Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs [ 32.331245][ T4338] cgroup: Unknown subsys name 'net' [ 32.637686][ T4338] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.924134][ T4338] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 36.683520][ T4349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 36.685308][ T4349] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 36.686785][ T4349] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 36.688254][ T4349] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 36.689673][ T4349] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 36.690916][ T4349] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 37.083611][ T4370] chnl_net:caif_netlink_parms(): no params data found [ 37.102060][ T4370] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.103309][ T4370] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.104842][ T4370] device bridge_slave_0 entered promiscuous mode [ 37.108044][ T4370] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.109236][ T4370] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.110691][ T4370] device bridge_slave_1 entered promiscuous mode [ 37.119294][ T4370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.121664][ T4370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.128359][ T4370] team0: Port device team_slave_0 added [ 37.130028][ T4370] team0: Port device team_slave_1 added [ 37.136332][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.137511][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.141827][ T4370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.144562][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.145886][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.149813][ T4370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.226185][ T4370] device hsr_slave_0 entered promiscuous mode [ 37.265098][ T4370] device hsr_slave_1 entered promiscuous mode [ 37.349977][ T4370] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.377306][ T4370] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.417502][ T4370] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.458533][ T4370] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.512667][ T4370] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.513994][ T4370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.515346][ T4370] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.516474][ T4370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.534258][ T4370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.538735][ T1671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.541239][ T1671] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.543052][ T1671] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.548266][ T4370] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.551257][ T1671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.553097][ T1671] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.554236][ T1671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.558956][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.560255][ T1870] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.561418][ T1870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.569271][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.570970][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 37.574230][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.577961][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.581011][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.583581][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 37.679152][ T4370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.680721][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 37.681907][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 37.688138][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.694096][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.696532][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.698350][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.701390][ T4370] device veth0_vlan entered promiscuous mode [ 37.704739][ T4370] device veth1_vlan entered promiscuous mode [ 37.712663][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.714798][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.717867][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.720718][ T4370] device veth0_macvtap entered promiscuous mode [ 37.723174][ T4370] device veth1_macvtap entered promiscuous mode [ 37.729544][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.730946][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.733771][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 37.737264][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.738701][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.741655][ T4370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.743147][ T4370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.744474][ T4370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.746258][ T4370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.345151][ T1671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.346452][ T1671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.348170][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 38.357883][ T1671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.359220][ T1671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.360480][ T1671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:00:38 executed programs: 0 [ 38.953031][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.954807][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.956659][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.958279][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.959567][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 38.960864][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.058873][ T275] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.099880][ T4432] chnl_net:caif_netlink_parms(): no params data found [ 39.114359][ T4432] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.116344][ T4432] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.117786][ T4432] device bridge_slave_0 entered promiscuous mode [ 39.121223][ T4432] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.122575][ T4432] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.123981][ T4432] device bridge_slave_1 entered promiscuous mode [ 39.130851][ T4432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.133197][ T4432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.139690][ T4432] team0: Port device team_slave_0 added [ 39.141407][ T4432] team0: Port device team_slave_1 added [ 39.147528][ T4432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.148607][ T4432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.152633][ T4432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.155162][ T4432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.156226][ T4432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.160482][ T4432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.216997][ T4432] device hsr_slave_0 entered promiscuous mode [ 39.256228][ T4432] device hsr_slave_1 entered promiscuous mode [ 39.305010][ T4432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 39.306362][ T4432] Cannot create hsr debugfs directory [ 41.035743][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 41.606114][ T275] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.115021][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 43.176734][ T275] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.256933][ T275] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.447664][ T4432] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.527192][ T4432] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.566201][ T4432] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.696758][ T4432] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.795852][ T4432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.799432][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.800975][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.803680][ T4432] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.846753][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.848452][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.849801][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.851029][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.854211][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.856572][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.858677][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.860225][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.861368][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.864400][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.867586][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.870825][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.872652][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.874365][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.877793][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.879421][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.881962][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.883366][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.886291][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.887847][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.890277][ T4432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.982083][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.983344][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.986814][ T4432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.992468][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.994272][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.001550][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.003115][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.004725][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.006544][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.037999][ T4432] device veth0_vlan entered promiscuous mode [ 45.041582][ T4432] device veth1_vlan entered promiscuous mode [ 45.047922][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.049607][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.051111][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.052655][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.054868][ T4432] device veth0_macvtap entered promiscuous mode [ 45.057196][ T4432] device veth1_macvtap entered promiscuous mode [ 45.062315][ T4432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.063999][ T4432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.066892][ T4432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.118171][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.119804][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.121340][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.122819][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.125182][ T4432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.126934][ T4432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.129073][ T4432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.130325][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.131867][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.134644][ T4432] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.136262][ T4432] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.137759][ T4432] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.139253][ T4432] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.160731][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.163812][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.166247][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.171767][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.173027][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.174398][ T1870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.195052][ T4349] Bluetooth: hci0: command 0x040f tx timeout [ 45.305772][ T4515] loop0: detected capacity change from 0 to 32768 [ 45.335157][ T93] BUG: spinlock bad magic on CPU#1, jfsCommit/93 [ 45.336305][ T93] ================================================================== [ 45.337552][ T93] BUG: KASAN: slab-out-of-bounds in string+0x204/0x280 [ 45.338632][ T93] Read of size 1 at addr ffff0000e27949e0 by task jfsCommit/93 [ 45.339887][ T93] [ 45.340251][ T93] CPU: 1 PID: 93 Comm: jfsCommit Not tainted syzkaller #0 [ 45.341355][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 45.343005][ T93] Call trace: [ 45.343573][ T93] dump_backtrace+0x1c0/0x1ec [ 45.344299][ T93] show_stack+0x2c/0x3c [ 45.344962][ T93] __dump_stack+0x30/0x40 [ 45.345665][ T93] dump_stack_lvl+0xf4/0x15c [ 45.346399][ T93] print_address_description+0x88/0x218 [ 45.347388][ T93] print_report+0x50/0x68 [ 45.348138][ T93] kasan_report+0xa8/0xfc [ 45.348835][ T93] __asan_report_load1_noabort+0x2c/0x38 [ 45.349806][ T93] string+0x204/0x280 [ 45.350478][ T93] vsnprintf+0x10b0/0x18a8 [ 45.351177][ T93] vprintk_store+0x37c/0xb6c [ 45.351900][ T93] vprintk_emit+0x118/0x2f0 [ 45.352644][ T93] vprintk_default+0x54/0x80 [ 45.353389][ T93] vprintk+0x200/0x2a0 [ 45.354073][ T93] _printk+0xe0/0x130 [ 45.354720][ T93] spin_dump+0x10c/0x208 [ 45.355468][ T93] do_raw_spin_lock+0x1ec/0x2f8 [ 45.356304][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 45.357197][ T93] __wake_up+0xe4/0x17c [ 45.357948][ T93] release_metapage+0x19c/0xc6c [ 45.358813][ T93] xtTruncate+0xb88/0x2644 [ 45.359520][ T93] jfs_free_zero_link+0x2c0/0x42c [ 45.360400][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 45.361189][ T93] evict+0x3e0/0x828 [ 45.361804][ T93] iput+0x754/0x7e4 [ 45.362440][ T93] txUpdateMap+0x674/0x794 [ 45.363179][ T93] jfs_lazycommit+0x354/0x908 [ 45.363975][ T93] kthread+0x250/0x2d8 [ 45.364716][ T93] ret_from_fork+0x10/0x20 [ 45.365427][ T93] [ 45.365866][ T93] Allocated by task 4515: [ 45.366618][ T93] kasan_set_track+0x4c/0x80 [ 45.367455][ T93] kasan_save_alloc_info+0x24/0x30 [ 45.368351][ T93] __kasan_slab_alloc+0x70/0x88 [ 45.369149][ T93] slab_post_alloc_hook+0x74/0x430 [ 45.370094][ T93] kmem_cache_alloc_lru+0x1a4/0x280 [ 45.371031][ T93] jfs_alloc_inode+0x2c/0x68 [ 45.371810][ T93] iget_locked+0x178/0x7c4 [ 45.372634][ T93] jfs_iget+0x30/0x3e4 [ 45.373352][ T93] jfs_lookup+0x1c0/0x378 [ 45.374144][ T93] lookup_one_qstr_excl+0x108/0x230 [ 45.375064][ T93] do_unlinkat+0x1a8/0x500 [ 45.375854][ T93] __arm64_sys_unlinkat+0xe0/0xfc [ 45.376793][ T93] invoke_syscall+0x98/0x2b4 [ 45.377575][ T93] el0_svc_common+0x138/0x258 [ 45.378418][ T93] do_el0_svc+0x58/0x130 [ 45.379198][ T93] el0_svc+0x58/0x128 [ 45.379843][ T93] el0t_64_sync_handler+0x84/0xf0 [ 45.380651][ T93] el0t_64_sync+0x18c/0x190 [ 45.381398][ T93] [ 45.381775][ T93] The buggy address belongs to the object at ffff0000e27940c0 [ 45.381775][ T93] which belongs to the cache jfs_ip of size 2240 [ 45.384007][ T93] The buggy address is located 96 bytes to the right of [ 45.384007][ T93] 2240-byte region [ffff0000e27940c0, ffff0000e2794980) [ 45.386244][ T93] [ 45.386616][ T93] The buggy address belongs to the physical page: [ 45.387697][ T93] page:00000000c7db9ab7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122790 [ 45.389344][ T93] head:00000000c7db9ab7 order:3 compound_mapcount:0 compound_pincount:0 [ 45.390710][ T93] memcg:ffff0000cbebe901 [ 45.391424][ T93] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 45.392817][ T93] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c772ca80 [ 45.394223][ T93] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff0000cbebe901 [ 45.395710][ T93] page dumped because: kasan: bad access detected [ 45.396899][ T93] [ 45.397281][ T93] Memory state around the buggy address: [ 45.398230][ T93] ffff0000e2794880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.399498][ T93] ffff0000e2794900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.400883][ T93] >ffff0000e2794980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.402327][ T93] ^ [ 45.403498][ T93] ffff0000e2794a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.404943][ T93] ffff0000e2794a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.406375][ T93] ================================================================== [ 45.336293][ T93] lock: 0xffff0000e2794168, .magic: ffff8000, .owner: /0, .owner_cpu: 512 [ 45.409195][ T93] CPU: 1 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 45.410749][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 45.412479][ T93] Call trace: [ 45.413051][ T93] dump_backtrace+0x1c0/0x1ec [ 45.413794][ T93] show_stack+0x2c/0x3c [ 45.414499][ T93] __dump_stack+0x30/0x40 [ 45.415314][ T93] dump_stack_lvl+0xf4/0x15c [ 45.416146][ T93] dump_stack+0x1c/0x5c [ 45.416948][ T93] spin_dump+0x110/0x208 [ 45.417687][ T93] do_raw_spin_lock+0x1ec/0x2f8 [ 45.418537][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 45.419416][ T93] __wake_up+0xe4/0x17c [ 45.420199][ T93] release_metapage+0x19c/0xc6c [ 45.421093][ T93] xtTruncate+0xb88/0x2644 [ 45.421880][ T93] jfs_free_zero_link+0x2c0/0x42c [ 45.422701][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 45.423477][ T93] evict+0x3e0/0x828 [ 45.424165][ T93] iput+0x754/0x7e4 [ 45.424775][ T93] txUpdateMap+0x674/0x794 [ 45.425434][ T93] jfs_lazycommit+0x354/0x908 [ 45.426224][ T93] kthread+0x250/0x2d8 [ 45.426930][ T93] ret_from_fork+0x10/0x20 [ 45.427712][ T93] ================================================================================ [ 45.429250][ T93] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 45.430623][ T93] index 1147 is out of range for type 'unsigned long[8]' [ 45.431783][ T93] CPU: 1 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 45.433166][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 45.434642][ T93] Call trace: [ 45.435181][ T93] dump_backtrace+0x1c0/0x1ec [ 45.435927][ T93] show_stack+0x2c/0x3c [ 45.436626][ T93] __dump_stack+0x30/0x40 [ 45.437415][ T93] dump_stack_lvl+0xf4/0x15c [ 45.438156][ T93] dump_stack+0x1c/0x5c [ 45.438890][ T93] ubsan_epilogue+0x14/0x48 [ 45.439667][ T93] __ubsan_handle_out_of_bounds+0xd0/0xf8 [ 45.440578][ T93] queued_spin_lock_slowpath+0x8a8/0xc18 [ 45.441465][ T93] do_raw_spin_lock+0x2f4/0x2f8 [ 45.442237][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 45.443115][ T93] __wake_up+0xe4/0x17c [ 45.443812][ T93] release_metapage+0x19c/0xc6c [ 45.444546][ T93] xtTruncate+0xb88/0x2644 [ 45.445210][ T93] jfs_free_zero_link+0x2c0/0x42c [ 45.445991][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 45.446774][ T93] evict+0x3e0/0x828 [ 45.447390][ T93] iput+0x754/0x7e4 [ 45.448064][ T93] txUpdateMap+0x674/0x794 [ 45.448724][ T93] jfs_lazycommit+0x354/0x908 [ 45.449436][ T93] kthread+0x250/0x2d8 [ 45.450145][ T93] ret_from_fork+0x10/0x20 [ 45.450878][ T93] ================================================================================ [ 45.452462][ T93] Unable to handle kernel paging request at virtual address ffff800015189f80 [ 45.453892][ T93] KASAN: probably user-memory-access in range [0x00000000a8c4fc00-0x00000000a8c4fc07] [ 45.455504][ T93] Mem abort info: [ 45.456073][ T93] ESR = 0x0000000096000047 [ 45.456806][ T93] EC = 0x25: DABT (current EL), IL = 32 bits [ 45.457757][ T93] SET = 0, FnV = 0 [ 45.458405][ T93] EA = 0, S1PTW = 0 [ 45.459091][ T93] FSC = 0x07: level 3 translation fault [ 45.460084][ T93] Data abort info: [ 45.460770][ T93] ISV = 0, ISS = 0x00000047 [ 45.461582][ T93] CM = 0, WnR = 1 [ 45.462260][ T93] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002229cd000 [ 45.463497][ T93] [ffff800015189f80] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fffa003, pte=0000000000000000 [ 45.465913][ T93] Internal error: Oops: 0000000096000047 [#1] PREEMPT SMP [ 45.467146][ T93] Modules linked in: [ 45.467864][ T93] CPU: 1 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 45.469370][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 45.471125][ T93] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 45.472575][ T93] pc : queued_spin_lock_slowpath+0x598/0xc18 [ 45.473608][ T93] lr : queued_spin_lock_slowpath+0x8a8/0xc18 [ 45.474554][ T93] sp : ffff800020527340 [ 45.475221][ T93] x29: ffff8000205273e0 x28: ffff800015189f80 x27: 1fffe0001c4f282d [ 45.476641][ T93] x26: ffff800015220f40 x25: 1fffe00033eacdf0 x24: dfff800000000000 [ 45.477989][ T93] x23: ffff7000040a4e6c x22: ffff00019f566f88 x21: ffff800015189f80 [ 45.479313][ T93] x20: ffff00019f566f80 x19: ffff0000e2794168 x18: ffff800011b9bf60 [ 45.480689][ T93] x17: 3d3d3d3d3d3d3d3d x16: ffff800008193848 x15: 0000000000000000 [ 45.482137][ T93] x14: ffff700002fc1cbc x13: 1ffff00002fc1cbc x12: 0000000000ff0100 [ 45.483562][ T93] x11: ff008000081938cc x10: ffff800015189f80 x9 : 0000000000000000 [ 45.485013][ T93] x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000001 [ 45.486386][ T93] x5 : ffff800020526d98 x4 : ffff800015304cc0 x3 : ffff800008193894 [ 45.487761][ T93] x2 : 0000000000000001 x1 : 0000000000000004 x0 : ffff00019f566f88 [ 45.489081][ T93] Call trace: [ 45.489601][ T93] queued_spin_lock_slowpath+0x598/0xc18 [ 45.490511][ T93] do_raw_spin_lock+0x2f4/0x2f8 [ 45.491323][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 45.492256][ T93] __wake_up+0xe4/0x17c [ 45.492977][ T93] release_metapage+0x19c/0xc6c [ 45.493798][ T93] xtTruncate+0xb88/0x2644 [ 45.494591][ T93] jfs_free_zero_link+0x2c0/0x42c [ 45.495435][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 45.496215][ T93] evict+0x3e0/0x828 [ 45.496846][ T93] iput+0x754/0x7e4 [ 45.497462][ T93] txUpdateMap+0x674/0x794 [ 45.498225][ T93] jfs_lazycommit+0x354/0x908 [ 45.498993][ T93] kthread+0x250/0x2d8 [ 45.499752][ T93] ret_from_fork+0x10/0x20 [ 45.500524][ T93] Code: aa1503e0 979340bb aa1603e0 52800081 (f90002b4) [ 45.501691][ T93] ---[ end trace 0000000000000000 ]--- [ 45.710897][ T93] Kernel panic - not syncing: Oops: Fatal exception [ 45.711844][ T93] SMP: stopping secondary CPUs [ 45.712577][ T93] Kernel Offset: disabled [ 45.713235][ T93] CPU features: 0x080000,000f0097,a65bfea7 [ 45.714134][ T93] Memory Limit: none [ 45.930842][ T93] Rebooting in 86400 seconds..