================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:837 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:953 Read of size 4 at addr ffff8881349ff018 by task kworker/u4:4/527 CPU: 1 PID: 527 Comm: kworker/u4:4 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: writeback wb_workfn (flush-7:3) Call Trace: __dump_stack+0x21/0x24 lib/dump_stack.c:88 dump_stack_lvl+0xee/0x150 lib/dump_stack.c:106 print_address_description+0x71/0x200 mm/kasan/report.c:316 print_report+0x4a/0x60 mm/kasan/report.c:420 kasan_report+0x122/0x150 mm/kasan/report.c:524 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:350 ext4_ext_binsearch fs/ext4/extents.c:837 [inline] ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:953 ext4_ext_map_blocks+0x1da/0x6080 fs/ext4/extents.c:4166 ext4_map_blocks+0x9cb/0x1b60 fs/ext4/inode.c:679 mpage_map_one_extent fs/ext4/inode.c:2435 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2488 [inline] ext4_writepages+0x1260/0x3020 fs/ext4/inode.c:2856 do_writepages+0x3a9/0x5e0 mm/page-writeback.c:2494 __writeback_single_inode+0xc6/0xad0 fs/fs-writeback.c:1612 writeback_sb_inodes+0x9b8/0x1550 fs/fs-writeback.c:1903 wb_writeback+0x3f1/0x980 fs/fs-writeback.c:2079 wb_do_writeback fs/fs-writeback.c:2226 [inline] wb_workfn+0x350/0xda0 fs/fs-writeback.c:2266 process_one_work+0x71f/0xc40 kernel/workqueue.c:2302 worker_thread+0xa29/0x11f0 kernel/workqueue.c:2449 kthread+0x281/0x320 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 The buggy address belongs to the physical page: page:ffffea0004d27fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1349ff flags: 0x4000000000000000(zone=1) raw: 4000000000000000 ffffea0004d28008 ffffea0004d27f88 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff8881349fef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881349fef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8881349ff000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8881349ff080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881349ff100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: comm kworker/u4:4: lblock 0 mapped to illegal pblock 0 (length 1) EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop3): This should not happen!! Data will be lost EXT4-fs error (device loop6): ext4_map_blocks:745: inode #15: block 261593573119328: comm kworker/u4:4: lblock 0 mapped to illegal pblock 261593573119328 (length 1) EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop6): This should not happen!! Data will be lost EXT4-fs error (device loop6): ext4_map_blocks:745: inode #15: block 2392296783872: comm kworker/u4:4: lblock 0 mapped to illegal pblock 2392296783872 (length 1) EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop6): This should not happen!! Data will be lost EXT4-fs error (device loop5): ext4_ext_split:1080: inode #15: comm kworker/u4:4: p_ext > EXT_MAX_EXTENT! EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop5): This should not happen!! Data will be lost EXT4-fs error (device loop3): ext4_ext_split:1080: inode #15: comm kworker/u4:4: p_ext > EXT_MAX_EXTENT! EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop3): This should not happen!! Data will be lost EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 512: comm kworker/u4:4: lblock 0 mapped to illegal pblock 512 (length 1) EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop5): This should not happen!! Data will be lost EXT4-fs error (device loop1): ext4_ext_split:1080: inode #15: comm kworker/u4:4: p_ext > EXT_MAX_EXTENT! EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (loop1): This should not happen!! Data will be lost