================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:837 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:953 Read of size 4 at addr ffff88812fb2f018 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: writeback wb_workfn (flush-7:2) Call Trace: __dump_stack+0x21/0x24 lib/dump_stack.c:88 dump_stack_lvl+0x110/0x170 lib/dump_stack.c:106 print_address_description+0x71/0x200 mm/kasan/report.c:316 print_report+0x4a/0x60 mm/kasan/report.c:420 kasan_report+0x122/0x150 mm/kasan/report.c:524 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:350 ext4_ext_binsearch fs/ext4/extents.c:837 [inline] ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:953 ext4_ext_map_blocks+0x207/0x61d0 fs/ext4/extents.c:4172 ext4_map_blocks+0x9d8/0x1b70 fs/ext4/inode.c:679 mpage_map_one_extent fs/ext4/inode.c:2435 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2488 [inline] ext4_writepages+0x1409/0x30e0 fs/ext4/inode.c:2856 do_writepages+0x3a4/0x5f0 mm/page-writeback.c:2494 __writeback_single_inode+0xc6/0xad0 fs/fs-writeback.c:1622 writeback_sb_inodes+0xa10/0x15d0 fs/fs-writeback.c:1913 wb_writeback+0x40b/0x9d0 fs/fs-writeback.c:2089 wb_do_writeback fs/fs-writeback.c:2236 [inline] wb_workfn+0x378/0xeb0 fs/fs-writeback.c:2276 process_one_work+0x71f/0xc40 kernel/workqueue.c:2302 worker_thread+0xa29/0x11e0 kernel/workqueue.c:2449 kthread+0x281/0x320 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 The buggy address belongs to the physical page: page:ffffea0004becbc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12fb2f flags: 0x4000000000000000(zone=1) raw: 4000000000000000 ffffea0004becbc8 ffffea0004becbc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88812fb2ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812fb2ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812fb2f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812fb2f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812fb2f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 14678059155581: comm kworker/u4:0: lblock 0 mapped to illegal pblock 14678059155581 (length 1) EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 104979443838829: comm kworker/u4:0: lblock 0 mapped to illegal pblock 104979443838829 (length 1) EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost EXT4-fs error (device loop2): ext4_ext_split:1080: inode #15: comm kworker/u4:0: p_ext > EXT_MAX_EXTENT! EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 140376711114825: comm kworker/u4:0: lblock 0 mapped to illegal pblock 140376711114825 (length 1) EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 107118152608876: comm kworker/u4:0: lblock 0 mapped to illegal pblock 107118152608876 (length 1) EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 126969739568179: comm kworker/u4:0: lblock 0 mapped to illegal pblock 126969739568179 (length 1) EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop2): This should not happen!! Data will be lost