loop4: detected capacity change from 0 to 32768
==================================================================
BUG: KASAN: use-after-free in diWrite+0xe84/0x1a18 fs/jfs/jfs_imap.c:753
Write of size 32 at addr ffff0000d920c0c0 by task syz.4.305/7950

CPU: 0 UID: 0 PID: 7950 Comm: syz.4.305 Not tainted 6.15.0-rc2-syzkaller-gc72692105976 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0x198/0x550 mm/kasan/report.c:521
 kasan_report+0xd8/0x138 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x268/0x2a8 mm/kasan/generic.c:189
 __asan_memcpy+0x54/0x84 mm/kasan/shadow.c:106
 diWrite+0xe84/0x1a18 fs/jfs/jfs_imap.c:753
 txCommit+0x750/0x5504 fs/jfs/jfs_txnmgr.c:1255
 add_missing_indices+0x77c/0xac8 fs/jfs/jfs_dtree.c:2664
 jfs_readdir+0x198c/0x3338 fs/jfs/jfs_dtree.c:3020
 wrap_directory_iterator+0xa8/0xf4 fs/readdir.c:65
 shared_jfs_readdir+0x30/0x40 fs/jfs/namei.c:1540
 iterate_dir+0x46c/0x5f4 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64 fs/readdir.c:389 [inline]
 __arm64_sys_getdents64+0x1c0/0x490 fs/readdir.c:389
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d920cdc0 pfn:0x11920c
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
page_type: f0(buddy)
raw: 05ffc00000000000 fffffdffc3b4eb08 fffffdffc352ef08 0000000000000000
raw: ffff0000d920cdc0 0000000000000002 00000000f0000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000d920bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000d920c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff0000d920c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                           ^
 ffff0000d920c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000d920c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
ERROR: (device loop4): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0

ERROR: (device loop4): remounting filesystem as read-only