Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts. 1970/01/01 00:01:24 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:24 ignoring optional flag "type"="gce" 1970/01/01 00:01:24 parsed 1 programs [ 87.214123][ T4466] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 95.130040][ T4508] chnl_net:caif_netlink_parms(): no params data found [ 95.167482][ T4508] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.169680][ T4508] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.172335][ T4508] device bridge_slave_0 entered promiscuous mode [ 95.176583][ T4508] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.178626][ T4508] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.181250][ T4508] device bridge_slave_1 entered promiscuous mode [ 95.197639][ T4508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.202056][ T4508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.245143][ T4508] team0: Port device team_slave_0 added [ 95.249890][ T4508] team0: Port device team_slave_1 added [ 95.264709][ T4508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.266588][ T4508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.275007][ T4508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.279427][ T4508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.281290][ T4508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.288993][ T4508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.366304][ T4508] device hsr_slave_0 entered promiscuous mode [ 95.414378][ T4508] device hsr_slave_1 entered promiscuous mode [ 96.154287][ T4508] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.184795][ T4508] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.225143][ T4508] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.266859][ T4508] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.375972][ T4508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.390561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.393697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.405220][ T4508] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.410052][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.413032][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.415953][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.417906][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.421304][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 96.433933][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.437288][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.439965][ T559] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.441909][ T559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.446083][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.449004][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.462963][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.466348][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.469047][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.472212][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.478075][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 96.480836][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 96.487737][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 96.490488][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 96.493558][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 96.497910][ T4508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 96.627120][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 96.629274][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 96.636992][ T4508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.679521][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 96.682441][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 96.692101][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 96.696177][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 96.698861][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 96.701299][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 96.704601][ T4508] device veth0_vlan entered promiscuous mode [ 96.710558][ T4508] device veth1_vlan entered promiscuous mode [ 96.728034][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 96.730698][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 96.735046][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 96.737746][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 96.742053][ T4508] device veth0_macvtap entered promiscuous mode [ 96.748341][ T4508] device veth1_macvtap entered promiscuous mode [ 96.759287][ T4508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.761476][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 96.766220][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 96.768806][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 96.772001][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 96.779925][ T4508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.783175][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 96.785946][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 96.790192][ T4508] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.792586][ T4508] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.796780][ T4508] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.799061][ T4508] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.961704][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.965596][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.968602][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 96.994856][ T559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.997221][ T559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.000276][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:37 executed programs: 0 [ 97.799151][ T4647] chnl_net:caif_netlink_parms(): no params data found [ 97.850869][ T4647] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.852997][ T4647] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.855675][ T4647] device bridge_slave_0 entered promiscuous mode [ 97.858889][ T4647] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.860765][ T4647] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.864107][ T4647] device bridge_slave_1 entered promiscuous mode [ 97.880685][ T4647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.891433][ T4647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.914454][ T4647] team0: Port device team_slave_0 added [ 97.918765][ T4647] team0: Port device team_slave_1 added [ 97.932232][ T4647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.936710][ T4647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.944633][ T4647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.949042][ T4647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.950874][ T4647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.958637][ T4647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.014852][ T4647] device hsr_slave_0 entered promiscuous mode [ 98.053915][ T4647] device hsr_slave_1 entered promiscuous mode [ 98.083286][ T4647] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.085462][ T4647] Cannot create hsr debugfs directory [ 98.186186][ T4647] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.783013][ T4181] Bluetooth: hci0: command 0x0409 tx timeout [ 100.758574][ T4647] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.729695][ T4647] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.809370][ T4647] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.863059][ T4182] Bluetooth: hci0: command 0x041b tx timeout [ 101.991277][ T4647] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.016174][ T4647] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.055227][ T4647] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.095980][ T4647] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.237246][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.245292][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.247869][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.252456][ T4647] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.257505][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.260547][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.264832][ T559] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.266830][ T559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.269228][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.276078][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.281721][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.285001][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.286979][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.298587][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.302658][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.312232][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.316062][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.318867][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.325003][ T1782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.327891][ T1782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.352517][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.355718][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.361995][ T4647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.366155][ T4647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.368962][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.371814][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.456463][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.458699][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.465359][ T4647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.477540][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.480508][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.492080][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.495346][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.498458][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.500945][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.505594][ T4647] device veth0_vlan entered promiscuous mode [ 102.511932][ T4647] device veth1_vlan entered promiscuous mode [ 102.529047][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 102.531698][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 102.534753][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.537459][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.541873][ T4647] device veth0_macvtap entered promiscuous mode [ 102.546673][ T4647] device veth1_macvtap entered promiscuous mode [ 102.555711][ T4647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.558574][ T4647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.562162][ T4647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.569838][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 102.572622][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.575673][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.578461][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.605198][ T4647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.608141][ T4647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.611708][ T4647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.615659][ T1838] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.618544][ T1838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.621964][ T4647] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.624641][ T4647] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.626966][ T4647] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.629684][ T4647] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.666944][ T1782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.669173][ T1782] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.671957][ T1782] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.684074][ T559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 1970/01/01 00:01:42 executed programs: 2 [ 102.686380][ T559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.689160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 102.921240][ T4896] loop0: detected capacity change from 0 to 32768 [ 102.997844][ T241] BUG: spinlock bad magic on CPU#0, jfsCommit/241 [ 102.999686][ T241] lock: 0xffff0000e21889e8, .magic: ffff8000, .owner: À‘â/0, .owner_cpu: 512 [ 103.002223][ T241] CPU: 0 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 103.004474][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.007244][ T241] Call trace: [ 103.008133][ T241] dump_backtrace+0x0/0x43c [ 103.009405][ T241] show_stack+0x2c/0x3c [ 103.010576][ T241] __dump_stack+0x30/0x40 [ 103.011798][ T241] dump_stack_lvl+0xf8/0x160 [ 103.013107][ T241] dump_stack+0x1c/0x5c [ 103.014284][ T241] spin_dump+0x110/0x208 [ 103.015455][ T241] do_raw_spin_lock+0x1e0/0x2f0 [ 103.016835][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 103.018313][ T241] __wake_up+0xe0/0x16c [ 103.019467][ T241] release_metapage+0x17c/0x920 [ 103.020835][ T241] xtTruncate+0xb70/0x2698 [ 103.022080][ T241] jfs_free_zero_link+0x2a4/0x410 [ 103.023465][ T241] jfs_evict_inode+0x2fc/0x3fc [ 103.024765][ T241] evict+0x3c8/0x810 [ 103.025818][ T241] iput+0x6c4/0x77c [ 103.026861][ T241] txUpdateMap+0x6ac/0x7cc [ 103.028069][ T241] jfs_lazycommit+0x384/0x9bc [ 103.029423][ T241] kthread+0x374/0x454 [ 103.030616][ T241] ret_from_fork+0x10/0x20 [ 103.031834][ T241] ================================================================================ [ 103.034409][ T241] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 103.036670][ T241] index 1112 is out of range for type 'unsigned long[8]' [ 103.038611][ T241] CPU: 0 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 103.040814][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.043690][ T241] Call trace: [ 103.044592][ T241] dump_backtrace+0x0/0x43c [ 103.045837][ T241] show_stack+0x2c/0x3c [ 103.046971][ T241] __dump_stack+0x30/0x40 [ 103.048154][ T241] dump_stack_lvl+0xf8/0x160 [ 103.049483][ T241] dump_stack+0x1c/0x5c [ 103.050664][ T241] ubsan_epilogue+0x14/0x48 [ 103.051907][ T241] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 103.053530][ T241] queued_spin_lock_slowpath+0x724/0x798 [ 103.055125][ T241] do_raw_spin_lock+0x2ec/0x2f0 [ 103.056509][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 103.057986][ T241] __wake_up+0xe0/0x16c [ 103.059164][ T241] release_metapage+0x17c/0x920 [ 103.060558][ T241] xtTruncate+0xb70/0x2698 [ 103.061768][ T241] jfs_free_zero_link+0x2a4/0x410 [ 103.063198][ T241] jfs_evict_inode+0x2fc/0x3fc [ 103.064529][ T241] evict+0x3c8/0x810 [ 103.065585][ T241] iput+0x6c4/0x77c [ 103.066654][ T241] txUpdateMap+0x6ac/0x7cc [ 103.067858][ T241] jfs_lazycommit+0x384/0x9bc [ 103.069127][ T241] kthread+0x374/0x454 [ 103.070243][ T241] ret_from_fork+0x10/0x20 [ 103.071498][ T241] ================================================================================ [ 103.074081][ T241] ================================================================== [ 103.076307][ T241] BUG: KASAN: use-after-free in queued_spin_lock_slowpath+0x57c/0x798 [ 103.078551][ T241] Write of size 8 at addr ffff00002158482c by task jfsCommit/241 [ 103.080722][ T241] [ 103.081357][ T241] CPU: 0 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 103.083581][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.086479][ T241] Call trace: [ 103.087380][ T241] dump_backtrace+0x0/0x43c [ 103.088701][ T241] show_stack+0x2c/0x3c [ 103.089900][ T241] __dump_stack+0x30/0x40 [ 103.091078][ T241] dump_stack_lvl+0xf8/0x160 [ 103.092391][ T241] print_address_description+0x78/0x30c [ 103.093984][ T241] kasan_report+0xec/0x15c [ 103.095249][ T241] __asan_report_store8_noabort+0x44/0x50 [ 103.096892][ T241] queued_spin_lock_slowpath+0x57c/0x798 [ 103.098468][ T241] do_raw_spin_lock+0x2ec/0x2f0 [ 103.099824][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 103.101263][ T241] __wake_up+0xe0/0x16c [ 103.102406][ T241] release_metapage+0x17c/0x920 [ 103.103808][ T241] xtTruncate+0xb70/0x2698 [ 103.105027][ T241] jfs_free_zero_link+0x2a4/0x410 [ 103.106421][ T241] jfs_evict_inode+0x2fc/0x3fc [ 103.107789][ T241] evict+0x3c8/0x810 [ 103.108875][ T241] iput+0x6c4/0x77c [ 103.109933][ T241] txUpdateMap+0x6ac/0x7cc [ 103.111168][ T241] jfs_lazycommit+0x384/0x9bc [ 103.112474][ T241] kthread+0x374/0x454 [ 103.113619][ T241] ret_from_fork+0x10/0x20 [ 103.114857][ T241] [ 103.115486][ T241] The buggy address belongs to the page: [ 103.117042][ T241] page:000000004ff85f6b refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61584 [ 103.119883][ T241] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff) [ 103.121911][ T241] raw: 01ffc00000000000 fffffc0000856108 fffffc0000856108 0000000000000000 [ 103.124383][ T241] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 103.126729][ T241] page dumped because: kasan: bad access detected [ 103.128467][ T241] [ 103.129085][ T241] Memory state around the buggy address: [ 103.130659][ T241] ffff000021584700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 103.132878][ T241] ffff000021584780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 103.135110][ T241] >ffff000021584800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 103.137437][ T241] ^ [ 103.138914][ T241] ffff000021584880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 103.141178][ T241] ffff000021584900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 103.143559][ T241] ================================================================== [ 103.953572][ T4132] Bluetooth: hci0: command 0x040f tx timeout [ 106.052959][ T4132] Bluetooth: hci0: command 0x0419 tx timeout