Warning: Permanently added '10.128.1.173' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs [ 32.247401][ T4337] cgroup: Unknown subsys name 'net' [ 32.468835][ T4337] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.734834][ T4337] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 36.878230][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.879647][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.881404][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.890423][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.891771][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.893222][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.451381][ T4415] chnl_net:caif_netlink_parms(): no params data found [ 37.469493][ T4415] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.470806][ T4415] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.472338][ T4415] device bridge_slave_0 entered promiscuous mode [ 37.474678][ T4415] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.476440][ T4415] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.477963][ T4415] device bridge_slave_1 entered promiscuous mode [ 37.485148][ T4415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.488058][ T4415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.494016][ T4415] team0: Port device team_slave_0 added [ 37.496631][ T4415] team0: Port device team_slave_1 added [ 37.502404][ T4415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.503667][ T4415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.508604][ T4415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.511522][ T4415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.512774][ T4415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.517500][ T4415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.577187][ T4415] device hsr_slave_0 entered promiscuous mode [ 37.627330][ T4415] device hsr_slave_1 entered promiscuous mode [ 37.710505][ T4415] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.746913][ T4415] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.821039][ T4415] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.888571][ T4415] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.957081][ T4415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.960610][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.962955][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.965640][ T4415] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.969022][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.970874][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.972657][ T845] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.973944][ T845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.975566][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 37.978828][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.980467][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.982020][ T845] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.983140][ T845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.985510][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.998272][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.000739][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.002987][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.004699][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.010511][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.012169][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.014669][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.016573][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.019539][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.021132][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.023708][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 38.083034][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 38.084493][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 38.089358][ T4415] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.105518][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.107326][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.113557][ T4415] device veth0_vlan entered promiscuous mode [ 38.116228][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.117936][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.119617][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.121066][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.123824][ T4415] device veth1_vlan entered promiscuous mode [ 38.131151][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 38.132598][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 38.134059][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 38.136739][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.146091][ T4415] device veth0_macvtap entered promiscuous mode [ 38.148547][ T4415] device veth1_macvtap entered promiscuous mode [ 38.153214][ T4415] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.154471][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 38.157636][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 38.159216][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.160758][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.163813][ T4415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.166797][ T4415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.168282][ T4415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.169757][ T4415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.171298][ T4415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.181962][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.183675][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.288934][ T4434] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.290593][ T4434] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.291871][ T4434] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.293294][ T4434] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.294710][ T4434] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 38.298322][ T4434] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:38 executed programs: 0 [ 38.803654][ T47] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 38.805197][ T47] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 38.807031][ T47] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 38.808763][ T47] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 38.810125][ T47] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 38.811437][ T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 39.077238][ T4444] chnl_net:caif_netlink_parms(): no params data found [ 39.103785][ T4444] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.105060][ T4444] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.107030][ T4444] device bridge_slave_0 entered promiscuous mode [ 39.109004][ T4444] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.110226][ T4444] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.111842][ T4444] device bridge_slave_1 entered promiscuous mode [ 39.121479][ T4444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.123927][ T4444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.130763][ T4444] team0: Port device team_slave_0 added [ 39.132612][ T4444] team0: Port device team_slave_1 added [ 39.216351][ T4444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.217654][ T4444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.221853][ T4444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.296950][ T4444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.298162][ T4444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.302581][ T4444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.607382][ T4444] device hsr_slave_0 entered promiscuous mode [ 39.646050][ T4444] device hsr_slave_1 entered promiscuous mode [ 39.685940][ T4444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 39.687357][ T4444] Cannot create hsr debugfs directory [ 39.758802][ T4444] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.886091][ T4435] Bluetooth: hci1: command 0x0409 tx timeout [ 42.777092][ T4444] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.966170][ T47] Bluetooth: hci1: command 0x041b tx timeout [ 43.726672][ T4444] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.817495][ T4444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.040274][ T4444] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.129361][ T4444] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.167337][ T4444] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.269512][ T4444] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.369270][ T4444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.372851][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.374440][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.410599][ T4444] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.413045][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.414768][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.416385][ T845] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.417601][ T845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.419057][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.421674][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.423353][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.424844][ T845] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.425962][ T845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.429245][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.432537][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.435149][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.439452][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.441075][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.443663][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.445468][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.449580][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.451119][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.453669][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.455203][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.459830][ T39] device hsr_slave_0 left promiscuous mode [ 44.506008][ T39] device hsr_slave_1 left promiscuous mode [ 44.586364][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.587759][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.589513][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.590821][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.592315][ T39] device bridge_slave_1 left promiscuous mode [ 44.593721][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.636485][ T39] device bridge_slave_0 left promiscuous mode [ 44.637686][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.766038][ T39] device veth1_macvtap left promiscuous mode [ 44.767221][ T39] device veth0_macvtap left promiscuous mode [ 44.768247][ T39] device veth1_vlan left promiscuous mode [ 44.769318][ T39] device veth0_vlan left promiscuous mode [ 45.045965][ T47] Bluetooth: hci1: command 0x040f tx timeout [ 46.906880][ T39] team0 (unregistering): Port device team_slave_1 removed [ 47.087177][ T39] team0 (unregistering): Port device team_slave_0 removed [ 47.115939][ T47] Bluetooth: hci1: command 0x0419 tx timeout [ 47.236350][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 47.436317][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 48.956784][ T39] bond0 (unregistering): Released all slaves [ 49.270198][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.324002][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.325391][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.330498][ T4444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.337539][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.339217][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.344378][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.347278][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.348979][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.350445][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.352868][ T4444] device veth0_vlan entered promiscuous mode [ 49.356116][ T4444] device veth1_vlan entered promiscuous mode [ 49.362860][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.364371][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.370110][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.371806][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.374232][ T4444] device veth0_macvtap entered promiscuous mode [ 49.377215][ T4444] device veth1_macvtap entered promiscuous mode [ 49.382387][ T4444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.383706][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.385479][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.387359][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.388881][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.391744][ T4444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.393034][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.394723][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.397987][ T4444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.399603][ T4444] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.401114][ T4444] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.402553][ T4444] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.423982][ T1643] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.425295][ T1643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.428237][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.434149][ T845] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.435540][ T845] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.437377][ T845] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.562227][ T4461] loop0: detected capacity change from 0 to 32768 [ 49.580724][ T91] BUG: spinlock bad magic on CPU#1, jfsCommit/91 [ 49.581864][ T91] ================================================================== [ 49.583165][ T91] BUG: KASAN: slab-out-of-bounds in string+0x204/0x280 [ 49.584281][ T91] Read of size 1 at addr ffff0000ea06c9e0 by task jfsCommit/91 [ 49.585546][ T91] [ 49.585948][ T91] CPU: 1 PID: 91 Comm: jfsCommit Not tainted syzkaller #0 [ 49.587116][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 49.588805][ T91] Call trace: [ 49.589404][ T91] dump_backtrace+0x1c0/0x1ec [ 49.590258][ T91] show_stack+0x2c/0x3c [ 49.590966][ T91] __dump_stack+0x30/0x40 [ 49.591726][ T91] dump_stack_lvl+0xf4/0x15c [ 49.592502][ T91] print_address_description+0x88/0x218 [ 49.593535][ T91] print_report+0x50/0x68 [ 49.594242][ T91] kasan_report+0xa8/0xfc [ 49.594937][ T91] __asan_report_load1_noabort+0x2c/0x38 [ 49.595904][ T91] string+0x204/0x280 [ 49.596600][ T91] vsnprintf+0x10b0/0x18a8 [ 49.597304][ T91] vprintk_store+0x37c/0xb6c [ 49.598075][ T91] vprintk_emit+0x118/0x2f0 [ 49.598783][ T91] vprintk_default+0x54/0x80 [ 49.599573][ T91] vprintk+0x200/0x2a0 [ 49.600282][ T91] _printk+0xe0/0x130 [ 49.600996][ T91] spin_dump+0x10c/0x208 [ 49.601684][ T91] do_raw_spin_lock+0x1ec/0x2f8 [ 49.602530][ T91] _raw_spin_lock_irqsave+0x74/0xb0 [ 49.603443][ T91] __wake_up+0xe4/0x17c [ 49.604165][ T91] release_metapage+0x19c/0xc6c [ 49.604992][ T91] xtTruncate+0xb88/0x2644 [ 49.605741][ T91] jfs_free_zero_link+0x2c0/0x42c [ 49.606613][ T91] jfs_evict_inode+0x2f4/0x3e4 [ 49.607409][ T91] evict+0x3e0/0x828 [ 49.608123][ T91] iput+0x754/0x7e4 [ 49.608790][ T91] txUpdateMap+0x674/0x794 [ 49.609528][ T91] jfs_lazycommit+0x354/0x908 [ 49.610329][ T91] kthread+0x250/0x2d8 [ 49.610999][ T91] ret_from_fork+0x10/0x20 [ 49.611719][ T91] [ 49.612086][ T91] Allocated by task 4461: [ 49.612778][ T91] kasan_set_track+0x4c/0x80 [ 49.613468][ T91] kasan_save_alloc_info+0x24/0x30 [ 49.614267][ T91] __kasan_slab_alloc+0x70/0x88 [ 49.614999][ T91] slab_post_alloc_hook+0x74/0x430 [ 49.615753][ T91] kmem_cache_alloc_lru+0x1a4/0x280 [ 49.616571][ T91] jfs_alloc_inode+0x2c/0x68 [ 49.617322][ T91] iget_locked+0x178/0x7c4 [ 49.618058][ T91] jfs_iget+0x30/0x3e4 [ 49.618761][ T91] jfs_lookup+0x1c0/0x378 [ 49.619438][ T91] lookup_one_qstr_excl+0x108/0x230 [ 49.620257][ T91] do_unlinkat+0x1a8/0x500 [ 49.620954][ T91] __arm64_sys_unlinkat+0xe0/0xfc [ 49.621797][ T91] invoke_syscall+0x98/0x2b4 [ 49.622566][ T91] el0_svc_common+0x138/0x258 [ 49.623333][ T91] do_el0_svc+0x58/0x130 [ 49.624022][ T91] el0_svc+0x58/0x128 [ 49.624645][ T91] el0t_64_sync_handler+0x84/0xf0 [ 49.625399][ T91] el0t_64_sync+0x18c/0x190 [ 49.626142][ T91] [ 49.626490][ T91] The buggy address belongs to the object at ffff0000ea06c0c0 [ 49.626490][ T91] which belongs to the cache jfs_ip of size 2240 [ 49.628525][ T91] The buggy address is located 96 bytes to the right of [ 49.628525][ T91] 2240-byte region [ffff0000ea06c0c0, ffff0000ea06c980) [ 49.630574][ T91] [ 49.630906][ T91] The buggy address belongs to the physical page: [ 49.631951][ T91] page:00000000c2b7a110 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12a068 [ 49.633680][ T91] head:00000000c2b7a110 order:3 compound_mapcount:0 compound_pincount:0 [ 49.635064][ T91] memcg:ffff0000d095b801 [ 49.635707][ T91] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 49.636974][ T91] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c4e57e00 [ 49.638330][ T91] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff0000d095b801 [ 49.639743][ T91] page dumped because: kasan: bad access detected [ 49.640721][ T91] [ 49.641125][ T91] Memory state around the buggy address: [ 49.642084][ T91] ffff0000ea06c880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.643465][ T91] ffff0000ea06c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.644820][ T91] >ffff0000ea06c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.646183][ T91] ^ [ 49.647310][ T91] ffff0000ea06ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.648681][ T91] ffff0000ea06ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.649990][ T91] ================================================================== [ 49.581853][ T91] lock: 0xffff0000ea06c168, .magic: ffff8000, .owner: /0, .owner_cpu: 512 [ 49.652832][ T91] CPU: 1 PID: 91 Comm: jfsCommit Tainted: G B syzkaller #0 [ 49.654300][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 49.656044][ T91] Call trace: [ 49.656618][ T91] dump_backtrace+0x1c0/0x1ec [ 49.657419][ T91] show_stack+0x2c/0x3c [ 49.658090][ T91] __dump_stack+0x30/0x40 [ 49.658773][ T91] dump_stack_lvl+0xf4/0x15c [ 49.659559][ T91] dump_stack+0x1c/0x5c [ 49.660210][ T91] spin_dump+0x110/0x208 [ 49.660886][ T91] do_raw_spin_lock+0x1ec/0x2f8 [ 49.661654][ T91] _raw_spin_lock_irqsave+0x74/0xb0 [ 49.662526][ T91] __wake_up+0xe4/0x17c [ 49.663221][ T91] release_metapage+0x19c/0xc6c [ 49.664067][ T91] xtTruncate+0xb88/0x2644 [ 49.664861][ T91] jfs_free_zero_link+0x2c0/0x42c [ 49.665667][ T91] jfs_evict_inode+0x2f4/0x3e4 [ 49.666432][ T91] evict+0x3e0/0x828 [ 49.667114][ T91] iput+0x754/0x7e4 [ 49.667762][ T91] txUpdateMap+0x674/0x794 [ 49.668551][ T91] jfs_lazycommit+0x354/0x908 [ 49.669344][ T91] kthread+0x250/0x2d8 [ 49.670011][ T91] ret_from_fork+0x10/0x20 [ 49.670695][ T91] ================================================================================ [ 49.672225][ T91] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 49.673619][ T91] index 1147 is out of range for type 'unsigned long[8]' [ 49.674717][ T91] CPU: 1 PID: 91 Comm: jfsCommit Tainted: G B syzkaller #0 [ 49.676126][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 49.677766][ T91] Call trace: [ 49.678309][ T91] dump_backtrace+0x1c0/0x1ec [ 49.679048][ T91] show_stack+0x2c/0x3c [ 49.679730][ T91] __dump_stack+0x30/0x40 [ 49.680469][ T91] dump_stack_lvl+0xf4/0x15c [ 49.681260][ T91] dump_stack+0x1c/0x5c [ 49.681980][ T91] ubsan_epilogue+0x14/0x48 [ 49.682702][ T91] __ubsan_handle_out_of_bounds+0xd0/0xf8 [ 49.683647][ T91] queued_spin_lock_slowpath+0x8a8/0xc18 [ 49.684573][ T91] do_raw_spin_lock+0x2f4/0x2f8 [ 49.685332][ T91] _raw_spin_lock_irqsave+0x74/0xb0 [ 49.686204][ T91] __wake_up+0xe4/0x17c [ 49.686879][ T91] release_metapage+0x19c/0xc6c [ 49.687671][ T91] xtTruncate+0xb88/0x2644 [ 49.688437][ T91] jfs_free_zero_link+0x2c0/0x42c [ 49.689344][ T91] jfs_evict_inode+0x2f4/0x3e4 [ 49.690090][ T91] evict+0x3e0/0x828 [ 49.690744][ T91] iput+0x754/0x7e4 [ 49.691357][ T91] txUpdateMap+0x674/0x794 [ 49.692039][ T91] jfs_lazycommit+0x354/0x908 [ 49.692757][ T91] kthread+0x250/0x2d8 [ 49.693370][ T91] ret_from_fork+0x10/0x20 [ 49.694169][ T91] ================================================================================ [ 49.695731][ T91] Unable to handle kernel paging request at virtual address ffff800015189f80 [ 49.697158][ T91] KASAN: probably user-memory-access in range [0x00000000a8c4fc00-0x00000000a8c4fc07] [ 49.698734][ T91] Mem abort info: [ 49.699318][ T91] ESR = 0x0000000096000047 [ 49.700087][ T91] EC = 0x25: DABT (current EL), IL = 32 bits [ 49.701072][ T91] SET = 0, FnV = 0 [ 49.701722][ T91] EA = 0, S1PTW = 0 [ 49.702376][ T91] FSC = 0x07: level 3 translation fault [ 49.703360][ T91] Data abort info: [ 49.703997][ T91] ISV = 0, ISS = 0x00000047 [ 49.704790][ T91] CM = 0, WnR = 1 [ 49.705456][ T91] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002229cd000 [ 49.706720][ T91] [ffff800015189f80] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fffa003, pte=0000000000000000 [ 49.709069][ T91] Internal error: Oops: 0000000096000047 [#1] PREEMPT SMP [ 49.710208][ T91] Modules linked in: [ 49.710880][ T91] CPU: 1 PID: 91 Comm: jfsCommit Tainted: G B syzkaller #0 [ 49.712322][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 49.714043][ T91] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 49.715368][ T91] pc : queued_spin_lock_slowpath+0x598/0xc18 [ 49.716327][ T91] lr : queued_spin_lock_slowpath+0x8a8/0xc18 [ 49.717377][ T91] sp : ffff80001cff7340 [ 49.718061][ T91] x29: ffff80001cff73e0 x28: ffff800015189f80 x27: 1fffe0001d40d82d [ 49.719340][ T91] x26: ffff800015220f40 x25: 1fffe00033eacdf0 x24: dfff800000000000 [ 49.720666][ T91] x23: ffff7000039fee6c x22: ffff00019f566f88 x21: ffff800015189f80 [ 49.722050][ T91] x20: ffff00019f566f80 x19: ffff0000ea06c168 x18: ffff800011b9bf60 [ 49.723351][ T91] x17: 3d3d3d3d3d3d3d3d x16: ffff800008193848 x15: 0000000000000000 [ 49.724651][ T91] x14: ffff700002fc1cbc x13: 1ffff00002fc1cbc x12: 0000000000ff0100 [ 49.726091][ T91] x11: ff008000081938cc x10: ffff800015189f80 x9 : 0000000000000000 [ 49.727441][ T91] x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000001 [ 49.728803][ T91] x5 : ffff80001cff6d98 x4 : ffff800015304cc0 x3 : ffff800008193894 [ 49.730116][ T91] x2 : 0000000000000001 x1 : 0000000000000004 x0 : ffff00019f566f88 [ 49.731504][ T91] Call trace: [ 49.732077][ T91] queued_spin_lock_slowpath+0x598/0xc18 [ 49.733006][ T91] do_raw_spin_lock+0x2f4/0x2f8 [ 49.733833][ T91] _raw_spin_lock_irqsave+0x74/0xb0 [ 49.734726][ T91] __wake_up+0xe4/0x17c [ 49.735413][ T91] release_metapage+0x19c/0xc6c [ 49.736242][ T91] xtTruncate+0xb88/0x2644 [ 49.737000][ T91] jfs_free_zero_link+0x2c0/0x42c [ 49.737827][ T91] jfs_evict_inode+0x2f4/0x3e4 [ 49.738604][ T91] evict+0x3e0/0x828 [ 49.739249][ T91] iput+0x754/0x7e4 [ 49.739883][ T91] txUpdateMap+0x674/0x794 [ 49.740603][ T91] jfs_lazycommit+0x354/0x908 [ 49.741373][ T91] kthread+0x250/0x2d8 [ 49.742026][ T91] ret_from_fork+0x10/0x20 [ 49.742810][ T91] Code: aa1503e0 979340bb aa1603e0 52800081 (f90002b4) [ 49.743926][ T91] ---[ end trace 0000000000000000 ]--- [ 49.979091][ T91] Kernel panic - not syncing: Oops: Fatal exception [ 49.980151][ T91] SMP: stopping secondary CPUs [ 49.981006][ T91] Kernel Offset: disabled [ 49.981670][ T91] CPU features: 0x080000,000f0097,a65bfea7 [ 49.982573][ T91] Memory Limit: none [ 50.227554][ T91] Rebooting in 86400 seconds..