BUG: spinlock bad magic on CPU#1, jfsCommit/111
lock: 0xffff888049d512f8, .magic: ffffffff, .owner: /0, .owner_cpu: 768
CPU: 1 UID: 0 PID: 111 Comm: jfsCommit Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
spin_bug kernel/locking/spinlock_debug.c:78 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]
do_raw_spin_lock+0x1e5/0x2f0 kernel/locking/spinlock_debug.c:115
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock_irqsave+0x4c/0x60 kernel/locking/spinlock.c:162
__wake_up_common_lock+0x2f/0x1f0 kernel/sched/wait.c:124
unlock_metapage fs/jfs/jfs_metapage.c:40 [inline]
release_metapage+0x13c/0xac0 fs/jfs/jfs_metapage.c:871
xtTruncate+0xecd/0x2f20 fs/jfs/jfs_xtree.c:-1
jfs_free_zero_link+0x35b/0x4c0 fs/jfs/namei.c:760
jfs_evict_inode+0x363/0x440 fs/jfs/inode.c:159
evict+0x61e/0xb10 fs/inode.c:846
txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
jfs_lazycommit+0x43d/0xaa0 fs/jfs/jfs_txnmgr.c:2734
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.h:68:9
index 8961 is out of range for type 'unsigned long[8]'
CPU: 1 UID: 0 PID: 111 Comm: jfsCommit Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x30 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe8/0xf0 lib/ubsan.c:455
decode_tail kernel/locking/qspinlock.h:68 [inline]
__pv_queued_spin_lock_slowpath+0xaf5/0xbc0 kernel/locking/qspinlock.c:285
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt-spinlock.h:35 [inline]
queued_spin_lock_slowpath arch/x86/include/asm/paravirt-spinlock.h:66 [inline]
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x26c/0x2f0 kernel/locking/spinlock_debug.c:116
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock_irqsave+0x4c/0x60 kernel/locking/spinlock.c:162
__wake_up_common_lock+0x2f/0x1f0 kernel/sched/wait.c:124
unlock_metapage fs/jfs/jfs_metapage.c:40 [inline]
release_metapage+0x13c/0xac0 fs/jfs/jfs_metapage.c:871
xtTruncate+0xecd/0x2f20 fs/jfs/jfs_xtree.c:-1
jfs_free_zero_link+0x35b/0x4c0 fs/jfs/namei.c:760
jfs_evict_inode+0x363/0x440 fs/jfs/inode.c:159
evict+0x61e/0xb10 fs/inode.c:846
txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
jfs_lazycommit+0x43d/0xaa0 fs/jfs/jfs_txnmgr.c:2734
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
---[ end trace ]---