Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
[   70.888883][   T95] cfg80211: failed to load regulatory.db
2025/11/08 01:47:07 parsed 1 programs
[   72.982548][ T2460] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/11/08 01:47:15 executed programs: 0
[   84.214140][ T3270] loop3: detected capacity change from 0 to 32768
[   84.227706][ T3270] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[   84.236596][ T3270] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[   84.247054][ T3270] syz.3.16: attempt to access beyond end of device
[   84.247054][ T3270] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[   84.262569][ T3270] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[   84.262569][ T3270]   inode = 1 19
[   84.262569][ T3270]   function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[   84.281774][ T3270] gfs2: fsid=norecovery.s: G:  s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[   84.291473][ T3270] gfs2: fsid=norecovery.s:  H: s:SH f:eEcH e:0 p:3270 [syz.3.16] init_journal+0x1594/0x1ea0
[   84.301779][ T3270] gfs2: fsid=norecovery.s:  I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[   84.310673][ T3270] gfs2: fsid=norecovery.s: about to withdraw this file system
[   84.318298][ T3270] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[   84.327464][ T3270] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[   84.334386][ T3270] gfs2: fsid=norecovery.s: File system withdrawn
[   84.340745][ T3270] CPU: 1 PID: 3270 Comm: syz.3.16 Not tainted syzkaller #0
[   84.347947][ T3270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   84.358000][ T3270] Call Trace:
[   84.361254][ T3270]  <TASK>
[   84.364159][ T3270]  dump_stack_lvl+0xdc/0x15b
[   84.368722][ T3270]  ? show_regs_print_info+0x5/0x5
[   84.373801][ T3270]  ? load_image+0x550/0x550
[   84.378373][ T3270]  gfs2_withdraw+0xebb/0x1230
[   84.383034][ T3270]  ? gfs2_lm+0x1e0/0x1e0
[   84.387246][ T3270]  ? gfs2_glock_nq+0xa1c/0x1190
[   84.392114][ T3270]  ? gfs2_consist_inode_i+0xec/0x110
[   84.397367][ T3270]  gfs2_jdesc_check+0xe5/0x1b0
[   84.402119][ T3270]  check_journal_clean+0x15d/0x290
[   84.407220][ T3270]  ? gfs2_trans_remove_revoke+0x300/0x300
[   84.412923][ T3270]  ? init_journal+0x1594/0x1ea0
[   84.417757][ T3270]  ? __rwlock_init+0x140/0x140
[   84.422509][ T3270]  ? do_raw_spin_unlock+0x11d/0x230
[   84.427705][ T3270]  ? _raw_spin_unlock+0x24/0x40
[   84.432541][ T3270]  ? gfs2_jdesc_find+0x91/0xa0
[   84.437292][ T3270]  init_journal+0x1594/0x1ea0
[   84.441954][ T3270]  ? __lock_acquire+0xc40/0xc40
[   84.446820][ T3270]  ? init_inodes+0xcb/0x2e0
[   84.451310][ T3270]  ? _compound_head+0xa0/0xa0
[   84.455981][ T3270]  ? vsnprintf+0x118/0x1a70
[   84.460468][ T3270]  ? snprintf+0xcd/0x110
[   84.464705][ T3270]  ? init_inodes+0xcb/0x2e0
[   84.469195][ T3270]  ? vscnprintf+0x30/0x30
[   84.473950][ T3270]  ? gfs2_glock_nq_num+0x112/0x150
[   84.479055][ T3270]  init_inodes+0xcb/0x2e0
[   84.483372][ T3270]  gfs2_fill_super+0x129a/0x1a80
[   84.488318][ T3270]  ? gfs2_reconfigure+0xba0/0xba0
[   84.493342][ T3270]  ? init_locking+0xa5/0x1a0
[   84.498055][ T3270]  ? sb_set_blocksize+0x40/0xc0
[   84.502906][ T3270]  get_tree_bdev+0x3d2/0x610
[   84.507493][ T3270]  ? gfs2_reconfigure+0xba0/0xba0
[   84.512513][ T3270]  gfs2_get_tree+0x48/0x190
[   84.517006][ T3270]  vfs_get_tree+0x7d/0x180
[   84.521413][ T3270]  do_new_mount+0x1c6/0x7e0
[   84.525900][ T3270]  __se_sys_mount+0x216/0x2b0
[   84.530583][ T3270]  ? __x64_sys_mount+0xc0/0xc0
[   84.535351][ T3270]  do_syscall_64+0x4c/0xa0
[   84.539944][ T3270]  ? clear_bhb_loop+0x60/0xb0
[   84.544614][ T3270]  ? clear_bhb_loop+0x60/0xb0
[   84.549364][ T3270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   84.555245][ T3270] RIP: 0033:0x7f938f1900ca
[   84.559653][ T3270] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.579247][ T3270] RSP: 002b:00007f9390075e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   84.587735][ T3270] RAX: ffffffffffffffda RBX: 00007f9390075ef0 RCX: 00007f938f1900ca
[   84.595785][ T3270] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f9390075eb0
[   84.603749][ T3270] RBP: 0000200000000400 R08: 00007f9390075ef0 R09: 0000000000200001
[   84.611731][ T3270] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[   84.619788][ T3270] R13: 00007f9390075eb0 R14: 00000000000125bb R15: 0000200000000180
[   84.627755][ T3270]  </TASK>
[   84.631505][ T3270] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[   84.682816][ T3237] ==================================================================
[   84.691019][ T3237] BUG: KASAN: use-after-free in lru_add_fn+0x181/0xee0
[   84.697852][ T3237] Read of size 8 at addr ffff8880153e1438 by task udevd/3237
[   84.705201][ T3237] 
[   84.707506][ T3237] CPU: 1 PID: 3237 Comm: udevd Not tainted syzkaller #0
[   84.714410][ T3237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   84.724537][ T3237] Call Trace:
[   84.727813][ T3237]  <TASK>
[   84.730718][ T3237]  dump_stack_lvl+0xdc/0x15b
[   84.735298][ T3237]  ? show_regs_print_info+0x5/0x5
[   84.740375][ T3237]  ? load_image+0x550/0x550
[   84.744844][ T3237]  ? _raw_spin_lock_irqsave+0xa2/0xe0
[   84.750199][ T3237]  ? __virt_addr_valid+0x139/0x270
[   84.755284][ T3237]  ? __virt_addr_valid+0x21a/0x270
[   84.760418][ T3237]  ? lru_add_fn+0x181/0xee0
[   84.764894][ T3237]  print_report+0xa8/0x210
[   84.769288][ T3237]  kasan_report+0x10b/0x140
[   84.773767][ T3237]  ? lru_add_fn+0x181/0xee0
[   84.778412][ T3237]  ? lru_add_fn+0x13c/0xee0
[   84.782900][ T3237]  kasan_check_range+0x27b/0x290
[   84.787806][ T3237]  lru_add_fn+0x181/0xee0
[   84.792100][ T3237]  folio_batch_move_lru+0x20c/0x4c0
[   84.797271][ T3237]  ? folio_add_lru+0x7e0/0x7e0
[   84.802020][ T3237]  ? lru_add_drain_cpu+0x530/0x530
[   84.807104][ T3237]  lru_add_drain_cpu+0xc8/0x530
[   84.811919][ T3237]  ? filemap_remove_folio+0x13e/0x1e0
[   84.817263][ T3237]  ? folio_add_lru_vma+0x140/0x140
[   84.822338][ T3237]  ? folio_mapping+0xe2/0x300
[   84.826993][ T3237]  ? do_raw_spin_unlock+0x11d/0x230
[   84.832171][ T3237]  ? lru_add_drain+0x53/0x210
[   84.836810][ T3237]  ? lru_add_drain+0x53/0x210
[   84.841540][ T3237]  lru_add_drain+0xe5/0x210
[   84.846019][ T3237]  __pagevec_release+0x33/0xd0
[   84.850756][ T3237]  shmem_undo_range+0x5d4/0x1950
[   84.855673][ T3237]  ? shmem_truncate_range+0x90/0x90
[   84.860833][ T3237]  ? do_raw_spin_lock+0x11d/0x2c0
[   84.865821][ T3237]  ? __rwlock_init+0x140/0x140
[   84.870551][ T3237]  shmem_evict_inode+0x3be/0x8f0
[   84.875460][ T3237]  ? inode_wait_for_writeback+0x169/0x1b0
[   84.881318][ T3237]  ? shmem_free_in_core_inode+0x90/0x90
[   84.886917][ T3237]  ? do_raw_spin_lock+0x11d/0x2c0
[   84.891906][ T3237]  ? bit_waitqueue+0x30/0x30
[   84.896465][ T3237]  ? do_raw_spin_unlock+0x11d/0x230
[   84.901638][ T3237]  evict+0x3dd/0x810
[   84.905511][ T3237]  ? __lock_acquire+0xc40/0xc40
[   84.910332][ T3237]  ? proc_nr_inodes+0x230/0x230
[   84.915154][ T3237]  ? do_raw_spin_unlock+0x11d/0x230
[   84.920323][ T3237]  ? _raw_spin_unlock+0x24/0x40
[   84.925232][ T3237]  ? iput+0x469/0x5c0
[   84.929180][ T3237]  __dentry_kill+0x379/0x5d0
[   84.933737][ T3237]  dentry_kill+0xbb/0x1e0
[   84.938033][ T3237]  ? dput+0x36/0x290
[   84.941892][ T3237]  dput+0x143/0x290
[   84.945668][ T3237]  do_renameat2+0x710/0xa80
[   84.950144][ T3237]  ? fsnotify_move+0x400/0x400
[   84.954873][ T3237]  ? __check_object_size+0x372/0x6c0
[   84.960143][ T3237]  ? strncpy_from_user+0x68/0x1b0
[   84.965142][ T3237]  ? getname_flags+0x111/0x430
[   84.969886][ T3237]  __x64_sys_rename+0x7d/0x90
[   84.974540][ T3237]  do_syscall_64+0x4c/0xa0
[   84.978943][ T3237]  ? clear_bhb_loop+0x60/0xb0
[   84.983586][ T3237]  ? clear_bhb_loop+0x60/0xb0
[   84.988225][ T3237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   84.994086][ T3237] RIP: 0033:0x7efd95c7acc7
[   84.998468][ T3237] Code: e8 5e a7 09 00 f7 d8 19 c0 5b c3 0f 1f 84 00 00 00 00 00 b8 ff ff ff ff 5b c3 66 0f 1f 84 00 00 00 00 00 b8 52 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 01 61 17 00 f7 d8 64 89 02 b8
[   85.018041][ T3237] RSP: 002b:00007fffabae1ba8 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[   85.026418][ T3237] RAX: ffffffffffffffda RBX: 0000564484be03b0 RCX: 00007efd95c7acc7
[   85.034357][ T3237] RDX: 0000564484bb0010 RSI: 00007fffabae1bc0 RDI: 00007fffabae1fc0
[   85.042295][ T3237] RBP: 0000564484bc3b30 R08: 00000000000001e0 R09: 0000000000000000
[   85.050244][ T3237] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffabae1bc0
[   85.058185][ T3237] R13: 00007fffabae1fc0 R14: 0000000000000000 R15: 00005644479679dd
[   85.066141][ T3237]  </TASK>
[   85.069131][ T3237] 
[   85.071442][ T3237] Allocated by task 3270:
[   85.075738][ T3237]  kasan_set_track+0x4b/0x70
[   85.080294][ T3237]  __kasan_slab_alloc+0x6b/0x80
[   85.085113][ T3237]  slab_post_alloc_hook+0x4d/0x3f0
[   85.090189][ T3237]  kmem_cache_alloc+0x123/0x2a0
[   85.095006][ T3237]  gfs2_glock_get+0x1f5/0xd50
[   85.099659][ T3237]  gfs2_inode_lookup+0x1d0/0xa30
[   85.104575][ T3237]  gfs2_dir_search+0x12d/0x1f0
[   85.109407][ T3237]  gfs2_lookupi+0x3a6/0x4b0
[   85.113887][ T3237]  init_journal+0x6bb/0x1ea0
[   85.118446][ T3237]  init_inodes+0xcb/0x2e0
[   85.122753][ T3237]  gfs2_fill_super+0x129a/0x1a80
[   85.127666][ T3237]  get_tree_bdev+0x3d2/0x610
[   85.132220][ T3237]  gfs2_get_tree+0x48/0x190
[   85.136701][ T3237]  vfs_get_tree+0x7d/0x180
[   85.141083][ T3237]  do_new_mount+0x1c6/0x7e0
[   85.145561][ T3237]  __se_sys_mount+0x216/0x2b0
[   85.150220][ T3237]  do_syscall_64+0x4c/0xa0
[   85.154600][ T3237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   85.160461][ T3237] 
[   85.162769][ T3237] Freed by task 0:
[   85.166454][ T3237]  kasan_set_track+0x4b/0x70
[   85.171097][ T3237]  kasan_save_free_info+0x2d/0x50
[   85.176147][ T3237]  ____kasan_slab_free+0x126/0x1e0
[   85.181225][ T3237]  slab_free_freelist_hook+0x131/0x1a0
[   85.186659][ T3237]  kmem_cache_free+0xe3/0x260
[   85.191318][ T3237]  rcu_core+0x7fe/0x11e0
[   85.195616][ T3237]  handle_softirqs+0x1ac/0x500
[   85.200348][ T3237]  __irq_exit_rcu+0xc3/0x190
[   85.204905][ T3237]  sysvec_apic_timer_interrupt+0x8c/0xb0
[   85.210519][ T3237]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[   85.216462][ T3237] 
[   85.218756][ T3237] Last potentially related work creation:
[   85.224439][ T3237]  kasan_save_stack+0x3a/0x60
[   85.229081][ T3237]  __kasan_record_aux_stack+0xb2/0xc0
[   85.234417][ T3237]  call_rcu+0x147/0x780
[   85.238549][ T3237]  gfs2_glock_free+0x84b/0xa70
[   85.243293][ T3237]  gfs2_evict_inode+0xbdc/0xde0
[   85.248108][ T3237]  evict+0x3dd/0x810
[   85.251969][ T3237]  gfs2_jindex_free+0x357/0x3d0
[   85.256800][ T3237]  init_journal+0x253/0x1ea0
[   85.261390][ T3237]  init_inodes+0xcb/0x2e0
[   85.265714][ T3237]  gfs2_fill_super+0x129a/0x1a80
[   85.270633][ T3237]  get_tree_bdev+0x3d2/0x610
[   85.275210][ T3237]  gfs2_get_tree+0x48/0x190
[   85.279681][ T3237]  vfs_get_tree+0x7d/0x180
[   85.284123][ T3237]  do_new_mount+0x1c6/0x7e0
[   85.288594][ T3237]  __se_sys_mount+0x216/0x2b0
[   85.293237][ T3237]  do_syscall_64+0x4c/0xa0
[   85.297634][ T3237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   85.303509][ T3237] 
[   85.305820][ T3237] Second to last potentially related work creation:
[   85.312385][ T3237]  kasan_save_stack+0x3a/0x60
[   85.317034][ T3237]  __kasan_record_aux_stack+0xb2/0xc0
[   85.322374][ T3237]  insert_work+0x4e/0x2c0
[   85.326673][ T3237]  __queue_work+0x827/0xa60
[   85.331161][ T3237]  queue_delayed_work_on+0x1cb/0x280
[   85.336424][ T3237]  do_xmote+0x634/0xe50
[   85.340562][ T3237]  glock_work_func+0x1e0/0x3b0
[   85.345327][ T3237]  process_one_work+0x769/0xee0
[   85.350155][ T3237]  worker_thread+0x7f7/0xe10
[   85.354798][ T3237]  kthread+0x205/0x250
[   85.358831][ T3237]  ret_from_fork+0x1f/0x30
[   85.363212][ T3237] 
[   85.365508][ T3237] The buggy address belongs to the object at ffff8880153e0fd8
[   85.365508][ T3237]  which belongs to the cache gfs2_glock(aspace) of size 1224
[   85.380309][ T3237] The buggy address is located 1120 bytes inside of
[   85.380309][ T3237]  1224-byte region [ffff8880153e0fd8, ffff8880153e14a0)
[   85.393721][ T3237] 
[   85.396028][ T3237] The buggy address belongs to the physical page:
[   85.402417][ T3237] page:ffffea000054f800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x153e0
[   85.412539][ T3237] head:ffffea000054f800 order:2 compound_mapcount:0 compound_pincount:0
[   85.420826][ T3237] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   85.428776][ T3237] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016a94500
[   85.437333][ T3237] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   85.445879][ T3237] page dumped because: kasan: bad access detected
[   85.452323][ T3237] page_owner tracks the page as allocated
[   85.458017][ T3237] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3270, tgid 3269 (syz.3.16), ts 84245166566, free_ts 84221464472
[   85.479599][ T3237]  post_alloc_hook+0x257/0x280
[   85.484332][ T3237]  get_page_from_freelist+0x2ce1/0x2e20
[   85.489843][ T3237]  __alloc_pages+0x1df/0x420
[   85.494397][ T3237]  alloc_slab_page+0x5d/0x160
[   85.499039][ T3237]  new_slab+0x70/0x250
[   85.503072][ T3237]  ___slab_alloc+0x9c1/0xe20
[   85.507625][ T3237]  kmem_cache_alloc+0x19d/0x2a0
[   85.512439][ T3237]  gfs2_glock_get+0x1f5/0xd50
[   85.517086][ T3237]  gfs2_inode_lookup+0x1d0/0xa30
[   85.521986][ T3237]  init_sb+0x7ae/0xfd0
[   85.526029][ T3237]  gfs2_fill_super+0x109f/0x1a80
[   85.530932][ T3237]  get_tree_bdev+0x3d2/0x610
[   85.535500][ T3237]  gfs2_get_tree+0x48/0x190
[   85.539983][ T3237]  vfs_get_tree+0x7d/0x180
[   85.544372][ T3237]  do_new_mount+0x1c6/0x7e0
[   85.548846][ T3237]  __se_sys_mount+0x216/0x2b0
[   85.553509][ T3237] page last free stack trace:
[   85.558155][ T3237]  free_unref_page_prepare+0x821/0x8f0
[   85.564040][ T3237]  free_unref_page+0x2e/0x3a0
[   85.568689][ T3237]  __stack_depot_save+0x3b4/0x460
[   85.573680][ T3237]  kasan_set_track+0x60/0x70
[   85.578255][ T3237]  __kasan_kmalloc+0x8e/0xa0
[   85.582861][ T3237]  __kmalloc_node_track_caller+0xa1/0x1c0
[   85.588547][ T3237]  kstrdup_const+0x4b/0x70
[   85.592928][ T3237]  __kernfs_new_node+0x8f/0x650
[   85.597745][ T3237]  kernfs_create_dir_ns+0xf5/0x270
[   85.602823][ T3237]  sysfs_create_dir_ns+0x118/0x250
[   85.607918][ T3237]  kobject_add_internal+0x45a/0x8c0
[   85.613094][ T3237]  kobject_init_and_add+0x100/0x160
[   85.618256][ T3237]  gfs2_sys_fs_add+0x225/0x430
[   85.625457][ T3237]  gfs2_fill_super+0xf85/0x1a80
[   85.630294][ T3237]  get_tree_bdev+0x3d2/0x610
[   85.634853][ T3237]  gfs2_get_tree+0x48/0x190
[   85.639411][ T3237] 
[   85.641710][ T3237] Memory state around the buggy address:
[   85.647307][ T3237]  ffff8880153e1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.655335][ T3237]  ffff8880153e1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.663380][ T3237] >ffff8880153e1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.671511][ T3237]                                         ^
[   85.677375][ T3237]  ffff8880153e1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   85.685407][ T3237]  ffff8880153e1500: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[   85.693436][ T3237] ==================================================================
[   85.701565][ T3237] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.803857][ T3237] Shutting down cpus with NMI
[   86.808817][ T3237] Kernel Offset: disabled
[   86.813121][ T3237] Rebooting in 86400 seconds..