================================================================== BUG: KASAN: use-after-free in dbJoin+0x23e/0x250 fs/jfs/jfs_dmap.c:2798 Read of size 1 at addr ffff88816ff32a4c by task jfsCommit/108 CPU: 0 PID: 108 Comm: jfsCommit Not tainted 6.6.0-rc7-syzkaller-00041-g611da07b89fd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc4/0x620 mm/kasan/report.c:475 kasan_report+0xda/0x110 mm/kasan/report.c:588 dbJoin+0x23e/0x250 fs/jfs/jfs_dmap.c:2798 dbFreeBits+0x15a/0x8e0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap+0x62/0x1a0 fs/jfs/jfs_dmap.c:2080 dbFree+0x266/0x550 fs/jfs/jfs_dmap.c:402 txFreeMap+0x9a9/0xe60 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x3f1/0xd10 fs/jfs/jfs_txnmgr.c:2330 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x5da/0xb10 fs/jfs/jfs_txnmgr.c:2732 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 The buggy address belongs to the physical page: page:ffffea0005bfcc80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ff32 flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 057ff00000000000 ffffea0005bfcc88 ffffea0005bfcc88 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88816ff32900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88816ff32980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88816ff32a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88816ff32a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88816ff32b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================