BUG: unable to handle page fault for address: ffffffffffffffec #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD cf35067 P4D cf35067 PUD cf37067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 11734 Comm: kworker/u4:13 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: writeback wb_workfn (flush-7:6) RIP: 0010:ext4_ext_drop_refs fs/ext4/extents.c:119 [inline] RIP: 0010:ext4_free_ext_path fs/ext4/extents.c:128 [inline] RIP: 0010:ext4_ext_map_blocks+0x2d21/0x6890 fs/ext4/extents.c:4513 Code: 8b 7c 24 18 4d 85 ff 0f 84 b1 e2 ff ff e8 87 ba 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 e7 1d 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 49 8d 47 28 48 RSP: 0018:ffffc90003266a40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888024c2da00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffec RBP: ffffc90003266cf0 R08: ffffffff8e8ae5ef R09: 1ffffffff1d15cbd R10: dffffc0000000000 R11: fffffbfff1d15cbe R12: 000000000000042b R13: 1ffff9200064cd74 R14: dffffc0000000000 R15: ffffffffffffffe4 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffec CR3: 0000000090c93000 CR4: 00000000003506e0 Call Trace: ext4_map_blocks+0x9db/0x1a90 fs/ext4/inode.c:654 mpage_map_one_extent fs/ext4/inode.c:2204 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2257 [inline] ext4_do_writepages+0x1463/0x3990 fs/ext4/inode.c:2720 ext4_writepages+0x1dd/0x350 fs/ext4/inode.c:2809 do_writepages+0x351/0x590 mm/page-writeback.c:2575 __writeback_single_inode+0x14e/0xee0 fs/fs-writeback.c:1635 writeback_sb_inodes+0x813/0x1020 fs/fs-writeback.c:1926 wb_writeback+0x45e/0xbe0 fs/fs-writeback.c:2105 wb_do_writeback fs/fs-writeback.c:2252 [inline] wb_workfn+0x400/0xe60 fs/fs-writeback.c:2292 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa60/0x1600 kernel/workqueue.c:2730 worker_thread+0xa5e/0xfe0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Modules linked in: CR2: ffffffffffffffec ---[ end trace 0000000000000000 ]--- RIP: 0010:ext4_ext_drop_refs fs/ext4/extents.c:119 [inline] RIP: 0010:ext4_free_ext_path fs/ext4/extents.c:128 [inline] RIP: 0010:ext4_ext_map_blocks+0x2d21/0x6890 fs/ext4/extents.c:4513 Code: 8b 7c 24 18 4d 85 ff 0f 84 b1 e2 ff ff e8 87 ba 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 e7 1d 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 49 8d 47 28 48 RSP: 0018:ffffc90003266a40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888024c2da00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffec RBP: ffffc90003266cf0 R08: ffffffff8e8ae5ef R09: 1ffffffff1d15cbd R10: dffffc0000000000 R11: fffffbfff1d15cbe R12: 000000000000042b R13: 1ffff9200064cd74 R14: dffffc0000000000 R15: ffffffffffffffe4 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffec CR3: 0000000090c93000 CR4: 00000000003506e0 ---------------- Code disassembly (best guess): 0: 8b 7c 24 18 mov 0x18(%rsp),%edi 4: 4d 85 ff test %r15,%r15 7: 0f 84 b1 e2 ff ff je 0xffffe2be d: e8 87 ba 58 ff call 0xff58ba99 12: 49 8d 7f 08 lea 0x8(%r15),%rdi 16: 48 89 f8 mov %rdi,%rax 19: 48 c1 e8 03 shr $0x3,%rax 1d: 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax 22: 84 c0 test %al,%al 24: 0f 85 e7 1d 00 00 jne 0x1e11 * 2a: 41 0f b7 47 08 movzwl 0x8(%r15),%eax <-- trapping instruction 2f: c1 e0 04 shl $0x4,%eax 32: 48 8d 04 40 lea (%rax,%rax,2),%rax 36: 48 89 44 24 10 mov %rax,0x10(%rsp) 3b: 49 8d 47 28 lea 0x28(%r15),%rax 3f: 48 rex.W