Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. 1970/01/01 00:00:33 parsed 1 programs syzkaller login: [ 34.705099][ T4326] cgroup: Unknown subsys name 'net' [ 34.920690][ T4326] cgroup: Unknown subsys name 'rlimit' [ 35.203273][ T4326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 39.812822][ T4367] chnl_net:caif_netlink_parms(): no params data found [ 39.833023][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.834228][ T4367] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.835773][ T4367] device bridge_slave_0 entered promiscuous mode [ 39.838024][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.839477][ T4367] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.840922][ T4367] device bridge_slave_1 entered promiscuous mode [ 39.850328][ T4367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.852652][ T4367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.860395][ T4367] team0: Port device team_slave_0 added [ 39.862078][ T4367] team0: Port device team_slave_1 added [ 39.867769][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.868878][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.872789][ T4367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.875248][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.876185][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.880256][ T4367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.929619][ T4367] device hsr_slave_0 entered promiscuous mode [ 39.978291][ T4367] device hsr_slave_1 entered promiscuous mode [ 40.063377][ T4367] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.121279][ T4367] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.169617][ T4367] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.258665][ T4367] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.320780][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.322055][ T4367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.323451][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.324739][ T4367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.341555][ T4367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.345282][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.347744][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.349758][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.351539][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.355753][ T4367] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.361266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.362782][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.364032][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.367286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.369262][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.370234][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.376497][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.378901][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.382432][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.385124][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.387850][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.392369][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.450528][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.451888][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.454978][ T4367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.461730][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.467714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.470474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.471810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.473927][ T4367] device veth0_vlan entered promiscuous mode [ 40.477343][ T4367] device veth1_vlan entered promiscuous mode [ 40.484456][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.485933][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.487506][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.491625][ T4367] device veth0_macvtap entered promiscuous mode [ 40.494123][ T4367] device veth1_macvtap entered promiscuous mode [ 40.500777][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.502027][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.503970][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.506733][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.508001][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.511500][ T4367] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.512882][ T4367] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.514213][ T4367] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.515548][ T4367] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.887257][ T185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.888860][ T185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.890509][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.900131][ T185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.901340][ T185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.902938][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.968004][ T4422] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.969731][ T4422] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.971028][ T4422] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.972566][ T4422] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.973914][ T4422] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.975140][ T4422] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:41 executed programs: 0 [ 41.183228][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.185096][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.186468][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.187960][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.190506][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.191759][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.245807][ T4432] chnl_net:caif_netlink_parms(): no params data found [ 41.261203][ T4432] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.262518][ T4432] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.263959][ T4432] device bridge_slave_0 entered promiscuous mode [ 41.265858][ T4432] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.266982][ T4432] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.268649][ T4432] device bridge_slave_1 entered promiscuous mode [ 41.275708][ T4432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.279002][ T4432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.292448][ T4432] team0: Port device team_slave_0 added [ 41.295050][ T4432] team0: Port device team_slave_1 added [ 41.300920][ T4432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.301991][ T4432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.306128][ T4432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.308364][ T4432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.309414][ T4432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.313444][ T4432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.369411][ T4432] device hsr_slave_0 entered promiscuous mode [ 41.408340][ T4432] device hsr_slave_1 entered promiscuous mode [ 41.458143][ T4432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.459509][ T4432] Cannot create hsr debugfs directory [ 41.800199][ T4432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.198576][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 44.439253][ T4432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.278071][ T4422] Bluetooth: hci0: command 0x041b tx timeout [ 46.238856][ T4432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.340087][ T4432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.592213][ T4432] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.690679][ T4432] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.739307][ T4432] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.869927][ T4432] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.997928][ T4432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.001442][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.002875][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.005332][ T4432] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.007623][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.009249][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.010793][ T185] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.011907][ T185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.013364][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.070841][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.072475][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.073949][ T185] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.075087][ T185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.077652][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.080620][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.083917][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.085905][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.087393][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.090612][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.092149][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.094837][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.096292][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.099066][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.100594][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.103007][ T4432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.368094][ T4422] Bluetooth: hci0: command 0x040f tx timeout [ 47.527569][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.528998][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.532145][ T4432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.537978][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 47.539966][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.545545][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 47.547124][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.549684][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.551185][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.590278][ T4432] device veth0_vlan entered promiscuous mode [ 47.593344][ T4432] device veth1_vlan entered promiscuous mode [ 47.599995][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 47.601552][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 47.603010][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.604621][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.606827][ T4432] device veth0_macvtap entered promiscuous mode [ 47.609319][ T4432] device veth1_macvtap entered promiscuous mode [ 47.613490][ T4432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.615219][ T4432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.617273][ T4432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.619269][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.620818][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.622288][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.623828][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.625908][ T4432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.627632][ T4432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.630015][ T4432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.631294][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.632774][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.635393][ T4432] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.636738][ T4432] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.638179][ T4432] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.639688][ T4432] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.986545][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.992481][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.993397][ T383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.994274][ T185] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.994931][ T383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.997720][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 48.033546][ T11] device hsr_slave_0 left promiscuous mode [ 48.069501][ T11] device hsr_slave_1 left promiscuous mode [ 48.115391][ T4458] loop0: detected capacity change from 0 to 32768 [ 48.136887][ T93] BUG: spinlock bad magic on CPU#0, jfsCommit/93 [ 48.137999][ T93] ================================================================== [ 48.139293][ T93] BUG: KASAN: slab-out-of-bounds in string+0x204/0x280 [ 48.140424][ T93] Read of size 1 at addr ffff0000e9dc49e0 by task jfsCommit/93 [ 48.141641][ T93] [ 48.142032][ T93] CPU: 0 PID: 93 Comm: jfsCommit Not tainted syzkaller #0 [ 48.143198][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 48.144710][ T93] Call trace: [ 48.145181][ T93] dump_backtrace+0x1c8/0x1f4 [ 48.145928][ T93] show_stack+0x2c/0x3c [ 48.146512][ T93] __dump_stack+0x30/0x40 [ 48.147143][ T93] dump_stack_lvl+0xf8/0x160 [ 48.147815][ T93] print_address_description+0x88/0x218 [ 48.148643][ T93] print_report+0x50/0x68 [ 48.149283][ T93] kasan_report+0xa8/0x100 [ 48.149945][ T93] __asan_report_load1_noabort+0x2c/0x38 [ 48.150784][ T93] string+0x204/0x280 [ 48.151357][ T93] vsnprintf+0x10b0/0x1890 [ 48.152032][ T93] vprintk_store+0x350/0xac8 [ 48.152682][ T93] vprintk_emit+0x10c/0x2dc [ 48.153332][ T93] vprintk_default+0x54/0x80 [ 48.154018][ T93] vprintk+0x1e8/0x284 [ 48.154617][ T93] _printk+0xd0/0x118 [ 48.155251][ T93] spin_dump+0x10c/0x208 [ 48.155927][ T93] do_raw_spin_lock+0x1dc/0x2ec [ 48.156629][ T93] _raw_spin_lock_irqsave+0x74/0xb4 [ 48.157384][ T93] __wake_up+0xe4/0x174 [ 48.158039][ T93] release_metapage+0x19c/0xc90 [ 48.158823][ T93] xtTruncate+0xb60/0x25c4 [ 48.159569][ T93] jfs_free_zero_link+0x2a4/0x410 [ 48.160361][ T93] jfs_evict_inode+0x2f4/0x3e8 [ 48.161063][ T93] evict+0x3c8/0x810 [ 48.161659][ T93] iput+0x764/0x7f4 [ 48.162282][ T93] txUpdateMap+0x67c/0x79c [ 48.162997][ T93] jfs_lazycommit+0x378/0x918 [ 48.163780][ T93] kthread+0x250/0x2d8 [ 48.164495][ T93] ret_from_fork+0x10/0x20 [ 48.165232][ T93] [ 48.165621][ T93] Allocated by task 4458: [ 48.166310][ T93] kasan_set_track+0x4c/0x80 [ 48.166981][ T93] kasan_save_alloc_info+0x28/0x34 [ 48.167759][ T93] __kasan_slab_alloc+0x70/0x88 [ 48.168532][ T93] slab_post_alloc_hook+0x74/0x43c [ 48.169343][ T93] kmem_cache_alloc_lru+0x1b0/0x298 [ 48.170186][ T93] jfs_alloc_inode+0x2c/0x68 [ 48.171044][ T93] iget_locked+0x178/0x7c4 [ 48.171806][ T93] jfs_iget+0x30/0x374 [ 48.172505][ T93] jfs_lookup+0x198/0x32c [ 48.173179][ T93] lookup_one_qstr_excl+0x108/0x230 [ 48.174062][ T93] do_unlinkat+0x19c/0x4e8 [ 48.174813][ T93] __arm64_sys_unlinkat+0xe0/0xfc [ 48.175615][ T93] invoke_syscall+0x98/0x2bc [ 48.176401][ T93] el0_svc_common+0x138/0x258 [ 48.177159][ T93] do_el0_svc+0x58/0x13c [ 48.177906][ T93] el0_svc+0x58/0x138 [ 48.178611][ T93] el0t_64_sync_handler+0x84/0xf0 [ 48.179487][ T93] el0t_64_sync+0x18c/0x190 [ 48.180302][ T93] [ 48.180687][ T93] The buggy address belongs to the object at ffff0000e9dc40c0 [ 48.180687][ T93] which belongs to the cache jfs_ip of size 2240 [ 48.182876][ T93] The buggy address is located 96 bytes to the right of [ 48.182876][ T93] 2240-byte region [ffff0000e9dc40c0, ffff0000e9dc4980) [ 48.185101][ T93] [ 48.185515][ T93] The buggy address belongs to the physical page: [ 48.186639][ T93] page:000000006ffc37ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x129dc0 [ 48.188253][ T93] head:000000006ffc37ef order:3 compound_mapcount:0 compound_pincount:0 [ 48.189578][ T93] memcg:ffff0000c31f3701 [ 48.190332][ T93] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 48.191646][ T93] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c4b51200 [ 48.193025][ T93] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff0000c31f3701 [ 48.194359][ T93] page dumped because: kasan: bad access detected [ 48.195350][ T93] [ 48.195714][ T93] Memory state around the buggy address: [ 48.196526][ T93] ffff0000e9dc4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.197850][ T93] ffff0000e9dc4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.199190][ T93] >ffff0000e9dc4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.200453][ T93] ^ [ 48.201536][ T93] ffff0000e9dc4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.202736][ T93] ffff0000e9dc4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.203876][ T93] ================================================================== [ 48.137990][ T93] lock: 0xffff0000e9dc4168, .magic: ffff8000, .owner: /0, .owner_cpu: 512 [ 48.206357][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 48.207696][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 48.209319][ T93] Call trace: [ 48.209914][ T93] dump_backtrace+0x1c8/0x1f4 [ 48.210674][ T93] show_stack+0x2c/0x3c [ 48.211344][ T93] __dump_stack+0x30/0x40 [ 48.212059][ T93] dump_stack_lvl+0xf8/0x160 [ 48.212808][ T93] dump_stack+0x1c/0x5c [ 48.213454][ T93] spin_dump+0x110/0x208 [ 48.214188][ T93] do_raw_spin_lock+0x1dc/0x2ec [ 48.214992][ T93] _raw_spin_lock_irqsave+0x74/0xb4 [ 48.215873][ T93] __wake_up+0xe4/0x174 [ 48.216506][ T93] release_metapage+0x19c/0xc90 [ 48.217292][ T93] xtTruncate+0xb60/0x25c4 [ 48.217986][ T93] jfs_free_zero_link+0x2a4/0x410 [ 48.218729][ T93] jfs_evict_inode+0x2f4/0x3e8 [ 48.219471][ T93] evict+0x3c8/0x810 [ 48.220132][ T93] iput+0x764/0x7f4 [ 48.220750][ T93] txUpdateMap+0x67c/0x79c [ 48.221407][ T93] jfs_lazycommit+0x378/0x918 [ 48.222105][ T93] kthread+0x250/0x2d8 [ 48.222767][ T93] ret_from_fork+0x10/0x20 [ 48.223487][ T93] ================================================================================ [ 48.225046][ T93] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 48.226391][ T93] index 1143 is out of range for type 'unsigned long[8]' [ 48.227519][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 48.228846][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 48.230455][ T93] Call trace: [ 48.231035][ T93] dump_backtrace+0x1c8/0x1f4 [ 48.231796][ T93] show_stack+0x2c/0x3c [ 48.232434][ T93] __dump_stack+0x30/0x40 [ 48.233058][ T93] dump_stack_lvl+0xf8/0x160 [ 48.233817][ T93] dump_stack+0x1c/0x5c [ 48.234437][ T93] ubsan_epilogue+0x14/0x48 [ 48.235245][ T93] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 48.236112][ T93] queued_spin_lock_slowpath+0xab0/0xc08 [ 48.237053][ T93] do_raw_spin_lock+0x2e8/0x2ec [ 48.237782][ T93] _raw_spin_lock_irqsave+0x74/0xb4 [ 48.238613][ T93] __wake_up+0xe4/0x174 [ 48.239312][ T93] release_metapage+0x19c/0xc90 [ 48.240081][ T93] xtTruncate+0xb60/0x25c4 [ 48.240739][ T93] jfs_free_zero_link+0x2a4/0x410 [ 48.241480][ T93] jfs_evict_inode+0x2f4/0x3e8 [ 48.242194][ T93] evict+0x3c8/0x810 [ 48.242828][ T93] iput+0x764/0x7f4 [ 48.243472][ T93] txUpdateMap+0x67c/0x79c [ 48.244179][ T93] jfs_lazycommit+0x378/0x918 [ 48.244913][ T93] kthread+0x250/0x2d8 [ 48.245576][ T93] ret_from_fork+0x10/0x20 [ 48.246324][ T93] ================================================================================ [ 48.247829][ T93] Unable to handle kernel paging request at virtual address ffff800015029fa0 [ 48.249190][ T93] KASAN: probably user-memory-access in range [0x00000000a814fd00-0x00000000a814fd07] [ 48.250634][ T93] Mem abort info: [ 48.251162][ T93] ESR = 0x0000000096000047 [ 48.251890][ T93] EC = 0x25: DABT (current EL), IL = 32 bits [ 48.252908][ T93] SET = 0, FnV = 0 [ 48.253499][ T93] EA = 0, S1PTW = 0 [ 48.254146][ T93] FSC = 0x07: level 3 translation fault [ 48.255038][ T93] Data abort info: [ 48.255667][ T93] ISV = 0, ISS = 0x00000047 [ 48.256430][ T93] CM = 0, WnR = 1 [ 48.257064][ T93] swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000020e267000 [ 48.258232][ T93] [ffff800015029fa0] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fff9003, pte=0000000000000000 [ 48.260382][ T93] Internal error: Oops: 0000000096000047 [#1] PREEMPT SMP [ 48.261440][ T93] Modules linked in: [ 48.262006][ T93] CPU: 0 PID: 93 Comm: jfsCommit Tainted: G B syzkaller #0 [ 48.263349][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 48.26488