program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000080)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pipe2$9p(&(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x84880)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000200)={0x4, [0x0, 0x0, 0x0, 0x0]})
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)
pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
setxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000500), &(0x7f00000001c0)=ANY=[], 0x841, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$FUSE_WRITE(r4, &(0x7f00000000c0)={0x18}, 0xfffffdef)

[   73.903692][ T4663] Bluetooth: hci0: command tx timeout
[   73.987892][ T5315] loop0: detected capacity change from 0 to 1024
[   74.003682][ T5315] =======================================================
[   74.003682][ T5315] WARNING: The mand mount option has been deprecated and
[   74.003682][ T5315]          and is ignored by this kernel. Remove the mand
[   74.003682][ T5315]          option from the mount to silence this warning.
[   74.003682][ T5315] =======================================================
[   74.038539][ T5315] EXT4-fs: Ignoring removed oldalloc option
[   74.041022][ T5315] EXT4-fs: Ignoring removed orlov option
[   74.053004][ T5315] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   74.071093][ T5315] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.230120][ T5315] ==================================================================
[   74.233658][ T5315] BUG: KASAN: use-after-free in ext4_find_extent+0xaea/0xcc0
[   74.237159][ T5315] Read of size 4 at addr ffff888055ceec70 by task syz.0.0/5315
[   74.240434][ T5315] 
[   74.241519][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.241533][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.241567][ T5315] Call Trace:
[   74.241572][ T5315]  <TASK>
[   74.241576][ T5315]  dump_stack_lvl+0xe8/0x150
[   74.241590][ T5315]  print_report+0xba/0x230
[   74.241599][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.241610][ T5315]  kasan_report+0x117/0x150
[   74.241645][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.241659][ T5315]  ext4_find_extent+0xaea/0xcc0
[   74.241671][ T5315]  ext4_ext_map_blocks+0x283/0x58b0
[   74.241685][ T5315]  ? check_path+0x21/0x40
[   74.241748][ T5315]  ? lockdep_unlock+0x5d/0xd0
[   74.241758][ T5315]  ? __lock_acquire+0x146e/0x2cf0
[   74.241771][ T5315]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[   74.241789][ T5315]  ext4_map_create_blocks+0x11d/0x540
[   74.241804][ T5315]  ext4_map_blocks+0x7cd/0x11d0
[   74.241816][ T5315]  ? kasan_save_track+0x4f/0x80
[   74.241829][ T5315]  ? kasan_save_track+0x3e/0x80
[   74.241839][ T5315]  ? __pfx_ext4_map_blocks+0x10/0x10
[   74.241847][ T5315]  ? __bfs+0x153/0x290
[   74.241855][ T5315]  ? __pfx_hlock_conflict+0x10/0x10
[   74.241865][ T5315]  _ext4_get_block+0x1e3/0x470
[   74.241875][ T5315]  ? __pfx__ext4_get_block+0x10/0x10
[   74.241888][ T5315]  ext4_get_block_unwritten+0x2e/0x100
[   74.241901][ T5315]  ext4_block_write_begin+0xb14/0x1950
[   74.241915][ T5315]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[   74.241927][ T5315]  ? __pfx_ext4_block_write_begin+0x10/0x10
[   74.241940][ T5315]  ? folio_mapping+0x16f/0x1f0
[   74.241951][ T5315]  ? ext4_inode_journal_mode+0x193/0x470
[   74.241966][ T5315]  ext4_write_begin+0xb40/0x18c0
[   74.241982][ T5315]  ? __pfx_ext4_write_begin+0x10/0x10
[   74.241993][ T5315]  ? block_commit_write+0x23f/0x270
[   74.242004][ T5315]  ext4_da_write_begin+0x355/0xd80
[   74.242014][ T5315]  ? ext4_write_end+0x7ae/0xa10
[   74.242025][ T5315]  ? __pfx_ext4_da_write_begin+0x10/0x10
[   74.242046][ T5315]  generic_perform_write+0x2e2/0x8f0
[   74.242061][ T5315]  ? __pfx_generic_perform_write+0x10/0x10
[   74.242071][ T5315]  ? file_update_time_flags+0x400/0x4a0
[   74.242087][ T5315]  ? ext4_write_checks+0x24b/0x2c0
[   74.242103][ T5315]  ext4_buffered_write_iter+0xce/0x3a0
[   74.242116][ T5315]  ext4_file_write_iter+0x298/0x1bf0
[   74.242133][ T5315]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   74.242149][ T5315]  vfs_write+0x61d/0xb90
[   74.242165][ T5315]  ? __pfx_vfs_write+0x10/0x10
[   74.242181][ T5315]  ? __fget_files+0x2a/0x420
[   74.242194][ T5315]  ksys_write+0x150/0x270
[   74.242207][ T5315]  ? __pfx_ksys_write+0x10/0x10
[   74.242223][ T5315]  do_syscall_64+0x14d/0xf80
[   74.242373][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.242389][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.242401][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.242412][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.242423][ T5315] RIP: 0033:0x7f825039c629
[   74.242435][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.242443][ T5315] RSP: 002b:00007f82511e0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.242456][ T5315] RAX: ffffffffffffffda RBX: 00007f8250615fa0 RCX: 00007f825039c629
[   74.242463][ T5315] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000009
[   74.242470][ T5315] RBP: 00007f8250432b39 R08: 0000000000000000 R09: 0000000000000000
[   74.242477][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.242484][ T5315] R13: 00007f8250616038 R14: 00007f8250615fa0 R15: 00007ffc7d41c6f8
[   74.242495][ T5315]  </TASK>
[   74.242498][ T5315] 
[   74.393890][ T5315] The buggy address belongs to the physical page:
[   74.396608][ T5315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55cee
[   74.400340][ T5315] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   74.403463][ T5315] raw: 04fff00000000000 ffffea0001573bc8 ffffea0001573b48 0000000000000000
[   74.407183][ T5315] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   74.410936][ T5315] page dumped because: kasan: bad access detected
[   74.413671][ T5315] page_owner info is not present (never set?)
[   74.416094][ T5315] 
[   74.417095][ T5315] Memory state around the buggy address:
[   74.419345][ T5315]  ffff888055ceeb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.422538][ T5315]  ffff888055ceeb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.425749][ T5315] >ffff888055ceec00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.428904][ T5315]                                                              ^
[   74.432453][ T5315]  ffff888055ceec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.435799][ T5315]  ffff888055ceed00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.439200][ T5315] ==================================================================
[   74.457126][ T5315] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.460275][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.464062][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.468400][ T5315] Call Trace:
[   74.469927][ T5315]  <TASK>
[   74.471280][ T5315]  vpanic+0x56c/0xa60
[   74.473025][ T5315]  ? __pfx_vpanic+0x10/0x10
[   74.475013][ T5315]  panic+0xc5/0xd0
[   74.476695][ T5315]  ? __pfx_panic+0x10/0x10
[   74.478695][ T5315]  ? preempt_schedule_thunk+0x16/0x30
[   74.481019][ T5315]  ? preempt_schedule_thunk+0x16/0x30
[   74.483449][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.485787][ T5315]  check_panic_on_warn+0x89/0xb0
[   74.487982][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.490256][ T5315]  end_report+0x73/0x180
[   74.492135][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.494301][ T5315]  kasan_report+0x128/0x150
[   74.496322][ T5315]  ? ext4_find_extent+0xaea/0xcc0
[   74.498538][ T5315]  ext4_find_extent+0xaea/0xcc0
[   74.500652][ T5315]  ext4_ext_map_blocks+0x283/0x58b0
[   74.503023][ T5315]  ? check_path+0x21/0x40
[   74.504926][ T5315]  ? lockdep_unlock+0x5d/0xd0
[   74.506918][ T5315]  ? __lock_acquire+0x146e/0x2cf0
[   74.509172][ T5315]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[   74.511771][ T5315]  ext4_map_create_blocks+0x11d/0x540
[   74.514067][ T5315]  ext4_map_blocks+0x7cd/0x11d0
[   74.516269][ T5315]  ? kasan_save_track+0x4f/0x80
[   74.518383][ T5315]  ? kasan_save_track+0x3e/0x80
[   74.520457][ T5315]  ? __pfx_ext4_map_blocks+0x10/0x10
[   74.522709][ T5315]  ? __bfs+0x153/0x290
[   74.524513][ T5315]  ? __pfx_hlock_conflict+0x10/0x10
[   74.526955][ T5315]  _ext4_get_block+0x1e3/0x470
[   74.529123][ T5315]  ? __pfx__ext4_get_block+0x10/0x10
[   74.531504][ T5315]  ext4_get_block_unwritten+0x2e/0x100
[   74.533876][ T5315]  ext4_block_write_begin+0xb14/0x1950
[   74.536190][ T5315]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[   74.538643][ T5315]  ? __pfx_ext4_block_write_begin+0x10/0x10
[   74.541093][ T5315]  ? folio_mapping+0x16f/0x1f0
[   74.543587][ T5315]  ? ext4_inode_journal_mode+0x193/0x470
[   74.546460][ T5315]  ext4_write_begin+0xb40/0x18c0
[   74.548529][ T5315]  ? __pfx_ext4_write_begin+0x10/0x10
[   74.550591][ T5315]  ? block_commit_write+0x23f/0x270
[   74.552912][ T5315]  ext4_da_write_begin+0x355/0xd80
[   74.555097][ T5315]  ? ext4_write_end+0x7ae/0xa10
[   74.557203][ T5315]  ? __pfx_ext4_da_write_begin+0x10/0x10
[   74.559594][ T5315]  generic_perform_write+0x2e2/0x8f0
[   74.561817][ T5315]  ? __pfx_generic_perform_write+0x10/0x10
[   74.564346][ T5315]  ? file_update_time_flags+0x400/0x4a0
[   74.566729][ T5315]  ? ext4_write_checks+0x24b/0x2c0
[   74.568876][ T5315]  ext4_buffered_write_iter+0xce/0x3a0
[   74.571226][ T5315]  ext4_file_write_iter+0x298/0x1bf0
[   74.573482][ T5315]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   74.575880][ T5315]  vfs_write+0x61d/0xb90
[   74.577508][ T5315]  ? __pfx_vfs_write+0x10/0x10
[   74.579536][ T5315]  ? __fget_files+0x2a/0x420
[   74.581439][ T5315]  ksys_write+0x150/0x270
[   74.583314][ T5315]  ? __pfx_ksys_write+0x10/0x10
[   74.585415][ T5315]  do_syscall_64+0x14d/0xf80
[   74.587450][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.589710][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.592321][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.594307][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.596851][ T5315] RIP: 0033:0x7f825039c629
[   74.598804][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.607284][ T5315] RSP: 002b:00007f82511e0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.610822][ T5315] RAX: ffffffffffffffda RBX: 00007f8250615fa0 RCX: 00007f825039c629
[   74.614216][ T5315] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000009
[   74.617710][ T5315] RBP: 00007f8250432b39 R08: 0000000000000000 R09: 0000000000000000
[   74.621163][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.624607][ T5315] R13: 00007f8250616038 R14: 00007f8250615fa0 R15: 00007ffc7d41c6f8
[   74.628030][ T5315]  </TASK>
[   74.629744][ T5315] Kernel Offset: disabled
[   74.631664][ T5315] Rebooting in 86400 seconds..