[ 71.169001][ T25] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts.
2025/12/10 23:56:40 parsed 1 programs
[ 75.316350][ T2460] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2025/12/10 23:56:49 executed programs: 0
2025/12/10 23:56:55 executed programs: 2
[ 88.610332][ T3272] loop3: detected capacity change from 0 to 32768
[ 88.618544][ T3272] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[ 88.627420][ T3272] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[ 88.639470][ T3272] syz.3.16: attempt to access beyond end of device
[ 88.639470][ T3272] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[ 88.655378][ T3272] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[ 88.655378][ T3272] inode = 1 19
[ 88.655378][ T3272] function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[ 88.674827][ T3272] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[ 88.685074][ T3272] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:3272 [syz.3.16] init_journal+0x1594/0x1ea0
[ 88.696047][ T3272] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[ 88.705596][ T3272] gfs2: fsid=norecovery.s: about to withdraw this file system
[ 88.713470][ T3272] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[ 88.722843][ T3272] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[ 88.730039][ T3272] gfs2: fsid=norecovery.s: File system withdrawn
[ 88.736731][ T3272] CPU: 1 PID: 3272 Comm: syz.3.16 Not tainted syzkaller #0
[ 88.744372][ T3272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 88.755490][ T3272] Call Trace:
[ 88.758939][ T3272]
[ 88.762289][ T3272] dump_stack_lvl+0xdc/0x15b
[ 88.766872][ T3272] ? show_regs_print_info+0x5/0x5
[ 88.772059][ T3272] ? load_image+0x550/0x550
[ 88.776585][ T3272] gfs2_withdraw+0xebb/0x1230
[ 88.781342][ T3272] ? gfs2_lm+0x1e0/0x1e0
[ 88.785891][ T3272] ? gfs2_glock_nq+0xa1c/0x1190
[ 88.790826][ T3272] ? gfs2_consist_inode_i+0xec/0x110
[ 88.796275][ T3272] gfs2_jdesc_check+0xe5/0x1b0
[ 88.801136][ T3272] check_journal_clean+0x15d/0x290
[ 88.806337][ T3272] ? gfs2_trans_remove_revoke+0x300/0x300
[ 88.812143][ T3272] ? init_journal+0x1594/0x1ea0
[ 88.817254][ T3272] ? __rwlock_init+0x140/0x140
[ 88.822020][ T3272] ? do_raw_spin_unlock+0x11d/0x230
[ 88.827244][ T3272] ? _raw_spin_unlock+0x24/0x40
[ 88.832172][ T3272] ? gfs2_jdesc_find+0x91/0xa0
[ 88.836922][ T3272] init_journal+0x1594/0x1ea0
[ 88.841670][ T3272] ? __lock_acquire+0xc40/0xc40
[ 88.846630][ T3272] ? init_inodes+0xcb/0x2e0
[ 88.851230][ T3272] ? _compound_head+0xa0/0xa0
[ 88.855899][ T3272] ? vsnprintf+0x118/0x1a70
[ 88.860398][ T3272] ? snprintf+0xcd/0x110
[ 88.864985][ T3272] ? init_inodes+0xcb/0x2e0
[ 88.869656][ T3272] ? vscnprintf+0x30/0x30
[ 88.874158][ T3272] ? gfs2_glock_nq_num+0x112/0x150
[ 88.879681][ T3272] init_inodes+0xcb/0x2e0
[ 88.884256][ T3272] gfs2_fill_super+0x129a/0x1a80
[ 88.889597][ T3272] ? gfs2_reconfigure+0xba0/0xba0
[ 88.894612][ T3272] ? init_locking+0xa5/0x1a0
[ 88.899351][ T3272] ? sb_set_blocksize+0x40/0xc0
[ 88.904277][ T3272] get_tree_bdev+0x3d2/0x610
[ 88.909208][ T3272] ? gfs2_reconfigure+0xba0/0xba0
[ 88.914313][ T3272] gfs2_get_tree+0x48/0x190
[ 88.918886][ T3272] vfs_get_tree+0x7d/0x180
[ 88.923367][ T3272] do_new_mount+0x1c6/0x7e0
[ 88.928045][ T3272] __se_sys_mount+0x216/0x2b0
[ 88.932882][ T3272] ? __x64_sys_mount+0xc0/0xc0
[ 88.937983][ T3272] do_syscall_64+0x4c/0xa0
[ 88.942546][ T3272] ? clear_bhb_loop+0x60/0xb0
[ 88.947800][ T3272] ? clear_bhb_loop+0x60/0xb0
[ 88.952548][ T3272] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 88.958602][ T3272] RIP: 0033:0x7f21801900ca
[ 88.963177][ T3272] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 88.983398][ T3272] RSP: 002b:00007f2181027e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 88.991929][ T3272] RAX: ffffffffffffffda RBX: 00007f2181027ef0 RCX: 00007f21801900ca
[ 89.000061][ T3272] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f2181027eb0
[ 89.008288][ T3272] RBP: 0000200000000400 R08: 00007f2181027ef0 R09: 0000000000200001
[ 89.016438][ T3272] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[ 89.024703][ T3272] R13: 00007f2181027eb0 R14: 00000000000125bb R15: 0000200000000180
[ 89.033012][ T3272]
[ 89.036792][ T3272] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[ 89.262430][ T3275] loop3: detected capacity change from 0 to 32768
[ 89.275897][ T3275] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[ 89.285514][ T3275] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[ 89.296112][ T3275] syz.3.17: attempt to access beyond end of device
[ 89.296112][ T3275] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[ 89.312477][ T3275] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[ 89.312477][ T3275] inode = 1 19
[ 89.312477][ T3275] function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[ 89.332358][ T3275] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[ 89.341933][ T3275] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:3275 [syz.3.17] init_journal+0x1594/0x1ea0
[ 89.352512][ T3275] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[ 89.361504][ T3275] gfs2: fsid=norecovery.s: about to withdraw this file system
[ 89.368997][ T3275] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[ 89.378488][ T3275] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[ 89.385437][ T3275] gfs2: fsid=norecovery.s: File system withdrawn
[ 89.391819][ T3275] CPU: 1 PID: 3275 Comm: syz.3.17 Not tainted syzkaller #0
[ 89.399102][ T3275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 89.409237][ T3275] Call Trace:
[ 89.412588][ T3275]
[ 89.415497][ T3275] dump_stack_lvl+0xdc/0x15b
[ 89.420163][ T3275] ? show_regs_print_info+0x5/0x5
[ 89.425187][ T3275] ? load_image+0x550/0x550
[ 89.430007][ T3275] gfs2_withdraw+0xebb/0x1230
[ 89.434716][ T3275] ? gfs2_lm+0x1e0/0x1e0
[ 89.439045][ T3275] ? gfs2_glock_nq+0xa1c/0x1190
[ 89.443967][ T3275] ? gfs2_consist_inode_i+0xec/0x110
[ 89.449533][ T3275] gfs2_jdesc_check+0xe5/0x1b0
[ 89.454637][ T3275] check_journal_clean+0x15d/0x290
[ 89.459939][ T3275] ? gfs2_trans_remove_revoke+0x300/0x300
[ 89.465801][ T3275] ? init_journal+0x1594/0x1ea0
[ 89.470733][ T3275] ? __rwlock_init+0x140/0x140
[ 89.475561][ T3275] ? do_raw_spin_unlock+0x11d/0x230
[ 89.480747][ T3275] ? _raw_spin_unlock+0x24/0x40
[ 89.485912][ T3275] ? gfs2_jdesc_find+0x91/0xa0
[ 89.490847][ T3275] init_journal+0x1594/0x1ea0
[ 89.495505][ T3275] ? __lock_acquire+0xc40/0xc40
[ 89.500336][ T3275] ? init_inodes+0xcb/0x2e0
[ 89.504906][ T3275] ? _compound_head+0xa0/0xa0
[ 89.509762][ T3275] ? vsnprintf+0x118/0x1a70
[ 89.514345][ T3275] ? snprintf+0xcd/0x110
[ 89.518570][ T3275] ? init_inodes+0xcb/0x2e0
[ 89.523350][ T3275] ? vscnprintf+0x30/0x30
[ 89.527701][ T3275] ? gfs2_glock_nq_num+0x112/0x150
[ 89.532899][ T3275] init_inodes+0xcb/0x2e0
[ 89.537220][ T3275] gfs2_fill_super+0x129a/0x1a80
[ 89.542224][ T3275] ? gfs2_reconfigure+0xba0/0xba0
[ 89.547223][ T3275] ? init_locking+0xa5/0x1a0
[ 89.552051][ T3275] ? sb_set_blocksize+0x40/0xc0
[ 89.556986][ T3275] get_tree_bdev+0x3d2/0x610
[ 89.561760][ T3275] ? gfs2_reconfigure+0xba0/0xba0
[ 89.566812][ T3275] gfs2_get_tree+0x48/0x190
[ 89.571685][ T3275] vfs_get_tree+0x7d/0x180
[ 89.576185][ T3275] do_new_mount+0x1c6/0x7e0
[ 89.580979][ T3275] __se_sys_mount+0x216/0x2b0
[ 89.585907][ T3275] ? __x64_sys_mount+0xc0/0xc0
[ 89.590991][ T3275] do_syscall_64+0x4c/0xa0
[ 89.595561][ T3275] ? clear_bhb_loop+0x60/0xb0
[ 89.600317][ T3275] ? clear_bhb_loop+0x60/0xb0
[ 89.604972][ T3275] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 89.610927][ T3275] RIP: 0033:0x7f21801900ca
[ 89.615414][ T3275] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.635363][ T3275] RSP: 002b:00007f2181027e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.644158][ T3275] RAX: ffffffffffffffda RBX: 00007f2181027ef0 RCX: 00007f21801900ca
[ 89.652472][ T3275] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f2181027eb0
[ 89.660599][ T3275] RBP: 0000200000000400 R08: 00007f2181027ef0 R09: 0000000000200001
[ 89.668678][ T3275] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[ 89.676974][ T3275] R13: 00007f2181027eb0 R14: 00000000000125bb R15: 0000200000000180
[ 89.684934][ T3275]
[ 89.688821][ T3275] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[ 89.933549][ T3277] loop3: detected capacity change from 0 to 32768
[ 89.941925][ T3277] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[ 89.951203][ T3277] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[ 89.960387][ T3277] syz.3.18: attempt to access beyond end of device
[ 89.960387][ T3277] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[ 89.975716][ T3277] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[ 89.975716][ T3277] inode = 1 19
[ 89.975716][ T3277] function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[ 89.996495][ T3277] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[ 90.005951][ T3277] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:3277 [syz.3.18] init_journal+0x1594/0x1ea0
[ 90.016597][ T3277] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[ 90.025552][ T3277] gfs2: fsid=norecovery.s: about to withdraw this file system
[ 90.033445][ T3277] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[ 90.042812][ T3277] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[ 90.050077][ T3277] gfs2: fsid=norecovery.s: File system withdrawn
[ 90.056686][ T3277] CPU: 1 PID: 3277 Comm: syz.3.18 Not tainted syzkaller #0
[ 90.064214][ T3277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 90.074639][ T3277] Call Trace:
[ 90.078123][ T3277]
[ 90.081059][ T3277] dump_stack_lvl+0xdc/0x15b
[ 90.085738][ T3277] ? show_regs_print_info+0x5/0x5
[ 90.090833][ T3277] ? load_image+0x550/0x550
[ 90.095517][ T3277] gfs2_withdraw+0xebb/0x1230
[ 90.100263][ T3277] ? gfs2_lm+0x1e0/0x1e0
[ 90.104479][ T3277] ? gfs2_glock_nq+0xa1c/0x1190
[ 90.109467][ T3277] ? gfs2_consist_inode_i+0xec/0x110
[ 90.114777][ T3277] gfs2_jdesc_check+0xe5/0x1b0
[ 90.119724][ T3277] check_journal_clean+0x15d/0x290
[ 90.125415][ T3277] ? gfs2_trans_remove_revoke+0x300/0x300
[ 90.131232][ T3277] ? init_journal+0x1594/0x1ea0
[ 90.136236][ T3277] ? __rwlock_init+0x140/0x140
[ 90.141171][ T3277] ? do_raw_spin_unlock+0x11d/0x230
[ 90.146595][ T3277] ? _raw_spin_unlock+0x24/0x40
[ 90.151707][ T3277] ? gfs2_jdesc_find+0x91/0xa0
[ 90.156503][ T3277] init_journal+0x1594/0x1ea0
[ 90.161176][ T3277] ? __lock_acquire+0xc40/0xc40
[ 90.166181][ T3277] ? init_inodes+0xcb/0x2e0
[ 90.170862][ T3277] ? _compound_head+0xa0/0xa0
[ 90.175825][ T3277] ? vsnprintf+0x118/0x1a70
[ 90.180326][ T3277] ? snprintf+0xcd/0x110
[ 90.184744][ T3277] ? init_inodes+0xcb/0x2e0
[ 90.189439][ T3277] ? vscnprintf+0x30/0x30
[ 90.193761][ T3277] ? gfs2_glock_nq_num+0x112/0x150
[ 90.199142][ T3277] init_inodes+0xcb/0x2e0
[ 90.203705][ T3277] gfs2_fill_super+0x129a/0x1a80
[ 90.208723][ T3277] ? gfs2_reconfigure+0xba0/0xba0
[ 90.213998][ T3277] ? init_locking+0xa5/0x1a0
[ 90.218940][ T3277] ? sb_set_blocksize+0x40/0xc0
[ 90.224057][ T3277] get_tree_bdev+0x3d2/0x610
[ 90.228816][ T3277] ? gfs2_reconfigure+0xba0/0xba0
[ 90.234186][ T3277] gfs2_get_tree+0x48/0x190
[ 90.238950][ T3277] vfs_get_tree+0x7d/0x180
[ 90.243785][ T3277] do_new_mount+0x1c6/0x7e0
[ 90.248550][ T3277] __se_sys_mount+0x216/0x2b0
[ 90.253577][ T3277] ? __x64_sys_mount+0xc0/0xc0
[ 90.258666][ T3277] do_syscall_64+0x4c/0xa0
[ 90.263170][ T3277] ? clear_bhb_loop+0x60/0xb0
[ 90.267841][ T3277] ? clear_bhb_loop+0x60/0xb0
[ 90.272949][ T3277] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 90.279202][ T3277] RIP: 0033:0x7f21801900ca
[ 90.283706][ T3277] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 90.304118][ T3277] RSP: 002b:00007f2181027e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.312511][ T3277] RAX: ffffffffffffffda RBX: 00007f2181027ef0 RCX: 00007f21801900ca
[ 90.320739][ T3277] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f2181027eb0
[ 90.328792][ T3277] RBP: 0000200000000400 R08: 00007f2181027ef0 R09: 0000000000200001
[ 90.336925][ T3277] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[ 90.345096][ T3277] R13: 00007f2181027eb0 R14: 00000000000125bb R15: 0000200000000180
[ 90.353154][ T3277]
[ 90.357589][ T3277] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[ 90.585014][ T3279] loop3: detected capacity change from 0 to 32768
[ 90.597468][ T3279] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[ 90.606490][ T3279] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[ 90.615655][ T3279] syz.3.19: attempt to access beyond end of device
[ 90.615655][ T3279] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[ 90.631024][ T3279] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[ 90.631024][ T3279] inode = 1 19
[ 90.631024][ T3279] function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[ 90.651103][ T3279] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[ 90.661205][ T3279] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:3279 [syz.3.19] init_journal+0x1594/0x1ea0
[ 90.672232][ T3279] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[ 90.680968][ T3279] gfs2: fsid=norecovery.s: about to withdraw this file system
[ 90.688661][ T3279] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[ 90.697666][ T3279] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[ 90.704792][ T3279] gfs2: fsid=norecovery.s: File system withdrawn
[ 90.711994][ T3279] CPU: 0 PID: 3279 Comm: syz.3.19 Not tainted syzkaller #0
[ 90.719176][ T3279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 90.729306][ T3279] Call Trace:
[ 90.732569][ T3279]
[ 90.735569][ T3279] dump_stack_lvl+0xdc/0x15b
[ 90.740366][ T3279] ? show_regs_print_info+0x5/0x5
[ 90.745369][ T3279] ? load_image+0x550/0x550
[ 90.749933][ T3279] gfs2_withdraw+0xebb/0x1230
[ 90.754672][ T3279] ? gfs2_lm+0x1e0/0x1e0
[ 90.759061][ T3279] ? gfs2_glock_nq+0xa1c/0x1190
[ 90.763978][ T3279] ? gfs2_consist_inode_i+0xec/0x110
[ 90.769758][ T3279] gfs2_jdesc_check+0xe5/0x1b0
[ 90.774494][ T3279] check_journal_clean+0x15d/0x290
[ 90.779675][ T3279] ? gfs2_trans_remove_revoke+0x300/0x300
[ 90.785365][ T3279] ? init_journal+0x1594/0x1ea0
[ 90.790406][ T3279] ? __rwlock_init+0x140/0x140
[ 90.795206][ T3279] ? do_raw_spin_unlock+0x11d/0x230
[ 90.800466][ T3279] ? _raw_spin_unlock+0x24/0x40
[ 90.805389][ T3279] ? gfs2_jdesc_find+0x91/0xa0
[ 90.811216][ T3279] init_journal+0x1594/0x1ea0
[ 90.817000][ T3279] ? __lock_acquire+0xc40/0xc40
[ 90.822134][ T3279] ? init_inodes+0xcb/0x2e0
[ 90.827202][ T3279] ? _compound_head+0xa0/0xa0
[ 90.832064][ T3279] ? vsnprintf+0x118/0x1a70
[ 90.836561][ T3279] ? snprintf+0xcd/0x110
[ 90.840953][ T3279] ? init_inodes+0xcb/0x2e0
[ 90.845689][ T3279] ? vscnprintf+0x30/0x30
[ 90.850079][ T3279] ? gfs2_glock_nq_num+0x112/0x150
[ 90.855556][ T3279] init_inodes+0xcb/0x2e0
[ 90.859861][ T3279] gfs2_fill_super+0x129a/0x1a80
[ 90.864808][ T3279] ? gfs2_reconfigure+0xba0/0xba0
[ 90.869815][ T3279] ? init_locking+0xa5/0x1a0
[ 90.874487][ T3279] ? sb_set_blocksize+0x40/0xc0
[ 90.879308][ T3279] get_tree_bdev+0x3d2/0x610
[ 90.883966][ T3279] ? gfs2_reconfigure+0xba0/0xba0
[ 90.889071][ T3279] gfs2_get_tree+0x48/0x190
[ 90.893637][ T3279] vfs_get_tree+0x7d/0x180
[ 90.898033][ T3279] do_new_mount+0x1c6/0x7e0
[ 90.902507][ T3279] __se_sys_mount+0x216/0x2b0
[ 90.907153][ T3279] ? __x64_sys_mount+0xc0/0xc0
[ 90.911899][ T3279] do_syscall_64+0x4c/0xa0
[ 90.916396][ T3279] ? clear_bhb_loop+0x60/0xb0
[ 90.921044][ T3279] ? clear_bhb_loop+0x60/0xb0
[ 90.925695][ T3279] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 90.931648][ T3279] RIP: 0033:0x7f21801900ca
[ 90.936251][ T3279] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 90.956817][ T3279] RSP: 002b:00007f2181027e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.965575][ T3279] RAX: ffffffffffffffda RBX: 00007f2181027ef0 RCX: 00007f21801900ca
[ 90.973696][ T3279] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f2181027eb0
[ 90.982210][ T3279] RBP: 0000200000000400 R08: 00007f2181027ef0 R09: 0000000000200001
[ 90.990453][ T3279] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[ 90.998855][ T3279] R13: 00007f2181027eb0 R14: 00000000000125bb R15: 0000200000000180
[ 91.007256][ T3279]
[ 91.011297][ T3279] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[ 91.049373][ T3279] ==================================================================
[ 91.058508][ T3279] BUG: KASAN: use-after-free in lru_add_fn+0x181/0xee0
[ 91.065438][ T3279] Read of size 8 at addr ffff888074db33e8 by task syz.3.19/3279
[ 91.073130][ T3279]
[ 91.075429][ T3279] CPU: 1 PID: 3279 Comm: syz.3.19 Not tainted syzkaller #0
[ 91.082617][ T3279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 91.092735][ T3279] Call Trace:
[ 91.096099][ T3279]
[ 91.099016][ T3279] dump_stack_lvl+0xdc/0x15b
[ 91.103776][ T3279] ? show_regs_print_info+0x5/0x5
[ 91.108920][ T3279] ? load_image+0x550/0x550
[ 91.113496][ T3279] ? _raw_spin_lock_irqsave+0xa2/0xe0
[ 91.119111][ T3279] ? __virt_addr_valid+0x139/0x270
[ 91.124205][ T3279] ? __virt_addr_valid+0x21a/0x270
[ 91.129349][ T3279] ? lru_add_fn+0x181/0xee0
[ 91.133915][ T3279] print_report+0xa8/0x210
[ 91.138316][ T3279] kasan_report+0x10b/0x140
[ 91.142791][ T3279] ? lru_add_fn+0x181/0xee0
[ 91.147267][ T3279] ? lru_add_fn+0x13c/0xee0
[ 91.151836][ T3279] kasan_check_range+0x27b/0x290
[ 91.156748][ T3279] lru_add_fn+0x181/0xee0
[ 91.161223][ T3279] folio_batch_move_lru+0x20c/0x4c0
[ 91.166544][ T3279] ? folio_add_lru+0x7e0/0x7e0
[ 91.171485][ T3279] ? lru_add_drain_cpu+0x530/0x530
[ 91.176614][ T3279] lru_add_drain_cpu+0xc8/0x530
[ 91.181717][ T3279] ? filemap_remove_folio+0x13e/0x1e0
[ 91.187429][ T3279] ? folio_add_lru_vma+0x140/0x140
[ 91.192900][ T3279] ? folio_mapping+0xe2/0x300
[ 91.198354][ T3279] ? do_raw_spin_unlock+0x11d/0x230
[ 91.204157][ T3279] ? lru_add_drain+0x53/0x210
[ 91.208984][ T3279] ? lru_add_drain+0x53/0x210
[ 91.214006][ T3279] lru_add_drain+0xe5/0x210
[ 91.218582][ T3279] __pagevec_release+0x33/0xd0
[ 91.223425][ T3279] shmem_undo_range+0x5d4/0x1950
[ 91.228869][ T3279] ? shmem_truncate_range+0x90/0x90
[ 91.234500][ T3279] ? do_raw_spin_lock+0x11d/0x2c0
[ 91.240061][ T3279] ? __rwlock_init+0x140/0x140
[ 91.244934][ T3279] shmem_evict_inode+0x3be/0x8f0
[ 91.249857][ T3279] ? inode_wait_for_writeback+0x169/0x1b0
[ 91.255749][ T3279] ? shmem_free_in_core_inode+0x90/0x90
[ 91.261798][ T3279] ? do_raw_spin_lock+0x11d/0x2c0
[ 91.266971][ T3279] ? bit_waitqueue+0x30/0x30
[ 91.272284][ T3279] ? do_raw_spin_unlock+0x11d/0x230
[ 91.277854][ T3279] evict+0x3dd/0x810
[ 91.281734][ T3279] ? iput+0x469/0x5c0
[ 91.285776][ T3279] ? proc_nr_inodes+0x230/0x230
[ 91.290915][ T3279] ? fsnotify_grab_connector+0x2b/0xe0
[ 91.296362][ T3279] ? do_raw_spin_unlock+0x11d/0x230
[ 91.301565][ T3279] ? _raw_spin_unlock+0x24/0x40
[ 91.306477][ T3279] __dentry_kill+0x379/0x5d0
[ 91.311243][ T3279] dentry_kill+0xbb/0x1e0
[ 91.315563][ T3279] ? dput+0x36/0x290
[ 91.319776][ T3279] dput+0x143/0x290
[ 91.323819][ T3279] __fput+0x362/0x6f0
[ 91.327793][ T3279] task_work_run+0x142/0x1d0
[ 91.332470][ T3279] ? task_work_cancel+0x1f0/0x1f0
[ 91.337565][ T3279] exit_to_user_mode_loop+0xb9/0xd0
[ 91.342738][ T3279] exit_to_user_mode_prepare+0x91/0xd0
[ 91.348189][ T3279] syscall_exit_to_user_mode+0x16/0x30
[ 91.353633][ T3279] do_syscall_64+0x58/0xa0
[ 91.358034][ T3279] ? clear_bhb_loop+0x60/0xb0
[ 91.362726][ T3279] ? clear_bhb_loop+0x60/0xb0
[ 91.367402][ T3279] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 91.373560][ T3279] RIP: 0033:0x7f218018e52b
[ 91.378003][ T3279] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 91.398841][ T3279] RSP: 002b:00007f2181027e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 91.407425][ T3279] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 00007f218018e52b
[ 91.415480][ T3279] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
[ 91.423514][ T3279] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000200001
[ 91.431493][ T3279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 91.439730][ T3279] R13: 00007f2181027eb0 R14: 00000000000125bb R15: 0000200000000180
[ 91.448162][ T3279]
[ 91.451346][ T3279]
[ 91.453651][ T3279] Allocated by task 3279:
[ 91.458391][ T3279] kasan_set_track+0x4b/0x70
[ 91.462955][ T3279] __kasan_slab_alloc+0x6b/0x80
[ 91.467870][ T3279] slab_post_alloc_hook+0x4d/0x3f0
[ 91.472956][ T3279] kmem_cache_alloc+0x123/0x2a0
[ 91.477952][ T3279] gfs2_glock_get+0x1f5/0xd50
[ 91.482790][ T3279] gfs2_inode_lookup+0x1d0/0xa30
[ 91.487893][ T3279] gfs2_dir_search+0x12d/0x1f0
[ 91.492992][ T3279] gfs2_lookupi+0x3a6/0x4b0
[ 91.497842][ T3279] init_journal+0x6bb/0x1ea0
[ 91.502589][ T3279] init_inodes+0xcb/0x2e0
[ 91.506991][ T3279] gfs2_fill_super+0x129a/0x1a80
[ 91.512007][ T3279] get_tree_bdev+0x3d2/0x610
[ 91.516578][ T3279] gfs2_get_tree+0x48/0x190
[ 91.521171][ T3279] vfs_get_tree+0x7d/0x180
[ 91.525574][ T3279] do_new_mount+0x1c6/0x7e0
[ 91.530049][ T3279] __se_sys_mount+0x216/0x2b0
[ 91.534719][ T3279] do_syscall_64+0x4c/0xa0
[ 91.539219][ T3279] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 91.545187][ T3279]
[ 91.547576][ T3279] Freed by task 0:
[ 91.551388][ T3279] kasan_set_track+0x4b/0x70
[ 91.556138][ T3279] kasan_save_free_info+0x2d/0x50
[ 91.561241][ T3279] ____kasan_slab_free+0x126/0x1e0
[ 91.566516][ T3279] slab_free_freelist_hook+0x131/0x1a0
[ 91.571960][ T3279] kmem_cache_free+0xe3/0x260
[ 91.576606][ T3279] rcu_core+0x7fe/0x11e0
[ 91.580917][ T3279] handle_softirqs+0x1ac/0x500
[ 91.585653][ T3279] __irq_exit_rcu+0xc3/0x190
[ 91.590210][ T3279] sysvec_apic_timer_interrupt+0x8c/0xb0
[ 91.595820][ T3279] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 91.601866][ T3279]
[ 91.604165][ T3279] Last potentially related work creation:
[ 91.609886][ T3279] kasan_save_stack+0x3a/0x60
[ 91.614542][ T3279] __kasan_record_aux_stack+0xb2/0xc0
[ 91.620008][ T3279] call_rcu+0x147/0x780
[ 91.624136][ T3279] gfs2_glock_free+0x84b/0xa70
[ 91.628871][ T3279] gfs2_evict_inode+0xbdc/0xde0
[ 91.633740][ T3279] evict+0x3dd/0x810
[ 91.637606][ T3279] gfs2_jindex_free+0x357/0x3d0
[ 91.642475][ T3279] init_journal+0x253/0x1ea0
[ 91.647038][ T3279] init_inodes+0xcb/0x2e0
[ 91.651343][ T3279] gfs2_fill_super+0x129a/0x1a80
[ 91.656253][ T3279] get_tree_bdev+0x3d2/0x610
[ 91.660901][ T3279] gfs2_get_tree+0x48/0x190
[ 91.665416][ T3279] vfs_get_tree+0x7d/0x180
[ 91.669815][ T3279] do_new_mount+0x1c6/0x7e0
[ 91.674377][ T3279] __se_sys_mount+0x216/0x2b0
[ 91.679037][ T3279] do_syscall_64+0x4c/0xa0
[ 91.683692][ T3279] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 91.689828][ T3279]
[ 91.692132][ T3279] Second to last potentially related work creation:
[ 91.698946][ T3279] kasan_save_stack+0x3a/0x60
[ 91.703773][ T3279] __kasan_record_aux_stack+0xb2/0xc0
[ 91.709149][ T3279] insert_work+0x4e/0x2c0
[ 91.713631][ T3279] __queue_work+0x827/0xa60
[ 91.718377][ T3279] queue_delayed_work_on+0x1cb/0x280
[ 91.723666][ T3279] do_xmote+0x634/0xe50
[ 91.727970][ T3279] glock_work_func+0x1e0/0x3b0
[ 91.732711][ T3279] process_one_work+0x769/0xee0
[ 91.737711][ T3279] worker_thread+0x7f7/0xe10
[ 91.742270][ T3279] kthread+0x205/0x250
[ 91.746324][ T3279] ret_from_fork+0x1f/0x30
[ 91.750822][ T3279]
[ 91.753123][ T3279] The buggy address belongs to the object at ffff888074db2f88
[ 91.753123][ T3279] which belongs to the cache gfs2_glock(aspace) of size 1224
[ 91.768022][ T3279] The buggy address is located 1120 bytes inside of
[ 91.768022][ T3279] 1224-byte region [ffff888074db2f88, ffff888074db3450)
[ 91.781985][ T3279]
[ 91.784503][ T3279] The buggy address belongs to the physical page:
[ 91.792129][ T3279] page:ffffea0001d36c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74db0
[ 91.802376][ T3279] head:ffffea0001d36c00 order:2 compound_mapcount:0 compound_pincount:0
[ 91.810848][ T3279] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 91.819424][ T3279] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016699140
[ 91.828166][ T3279] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 91.836916][ T3279] page dumped because: kasan: bad access detected
[ 91.843802][ T3279] page_owner tracks the page as allocated
[ 91.849670][ T3279] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3275, tgid 3274 (syz.3.17), ts 89294060428, free_ts 89126359838
[ 91.872136][ T3279] post_alloc_hook+0x257/0x280
[ 91.876967][ T3279] get_page_from_freelist+0x2ce1/0x2e20
[ 91.882579][ T3279] __alloc_pages+0x1df/0x420
[ 91.887327][ T3279] alloc_slab_page+0x5d/0x160
[ 91.892125][ T3279] new_slab+0x70/0x250
[ 91.896269][ T3279] ___slab_alloc+0x9c1/0xe20
[ 91.900862][ T3279] kmem_cache_alloc+0x19d/0x2a0
[ 91.905772][ T3279] gfs2_glock_get+0x1f5/0xd50
[ 91.910509][ T3279] gfs2_inode_lookup+0x1d0/0xa30
[ 91.915421][ T3279] init_sb+0x7ae/0xfd0
[ 91.919470][ T3279] gfs2_fill_super+0x109f/0x1a80
[ 91.924582][ T3279] get_tree_bdev+0x3d2/0x610
[ 91.929330][ T3279] gfs2_get_tree+0x48/0x190
[ 91.933820][ T3279] vfs_get_tree+0x7d/0x180
[ 91.938385][ T3279] do_new_mount+0x1c6/0x7e0
[ 91.942967][ T3279] __se_sys_mount+0x216/0x2b0
[ 91.947626][ T3279] page last free stack trace:
[ 91.952466][ T3279] free_unref_page_prepare+0x821/0x8f0
[ 91.958005][ T3279] free_unref_page+0x2e/0x3a0
[ 91.962658][ T3279] __stack_depot_save+0x3b4/0x460
[ 91.967650][ T3279] kasan_set_track+0x60/0x70
[ 91.972309][ T3279] __kasan_kmalloc+0x8e/0xa0
[ 91.977073][ T3279] __kmalloc_node+0xa3/0x1c0
[ 91.981809][ T3279] memcg_alloc_slab_cgroups+0x83/0x120
[ 91.987237][ T3279] slab_post_alloc_hook+0x121/0x3f0
[ 91.992612][ T3279] kmem_cache_alloc+0x123/0x2a0
[ 91.997445][ T3279] __anon_vma_prepare+0x90/0x3c0
[ 92.002459][ T3279] handle_mm_fault+0x2a3c/0x2e00
[ 92.007406][ T3279] do_user_addr_fault+0x2ff/0x6e0
[ 92.012610][ T3279] exc_page_fault+0x4e/0xb0
[ 92.017191][ T3279] asm_exc_page_fault+0x22/0x30
[ 92.022107][ T3279]
[ 92.024526][ T3279] Memory state around the buggy address:
[ 92.030388][ T3279] ffff888074db3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.038534][ T3279] ffff888074db3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.046754][ T3279] >ffff888074db3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.054896][ T3279] ^
[ 92.062759][ T3279] ffff888074db3400: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 92.070881][ T3279] ffff888074db3480: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 92.078996][ T3279] ==================================================================
[ 92.087126][ T3279] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.095070][ T3279] Kernel Offset: disabled
[ 92.099732][ T3279] Rebooting in 86400 seconds..