EXT4-fs error (device loop3): ext4_ext_check_inode:500: inode #17: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) EXT4-fs error (device loop3): ext4_ext_check_inode:500: inode #17: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) ================================================================== BUG: KASAN: use-after-free in ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932 Read of size 4 at addr ffff88812a602e34 by task syz-executor/538 CPU: 0 PID: 538 Comm: syz-executor Not tainted 5.10.235-syzkaller-1007124-g7148b8d0d196 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118 print_address_description+0x81/0x3b0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:435 [inline] kasan_report+0x179/0x1c0 mm/kasan/report.c:452 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308 ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline] ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932 ext4_ext_truncate+0x17f/0x200 fs/ext4/extents.c:4465 ext4_truncate+0xb19/0x1220 fs/ext4/inode.c:4366 ext4_evict_inode+0xf07/0x1730 fs/ext4/inode.c:290 evict+0x526/0x9c0 fs/inode.c:612 iput_final fs/inode.c:1736 [inline] iput+0x632/0x7e0 fs/inode.c:1762 dentry_unlink_inode+0x2ea/0x3d0 fs/dcache.c:378 __dentry_kill+0x447/0x650 fs/dcache.c:583 shrink_dentry_list+0x38a/0x4e0 fs/dcache.c:1146 shrink_dcache_parent+0xc9/0x340 fs/dcache.c:-1 do_one_tree+0x28/0x4a0 fs/dcache.c:1627 shrink_dcache_for_umount+0x7d/0x120 fs/dcache.c:1644 generic_shutdown_super+0x66/0x320 fs/super.c:447 kill_block_super+0x7e/0xe0 fs/super.c:1469 deactivate_locked_super+0xad/0x110 fs/super.c:335 deactivate_super+0xbe/0xf0 fs/super.c:366 cleanup_mnt+0x45c/0x510 fs/namespace.c:1118 __cleanup_mnt+0x19/0x20 fs/namespace.c:1125 task_work_run+0x129/0x190 kernel/task_work.c:189 exit_task_work include/linux/task_work.h:33 [inline] do_exit+0xc83/0x2a50 kernel/exit.c:863 do_group_exit+0x141/0x310 kernel/exit.c:985 __do_sys_exit_group kernel/exit.c:996 [inline] __se_sys_exit_group kernel/exit.c:994 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:994 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:-1 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f7e844cad29 Code: Unable to access opcode bytes at RIP 0x7f7e844cacff. RSP: 002b:00007fff3b09fe48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f7e84546919 RCX: 00007f7e844cad29 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000075 R08: 00007fff3b09dbe5 R09: 00007fff3b0a1100 R10: 000000000000000b R11: 0000000000000246 R12: 00007fff3b0a1100 R13: 00007f7e845468f4 R14: 00007fff3b0a21c0 R15: 0000000000000001 The buggy address belongs to the page: page:ffffea0004a98080 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12a602 flags: 0x4000000000000000() raw: 4000000000000000 ffffea0004a98088 ffffea0004a98088 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88812a602d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812a602d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812a602e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812a602e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812a602f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================