loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034fa[ 113.512606][ T5985] UFO tlock:0xffffc900034fa1b0
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 UID: 0 PID: 5985 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
Call Trace:
<TASK>
jfs_create+0x865/0xa80 fs/jfs/namei.c:156
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f575dbcf6c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff260cfb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f575de25fa0 RCX: 00007f575dbcf6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007f575dc51f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f575de25fa0 R14: 00007f575de25fa0 R15: 0000000000000002
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 3c 10 cmp $0x10,%al
2: 00 74 12 4c add %dh,0x4c(%rdx,%rdx,1)
6: 89 f7 mov %esi,%edi
8: e8 f2 cb e2 fe call 0xfee2cbff
d: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx
14: fc ff df
17: 4c 89 74 24 68 mov %r14,0x68(%rsp)
1c: 4d 8b 36 mov (%r14),%r14
1f: 4d 8d 7e 28 lea 0x28(%r14),%r15
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction
2e: 74 12 je 0x42
30: 4c 89 ff mov %r15,%rdi
33: e8 c7 cb e2 fe call 0xfee2cbff
38: 48 rex.W
39: ba 00 00 00 00 mov $0x0,%edx
3e: 00 fc add %bh,%ah