================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:840 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0xb92/0xd80 fs/ext4/extents.c:955 Read of size 4 at addr ffff88805388430c by task syz.0.0/5332 CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 ext4_ext_binsearch fs/ext4/extents.c:840 [inline] ext4_find_extent+0xb92/0xd80 fs/ext4/extents.c:955 ext4_ext_map_blocks+0x2e6/0x7d80 fs/ext4/extents.c:4205 ext4_map_create_blocks fs/ext4/inode.c:520 [inline] ext4_map_blocks+0x91b/0x1920 fs/ext4/inode.c:706 _ext4_get_block+0x23b/0x6b0 fs/ext4/inode.c:785 ext4_block_write_begin+0x4d8/0x1520 fs/ext4/inode.c:1067 ext4_write_begin+0x786/0x1330 fs/ext4/ext4_jbd2.h:-1 ext4_da_write_begin+0x4aa/0xb20 fs/ext4/inode.c:2932 generic_perform_write+0x329/0xa10 mm/filemap.c:4102 ext4_buffered_write_iter+0xc7/0x390 fs/ext4/file.c:299 ext4_file_write_iter+0x97f/0x1da0 fs/ext4/file.c:-1 __kernel_write_iter+0x439/0x990 fs/read_write.c:617 dump_emit_page fs/coredump.c:885 [inline] dump_user_range+0x940/0xef0 fs/coredump.c:959 elf_core_dump+0x4098/0x4af0 fs/binfmt_elf.c:2128 do_coredump+0x22c3/0x3260 fs/coredump.c:759 get_signal+0x13ed/0x1730 kernel/signal.c:3019 arch_do_signal_or_restart+0x98/0x840 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] irqentry_exit_to_user_mode+0x7e/0x250 kernel/entry/common.c:231 exc_page_fault+0x5f8/0x920 arch/x86/mm/fault.c:1541 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 002b:0000200000000088 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007f62617b5fa0 RCX: 00007f626158e169 RDX: 0000200000000100 RSI: 0000200000000080 RDI: 0000000000000400 RBP: 00007f6261610a68 R08: 0000200000000180 R09: 0000200000000180 R10: 0000200000000140 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f62617b5fa0 R15: 00007ffc0b879f78 The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53884 flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea00014e2148 ffffea000136dc08 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff888053884200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888053884280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888053884300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888053884380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888053884400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================