================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:826 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:945 Read of size 4 at addr ffff88812fcfeec4 by task syz.6.19/410 CPU: 1 PID: 410 Comm: syz.6.19 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: __dump_stack+0x21/0x24 lib/dump_stack.c:77 dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118 print_address_description+0x7f/0x2c0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:435 [inline] kasan_report+0xe2/0x130 mm/kasan/report.c:452 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308 ext4_ext_binsearch fs/ext4/extents.c:826 [inline] ext4_find_extent+0xbeb/0xe20 fs/ext4/extents.c:945 ext4_ext_map_blocks+0x20b/0x5dd0 fs/ext4/extents.c:4160 ext4_map_blocks+0x985/0x1bd0 fs/ext4/inode.c:674 _ext4_get_block+0x1d1/0x4e0 fs/ext4/inode.c:817 ext4_get_block+0x39/0x50 fs/ext4/inode.c:834 ext4_block_write_begin+0x573/0x1340 fs/ext4/inode.c:1101 ext4_write_begin+0x67e/0x1690 fs/ext4/ext4_jbd2.h:-1 ext4_da_write_begin+0x478/0xf10 fs/ext4/inode.c:3033 generic_perform_write+0x2ce/0x540 mm/filemap.c:3509 ext4_buffered_write_iter+0x4b8/0x640 fs/ext4/file.c:271 ext4_file_write_iter+0x53f/0x1980 fs/ext4/file.c:-1 call_write_iter include/linux/fs.h:2066 [inline] new_sync_write fs/read_write.c:518 [inline] vfs_write+0x758/0xdc0 fs/read_write.c:605 ksys_pwrite64 fs/read_write.c:712 [inline] __do_sys_pwrite64 fs/read_write.c:722 [inline] __se_sys_pwrite64 fs/read_write.c:719 [inline] __x64_sys_pwrite64+0x197/0x220 fs/read_write.c:719 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f5a9f489cb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5a9f2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 RAX: ffffffffffffffda RBX: 00007f5a9f704fa0 RCX: 00007f5a9f489cb9 RDX: 0000000000000001 RSI: 00002000000005c0 RDI: 0000000000000004 RBP: 00007f5a9f4f7bf7 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000004fed0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5a9f705038 R14: 00007f5a9f704fa0 R15: 00007ffce3bc3aa8 The buggy address belongs to the page: page:ffffea0004bf3f80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12fcfe flags: 0x4000000000000000() raw: 4000000000000000 ffffea0004bf3f88 ffffea0004bf3f88 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88812fcfed80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812fcfee00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812fcfee80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812fcfef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812fcfef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== EXT4-fs error (device loop6): __ext4_get_inode_loc:4444: comm syz.6.19: Invalid inode table block 8391460049216894068 in block_group 0 EXT4-fs error (device loop6) in ext4_reserve_inode_write:5947: Corrupt filesystem EXT4-fs error (device loop6): ext4_dirty_inode:6157: inode #15: comm syz.6.19: mark_inode_dirty error EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:476: comm syz.6.19: Invalid block bitmap block 8391460049216894068 in block_group 0 EXT4-fs error (device loop6): __ext4_get_inode_loc:4444: comm syz.6.19: Invalid inode table block 8391460049216894068 in block_group 0 EXT4-fs error (device loop6) in ext4_reserve_inode_write:5947: Corrupt filesystem EXT4-fs error (device loop6): ext4_dirty_inode:6157: inode #15: comm syz.6.19: mark_inode_dirty error EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:476: comm syz.6.19: Invalid block bitmap block 8391460049216894068 in block_group 0 EXT4-fs error (device loop6): ext4_discard_preallocations:4613: comm syz.6.19: Error -117 reading block bitmap for 0 EXT4-fs error (device loop6): ext4_discard_preallocations:4605: comm syz.6.19: Error -117 loading buddy information for 4294952389