Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts. 1970/01/01 00:01:28 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:28 ignoring optional flag "type"="gce" 1970/01/01 00:01:28 parsed 1 programs [ 91.471257][ T4462] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 100.605859][ T4504] chnl_net:caif_netlink_parms(): no params data found [ 100.635107][ T4504] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.637172][ T4504] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.639782][ T4504] device bridge_slave_0 entered promiscuous mode [ 100.643266][ T4504] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.645488][ T4504] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.648063][ T4504] device bridge_slave_1 entered promiscuous mode [ 100.664800][ T4504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.668989][ T4504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.682420][ T4504] team0: Port device team_slave_0 added [ 100.685788][ T4504] team0: Port device team_slave_1 added [ 100.700393][ T4504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.702326][ T4504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.709662][ T4504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.713845][ T4504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.715915][ T4504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.722940][ T4504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.785862][ T4504] device hsr_slave_0 entered promiscuous mode [ 100.834479][ T4504] device hsr_slave_1 entered promiscuous mode [ 101.685227][ T4504] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.726413][ T4504] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.765716][ T4504] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.815986][ T4504] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.928712][ T4504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.945583][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.948087][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.955920][ T4504] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.966023][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.968895][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.971464][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.973374][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.977003][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.984546][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.987235][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.989712][ T4166] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.991649][ T4166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.993979][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.003888][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.008826][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.012094][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.023308][ T4504] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 102.027533][ T4504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.031983][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.036852][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.039874][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.042871][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.046613][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.049381][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.051950][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.056889][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.183818][ T4504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.194505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.196757][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.210755][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.213648][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.227086][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.229843][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.232814][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.236968][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.245216][ T4504] device veth0_vlan entered promiscuous mode [ 102.250579][ T4504] device veth1_vlan entered promiscuous mode [ 102.266102][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 102.268900][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 102.271542][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.276303][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.281158][ T4504] device veth0_macvtap entered promiscuous mode [ 102.308830][ T4504] device veth1_macvtap entered promiscuous mode [ 102.347544][ T4504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.349857][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 102.352467][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.357521][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.376907][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.390115][ T4504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.394685][ T4504] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.397061][ T4504] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.399386][ T4504] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.401785][ T4504] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.407290][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.410081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.606416][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.608733][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.620325][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.622556][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.623006][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.628595][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:43 executed programs: 0 [ 103.241805][ T4659] chnl_net:caif_netlink_parms(): no params data found [ 103.279898][ T4659] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.282049][ T4659] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.287405][ T4659] device bridge_slave_0 entered promiscuous mode [ 103.290988][ T4659] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.292957][ T4659] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.295630][ T4659] device bridge_slave_1 entered promiscuous mode [ 103.313138][ T4659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.317703][ T4659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.354882][ T4659] team0: Port device team_slave_0 added [ 103.358361][ T4659] team0: Port device team_slave_1 added [ 103.372983][ T4659] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.376463][ T4659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.383570][ T4659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.408522][ T4659] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.410451][ T4659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.417992][ T4659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.496154][ T4659] device hsr_slave_0 entered promiscuous mode [ 103.505969][ T4659] device hsr_slave_1 entered promiscuous mode [ 103.574716][ T4659] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.576855][ T4659] Cannot create hsr debugfs directory [ 103.652004][ T4659] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.174336][ T4133] Bluetooth: hci0: command 0x0409 tx timeout [ 106.190753][ T4659] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.254365][ T4107] Bluetooth: hci0: command 0x041b tx timeout [ 107.399776][ T4659] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.441572][ T4659] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.598326][ T4659] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.648219][ T4659] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.678324][ T4659] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.716285][ T4659] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.793631][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.800225][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.802705][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.809172][ T4659] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.816406][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.819290][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.821878][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.823761][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.827174][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.829889][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.832519][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.834634][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.837215][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.841524][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 107.846571][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 107.851509][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 107.855118][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.858375][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 107.862544][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 107.869996][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 107.876142][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 107.878857][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 107.883513][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 107.886950][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 107.891369][ T4659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 107.984740][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 107.987128][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 107.993319][ T4659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.007241][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 108.010151][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 108.019232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 108.021935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 108.025928][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 108.028581][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 108.032570][ T4659] device veth0_vlan entered promiscuous mode [ 108.039682][ T4659] device veth1_vlan entered promiscuous mode [ 108.052441][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 108.055596][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 108.058144][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 108.060866][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 108.066212][ T4659] device veth0_macvtap entered promiscuous mode [ 108.070467][ T4659] device veth1_macvtap entered promiscuous mode [ 108.079783][ T4659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.082666][ T4659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.086962][ T4659] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.089139][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 108.091790][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 108.095237][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 108.098033][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 108.102473][ T4659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.105596][ T4659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.109327][ T4659] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.112533][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 108.115662][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 108.119772][ T4659] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.122176][ T4659] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.125461][ T4659] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.127911][ T4659] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.166653][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.169000][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.171698][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 108.188523][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.191248][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.194398][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:48 executed programs: 2 [ 108.436009][ T4889] loop0: detected capacity change from 0 to 32768 [ 108.519747][ T241] BUG: spinlock bad magic on CPU#1, jfsCommit/241 [ 108.521720][ T241] lock: 0xffff0000ed0f09e8, .magic: ffff8000, .owner: Àí/0, .owner_cpu: 512 [ 108.524166][ T241] CPU: 1 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 108.526492][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.529256][ T241] Call trace: [ 108.530158][ T241] dump_backtrace+0x0/0x43c [ 108.531424][ T241] show_stack+0x2c/0x3c [ 108.532624][ T241] __dump_stack+0x30/0x40 [ 108.533851][ T241] dump_stack_lvl+0xf8/0x160 [ 108.535145][ T241] dump_stack+0x1c/0x5c [ 108.536290][ T241] spin_dump+0x110/0x208 [ 108.537430][ T241] do_raw_spin_lock+0x1e0/0x2f0 [ 108.538799][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 108.540292][ T241] __wake_up+0xe0/0x16c [ 108.541465][ T241] release_metapage+0x17c/0x920 [ 108.542848][ T241] xtTruncate+0xb70/0x2698 [ 108.544023][ T241] jfs_free_zero_link+0x2a4/0x410 [ 108.545426][ T241] jfs_evict_inode+0x2fc/0x3fc [ 108.546725][ T241] evict+0x3c8/0x810 [ 108.547882][ T241] iput+0x6c4/0x77c [ 108.548959][ T241] txUpdateMap+0x6ac/0x7cc [ 108.550228][ T241] jfs_lazycommit+0x384/0x9bc [ 108.551516][ T241] kthread+0x374/0x454 [ 108.552618][ T241] ret_from_fork+0x10/0x20 [ 108.553797][ T241] ================================================================================ [ 108.556355][ T241] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 108.558705][ T241] index 1112 is out of range for type 'unsigned long[8]' [ 108.560650][ T241] CPU: 1 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 108.562853][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.565696][ T241] Call trace: [ 108.566532][ T241] dump_backtrace+0x0/0x43c [ 108.567789][ T241] show_stack+0x2c/0x3c [ 108.568982][ T241] __dump_stack+0x30/0x40 [ 108.570151][ T241] dump_stack_lvl+0xf8/0x160 [ 108.571388][ T241] dump_stack+0x1c/0x5c [ 108.572542][ T241] ubsan_epilogue+0x14/0x48 [ 108.573772][ T241] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 108.575359][ T241] queued_spin_lock_slowpath+0x724/0x798 [ 108.577007][ T241] do_raw_spin_lock+0x2ec/0x2f0 [ 108.578330][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 108.579756][ T241] __wake_up+0xe0/0x16c [ 108.580920][ T241] release_metapage+0x17c/0x920 [ 108.582227][ T241] xtTruncate+0xb70/0x2698 [ 108.583439][ T241] jfs_free_zero_link+0x2a4/0x410 [ 108.584768][ T241] jfs_evict_inode+0x2fc/0x3fc [ 108.586033][ T241] evict+0x3c8/0x810 [ 108.587218][ T241] iput+0x6c4/0x77c [ 108.588274][ T241] txUpdateMap+0x6ac/0x7cc [ 108.589472][ T241] jfs_lazycommit+0x384/0x9bc [ 108.590783][ T241] kthread+0x374/0x454 [ 108.591929][ T241] ret_from_fork+0x10/0x20 [ 108.593170][ T241] ================================================================================ [ 108.595683][ T241] ================================================================== [ 108.597915][ T241] BUG: KASAN: use-after-free in queued_spin_lock_slowpath+0x57c/0x798 [ 108.600169][ T241] Write of size 8 at addr ffff00002158482c by task jfsCommit/241 [ 108.602258][ T241] [ 108.602920][ T241] CPU: 1 PID: 241 Comm: jfsCommit Not tainted 5.15.184-syzkaller #0 [ 108.605136][ T241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.607779][ T241] Call trace: [ 108.608669][ T241] dump_backtrace+0x0/0x43c [ 108.609878][ T241] show_stack+0x2c/0x3c [ 108.611044][ T241] __dump_stack+0x30/0x40 [ 108.612301][ T241] dump_stack_lvl+0xf8/0x160 [ 108.613599][ T241] print_address_description+0x78/0x30c [ 108.615148][ T241] kasan_report+0xec/0x15c [ 108.616372][ T241] __asan_report_store8_noabort+0x44/0x50 [ 108.617947][ T241] queued_spin_lock_slowpath+0x57c/0x798 [ 108.619444][ T241] do_raw_spin_lock+0x2ec/0x2f0 [ 108.620795][ T241] _raw_spin_lock_irqsave+0xcc/0x14c [ 108.622339][ T241] __wake_up+0xe0/0x16c [ 108.623521][ T241] release_metapage+0x17c/0x920 [ 108.624889][ T241] xtTruncate+0xb70/0x2698 [ 108.626111][ T241] jfs_free_zero_link+0x2a4/0x410 [ 108.627507][ T241] jfs_evict_inode+0x2fc/0x3fc [ 108.628798][ T241] evict+0x3c8/0x810 [ 108.629883][ T241] iput+0x6c4/0x77c [ 108.630994][ T241] txUpdateMap+0x6ac/0x7cc [ 108.632221][ T241] jfs_lazycommit+0x384/0x9bc [ 108.633558][ T241] kthread+0x374/0x454 [ 108.634665][ T241] ret_from_fork+0x10/0x20 [ 108.635900][ T241] [ 108.636547][ T241] The buggy address belongs to the page: [ 108.638111][ T241] page:0000000001cf8404 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61584 [ 108.640936][ T241] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff) [ 108.642937][ T241] raw: 01ffc00000000000 fffffc0000856108 fffffc0000856108 0000000000000000 [ 108.645441][ T241] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 108.647802][ T241] page dumped because: kasan: bad access detected [ 108.649553][ T241] [ 108.650154][ T241] Memory state around the buggy address: [ 108.651752][ T241] ffff000021584700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 108.654252][ T241] ffff000021584780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 108.656541][ T241] >ffff000021584800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 108.658952][ T241] ^ [ 108.660406][ T241] ffff000021584880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 108.662737][ T241] ffff000021584900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 108.664950][ T241] ================================================================== [ 109.364770][ T4182] Bluetooth: hci0: command 0x040f tx timeout [ 111.414414][ T4182] Bluetooth: hci0: command 0x0419 tx timeout