program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000080)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f00000008c0)="f697b6", 0x1, 0x0, 0x4}, 0x50)
write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r1, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000004600)=""/145, 0x91}, {&(0x7f00000046c0)=""/192, 0xc0}, {&(0x7f0000004780)=""/133, 0x85}], 0x5}}], 0x1, 0x0, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)
pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_ifreq(r4, 0x89b1, &(0x7f00000000c0)={'veth0_macvtap\x00', @ifru_ivalue=0x8})
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001040)=ANY=[], 0x841, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x6)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$FUSE_WRITE(r5, &(0x7f00000000c0)={0x18}, 0xfffffdef)

[   83.087904][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   83.092291][ T4669] Bluetooth: hci0: command tx timeout
[   83.099641][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   83.225207][ T5323] loop0: detected capacity change from 0 to 1024
[   83.244449][ T5323] =======================================================
[   83.244449][ T5323] WARNING: The mand mount option has been deprecated and
[   83.244449][ T5323]          and is ignored by this kernel. Remove the mand
[   83.244449][ T5323]          option from the mount to silence this warning.
[   83.244449][ T5323] =======================================================
[   83.310320][ T5323] EXT4-fs: Ignoring removed oldalloc option
[   83.314399][ T5323] EXT4-fs: Ignoring removed orlov option
[   83.350818][ T5323] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   83.383611][ T5323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.457697][ T5323] ==================================================================
[   83.461449][ T5323] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3170/0x4280
[   83.465370][ T5323] Read of size 4 at addr ffff8880130184f0 by task syz.0.0/5323
[   83.468980][ T5323] 
[   83.470094][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   83.470113][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.470150][ T5323] Call Trace:
[   83.470161][ T5323]  <TASK>
[   83.470170][ T5323]  dump_stack_lvl+0xe8/0x150
[   83.470194][ T5323]  print_report+0xba/0x230
[   83.470210][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.470225][ T5323]  kasan_report+0x117/0x150
[   83.470237][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.470253][ T5323]  ext4_ext_remove_space+0x3170/0x4280
[   83.470270][ T5323]  ? __es_remove_extent+0x13d3/0x1da0
[   83.470291][ T5323]  ? __pfx_ext4_ext_remove_space+0x10/0x10
[   83.470304][ T5323]  ? ext4_es_remove_extent+0x2a7/0x4c0
[   83.470320][ T5323]  ext4_ext_truncate+0x17e/0x2f0
[   83.470336][ T5323]  ext4_truncate+0xb63/0x13b0
[   83.470350][ T5323]  ? unmap_mapping_range+0xe6/0x180
[   83.470365][ T5323]  ? __pfx_ext4_truncate+0x10/0x10
[   83.470380][ T5323]  ext4_setattr+0x106e/0x1c60
[   83.470396][ T5323]  ? __pfx_ext4_setattr+0x10/0x10
[   83.470406][ T5323]  notify_change+0xc1a/0xf40
[   83.470421][ T5323]  do_truncate+0x1c2/0x250
[   83.470431][ T5323]  ? __pfx_do_truncate+0x10/0x10
[   83.470439][ T5323]  ? apparmor_path_truncate+0x245/0x2e0
[   83.470526][ T5323]  vfs_truncate+0x4b4/0x540
[   83.470538][ T5323]  ? __pfx_vfs_truncate+0x10/0x10
[   83.470552][ T5323]  ? do_getname+0x151/0x250
[   83.470568][ T5323]  do_sys_truncate+0xf3/0x1c0
[   83.470577][ T5323]  ? __pfx_do_sys_truncate+0x10/0x10
[   83.470590][ T5323]  __x64_sys_truncate+0x5b/0x70
[   83.470600][ T5323]  do_syscall_64+0x14d/0xf80
[   83.470661][ T5323]  ? trace_irq_disable+0x3b/0x150
[   83.470679][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.470688][ T5323]  ? clear_bhb_loop+0x40/0x90
[   83.470700][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.470712][ T5323] RIP: 0033:0x7f589a39c799
[   83.470726][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.470736][ T5323] RSP: 002b:00007f589b208fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[   83.470754][ T5323] RAX: ffffffffffffffda RBX: 00007f589a615fa0 RCX: 00007f589a39c799
[   83.470764][ T5323] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000180
[   83.470772][ T5323] RBP: 00007f589a432c99 R08: 0000000000000000 R09: 0000000000000000
[   83.470781][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.470789][ T5323] R13: 00007f589a616038 R14: 00007f589a615fa0 R15: 00007ffe84d44a68
[   83.470805][ T5323]  </TASK>
[   83.470809][ T5323] 
[   83.588537][ T5323] The buggy address belongs to the physical page:
[   83.591837][ T5323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x13018
[   83.596831][ T5323] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.599763][ T5323] page_type: f0(buddy)
[   83.601555][ T5323] raw: 00fff00000000000 ffffea00004c2ec8 ffffea00004c2088 0000000000000000
[   83.605644][ T5323] raw: 0000000000000008 0000000000000000 00000000f0000000 0000000000000000
[   83.609182][ T5323] page dumped because: kasan: bad access detected
[   83.612400][ T5323] page_owner tracks the page as freed
[   83.615783][ T5323] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 4717, tgid 4717 (udevd), ts 32443925868, free_ts 83276010723
[   83.626042][ T5323]  post_alloc_hook+0x231/0x280
[   83.628545][ T5323]  get_page_from_freelist+0x24dc/0x2580
[   83.631655][ T5323]  __alloc_frozen_pages_noprof+0x18d/0x380
[   83.634686][ T5323]  alloc_pages_mpol+0x232/0x4a0
[   83.636904][ T5323]  alloc_pages_noprof+0xa8/0x190
[   83.639242][ T5323]  folio_alloc_noprof+0x1e/0x30
[   83.641526][ T5323]  filemap_alloc_folio_noprof+0x111/0x470
[   83.644393][ T5323]  page_cache_ra_unbounded+0x39b/0xa50
[   83.647348][ T5323]  page_cache_ra_order+0xaf2/0xeb0
[   83.649552][ T5323]  filemap_get_pages+0x897/0x1f10
[   83.651760][ T5323]  filemap_read+0x447/0x1230
[   83.653966][ T5323]  __kernel_read+0x504/0x9b0
[   83.656121][ T5323]  integrity_kernel_read+0x89/0xd0
[   83.658543][ T5323]  ima_calc_file_hash+0x12c3/0x17f0
[   83.661010][ T5323]  ima_collect_measurement+0x48b/0x930
[   83.663490][ T5323]  process_measurement+0x12cd/0x1c80
[   83.667465][ T5323] page last free pid 74 tgid 74 stack trace:
[   83.671103][ T5323]  free_unref_folios+0xed5/0x16d0
[   83.673405][ T5323]  shrink_folio_list+0x2a0f/0x5290
[   83.675787][ T5323]  evict_folios+0x4795/0x5880
[   83.677986][ T5323]  try_to_shrink_lruvec+0xb62/0xfa0
[   83.680305][ T5323]  shrink_one+0x25c/0x710
[   83.682271][ T5323]  shrink_node+0x3197/0x3a90
[   83.684411][ T5323]  kswapd+0x1742/0x2e10
[   83.686293][ T5323]  kthread+0x388/0x470
[   83.688128][ T5323]  ret_from_fork+0x51e/0xb90
[   83.690189][ T5323]  ret_from_fork_asm+0x1a/0x30
[   83.692260][ T5323] 
[   83.693556][ T5323] Memory state around the buggy address:
[   83.696817][ T5323]  ffff888013018380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.701057][ T5323]  ffff888013018400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.705123][ T5323] >ffff888013018480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.709072][ T5323]                                                              ^
[   83.712854][ T5323]  ffff888013018500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.716784][ T5323]  ffff888013018580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.720541][ T5323] ==================================================================
[   83.751243][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.754906][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   83.759217][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.764476][ T5323] Call Trace:
[   83.766252][ T5323]  <TASK>
[   83.767611][ T5323]  vpanic+0x56c/0xa60
[   83.769486][ T5323]  ? __pfx_vpanic+0x10/0x10
[   83.771488][ T5323]  panic+0xc5/0xd0
[   83.773152][ T5323]  ? __pfx_panic+0x10/0x10
[   83.775275][ T5323]  ? preempt_schedule_thunk+0x16/0x30
[   83.779226][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.782990][ T5323]  ? preempt_schedule_thunk+0x16/0x30
[   83.785386][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.787973][ T5323]  check_panic_on_warn+0x89/0xb0
[   83.790323][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.792996][ T5323]  end_report+0x73/0x180
[   83.794999][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.797644][ T5323]  kasan_report+0x128/0x150
[   83.799935][ T5323]  ? ext4_ext_remove_space+0x3170/0x4280
[   83.803222][ T5323]  ext4_ext_remove_space+0x3170/0x4280
[   83.806588][ T5323]  ? __es_remove_extent+0x13d3/0x1da0
[   83.809276][ T5323]  ? __pfx_ext4_ext_remove_space+0x10/0x10
[   83.812044][ T5323]  ? ext4_es_remove_extent+0x2a7/0x4c0
[   83.814516][ T5323]  ext4_ext_truncate+0x17e/0x2f0
[   83.816859][ T5323]  ext4_truncate+0xb63/0x13b0
[   83.819126][ T5323]  ? unmap_mapping_range+0xe6/0x180
[   83.821705][ T5323]  ? __pfx_ext4_truncate+0x10/0x10
[   83.824351][ T5323]  ext4_setattr+0x106e/0x1c60
[   83.826789][ T5323]  ? __pfx_ext4_setattr+0x10/0x10
[   83.829193][ T5323]  notify_change+0xc1a/0xf40
[   83.831303][ T5323]  do_truncate+0x1c2/0x250
[   83.833402][ T5323]  ? __pfx_do_truncate+0x10/0x10
[   83.835750][ T5323]  ? apparmor_path_truncate+0x245/0x2e0
[   83.838283][ T5323]  vfs_truncate+0x4b4/0x540
[   83.840420][ T5323]  ? __pfx_vfs_truncate+0x10/0x10
[   83.842962][ T5323]  ? do_getname+0x151/0x250
[   83.845370][ T5323]  do_sys_truncate+0xf3/0x1c0
[   83.847827][ T5323]  ? __pfx_do_sys_truncate+0x10/0x10
[   83.850441][ T5323]  __x64_sys_truncate+0x5b/0x70
[   83.852798][ T5323]  do_syscall_64+0x14d/0xf80
[   83.855133][ T5323]  ? trace_irq_disable+0x3b/0x150
[   83.857277][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.860021][ T5323]  ? clear_bhb_loop+0x40/0x90
[   83.862156][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.865559][ T5323] RIP: 0033:0x7f589a39c799
[   83.867636][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.875854][ T5323] RSP: 002b:00007f589b208fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[   83.879788][ T5323] RAX: ffffffffffffffda RBX: 00007f589a615fa0 RCX: 00007f589a39c799
[   83.884627][ T5323] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000180
[   83.888525][ T5323] RBP: 00007f589a432c99 R08: 0000000000000000 R09: 0000000000000000
[   83.892140][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.895747][ T5323] R13: 00007f589a616038 R14: 00007f589a615fa0 R15: 00007ffe84d44a68
[   83.899167][ T5323]  </TASK>
[   83.901105][ T5323] Kernel Offset: disabled
[   83.903314][ T5323] Rebooting in 86400 seconds..