program:
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0xa482}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x7000000)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, <r6=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r6)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
fcntl$setpipe(r3, 0x407, 0x27d)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r7, 0x5760, 0x5e)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fdd9df250700000008000300", @ANYRES32=r8, @ANYBLOB="ec6405b84000000c20797a6be065906196fedd7c300000000000000800"/43], 0x44}, 0x1, 0x0, 0x0, 0x20004084}, 0x24044884)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
r11 = dup(r10)
ioctl$SIOCSIFHWADDR(r11, 0x400442c8, &(0x7f0000000080)={'macsec0\x00', @dev})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r11)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r12 = socket(0x1, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r12, 0x89f3, &(0x7f0000000300)={'gre0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x0, 0x8, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x2f, 0x0, @empty, @empty}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000054000147880000000000000007008209", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="20001000e000030000010001000000c71f08000008"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x4010)
r13 = socket$rds(0x15, 0x5, 0x0)
r14 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x32)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r14, 0x4010ae74, &(0x7f0000000240)={0x8, 0x140a, 0x2})
bind$rds(r13, &(0x7f0000000200)={0x2, 0x4e22, @private=0xa010102}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1b1aa181daad1c9}, {}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x0)

[   90.350165][ T5328] ==================================================================
[   90.353741][ T5328] BUG: KASAN: slab-out-of-bounds in ext4_find_extent+0xae6/0xcc0
[   90.357474][ T5328] Read of size 4 at addr ffff88801f470f74 by task syz.0.0/5328
[   90.360708][ T5328] 
[   90.361884][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   90.361899][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   90.361905][ T5328] Call Trace:
[   90.361913][ T5328]  <TASK>
[   90.361919][ T5328]  dump_stack_lvl+0xe8/0x150
[   90.361964][ T5328]  print_report+0xba/0x230
[   90.361978][ T5328]  ? ext4_find_extent+0xae6/0xcc0
[   90.361996][ T5328]  kasan_report+0x117/0x150
[   90.362013][ T5328]  ? ext4_find_extent+0xae6/0xcc0
[   90.362031][ T5328]  ext4_find_extent+0xae6/0xcc0
[   90.362048][ T5328]  ext4_ext_map_blocks+0x283/0x58b0
[   90.362063][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.362080][ T5328]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[   90.362091][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   90.362103][ T5328]  ? kernel_text_address+0xa5/0xe0
[   90.362119][ T5328]  ext4_map_create_blocks+0x11d/0x540
[   90.362131][ T5328]  ext4_map_blocks+0x7cd/0x11d0
[   90.362140][ T5328]  ? kasan_save_track+0x4f/0x80
[   90.362151][ T5328]  ? kasan_save_track+0x3e/0x80
[   90.362165][ T5328]  ? __pfx_ext4_map_blocks+0x10/0x10
[   90.362178][ T5328]  ? percpu_ref_get_many+0x19/0x140
[   90.362196][ T5328]  _ext4_get_block+0x1e3/0x470
[   90.362208][ T5328]  ? __pfx__ext4_get_block+0x10/0x10
[   90.362223][ T5328]  ext4_get_block_unwritten+0x2e/0x100
[   90.362235][ T5328]  ext4_block_write_begin+0xb14/0x1950
[   90.362253][ T5328]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[   90.362265][ T5328]  ? __pfx_ext4_block_write_begin+0x10/0x10
[   90.362278][ T5328]  ? folio_mapping+0x16f/0x1f0
[   90.362292][ T5328]  ? ext4_inode_journal_mode+0x193/0x470
[   90.362307][ T5328]  ext4_write_begin+0xb40/0x18c0
[   90.362325][ T5328]  ? __pfx_ext4_write_begin+0x10/0x10
[   90.362334][ T5328]  ? __ext4_handle_dirty_metadata+0x2fd/0x810
[   90.362353][ T5328]  ext4_da_write_begin+0x355/0xd80
[   90.362368][ T5328]  ? __pfx_ext4_da_write_begin+0x10/0x10
[   90.362383][ T5328]  generic_perform_write+0x2e2/0x8f0
[   90.362404][ T5328]  ? __pfx_generic_perform_write+0x10/0x10
[   90.362420][ T5328]  ? file_update_time_flags+0x400/0x4a0
[   90.362437][ T5328]  ? ext4_write_checks+0x24b/0x2c0
[   90.362451][ T5328]  ext4_buffered_write_iter+0xce/0x3a0
[   90.362475][ T5328]  ext4_file_write_iter+0x298/0x1bf0
[   90.362492][ T5328]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   90.362512][ T5328]  __kernel_write_iter+0x41e/0x880
[   90.362527][ T5328]  ? __pfx___kernel_write_iter+0x10/0x10
[   90.362543][ T5328]  ? __asan_memset+0x22/0x50
[   90.362555][ T5328]  ? iov_iter_bvec+0xb8/0x180
[   90.363201][ T5328]  dump_user_range+0xb89/0x12d0
[   90.363220][ T5328]  ? __pfx_dump_user_range+0x10/0x10
[   90.363236][ T5328]  ? elf_coredump_extra_notes_write+0x441/0x4d0
[   90.363251][ T5328]  ? __pfx_elf_coredump_extra_notes_write+0x10/0x10
[   90.363267][ T5328]  elf_core_dump+0x34c2/0x3ad0
[   90.363287][ T5328]  ? __pfx_elf_core_dump+0x10/0x10
[   90.363307][ T5328]  ? __kasan_kmalloc+0x93/0xb0
[   90.363319][ T5328]  ? __kvmalloc_node_noprof+0x528/0x8a0
[   90.363339][ T5328]  ? coredump_write+0x381/0x1950
[   90.363352][ T5328]  ? vfs_coredump+0x36a9/0x4280
[   90.363365][ T5328]  ? get_signal+0x1107/0x1330
[   90.363376][ T5328]  ? arch_do_signal_or_restart+0xbc/0x830
[   90.363388][ T5328]  ? irqentry_exit+0x176/0x620
[   90.364862][ T5328]  ? asm_exc_page_fault+0x26/0x30
[   90.364875][ T5328]  ? mas_ascend+0x304/0x890
[   90.364899][ T5328]  ? 0xffffffffff600000
[   90.364911][ T5328]  coredump_write+0x1219/0x1950
[   90.364931][ T5328]  ? __pfx_coredump_write+0x10/0x10
[   90.364945][ T5328]  ? do_raw_spin_lock+0x12b/0x2f0
[   90.364957][ T5328]  ? put_files_struct+0x256/0x350
[   90.364969][ T5328]  ? do_raw_spin_unlock+0x4d/0x210
[   90.364980][ T5328]  ? unshare_files+0xfc/0x140
[   90.364994][ T5328]  vfs_coredump+0x36a9/0x4280
[   90.365007][ T5328]  ? __pfx_vfs_coredump+0x10/0x10
[   90.365020][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.365033][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.365046][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.365060][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.365073][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   90.365088][ T5328]  ? unwind_next_frame+0xa5/0x23c0
[   90.365108][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   90.365118][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   90.365128][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   90.365139][ T5328]  ? kernel_text_address+0xa5/0xe0
[   90.365150][ T5328]  ? __kernel_text_address+0xd/0x30
[   90.365160][ T5328]  ? unwind_get_return_address+0x4d/0x90
[   90.365175][ T5328]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   90.365186][ T5328]  ? arch_stack_walk+0xfb/0x150
[   90.365203][ T5328]  ? stack_trace_save+0xa9/0x100
[   90.365212][ T5328]  ? __pfx_stack_trace_save+0x10/0x10
[   90.365223][ T5328]  ? stack_depot_save_flags+0x33/0x810
[   90.365239][ T5328]  ? __lock_acquire+0x680/0x2cf0
[   90.365251][ T5328]  ? kasan_save_track+0x4f/0x80
[   90.365264][ T5328]  ? kasan_save_track+0x3e/0x80
[   90.365276][ T5328]  ? kasan_save_free_info+0x46/0x50
[   90.365288][ T5328]  ? __kasan_slab_free+0x5c/0x80
[   90.365302][ T5328]  ? kmem_cache_free+0x187/0x630
[   90.365316][ T5328]  ? get_signal+0xa4a/0x1330
[   90.365326][ T5328]  ? arch_do_signal_or_restart+0xbc/0x830
[   90.365334][ T5328]  ? irqentry_exit+0x176/0x620
[   90.365344][ T5328]  ? asm_exc_page_fault+0x26/0x30
[   90.365364][ T5328]  ? _raw_spin_unlock_irq+0x23/0x50
[   90.365375][ T5328]  get_signal+0x1107/0x1330
[   90.365391][ T5328]  arch_do_signal_or_restart+0xbc/0x830
[   90.365404][ T5328]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   90.365421][ T5328]  irqentry_exit+0x176/0x620
[   90.365433][ T5328]  ? trace_irq_disable+0x3b/0x150
[   90.365449][ T5328]  asm_exc_page_fault+0x26/0x30
[   90.365459][ T5328] RIP: 0033:0x7f0c7db9bf81
[   90.365472][ T5328] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[   90.365481][ T5328] RSP: 002b:00000000fffffeb0 EFLAGS: 00010217
[   90.365533][ T5328] RAX: 0000000000000000 RBX: 00007f0c7de15fa0 RCX: 00007f0c7db9bf79
[   90.365541][ T5328] RDX: 0000000000000000 RSI: 00000000fffffeb0 RDI: 0000000002000400
[   90.365548][ T5328] RBP: 00007f0c7dc327e0 R08: 0000000000000000 R09: 0000000000000000
[   90.365555][ T5328] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   90.365561][ T5328] R13: 00007f0c7de16038 R14: 00007f0c7de15fa0 R15: 00007ffc6b23a2a8
[   90.365574][ T5328]  </TASK>
[   90.365578][ T5328] 
[   90.625811][ T5328] Allocated by task 1:
[   90.627705][ T5328]  kasan_save_track+0x3e/0x80
[   90.629747][ T5328]  __kasan_kmalloc+0x93/0xb0
[   90.631771][ T5328]  __kmalloc_cache_noprof+0x31c/0x660
[   90.634073][ T5328]  dev_pm_qos_expose_flags+0x94/0x2b0
[   90.636429][ T5328]  usb_hub_create_port_device+0x6a6/0xb90
[   90.638906][ T5328]  hub_probe+0x26de/0x3c10
[   90.640837][ T5328]  usb_probe_interface+0x668/0xc90
[   90.643110][ T5328]  really_probe+0x267/0xaf0
[   90.645040][ T5328]  __driver_probe_device+0x18c/0x320
[   90.647139][ T5328]  driver_probe_device+0x4f/0x240
[   90.649278][ T5328]  __device_attach_driver+0x2d4/0x4c0
[   90.651798][ T5328]  bus_for_each_drv+0x258/0x2f0
[   90.654023][ T5328]  __device_attach+0x2c5/0x450
[   90.655981][ T5328]  device_initial_probe+0xa1/0xd0
[   90.658026][ T5328]  bus_probe_device+0x12a/0x220
[   90.660062][ T5328]  device_add+0x7b6/0xb70
[   90.661981][ T5328]  usb_set_configuration+0x1a87/0x2110
[   90.664391][ T5328]  usb_generic_driver_probe+0[   89.861994][ T5294] Bluetooth: hci0: command tx timeout
[   90.118880][ T5317] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.132231][ T5317] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma?