Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts. 1970/01/01 00:01:00 ignoring optional flag "type"="gce" 1970/01/01 00:01:00 parsed 1 programs [ 62.018923][ T4430] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 63.150812][ T4525] chnl_net:caif_netlink_parms(): no params data found [ 63.172973][ T4525] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.174414][ T4525] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.175957][ T4525] device bridge_slave_0 entered promiscuous mode [ 63.178640][ T4525] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.179791][ T4525] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.181252][ T4525] device bridge_slave_1 entered promiscuous mode [ 63.189720][ T4525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.192308][ T4525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.203619][ T4525] team0: Port device team_slave_0 added [ 63.205490][ T4525] team0: Port device team_slave_1 added [ 63.212580][ T4525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.213964][ T4525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.217982][ T4525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.220409][ T4525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.221509][ T4525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.225317][ T4525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.265517][ T4525] device hsr_slave_0 entered promiscuous mode [ 63.303736][ T4525] device hsr_slave_1 entered promiscuous mode [ 63.933480][ T4525] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.984844][ T4525] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.017645][ T4525] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.054921][ T4525] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.112319][ T4525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.120524][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.121983][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.135185][ T4525] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.137758][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.139351][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.140907][ T4199] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.141953][ T4199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.154988][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.156544][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.164698][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.166189][ T4199] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.167282][ T4199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.168729][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.170444][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.172039][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.195568][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.197555][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.199345][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.200973][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.202500][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.205127][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.208766][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.210357][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.214834][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.324339][ T4525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.326298][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.327499][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.340414][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.342196][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.360587][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.362196][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.364616][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.366080][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.368862][ T4525] device veth0_vlan entered promiscuous mode [ 64.376576][ T4525] device veth1_vlan entered promiscuous mode [ 64.390967][ T4525] device veth0_macvtap entered promiscuous mode [ 64.392447][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.394818][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.396246][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.397763][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.399453][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.406244][ T4525] device veth1_macvtap entered promiscuous mode [ 64.411851][ T4525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.413069][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.415767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.417364][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.421230][ T4525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.424426][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.426347][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.428520][ T4525] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.429956][ T4525] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.431341][ T4525] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.432810][ T4525] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.843015][ T1697] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.216652][ T1697] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.547128][ T1697] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.598389][ T1697] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.624533][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.625455][ T3337] cfg80211: failed to load regulatory.db [ 69.625625][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.960367][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.961713][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.963143][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.974822][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.976149][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.977446][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:10 executed programs: 0 [ 70.152594][ T4927] chnl_net:caif_netlink_parms(): no params data found [ 70.180621][ T4927] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.181794][ T4927] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.184148][ T4927] device bridge_slave_0 entered promiscuous mode [ 70.186351][ T4927] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.187548][ T4927] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.188983][ T4927] device bridge_slave_1 entered promiscuous mode [ 70.199029][ T4927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.201656][ T4927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.211185][ T4927] team0: Port device team_slave_0 added [ 70.213152][ T4927] team0: Port device team_slave_1 added [ 70.221835][ T4927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.222942][ T4927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.227595][ T4927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.230846][ T4927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.231910][ T4927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.236873][ T4927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.294853][ T4927] device hsr_slave_0 entered promiscuous mode [ 70.344836][ T4927] device hsr_slave_1 entered promiscuous mode [ 70.393492][ T4927] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.394658][ T4927] Cannot create hsr debugfs directory [ 70.793715][ T4927] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.844855][ T4927] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.879987][ T4927] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.915576][ T4927] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.970871][ T4927] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.972128][ T4927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.973451][ T4927] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.974585][ T4927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.978221][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.979988][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.002061][ T4927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.007808][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.009346][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.012071][ T4927] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.023501][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.025280][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.026652][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.027832][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.029341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.032690][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.035785][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.037066][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.038583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.040291][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.041990][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.043711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.045358][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.047049][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.048697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.050277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.054047][ T4927] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.056096][ T4927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.062742][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.064474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.066052][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.119581][ T4927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.141535][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.142785][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.157231][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 71.159229][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.160840][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 71.162349][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.167652][ T4927] device veth0_vlan entered promiscuous mode [ 71.172824][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.174804][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.178978][ T4927] device veth1_vlan entered promiscuous mode [ 71.188877][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.190421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.191891][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 71.195504][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.199321][ T4927] device veth0_macvtap entered promiscuous mode [ 71.206891][ T4927] device veth1_macvtap entered promiscuous mode [ 71.212561][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.216279][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.219367][ T4927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.231423][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.233114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.235106][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.236793][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.239537][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.241210][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.244397][ T4927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.246350][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.250665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.255297][ T4927] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.256604][ T4927] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.258033][ T4927] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.259405][ T4927] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.289984][ T4199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.291356][ T4199] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.292740][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.310145][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.311421][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.312747][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.448997][ T5029] loop0: detected capacity change from 0 to 32768 [ 71.487718][ T248] BUG: spinlock bad magic on CPU#0, jfsCommit/248 [ 71.488849][ T248] lock: 0xffff0000ecd44168, .magic: ffff8000, .owner: @IÔì/0, .owner_cpu: 512 [ 71.490353][ T248] CPU: 0 PID: 248 Comm: jfsCommit Not tainted syzkaller #0 [ 71.491585][ T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 71.493273][ T248] Call trace: [ 71.493781][ T248] dump_backtrace+0x0/0x458 [ 71.494508][ T248] show_stack+0x2c/0x3c [ 71.495154][ T248] __dump_stack+0x30/0x40 [ 71.495888][ T248] dump_stack_lvl+0xf4/0x15c [ 71.496603][ T248] dump_stack+0x1c/0x5c [ 71.497301][ T248] spin_dump+0x110/0x208 [ 71.498043][ T248] do_raw_spin_lock+0x1f0/0x2fc [ 71.498850][ T248] _raw_spin_lock_irqsave+0xcc/0x148 [ 71.499765][ T248] __wake_up+0xe0/0x174 [ 71.500497][ T248] release_metapage+0x17c/0x8f8 [ 71.501277][ T248] xtTruncate+0xb98/0x26f8 [ 71.502010][ T248] jfs_free_zero_link+0x2c0/0x42c [ 71.502881][ T248] jfs_evict_inode+0x2fc/0x3f4 [ 71.503710][ T248] evict+0x3e0/0x828 [ 71.504360][ T248] iput+0x6ac/0x764 [ 71.505053][ T248] txUpdateMap+0x69c/0x7bc [ 71.505734][ T248] jfs_lazycommit+0x360/0x9b0 [ 71.506570][ T248] kthread+0x374/0x454 [ 71.507198][ T248] ret_from_fork+0x10/0x20 [ 71.507876][ T248] ================================================================================ [ 71.509365][ T248] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 71.510637][ T248] index 1114 is out of range for type 'unsigned long[8]' [ 71.511788][ T248] CPU: 0 PID: 248 Comm: jfsCommit Not tainted syzkaller #0 [ 71.512929][ T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 71.514537][ T248] Call trace: [ 71.515095][ T248] dump_backtrace+0x0/0x458 [ 71.515849][ T248] show_stack+0x2c/0x3c [ 71.516575][ T248] __dump_stack+0x30/0x40 [ 71.517249][ T248] dump_stack_lvl+0xf4/0x15c [ 71.517945][ T248] dump_stack+0x1c/0x5c [ 71.518699][ T248] ubsan_epilogue+0x14/0x48 [ 71.519383][ T248] __ubsan_handle_out_of_bounds+0xd4/0x100 [ 71.520306][ T248] queued_spin_lock_slowpath+0x73c/0x7ac [ 71.521258][ T248] do_raw_spin_lock+0x2f8/0x2fc [ 71.522127][ T248] _raw_spin_lock_irqsave+0xcc/0x148 [ 71.523014][ T248] __wake_up+0xe0/0x174 [ 71.523770][ T248] release_metapage+0x17c/0x8f8 [ 71.524543][ T248] xtTruncate+0xb98/0x26f8 [ 71.525315][ T248] jfs_free_zero_link+0x2c0/0x42c [ 71.526189][ T248] jfs_evict_inode+0x2fc/0x3f4 [ 71.526995][ T248] evict+0x3e0/0x828 [ 71.527637][ T248] iput+0x6ac/0x764 [ 71.528181][ T248] txUpdateMap+0x69c/0x7bc [ 71.528917][ T248] jfs_lazycommit+0x360/0x9b0 [ 71.529691][ T248] kthread+0x374/0x454 [ 71.530377][ T248] ret_from_fork+0x10/0x20 [ 71.531120][ T248] ================================================================================ [ 71.532488][ T248] ================================================================== [ 71.533737][ T248] BUG: KASAN: use-after-free in queued_spin_lock_slowpath+0x480/0x7ac [ 71.535031][ T248] Write of size 8 at addr ffff000021746acc by task jfsCommit/248 [ 71.536258][ T248] [ 71.536611][ T248] CPU: 0 PID: 248 Comm: jfsCommit Not tainted syzkaller #0 [ 71.537890][ T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 71.539492][ T248] Call trace: [ 71.539965][ T248] dump_backtrace+0x0/0x458 [ 71.540714][ T248] show_stack+0x2c/0x3c [ 71.541413][ T248] __dump_stack+0x30/0x40 [ 71.542100][ T248] dump_stack_lvl+0xf4/0x15c [ 71.542896][ T248] print_address_description+0x78/0x30c [ 71.543899][ T248] kasan_report+0xec/0x158 [ 71.544612][ T248] __asan_report_store8_noabort+0x44/0x50 [ 71.545515][ T248] queued_spin_lock_slowpath+0x480/0x7ac [ 71.546499][ T248] do_raw_spin_lock+0x2f8/0x2fc [ 71.547353][ T248] _raw_spin_lock_irqsave+0xcc/0x148 [ 71.548221][ T248] __wake_up+0xe0/0x174 [ 71.548837][ T248] release_metapage+0x17c/0x8f8 [ 71.549587][ T248] xtTruncate+0xb98/0x26f8 [ 71.550396][ T248] jfs_free_zero_link+0x2c0/0x42c [ 71.551164][ T248] jfs_evict_inode+0x2fc/0x3f4 [ 71.551986][ T248] evict+0x3e0/0x828 [ 71.552618][ T248] iput+0x6ac/0x764 [ 71.553205][ T248] txUpdateMap+0x69c/0x7bc [ 71.553818][ T248] jfs_lazycommit+0x360/0x9b0 [ 71.554461][ T248] kthread+0x374/0x454 [ 71.555061][ T248] ret_from_fork+0x10/0x20 [ 71.555738][ T248] [ 71.556131][ T248] The buggy address belongs to the page: [ 71.557034][ T248] page:00000000f91cbbae refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61746 [ 71.558754][ T248] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff) [ 71.559996][ T248] raw: 01ffc00000000000 fffffc000085d188 fffffc000085d188 0000000000000000 [ 71.561275][ T248] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 71.562641][ T248] page dumped because: kasan: bad access detected [ 71.563667][ T248] [ 71.564104][ T248] Memory state around the buggy address: [ 71.565080][ T248] ffff000021746980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.566329][ T248] ffff000021746a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.567567][ T248] >ffff000021746a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.568804][ T248] ^ [ 71.569859][ T248] ffff000021746b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.571210][ T248] ffff000021746b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.572466][ T248] ================================================================== [ 72.133871][ T1541] Bluetooth: hci0: command 0x0409 tx timeout [ 74.183393][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 76.283398][ T21] Bluetooth: hci0: command 0x040f tx timeout [ 78.333393][ T21] Bluetooth: hci0: command 0x0419 tx timeout