62/0xf80
[   24.630700][  T324] Code: ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c 3f fb ff ff 4c 89 f7 49 89 f7 e8 9b b7 cf ff 4c 89 fe e9 2c fb ff ff e8 4e 7b 8a ff <0f> 0b e8 47 7b 8a ff 0f 0b e8 40 7b 8a ff 0f 0b e8 39 7b 8a ff 0f
[   24.667598][  T324] RSP: 0018:ffffc9000dc9f4c0 EFLAGS: 00010246
[   24.675717][  T324] RAX: ffffffff81e6f382 RBX: 0000000000000000 RCX: 0000000000080000
[   24.681866][  T320] syz.1.2 (320) used greatest stack depth: 21184 bytes left
[   24.684273][  T324] RDX: ffffc90003a73000 RSI: 000000000007ffff RDI: 0000000000080000
[   24.691860][   T24] usb 4-1: Using ep0 maxpacket: 32
[   24.703907][  T324] RBP: ffffc9000dc9f630 R08: 0000000000000000 R09: 0000000050000028
[   24.705891][   T24] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[   24.713151][  T324] R10: dffffc0000000000 R11: fffffbfff0f6e4fd R12: dffffc0000000000
[   24.729194][  T324] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8881336ec600
[   24.731313][   T24] usb 4-1: config 0 has no interface number 0
[   24.737182][  T324] FS:  00007fa7b16d86c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   24.737203][  T324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.737215][  T324] CR2: 0000001b2e90dff8 CR3: 0000000132f9f000 CR4: 00000000003506b0
[   24.756702][   T24] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[   24.760190][  T324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.786104][   T24] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[   24.786171][  T324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.795717][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   24.803588][  T324] Kernel panic - not syncing: Fatal exception
[   24.811871][  T324] Kernel Offset: disabled
[   24.822445][  T324] Rebooting in 86400 seconds..