================================================================== BUG: KASAN: use-after-free in __bfs+0x154/0x394 kernel/locking/lockdep.c:1708 Read of size 8 at addr ffffaf8025b43f30 by task syz-executor.0/2967 CPU: 1 PID: 2967 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] print_address_description.constprop.0+0x2a/0x330 mm/kasan/report.c:255 [] __kasan_report mm/kasan/report.c:442 [inline] [] kasan_report+0x184/0x1e0 mm/kasan/report.c:459 [] check_region_inline mm/kasan/generic.c:183 [inline] [] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [] __bfs+0x154/0x394 kernel/locking/lockdep.c:1708 [] __bfs_forwards kernel/locking/lockdep.c:1803 [inline] [] check_path.constprop.0+0x24/0x46 kernel/locking/lockdep.c:2104 [] check_noncircular+0x11a/0x1fe kernel/locking/lockdep.c:2131 The buggy address belongs to the page: page:ffffaf807b0e3ad8 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa5d43 flags: 0xa000000000(section=20|node=0|zone=0) raw: 000000a000000000 ffffaf807b0e5508 ffffaf807b0e3a98 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 raw: 00000000000007ff page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffaf8025b43e00: 00 f3 f3 f3 ff ff ff ff ff ff ff ff ff ff ff ff ffffaf8025b43e80: ff ff ff ff ff ff ff ff 00 00 00 00 f1 f1 f1 f1 >ffffaf8025b43f00: 00 f2 f2 f2 ff ff ff ff 00 00 00 f3 f3 f3 f3 f3 ^ ffffaf8025b43f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffffaf8025b44000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================