[   70.827774][   T99] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts.
2025/08/09 09:15:04 ignoring optional flag "sandboxArg"="0"
2025/08/09 09:15:04 parsed 1 programs
[   78.171389][ T2458] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/08/09 09:15:12 executed programs: 0
[   89.538428][ T3277] loop3: detected capacity change from 0 to 32768
[   89.546322][ T3277] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[   89.555172][ T3277] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[   89.565262][ T3277] syz.3.16: attempt to access beyond end of device
[   89.565262][ T3277] loop3: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[   89.580558][ T3277] gfs2: fsid=norecovery.s: fatal: filesystem consistency error
[   89.580558][ T3277]   inode = 1 19
[   89.580558][ T3277]   function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115
[   89.599828][ T3277] gfs2: fsid=norecovery.s: G:  s:SH n:2/13 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:2
[   89.609288][ T3277] gfs2: fsid=norecovery.s:  H: s:SH f:eEcH e:0 p:3277 [syz.3.16] init_journal+0x1594/0x1ea0
[   89.620135][ T3277] gfs2: fsid=norecovery.s:  I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[   89.629470][ T3277] gfs2: fsid=norecovery.s: about to withdraw this file system
[   89.637197][ T3277] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[   89.646475][ T3277] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[   89.653561][ T3277] gfs2: fsid=norecovery.s: File system withdrawn
[   89.660904][ T3277] CPU: 1 PID: 3277 Comm: syz.3.16 Not tainted 6.1.147-syzkaller #0
[   89.668833][ T3277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   89.678861][ T3277] Call Trace:
[   89.682204][ T3277]  <TASK>
[   89.685214][ T3277]  dump_stack_lvl+0xdc/0x15b
[   89.689776][ T3277]  ? show_regs_print_info+0x5/0x5
[   89.694792][ T3277]  ? load_image+0x550/0x550
[   89.699276][ T3277]  gfs2_withdraw+0xebb/0x1230
[   89.704028][ T3277]  ? gfs2_lm+0x1e0/0x1e0
[   89.708251][ T3277]  ? gfs2_glock_nq+0xa1c/0x1190
[   89.713082][ T3277]  ? gfs2_consist_inode_i+0xec/0x110
[   89.718360][ T3277]  gfs2_jdesc_check+0xe5/0x1b0
[   89.723104][ T3277]  check_journal_clean+0x15d/0x290
[   89.728190][ T3277]  ? gfs2_trans_remove_revoke+0x300/0x300
[   89.733890][ T3277]  ? init_journal+0x1594/0x1ea0
[   89.738724][ T3277]  ? __rwlock_init+0x140/0x140
[   89.743481][ T3277]  ? do_raw_spin_unlock+0x11d/0x230
[   89.748666][ T3277]  ? _raw_spin_unlock+0x24/0x40
[   89.753502][ T3277]  ? gfs2_jdesc_find+0x91/0xa0
[   89.758252][ T3277]  init_journal+0x1594/0x1ea0
[   89.762917][ T3277]  ? __lock_acquire+0xc40/0xc40
[   89.767747][ T3277]  ? init_inodes+0xcb/0x2e0
[   89.772257][ T3277]  ? _compound_head+0xa0/0xa0
[   89.776916][ T3277]  ? vsnprintf+0x118/0x1a70
[   89.781407][ T3277]  ? snprintf+0xcd/0x110
[   89.785636][ T3277]  ? init_inodes+0xcb/0x2e0
[   89.790125][ T3277]  ? vscnprintf+0x30/0x30
[   89.794448][ T3277]  ? gfs2_glock_nq_num+0x112/0x150
[   89.799544][ T3277]  init_inodes+0xcb/0x2e0
[   89.803855][ T3277]  gfs2_fill_super+0x129a/0x1a80
[   89.808777][ T3277]  ? gfs2_reconfigure+0xba0/0xba0
[   89.813784][ T3277]  ? init_locking+0xa5/0x1a0
[   89.818358][ T3277]  ? sb_set_blocksize+0x40/0xc0
[   89.823377][ T3277]  get_tree_bdev+0x3d2/0x610
[   89.828046][ T3277]  ? gfs2_reconfigure+0xba0/0xba0
[   89.833054][ T3277]  gfs2_get_tree+0x48/0x190
[   89.837558][ T3277]  vfs_get_tree+0x7d/0x180
[   89.841959][ T3277]  do_new_mount+0x1c6/0x7e0
[   89.846443][ T3277]  __se_sys_mount+0x216/0x2b0
[   89.851102][ T3277]  ? __x64_sys_mount+0xc0/0xc0
[   89.855849][ T3277]  do_syscall_64+0x4c/0xa0
[   89.860246][ T3277]  ? clear_bhb_loop+0x60/0xb0
[   89.864909][ T3277]  ? clear_bhb_loop+0x60/0xb0
[   89.869568][ T3277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   89.875443][ T3277] RIP: 0033:0x7f5d4c5900ca
[   89.879930][ T3277] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.899531][ T3277] RSP: 002b:00007f5d4d392e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   89.907968][ T3277] RAX: ffffffffffffffda RBX: 00007f5d4d392ef0 RCX: 00007f5d4c5900ca
[   89.916014][ T3277] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f5d4d392eb0
[   89.924060][ T3277] RBP: 0000200000000400 R08: 00007f5d4d392ef0 R09: 0000000000200001
[   89.932018][ T3277] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[   89.939979][ T3277] R13: 00007f5d4d392eb0 R14: 00000000000125bb R15: 0000200000000180
[   89.947939][ T3277]  </TASK>
[   89.951768][ T3277] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[   89.998159][ T3277] ==================================================================
[   90.006252][ T3277] BUG: KASAN: use-after-free in lru_add_fn+0x181/0xee0
[   90.013104][ T3277] Read of size 8 at addr ffff888075bd9438 by task syz.3.16/3277
[   90.020719][ T3277] 
[   90.023017][ T3277] CPU: 1 PID: 3277 Comm: syz.3.16 Not tainted 6.1.147-syzkaller #0
[   90.030879][ T3277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   90.040920][ T3277] Call Trace:
[   90.044189][ T3277]  <TASK>
[   90.047106][ T3277]  dump_stack_lvl+0xdc/0x15b
[   90.051685][ T3277]  ? show_regs_print_info+0x5/0x5
[   90.056775][ T3277]  ? load_image+0x550/0x550
[   90.061255][ T3277]  ? _raw_spin_lock_irqsave+0xa2/0xe0
[   90.066617][ T3277]  ? __virt_addr_valid+0x139/0x270
[   90.071709][ T3277]  ? __virt_addr_valid+0x21a/0x270
[   90.076801][ T3277]  ? lru_add_fn+0x181/0xee0
[   90.081287][ T3277]  print_report+0xa8/0x200
[   90.085696][ T3277]  kasan_report+0x10b/0x140
[   90.090182][ T3277]  ? lru_add_fn+0x181/0xee0
[   90.094669][ T3277]  ? lru_add_fn+0x13c/0xee0
[   90.099152][ T3277]  kasan_check_range+0x27b/0x290
[   90.104072][ T3277]  lru_add_fn+0x181/0xee0
[   90.108390][ T3277]  folio_batch_move_lru+0x20c/0x4c0
[   90.113573][ T3277]  ? folio_add_lru+0x7e0/0x7e0
[   90.118770][ T3277]  ? lru_add_drain_cpu+0x530/0x530
[   90.123864][ T3277]  lru_add_drain_cpu+0xc8/0x530
[   90.128792][ T3277]  ? filemap_remove_folio+0x13e/0x1e0
[   90.134155][ T3277]  ? folio_add_lru_vma+0x140/0x140
[   90.139246][ T3277]  ? folio_mapping+0xe2/0x300
[   90.143906][ T3277]  ? do_raw_spin_unlock+0x11d/0x230
[   90.149089][ T3277]  ? lru_add_drain+0x53/0x210
[   90.153748][ T3277]  ? lru_add_drain+0x53/0x210
[   90.158414][ T3277]  lru_add_drain+0xe5/0x210
[   90.162919][ T3277]  __pagevec_release+0x33/0xd0
[   90.167667][ T3277]  shmem_undo_range+0x5d4/0x1950
[   90.172588][ T3277]  ? shmem_truncate_range+0x90/0x90
[   90.177769][ T3277]  ? do_raw_spin_lock+0x11d/0x2c0
[   90.182776][ T3277]  ? __rwlock_init+0x140/0x140
[   90.187525][ T3277]  shmem_evict_inode+0x3be/0x8f0
[   90.192483][ T3277]  ? inode_wait_for_writeback+0x169/0x1b0
[   90.198277][ T3277]  ? shmem_free_in_core_inode+0x90/0x90
[   90.203824][ T3277]  ? do_raw_spin_lock+0x11d/0x2c0
[   90.208851][ T3277]  ? bit_waitqueue+0x30/0x30
[   90.213499][ T3277]  ? do_raw_spin_unlock+0x11d/0x230
[   90.218686][ T3277]  evict+0x3dd/0x810
[   90.222568][ T3277]  ? iput+0x469/0x5c0
[   90.226537][ T3277]  ? proc_nr_inodes+0x230/0x230
[   90.231456][ T3277]  ? fsnotify_grab_connector+0x2b/0xe0
[   90.236895][ T3277]  ? do_raw_spin_unlock+0x11d/0x230
[   90.242075][ T3277]  ? _raw_spin_unlock+0x24/0x40
[   90.246909][ T3277]  __dentry_kill+0x379/0x5d0
[   90.251484][ T3277]  dentry_kill+0xbb/0x1e0
[   90.255806][ T3277]  ? dput+0x36/0x290
[   90.259686][ T3277]  dput+0x143/0x290
[   90.263483][ T3277]  __fput+0x362/0x6f0
[   90.267538][ T3277]  task_work_run+0x142/0x1d0
[   90.272110][ T3277]  ? task_work_cancel+0x1f0/0x1f0
[   90.277124][ T3277]  exit_to_user_mode_loop+0xb9/0xd0
[   90.282302][ T3277]  exit_to_user_mode_prepare+0x64/0xb0
[   90.287742][ T3277]  syscall_exit_to_user_mode+0x16/0x30
[   90.293186][ T3277]  do_syscall_64+0x58/0xa0
[   90.297586][ T3277]  ? clear_bhb_loop+0x60/0xb0
[   90.302244][ T3277]  ? clear_bhb_loop+0x60/0xb0
[   90.306898][ T3277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.313122][ T3277] RIP: 0033:0x7f5d4c58e52b
[   90.317521][ T3277] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   90.337116][ T3277] RSP: 002b:00007f5d4d392e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.345516][ T3277] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 00007f5d4c58e52b
[   90.353480][ T3277] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
[   90.361456][ T3277] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000200001
[   90.369411][ T3277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   90.377368][ T3277] R13: 00007f5d4d392eb0 R14: 00000000000125bb R15: 0000200000000180
[   90.385323][ T3277]  </TASK>
[   90.388324][ T3277] 
[   90.390633][ T3277] Allocated by task 3277:
[   90.394942][ T3277]  kasan_set_track+0x4b/0x70
[   90.399518][ T3277]  __kasan_slab_alloc+0x6b/0x80
[   90.404354][ T3277]  slab_post_alloc_hook+0x4d/0x3f0
[   90.409593][ T3277]  kmem_cache_alloc+0x123/0x2a0
[   90.414436][ T3277]  gfs2_glock_get+0x1f5/0xd50
[   90.419213][ T3277]  gfs2_inode_lookup+0x1d0/0xa30
[   90.424141][ T3277]  gfs2_dir_search+0x12d/0x1f0
[   90.428888][ T3277]  gfs2_lookupi+0x3a6/0x4b0
[   90.433373][ T3277]  init_journal+0x6bb/0x1ea0
[   90.437944][ T3277]  init_inodes+0xcb/0x2e0
[   90.442257][ T3277]  gfs2_fill_super+0x129a/0x1a80
[   90.447179][ T3277]  get_tree_bdev+0x3d2/0x610
[   90.451753][ T3277]  gfs2_get_tree+0x48/0x190
[   90.456236][ T3277]  vfs_get_tree+0x7d/0x180
[   90.460630][ T3277]  do_new_mount+0x1c6/0x7e0
[   90.465112][ T3277]  __se_sys_mount+0x216/0x2b0
[   90.469772][ T3277]  do_syscall_64+0x4c/0xa0
[   90.474176][ T3277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.480138][ T3277] 
[   90.482451][ T3277] Freed by task 0:
[   90.486156][ T3277]  kasan_set_track+0x4b/0x70
[   90.490728][ T3277]  kasan_save_free_info+0x2d/0x50
[   90.495820][ T3277]  ____kasan_slab_free+0x126/0x1e0
[   90.500912][ T3277]  slab_free_freelist_hook+0x131/0x1a0
[   90.506357][ T3277]  kmem_cache_free+0xe3/0x260
[   90.511019][ T3277]  rcu_core+0x7fe/0x11e0
[   90.515246][ T3277]  handle_softirqs+0x1ac/0x500
[   90.519992][ T3277]  __irq_exit_rcu+0xc3/0x190
[   90.524568][ T3277]  sysvec_apic_timer_interrupt+0x8c/0xb0
[   90.530184][ T3277]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[   90.536180][ T3277] 
[   90.538498][ T3277] Last potentially related work creation:
[   90.544203][ T3277]  kasan_save_stack+0x3a/0x60
[   90.548949][ T3277]  __kasan_record_aux_stack+0xb2/0xc0
[   90.554301][ T3277]  call_rcu+0x147/0x780
[   90.558449][ T3277]  gfs2_glock_free+0x84b/0xa70
[   90.563196][ T3277]  gfs2_evict_inode+0xbdc/0xde0
[   90.568026][ T3277]  evict+0x3dd/0x810
[   90.571904][ T3277]  gfs2_jindex_free+0x357/0x3d0
[   90.576732][ T3277]  init_journal+0x253/0x1ea0
[   90.581306][ T3277]  init_inodes+0xcb/0x2e0
[   90.585619][ T3277]  gfs2_fill_super+0x129a/0x1a80
[   90.590564][ T3277]  get_tree_bdev+0x3d2/0x610
[   90.595659][ T3277]  gfs2_get_tree+0x48/0x190
[   90.600151][ T3277]  vfs_get_tree+0x7d/0x180
[   90.604554][ T3277]  do_new_mount+0x1c6/0x7e0
[   90.609054][ T3277]  __se_sys_mount+0x216/0x2b0
[   90.613745][ T3277]  do_syscall_64+0x4c/0xa0
[   90.618163][ T3277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.624053][ T3277] 
[   90.626367][ T3277] Second to last potentially related work creation:
[   90.632935][ T3277]  kasan_save_stack+0x3a/0x60
[   90.637597][ T3277]  __kasan_record_aux_stack+0xb2/0xc0
[   90.642949][ T3277]  insert_work+0x4e/0x2c0
[   90.647259][ T3277]  __queue_work+0x827/0xa60
[   90.651747][ T3277]  queue_delayed_work_on+0x1cb/0x280
[   90.657015][ T3277]  do_xmote+0x634/0xe50
[   90.661158][ T3277]  glock_work_func+0x1e0/0x3b0
[   90.665907][ T3277]  process_one_work+0x769/0xee0
[   90.670740][ T3277]  worker_thread+0x7f7/0xe10
[   90.675322][ T3277]  kthread+0x205/0x250
[   90.679371][ T3277]  ret_from_fork+0x1f/0x30
[   90.683769][ T3277] 
[   90.686088][ T3277] The buggy address belongs to the object at ffff888075bd8fd8
[   90.686088][ T3277]  which belongs to the cache gfs2_glock(aspace) of size 1224
[   90.700819][ T3277] The buggy address is located 1120 bytes inside of
[   90.700819][ T3277]  1224-byte region [ffff888075bd8fd8, ffff888075bd94a0)
[   90.714244][ T3277] 
[   90.716556][ T3277] The buggy address belongs to the physical page:
[   90.722948][ T3277] page:ffffea0001d6f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75bd8
[   90.733080][ T3277] head:ffffea0001d6f600 order:2 compound_mapcount:0 compound_pincount:0
[   90.741408][ T3277] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   90.749388][ T3277] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016ab78c0
[   90.757964][ T3277] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   90.766534][ T3277] page dumped because: kasan: bad access detected
[   90.772931][ T3277] page_owner tracks the page as allocated
[   90.778629][ T3277] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3277, tgid 3276 (syz.3.16), ts 89563296524, free_ts 89563120274
[   90.800227][ T3277]  post_alloc_hook+0x257/0x280
[   90.804993][ T3277]  get_page_from_freelist+0x2ce1/0x2e20
[   90.810526][ T3277]  __alloc_pages+0x1df/0x420
[   90.815120][ T3277]  alloc_slab_page+0x5d/0x160
[   90.819786][ T3277]  new_slab+0x70/0x250
[   90.823837][ T3277]  ___slab_alloc+0x9c1/0xe10
[   90.828841][ T3277]  kmem_cache_alloc+0x19d/0x2a0
[   90.833695][ T3277]  gfs2_glock_get+0x1f5/0xd50
[   90.838355][ T3277]  gfs2_inode_lookup+0x1d0/0xa30
[   90.843294][ T3277]  init_sb+0x7ae/0xfd0
[   90.847437][ T3277]  gfs2_fill_super+0x109f/0x1a80
[   90.852358][ T3277]  get_tree_bdev+0x3d2/0x610
[   90.856934][ T3277]  gfs2_get_tree+0x48/0x190
[   90.861416][ T3277]  vfs_get_tree+0x7d/0x180
[   90.865825][ T3277]  do_new_mount+0x1c6/0x7e0
[   90.870312][ T3277]  __se_sys_mount+0x216/0x2b0
[   90.874969][ T3277] page last free stack trace:
[   90.879643][ T3277]  free_unref_page_prepare+0x821/0x8f0
[   90.885082][ T3277]  free_unref_page+0x2e/0x3a0
[   90.889739][ T3277]  __stack_depot_save+0x3b4/0x460
[   90.894767][ T3277]  kasan_set_track+0x60/0x70
[   90.899339][ T3277]  __kasan_slab_alloc+0x6b/0x80
[   90.904170][ T3277]  slab_post_alloc_hook+0x4d/0x3f0
[   90.909268][ T3277]  kmem_cache_alloc_lru+0x11a/0x2a0
[   90.914464][ T3277]  xas_create+0xd47/0x13c0
[   90.918858][ T3277]  xas_store+0x76/0x1310
[   90.923073][ T3277]  memcg_list_lru_alloc+0x607/0x8e0
[   90.928267][ T3277]  slab_pre_alloc_hook+0x1a1/0x2c0
[   90.933368][ T3277]  kmem_cache_alloc_lru+0x49/0x2a0
[   90.938458][ T3277]  gfs2_alloc_inode+0x4b/0x110
[   90.943288][ T3277]  iget5_locked+0x82/0x1f0
[   90.947688][ T3277]  gfs2_inode_lookup+0xc8/0xa30
[   90.952519][ T3277]  init_sb+0x7ae/0xfd0
[   90.956567][ T3277] 
[   90.958875][ T3277] Memory state around the buggy address:
[   90.964484][ T3277]  ffff888075bd9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.972526][ T3277]  ffff888075bd9380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.980568][ T3277] >ffff888075bd9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.988610][ T3277]                                         ^
[   90.994572][ T3277]  ffff888075bd9480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   91.002620][ T3277]  ffff888075bd9500: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[   91.010660][ T3277] ==================================================================
[   91.018702][ T3277] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   91.026020][ T3277] Kernel Offset: disabled
[   91.030344][ T3277] Rebooting in 86400 seconds..