==================================================================
BUG: KASAN: use-after-free in diWrite+0xd98/0x18d4 fs/jfs/jfs_imap.c:753
Write of size 32 at addr ffff0000d2f9a0c0 by task syz.2.392/9205

CPU: 0 UID: 0 PID: 9205 Comm: syz.2.392 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x238 mm/kasan/report.c:378
 print_report+0x68/0x84 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:200
 __asan_memcpy+0x54/0x84 mm/kasan/shadow.c:106
 diWrite+0xd98/0x18d4 fs/jfs/jfs_imap.c:753
 txCommit+0x5d0/0x3e00 fs/jfs/jfs_txnmgr.c:1256
 add_missing_indices+0x710/0xadc fs/jfs/jfs_dtree.c:2674
 jfs_readdir+0x1758/0x3018 fs/jfs/jfs_dtree.c:3031
 wrap_directory_iterator+0x90/0xf0 fs/readdir.c:65
 shared_jfs_readdir+0x30/0x40 fs/jfs/namei.c:1540
 iterate_dir+0x2dc/0x478 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:410 [inline]
 __se_sys_getdents64 fs/readdir.c:396 [inline]
 __arm64_sys_getdents64+0x110/0x2fc fs/readdir.c:396
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d2f9a000 pfn:0x112f9a
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000000 fffffdffc36226c8 fffffdffc30d9808 0000000000000000
raw: ffff0000d2f9a000 00000000000c0000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000d2f99f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000d2f9a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff0000d2f9a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                           ^
 ffff0000d2f9a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000d2f9a180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0

ERROR: (device loop2): remounting filesystem as read-only