==================================================================
BUG: KASAN: use-after-free in __ptep_get arch/arm64/include/asm/pgtable.h:315 [inline]
BUG: KASAN: use-after-free in __clear_young_dirty_ptes arch/arm64/include/asm/pgtable.h:1309 [inline]
BUG: KASAN: use-after-free in contpte_clear_young_dirty_ptes+0x104/0x214 arch/arm64/mm/contpte.c:389
Read of size 8 at addr ffff0000179ba000 by task syz-executor.1/25462

CPU: 1 PID: 25462 Comm: syz-executor.1 Tainted: G        W          6.9.0-syzkaller-12277-g56fb6f92854f #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x9c/0x11c arch/arm64/kernel/stacktrace.c:317
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xa4/0xf4 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xf4/0x5a4 mm/kasan/report.c:488
 kasan_report+0xc8/0x108 mm/kasan/report.c:601
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 __ptep_get arch/arm64/include/asm/pgtable.h:315 [inline]
 __clear_young_dirty_ptes arch/arm64/include/asm/pgtable.h:1309 [inline]
 contpte_clear_young_dirty_ptes+0x104/0x214 arch/arm64/mm/contpte.c:389
 clear_young_dirty_ptes arch/arm64/include/asm/pgtable.h:1715 [inline]
 madvise_free_pte_range+0xce8/0x10e0 mm/madvise.c:767
 walk_pmd_range mm/pagewalk.c:143 [inline]
 walk_pud_range mm/pagewalk.c:221 [inline]
 walk_p4d_range mm/pagewalk.c:256 [inline]
 walk_pgd_range+0x8e8/0x14a4 mm/pagewalk.c:293
 __walk_page_range+0x420/0x5e4 mm/pagewalk.c:395
 walk_page_range+0x370/0x6f8 mm/pagewalk.c:521
 madvise_free_single_vma+0x300/0x5a8 mm/madvise.c:815
 madvise_dontneed_free mm/madvise.c:929 [inline]
 madvise_vma_behavior+0x30c/0x1028 mm/madvise.c:1046
 madvise_walk_vmas+0x114/0x210 mm/madvise.c:1268
 do_madvise+0x20c/0x6c4 mm/madvise.c:1464
 __do_sys_madvise mm/madvise.c:1481 [inline]
 __se_sys_madvise mm/madvise.c:1479 [inline]
 __arm64_sys_madvise+0x88/0xdc mm/madvise.c:1479
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x6c/0x25c arch/arm64/kernel/syscall.c:48
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:133
 do_el0_svc_compat+0x40/0x64 arch/arm64/kernel/syscall.c:158
 el0_svc_compat+0x4c/0x17c arch/arm64/kernel/entry-common.c:852
 el0t_32_sync_handler+0x98/0x13c arch/arm64/kernel/entry-common.c:862
 el0t_32_sync+0x194/0x198 arch/arm64/kernel/entry.S:603

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000179badc0 pfn:0x579ba
flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff)
page_type: 0xffffff7f(buddy)
raw: 01ffc00000000000 fffffdffc0739208 fffffdffc0719988 0000000000000000
raw: ffff0000179badc0 0000000000000001 00000000ffffff7f 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000179b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000179b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000179ba000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff0000179ba080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000179ba100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================