Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. 1970/01/01 00:00:36 parsed 1 programs [ 38.013242][ T4336] cgroup: Unknown subsys name 'net' [ 38.276472][ T4336] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 38.549677][ T4336] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 43.041627][ T4386] chnl_net:caif_netlink_parms(): no params data found [ 43.058996][ T4386] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.060234][ T4386] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.061829][ T4386] device bridge_slave_0 entered promiscuous mode [ 43.064861][ T4386] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.066123][ T4386] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.067730][ T4386] device bridge_slave_1 entered promiscuous mode [ 43.074710][ T4386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.077063][ T4386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.085481][ T4386] team0: Port device team_slave_0 added [ 43.087467][ T4386] team0: Port device team_slave_1 added [ 43.094529][ T4386] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.095838][ T4386] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.100128][ T4386] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.102792][ T4386] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.104011][ T4386] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.108436][ T4386] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.164653][ T4386] device hsr_slave_0 entered promiscuous mode [ 43.203763][ T4386] device hsr_slave_1 entered promiscuous mode [ 43.328605][ T4386] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.354729][ T4386] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.395595][ T4386] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.425714][ T4386] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.474711][ T4386] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.476238][ T4386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.477664][ T4386] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.478935][ T4386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.499317][ T4386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.503703][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.506313][ T1604] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.508211][ T1604] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.512606][ T4386] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.525215][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.526971][ T1604] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.528198][ T1604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.529577][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.531088][ T1604] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.532299][ T1604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.539533][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.541250][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.544609][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.547640][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.550969][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.554227][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.605527][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.606929][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.610285][ T4386] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.616438][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.622740][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.625444][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.626752][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.629304][ T4386] device veth0_vlan entered promiscuous mode [ 43.632369][ T4386] device veth1_vlan entered promiscuous mode [ 43.639730][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 43.641206][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 43.642821][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.646391][ T4386] device veth0_macvtap entered promiscuous mode [ 43.648864][ T4386] device veth1_macvtap entered promiscuous mode [ 43.654766][ T4386] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.656240][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.658282][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 43.661329][ T4386] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.662713][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.666221][ T4386] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.667608][ T4386] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.669004][ T4386] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.670339][ T4386] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.757956][ T4416] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 43.759515][ T4416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 43.760779][ T4416] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 43.762430][ T4416] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 43.765267][ T4416] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 43.766623][ T4416] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.045355][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.046825][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.049212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.057267][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.058693][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.060419][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:00:44 executed programs: 0 [ 44.411845][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.413425][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.415645][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.417187][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.418579][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.419921][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.602949][ T4442] chnl_net:caif_netlink_parms(): no params data found [ 44.618733][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.620070][ T4442] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.621593][ T4442] device bridge_slave_0 entered promiscuous mode [ 44.625163][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.626440][ T4442] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.627909][ T4442] device bridge_slave_1 entered promiscuous mode [ 44.636748][ T4442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.639343][ T4442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.647141][ T4442] team0: Port device team_slave_0 added [ 44.648934][ T4442] team0: Port device team_slave_1 added [ 44.655368][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.656499][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.660838][ T4442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.665158][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.666249][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.670483][ T4442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.714771][ T4442] device hsr_slave_0 entered promiscuous mode [ 44.753812][ T4442] device hsr_slave_1 entered promiscuous mode [ 44.793595][ T4442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.795023][ T4442] Cannot create hsr debugfs directory [ 45.134846][ T88] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.473908][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 47.914404][ T88] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.553550][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 49.104281][ T88] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.196085][ T88] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.277940][ T4442] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 50.325199][ T4442] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 50.445634][ T4442] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 50.484594][ T4442] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 50.574343][ T4442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.577724][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.579331][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.581805][ T4442] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.616062][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.617817][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.619302][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.620476][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.622116][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.625343][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.626959][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.628653][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.629851][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.632211][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.633627][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 50.636461][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.639350][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.641122][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.642701][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.645326][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.646913][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.649403][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.651009][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.653400][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.656562][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.659347][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.763799][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.765157][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.769407][ T4442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.775293][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.776955][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.782158][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.784414][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.786193][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.787795][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.856110][ T4442] device veth0_vlan entered promiscuous mode [ 50.859284][ T4442] device veth1_vlan entered promiscuous mode [ 50.865465][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.867135][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 50.868672][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.870268][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.872592][ T4442] device veth0_macvtap entered promiscuous mode [ 50.875177][ T4442] device veth1_macvtap entered promiscuous mode [ 50.879870][ T4442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.881673][ T4442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.885219][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.886469][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 50.888003][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.889509][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.891016][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.945986][ T4442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.947833][ T4442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.950016][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.951274][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.952878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.955958][ T4442] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.957361][ T4442] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.958828][ T4442] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.960282][ T4442] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.979284][ T1604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.981802][ T1604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.985163][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 50.991106][ T1604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.992456][ T1604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.995837][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:00:51 executed programs: 2 [ 51.117429][ T4511] loop0: detected capacity change from 0 to 32768 [ 51.140665][ T93] BUG: spinlock bad magic on CPU#0, jfsCommit/93 [ 51.141819][ T93] ================================================================== [ 51.143069][ T93] BUG: KASAN: slab-out-of-bounds in string+0x204/0x280 [ 51.144189][ T93] Read of size 1 at addr ffff0000e5a5d320 by task jfsCommit/93 [ 51.145372][ T93] [ 51.145716][ T93] CPU: 0 PID: 93 Comm: jfsCommit Not tainted syzkaller #0 [ 51.146891][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.148354][ T93] Call trace: [ 51.148861][ T93] dump_backtrace+0x1c0/0x1ec [ 51.149642][ T93] show_stack+0x2c/0x3c [ 51.150397][ T93] __dump_stack+0x30/0x40 [ 51.151071][ T93] dump_stack_lvl+0xf4/0x15c [ 51.151839][ T93] print_address_description+0x88/0x218 [ 51.152725][ T93] print_report+0x50/0x68 [ 51.153485][ T93] kasan_report+0xa8/0xfc [ 51.154165][ T93] __asan_report_load1_noabort+0x2c/0x38 [ 51.155083][ T93] string+0x204/0x280 [ 51.155731][ T93] vsnprintf+0x10b0/0x18a8 [ 51.156471][ T93] vprintk_store+0x37c/0xb6c [ 51.157201][ T93] vprintk_emit+0x118/0x2f0 [ 51.157955][ T93] vprintk_default+0x54/0x80 [ 51.158744][ T93] vprintk+0x200/0x2a0 [ 51.159461][ T93] _printk+0xe0/0x130 [ 51.160134][ T93] spin_dump+0x10c/0x208 [ 51.160870][ T93] do_raw_spin_lock+0x1ec/0x2f8 [ 51.161657][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 51.162508][ T93] __wake_up+0xe4/0x17c [ 51.163128][ T93] release_metapage+0x19c/0xc6c [ 51.163921][ T93] xtTruncate+0xb88/0x2644 [ 51.164747][ T93] jfs_free_zero_link+0x2c0/0x42c [ 51.165638][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 51.166405][ T93] evict+0x3e0/0x828 [ 51.167014][ T93] iput+0x754/0x7e4 [ 51.167645][ T93] txUpdateMap+0x674/0x794 [ 51.168396][ T93] jfs_lazycommit+0x354/0x908 [ 51.169217][ T93] kthread+0x250/0x2d8 [ 51.169885][ T93] ret_from_fork+0x10/0x20 [ 51.170687][ T93] [ 51.171076][ T93] Allocated by task 4442: [ 51.171802][ T93] kasan_set_track+0x4c/0x80 [ 51.172564][ T93] kasan_save_alloc_info+0x24/0x30 [ 51.173462][ T93] __kasan_slab_alloc+0x70/0x88 [ 51.174254][ T93] slab_post_alloc_hook+0x74/0x430 [ 51.175161][ T93] kmem_cache_alloc_lru+0x1a4/0x280 [ 51.176042][ T93] jfs_alloc_inode+0x2c/0x68 [ 51.176836][ T93] iget_locked+0x178/0x7c4 [ 51.177593][ T93] jfs_iget+0x30/0x3e4 [ 51.178305][ T93] jfs_lookup+0x1c0/0x378 [ 51.179026][ T93] __lookup_slow+0x25c/0x38c [ 51.179770][ T93] lookup_slow+0x5c/0x80 [ 51.180522][ T93] walk_component+0x270/0x364 [ 51.181236][ T93] path_lookupat+0x13c/0x3d0 [ 51.181971][ T93] filename_lookup+0x1c4/0x480 [ 51.182730][ T93] user_path_at_empty+0x5c/0x84 [ 51.183448][ T93] __arm64_sys_umount+0xf8/0x184 [ 51.184222][ T93] invoke_syscall+0x98/0x2b4 [ 51.184985][ T93] el0_svc_common+0x138/0x258 [ 51.185769][ T93] do_el0_svc+0x58/0x130 [ 51.186501][ T93] el0_svc+0x58/0x128 [ 51.187157][ T93] el0t_64_sync_handler+0x84/0xf0 [ 51.187980][ T93] el0t_64_sync+0x18c/0x190 [ 51.188721][ T93] [ 51.189106][ T93] The buggy address belongs to the object at ffff0000e5a5ca00 [ 51.189106][ T93] which belongs to the cache jfs_ip of size 2240 [ 51.191553][ T93] The buggy address is located 96 bytes to the right of [ 51.191553][ T93] 2240-byte region [ffff0000e5a5ca00, ffff0000e5a5d2c0) [ 51.193947][ T93] [ 51.194351][ T93] The buggy address belongs to the physical page: [ 51.195449][ T93] page:000000002c1c35c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125a58 [ 51.197208][ T93] head:000000002c1c35c0 order:3 compound_mapcount:0 compound_pincount:0 [ 51.198538][ T93] memcg:ffff0000d2bf3301 [ 51.199188][ T93] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 51.200526][ T93] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c4ef8c00 [ 51.202012][ T93] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff0000d2bf3301 [ 51.203437][ T93] page dumped because: kasan: bad access detected [ 51.204500][ T93] [ 51.204919][ T93] Memory state around the buggy address: [ 51.205927][ T93] ffff0000e5a5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.207286][ T93] ffff0000e5a5d280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 51.208689][ T93] >ffff0000e5a5d300: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 51.210094][ T93] ^ [ 51.210980][ T93] ffff0000e5a5d380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.212475][ T93] ffff0000e5a5d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.213826][ T93] ================================================================== [ 51.141808][ T93] lock: 0xffff0000e5a5caa8, .magic: ffff8000, .owner: /0, .owner_cpu: 512 [ 51.216767][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 51.218285][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.219915][ T93] Call trace: [ 51.220464][ T93] dump_backtrace+0x1c0/0x1ec [ 51.221328][ T93] show_stack+0x2c/0x3c [ 51.222000][ T93] __dump_stack+0x30/0x40 [ 51.222692][ T93] dump_stack_lvl+0xf4/0x15c [ 51.223467][ T93] dump_stack+0x1c/0x5c [ 51.224115][ T93] spin_dump+0x110/0x208 [ 51.224840][ T93] do_raw_spin_lock+0x1ec/0x2f8 [ 51.225678][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 51.226563][ T93] __wake_up+0xe4/0x17c [ 51.227220][ T93] release_metapage+0x19c/0xc6c [ 51.228073][ T93] xtTruncate+0xb88/0x2644 [ 51.228805][ T93] jfs_free_zero_link+0x2c0/0x42c [ 51.229588][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 51.230401][ T93] evict+0x3e0/0x828 [ 51.231034][ T93] iput+0x754/0x7e4 [ 51.231672][ T93] txUpdateMap+0x674/0x794 [ 51.232421][ T93] jfs_lazycommit+0x354/0x908 [ 51.233136][ T93] kthread+0x250/0x2d8 [ 51.233764][ T93] ret_from_fork+0x10/0x20 [ 51.234433][ T93] ================================================================================ [ 51.236055][ T93] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 51.237407][ T93] index 1147 is out of range for type 'unsigned long[8]' [ 51.238535][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 51.239833][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.241604][ T93] Call trace: [ 51.242162][ T93] dump_backtrace+0x1c0/0x1ec [ 51.242984][ T93] show_stack+0x2c/0x3c [ 51.243707][ T93] __dump_stack+0x30/0x40 [ 51.244498][ T93] dump_stack_lvl+0xf4/0x15c [ 51.245360][ T93] dump_stack+0x1c/0x5c [ 51.246106][ T93] ubsan_epilogue+0x14/0x48 [ 51.246851][ T93] __ubsan_handle_out_of_bounds+0xd0/0xf8 [ 51.247843][ T93] queued_spin_lock_slowpath+0x8a8/0xc18 [ 51.248854][ T93] do_raw_spin_lock+0x2f4/0x2f8 [ 51.249664][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 51.250523][ T93] __wake_up+0xe4/0x17c [ 51.251287][ T93] release_metapage+0x19c/0xc6c [ 51.252144][ T93] xtTruncate+0xb88/0x2644 [ 51.252876][ T93] jfs_free_zero_link+0x2c0/0x42c [ 51.253780][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 51.254638][ T93] evict+0x3e0/0x828 [ 51.255292][ T93] iput+0x754/0x7e4 [ 51.255981][ T93] txUpdateMap+0x674/0x794 [ 51.256734][ T93] jfs_lazycommit+0x354/0x908 [ 51.257510][ T93] kthread+0x250/0x2d8 [ 51.258203][ T93] ret_from_fork+0x10/0x20 [ 51.258979][ T93] ================================================================================ [ 51.260559][ T93] Unable to handle kernel paging request at virtual address ffff800015189f80 [ 51.262093][ T93] KASAN: probably user-memory-access in range [0x00000000a8c4fc00-0x00000000a8c4fc07] [ 51.263695][ T93] Mem abort info: [ 51.264287][ T93] ESR = 0x0000000096000047 [ 51.265129][ T93] EC = 0x25: DABT (current EL), IL = 32 bits [ 51.266247][ T93] SET = 0, FnV = 0 [ 51.266980][ T93] EA = 0, S1PTW = 0 [ 51.267681][ T93] FSC = 0x07: level 3 translation fault [ 51.268624][ T93] Data abort info: [ 51.269242][ T93] ISV = 0, ISS = 0x00000047 [ 51.270075][ T93] CM = 0, WnR = 1 [ 51.270741][ T93] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002229cd000 [ 51.272047][ T93] [ffff800015189f80] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fffa003, pte=0000000000000000 [ 51.274461][ T93] Internal error: Oops: 0000000096000047 [#1] PREEMPT SMP [ 51.275643][ T93] Modules linked in: [ 51.276327][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 51.277867][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.279648][ T93] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.281040][ T93] pc : queued_spin_lock_slowpath+0x598/0xc18 [ 51.282018][ T93] lr : queued_spin_lock_slowpath+0x8a8/0xc18 [ 51.283056][ T93] sp : ffff800020547340 [ 51.283769][ T93] x29: ffff8000205473e0 x28: ffff800015189f80 x27: 1fffe0001cb4b955 [ 51.285158][ T93] x26: ffff800015220f40 x25: 1fffe00033ea8bf0 x24: dfff800000000000 [ 51.286540][ T93] x23: ffff7000040a8e6c x22: ffff00019f545f88 x21: ffff800015189f80 [ 51.287915][ T93] x20: ffff00019f545f80 x19: ffff0000e5a5caa8 x18: ffff800011b9bf60 [ 51.289397][ T93] x17: 3d3d3d3d3d3d3d3d x16: ffff800008193848 x15: 0000000000000000 [ 51.290770][ T93] x14: ffff700002fc1cbc x13: 1ffff00002fc1cbc x12: 0000000000ff0100 [ 51.292274][ T93] x11: ff008000081938cc x10: ffff800015189f80 x9 : 0000000000000000 [ 51.293747][ T93] x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.295163][ T93] x5 : ffff800020546d98 x4 : ffff800015304cc0 x3 : ffff800008193894 [ 51.296584][ T93] x2 : 0000000000000001 x1 : 0000000000000004 x0 : ffff00019f545f88 [ 51.297945][ T93] Call trace: [ 51.298493][ T93] queued_spin_lock_slowpath+0x598/0xc18 [ 51.299441][ T93] do_raw_spin_lock+0x2f4/0x2f8 [ 51.300315][ T93] _raw_spin_lock_irqsave+0x74/0xb0 [ 51.301261][ T93] __wake_up+0xe4/0x17c [ 51.302046][ T93] release_metapage+0x19c/0xc6c [ 51.302897][ T93] xtTruncate+0xb88/0x2644 [ 51.303696][ T93] jfs_free_zero_link+0x2c0/0x42c [ 51.304588][ T93] jfs_evict_inode+0x2f4/0x3e4 [ 51.305374][ T93] evict+0x3e0/0x828 [ 51.306045][ T93] iput+0x754/0x7e4 [ 51.306770][ T93] txUpdateMap+0x674/0x794 [ 51.307550][ T93] jfs_lazycommit+0x354/0x908 [ 51.308388][ T93] kthread+0x250/0x2d8 [ 51.309076][ T93] ret_from_fork+0x10/0x20 [ 51.309876][ T93] Code: aa1503e0 979340b7 aa1603e0 52800081 (f90002b4) [ 51.311077][ T93] ---[ end trace 0000000000000000 ]--- [ 51.538034][ T93] Kernel panic - not syncing: Oops: Fatal exception [ 51.539191][ T93] SMP: stopping secondary CPUs [ 51.540047][ T93] Kernel Offset: disabled [ 51.540826][ T93] CPU features: 0x080000,000f0097,a65bfea7 [ 51.541848][ T93] Memory Limit: none [ 51.771531][ T93] Rebooting in 86400 seconds..