==================================================================
BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:841 [inline]
BUG: KASAN: use-after-free in ext4_find_extent+0xae6/0xcc0 fs/ext4/extents.c:956
Read of size 4 at addr ffff88804ca65018 by task syz.0.0/5360

CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 ext4_ext_binsearch fs/ext4/extents.c:841 [inline]
 ext4_find_extent+0xae6/0xcc0 fs/ext4/extents.c:956
 ext4_ext_map_blocks+0x288/0x6ac0 fs/ext4/extents.c:4208
 ext4_map_create_blocks fs/ext4/inode.c:609 [inline]
 ext4_map_blocks+0x860/0x1740 fs/ext4/inode.c:811
 _ext4_get_block+0x200/0x4c0 fs/ext4/inode.c:910
 ext4_get_block_unwritten+0x2e/0x100 fs/ext4/inode.c:943
 ext4_block_write_begin+0x993/0x1710 fs/ext4/inode.c:1198
 ext4_write_begin+0xc04/0x19a0 fs/ext4/ext4_jbd2.h:-1
 ext4_da_write_begin+0x445/0xda0 fs/ext4/inode.c:3129
 generic_perform_write+0x2c5/0x900 mm/filemap.c:4175
 ext4_buffered_write_iter+0xce/0x3a0 fs/ext4/file.c:299
 ext4_file_write_iter+0x298/0x1bc0 fs/ext4/file.c:-1
 __kernel_write_iter+0x428/0x910 fs/read_write.c:619
 dump_emit_page fs/coredump.c:1296 [inline]
 dump_user_range+0x8a0/0xc90 fs/coredump.c:1370
 elf_core_dump+0x337b/0x3990 fs/binfmt_elf.c:2085
 coredump_write+0x1169/0x1900 fs/coredump.c:1049
 vfs_coredump+0x1daa/0x2a50 fs/coredump.c:1168
 get_signal+0x1109/0x1340 kernel/signal.c:3019
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:40 [inline]
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 irqentry_exit_to_user_mode+0x81/0x120 kernel/entry/common.c:73
 exc_page_fault+0x9f/0xf0 arch/x86/mm/fault.c:1535
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f3b9a64f927
Code: 88 15 d2 5d ea 00 88 05 cf 5d ea 00 c3 50 48 8d 35 01 25 1c 00 48 8d 3d 07 25 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
RSP: 002b:00007f3b9b6741a0 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f3b9a78ebe9
RDX: 00007f3b9b6741c0 RSI: 00007f3b9b6742f0 RDI: 000000000000000b
RBP: 00007f3b9a811e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f3b9a9c6038 R14: 00007f3b9a9c5fa0 R15: 00007ffd6f1ef398
 </TASK>

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca65
flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
raw: 04fff00000000000 ffffea0001329988 ffffea0001329908 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffff88804ca64f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88804ca64f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88804ca65000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                            ^
 ffff88804ca65080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88804ca65100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================