Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs [ 33.044390][ T6573] cgroup: Unknown subsys name 'net' [ 33.194299][ T6573] cgroup: Unknown subsys name 'cpuset' [ 33.196199][ T6573] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 33.359029][ T6573] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 40.694589][ T6587] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.696396][ T6587] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.697215][ T6587] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.697685][ T6587] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.698044][ T6587] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.786104][ T6584] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 41.143378][ T6611] chnl_net:caif_netlink_parms(): no params data found [ 41.166774][ T6611] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.168340][ T6611] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.169610][ T6611] bridge_slave_0: entered allmulticast mode [ 41.171112][ T6611] bridge_slave_0: entered promiscuous mode [ 41.174768][ T6611] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.176068][ T6611] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.176138][ T6611] bridge_slave_1: entered allmulticast mode [ 41.176550][ T6611] bridge_slave_1: entered promiscuous mode [ 41.188733][ T6611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.189577][ T6611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.196500][ T6611] team0: Port device team_slave_0 added [ 41.197547][ T6611] team0: Port device team_slave_1 added [ 41.204149][ T6611] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.204167][ T6611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.204180][ T6611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.204859][ T6611] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.204865][ T6611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.204878][ T6611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.221210][ T6611] hsr_slave_0: entered promiscuous mode [ 41.221538][ T6611] hsr_slave_1: entered promiscuous mode [ 41.368781][ T6611] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.372754][ T6611] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.375499][ T6611] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.378079][ T6611] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.400418][ T6611] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.400467][ T6611] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.400639][ T6611] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.400662][ T6611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.414561][ T6611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.418330][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.420048][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.430152][ T6611] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.432832][ T5074] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.432877][ T5074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.444073][ T5074] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.444117][ T5074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.484751][ T6611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.495631][ T6611] veth0_vlan: entered promiscuous mode [ 41.497322][ T6611] veth1_vlan: entered promiscuous mode [ 41.502863][ T6611] veth0_macvtap: entered promiscuous mode [ 41.524049][ T6611] veth1_macvtap: entered promiscuous mode [ 41.527890][ T6611] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.528910][ T6611] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.531832][ T5226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.536639][ T5226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.538188][ T5226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.542138][ T5226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.845618][ T5226] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.879052][ T5226] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.938719][ T5226] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.986643][ T5226] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.139705][ T375] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.141268][ T375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.149987][ T3590] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.151347][ T3590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:00:42 executed programs: 0 [ 42.606655][ T6161] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.607021][ T6161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.607163][ T6161] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.607427][ T6161] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.607621][ T6161] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 42.665506][ T6683] chnl_net:caif_netlink_parms(): no params data found [ 42.685001][ T6683] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.685072][ T6683] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.685163][ T6683] bridge_slave_0: entered allmulticast mode [ 42.685602][ T6683] bridge_slave_0: entered promiscuous mode [ 42.686359][ T6683] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.686401][ T6683] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.686450][ T6683] bridge_slave_1: entered allmulticast mode [ 42.686846][ T6683] bridge_slave_1: entered promiscuous mode [ 42.698972][ T6683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.699913][ T6683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.707217][ T6683] team0: Port device team_slave_0 added [ 42.707923][ T6683] team0: Port device team_slave_1 added [ 42.715735][ T6683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.715756][ T6683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.715769][ T6683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.716290][ T6683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.716296][ T6683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.716307][ T6683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.732576][ T6683] hsr_slave_0: entered promiscuous mode [ 42.733166][ T6683] hsr_slave_1: entered promiscuous mode [ 42.733477][ T6683] debugfs: 'hsr0' already exists in 'hsr' [ 42.733523][ T6683] Cannot create hsr debugfs directory [ 44.663191][ T6161] Bluetooth: hci0: command tx timeout [ 45.316055][ T5226] bridge_slave_1: left allmulticast mode [ 45.316095][ T5226] bridge_slave_1: left promiscuous mode [ 45.316390][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.320862][ T5226] bridge_slave_0: left allmulticast mode [ 45.321289][ T5226] bridge_slave_0: left promiscuous mode [ 45.321383][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.485386][ T5226] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.514706][ T5226] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.543847][ T5226] bond0 (unregistering): Released all slaves [ 45.625396][ T5226] hsr_slave_0: left promiscuous mode [ 45.626837][ T5226] hsr_slave_1: left promiscuous mode [ 45.628050][ T5226] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.629423][ T5226] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.632109][ T5226] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.633435][ T5226] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.646358][ T5226] veth1_macvtap: left promiscuous mode [ 45.646417][ T5226] veth0_macvtap: left promiscuous mode [ 45.646471][ T5226] veth1_vlan: left promiscuous mode [ 45.646521][ T5226] veth0_vlan: left promiscuous mode [ 45.758819][ T5226] team0 (unregistering): Port device team_slave_1 removed [ 45.767218][ T5226] team0 (unregistering): Port device team_slave_0 removed [ 46.056515][ T6683] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.060105][ T6683] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.062695][ T6683] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.071556][ T6683] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.105529][ T6683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.110236][ T6683] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.112165][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.112204][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.115226][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.115249][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.167648][ T6683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.179268][ T6683] veth0_vlan: entered promiscuous mode [ 46.181641][ T6683] veth1_vlan: entered promiscuous mode [ 46.189559][ T6683] veth0_macvtap: entered promiscuous mode [ 46.190484][ T6683] veth1_macvtap: entered promiscuous mode [ 46.195242][ T6683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.196419][ T6683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.198969][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.200755][ T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.202857][ T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.206376][ T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.360834][ T3590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.362216][ T3590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.370924][ T4832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.371051][ T4832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.492285][ T6745] loop0: detected capacity change from 0 to 32768 [ 46.492862][ T6745] ======================================================= [ 46.492862][ T6745] WARNING: The mand mount option has been deprecated and [ 46.492862][ T6745] and is ignored by this kernel. Remove the mand [ 46.492862][ T6745] option from the mount to silence this warning. [ 46.492862][ T6745] ======================================================= [ 46.502226][ T6745] JBD2: Ignoring recovery information on journal [ 46.516523][ T6745] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 46.527037][ T6745] overlayfs: upper fs does not support tmpfile. ** replaying previous printk message ** [ 46.527037][ T6745] overlayfs: upper fs does not support tmpfile. [ 46.527980][ T6745] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 46.528082][ T6745] [ 46.531131][ T6745] ====================================================== [ 46.532137][ T6745] WARNING: possible circular locking dependency detected [ 46.533245][ T6745] syzkaller #0 Not tainted [ 46.533931][ T6745] ------------------------------------------------------ [ 46.535048][ T6745] syz.0.17/6745 is trying to acquire lock: [ 46.535877][ T6745] ffff0000f513a640 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.537901][ T6745] [ 46.537901][ T6745] but task is already holding lock: [ 46.538924][ T6745] ffff0000f513dc78 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 46.540349][ T6745] [ 46.540349][ T6745] which lock already depends on the new lock. [ 46.540349][ T6745] [ 46.541948][ T6745] [ 46.541948][ T6745] the existing dependency chain (in reverse order) is: [ 46.543320][ T6745] [ 46.543320][ T6745] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 46.544655][ T6745] down_write+0x50/0xc0 [ 46.545380][ T6745] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 46.546226][ T6745] ocfs2_init_security_set+0xb4/0xd8 [ 46.547062][ T6745] ocfs2_mknod+0x104c/0x1cf0 [ 46.547874][ T6745] ocfs2_mkdir+0x178/0x474 [ 46.548627][ T6745] vfs_mkdir+0x408/0x48c [ 46.549374][ T6745] do_mkdirat+0x238/0x448 [ 46.550145][ T6745] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.550992][ T6745] invoke_syscall+0x98/0x254 [ 46.551756][ T6745] el0_svc_common+0xe8/0x23c [ 46.552553][ T6745] do_el0_svc+0x48/0x58 [ 46.553258][ T6745] el0_svc+0x5c/0x26c [ 46.553972][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.554825][ T6745] el0t_64_sync+0x198/0x19c [ 46.555659][ T6745] [ 46.555659][ T6745] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 46.556996][ T6745] down_read+0x58/0x308 [ 46.557681][ T6745] ocfs2_start_trans+0x35c/0x6b0 [ 46.558489][ T6745] ocfs2_reserve_suballoc_bits+0x74c/0x3ea0 [ 46.559508][ T6745] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 46.560573][ T6745] ocfs2_mknod+0xbb8/0x1cf0 [ 46.561343][ T6745] ocfs2_mkdir+0x178/0x474 [ 46.562088][ T6745] vfs_mkdir+0x408/0x48c [ 46.562824][ T6745] do_mkdirat+0x238/0x448 [ 46.563526][ T6745] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.564370][ T6745] invoke_syscall+0x98/0x254 [ 46.565199][ T6745] el0_svc_common+0xe8/0x23c [ 46.565975][ T6745] do_el0_svc+0x48/0x58 [ 46.566645][ T6745] el0_svc+0x5c/0x26c [ 46.567380][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.568230][ T6745] el0t_64_sync+0x198/0x19c [ 46.568969][ T6745] [ 46.568969][ T6745] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 46.570078][ T6745] ocfs2_start_trans+0x1f4/0x6b0 [ 46.570822][ T6745] ocfs2_mknod+0xc30/0x1cf0 [ 46.571546][ T6745] ocfs2_mkdir+0x178/0x474 [ 46.572285][ T6745] vfs_mkdir+0x408/0x48c [ 46.573011][ T6745] do_mkdirat+0x238/0x448 [ 46.573703][ T6745] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.574549][ T6745] invoke_syscall+0x98/0x254 [ 46.575310][ T6745] el0_svc_common+0xe8/0x23c [ 46.576023][ T6745] do_el0_svc+0x48/0x58 [ 46.576670][ T6745] el0_svc+0x5c/0x26c [ 46.577319][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.578135][ T6745] el0t_64_sync+0x198/0x19c [ 46.578840][ T6745] [ 46.578840][ T6745] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 46.580381][ T6745] __lock_acquire+0x1774/0x30a4 [ 46.581144][ T6745] lock_acquire+0x140/0x2e0 [ 46.581854][ T6745] down_write+0x50/0xc0 [ 46.582543][ T6745] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.583559][ T6745] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 46.584559][ T6745] ocfs2_reserve_clusters+0x3c/0x50 [ 46.585477][ T6745] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 46.586419][ T6745] ocfs2_xattr_set+0x920/0xe9c [ 46.587260][ T6745] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.588027][ T6745] __vfs_setxattr+0x3d8/0x400 [ 46.588814][ T6745] __vfs_setxattr_noperm+0x120/0x5c4 [ 46.589740][ T6745] __vfs_setxattr_locked+0x1e8/0x214 [ 46.590632][ T6745] vfs_setxattr+0x158/0x2a8 [ 46.591429][ T6745] ovl_fill_super+0x3d74/0x4cdc [ 46.592250][ T6745] get_tree_nodev+0xb4/0x144 [ 46.593077][ T6745] ovl_get_tree+0x28/0x38 [ 46.593755][ T6745] vfs_get_tree+0x90/0x28c [ 46.594516][ T6745] do_new_mount+0x284/0x944 [ 46.595220][ T6745] path_mount+0x5b4/0xdfc [ 46.595946][ T6745] __arm64_sys_mount+0x3e8/0x468 [ 46.596786][ T6745] invoke_syscall+0x98/0x254 [ 46.597570][ T6745] el0_svc_common+0xe8/0x23c [ 46.598283][ T6745] do_el0_svc+0x48/0x58 [ 46.598970][ T6745] el0_svc+0x5c/0x26c [ 46.599612][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.600415][ T6745] el0t_64_sync+0x198/0x19c [ 46.601102][ T6745] [ 46.601102][ T6745] other info that might help us debug this: [ 46.601102][ T6745] [ 46.602694][ T6745] Chain exists of: [ 46.602694][ T6745] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem [ 46.602694][ T6745] [ 46.605277][ T6745] Possible unsafe locking scenario: [ 46.605277][ T6745] [ 46.606358][ T6745] CPU0 CPU1 [ 46.607130][ T6745] ---- ---- [ 46.607917][ T6745] lock(&oi->ip_xattr_sem); [ 46.608634][ T6745] lock(&journal->j_trans_barrier); [ 46.609804][ T6745] lock(&oi->ip_xattr_sem); [ 46.610790][ T6745] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]); [ 46.611870][ T6745] [ 46.611870][ T6745] *** DEADLOCK *** [ 46.611870][ T6745] [ 46.613052][ T6745] 4 locks held by syz.0.17/6745: [ 46.613777][ T6745] #0: ffff0000c90980e0 (&type->s_umount_key#54/1){+.+.}-{4:4}, at: alloc_super+0x210/0x908 [ 46.615252][ T6745] #1: ffff0000c8158420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 46.616622][ T6745] #2: ffff0000f513df40 (&sb->s_type->i_mutex_key#24){++++}-{4:4}, at: vfs_setxattr+0x138/0x2a8 [ 46.618197][ T6745] #3: ffff0000f513dc78 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 46.619687][ T6745] [ 46.619687][ T6745] stack backtrace: [ 46.620534][ T6745] CPU: 1 UID: 0 PID: 6745 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.621835][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.623354][ T6745] Call trace: [ 46.623822][ T6745] show_stack+0x2c/0x3c (C) [ 46.624463][ T6745] __dump_stack+0x30/0x40 [ 46.625160][ T6745] dump_stack_lvl+0xd8/0x12c [ 46.625823][ T6745] dump_stack+0x1c/0x28 [ 46.626476][ T6745] print_circular_bug+0x324/0x32c [ 46.627225][ T6745] check_noncircular+0x154/0x174 [ 46.627991][ T6745] __lock_acquire+0x1774/0x30a4 [ 46.628788][ T6745] lock_acquire+0x140/0x2e0 [ 46.629478][ T6745] down_write+0x50/0xc0 [ 46.630098][ T6745] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.630990][ T6745] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 46.631876][ T6745] ocfs2_reserve_clusters+0x3c/0x50 [ 46.632546][ T6745] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 46.633407][ T6745] ocfs2_xattr_set+0x920/0xe9c [ 46.634117][ T6745] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.634914][ T6745] __vfs_setxattr+0x3d8/0x400 [ 46.635570][ T6745] __vfs_setxattr_noperm+0x120/0x5c4 [ 46.636330][ T6745] __vfs_setxattr_locked+0x1e8/0x214 [ 46.637096][ T6745] vfs_setxattr+0x158/0x2a8 [ 46.637768][ T6745] ovl_fill_super+0x3d74/0x4cdc [ 46.638500][ T6745] get_tree_nodev+0xb4/0x144 [ 46.639167][ T6745] ovl_get_tree+0x28/0x38 [ 46.639880][ T6745] vfs_get_tree+0x90/0x28c [ 46.640572][ T6745] do_new_mount+0x284/0x944 [ 46.641231][ T6745] path_mount+0x5b4/0xdfc [ 46.641903][ T6745] __arm64_sys_mount+0x3e8/0x468 [ 46.642637][ T6745] invoke_syscall+0x98/0x254 [ 46.643339][ T6745] el0_svc_common+0xe8/0x23c [ 46.644045][ T6745] do_el0_svc+0x48/0x58 [ 46.644653][ T6745] el0_svc+0x5c/0x26c [ 46.645273][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.646044][ T6745] el0t_64_sync+0x198/0x19c [ 46.649238][ T6745] ** replaying previous printk message ** [ 46.649238][ T6745] ------------[ cut here ]------------ [ 46.649254][ T6745] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3 [ 46.649266][ T6745] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]') [ 46.649277][ T6745] CPU: 1 UID: 0 PID: 6745 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.649292][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.649296][ T6745] Call trace: [ 46.649298][ T6745] show_stack+0x2c/0x3c (C) [ 46.649308][ T6745] __dump_stack+0x30/0x40 [ 46.649313][ T6745] dump_stack_lvl+0xd8/0x12c [ 46.649319][ T6745] dump_stack+0x1c/0x28 [ 46.649324][ T6745] ubsan_epilogue+0x14/0x48 [ 46.649329][ T6745] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 46.649335][ T6745] ocfs2_xa_remove_entry+0x314/0x384 [ 46.649341][ T6745] ocfs2_xa_set+0x938/0x23c0 [ 46.649347][ T6745] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.649353][ T6745] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.649359][ T6745] ocfs2_xattr_set+0xb38/0xe9c [ 46.649365][ T6745] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.649370][ T6745] __vfs_removexattr+0x3bc/0x3e4 [ 46.649376][ T6745] __vfs_removexattr_locked+0x1cc/0x204 [ 46.649381][ T6745] vfs_removexattr+0x80/0x18c [ 46.649386][ T6745] ovl_fill_super+0x3e40/0x4cdc [ 46.649392][ T6745] get_tree_nodev+0xb4/0x144 [ 46.649398][ T6745] ovl_get_tree+0x28/0x38 [ 46.649405][ T6745] vfs_get_tree+0x90/0x28c [ 46.649410][ T6745] do_new_mount+0x284/0x944 [ 46.649416][ T6745] path_mount+0x5b4/0xdfc [ 46.649422][ T6745] __arm64_sys_mount+0x3e8/0x468 [ 46.649428][ T6745] invoke_syscall+0x98/0x254 [ 46.649433][ T6745] el0_svc_common+0xe8/0x23c [ 46.649438][ T6745] do_el0_svc+0x48/0x58 [ 46.649443][ T6745] el0_svc+0x5c/0x26c [ 46.649449][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.649454][ T6745] el0t_64_sync+0x198/0x19c [ 46.649460][ T6745] ---[ end trace ]--- [ 46.649463][ T6745] ------------[ cut here ]------------ [ 46.649465][ T6745] memset: detected buffer overflow: 16 byte write of buffer size 0 [ 46.649591][ T6745] WARNING: lib/string_helpers.c:1036 at __fortify_report+0xa4/0xc0, CPU#1: syz.0.17/6745 [ 46.680657][ T6745] Modules linked in: [ 46.681216][ T6745] CPU: 1 UID: 0 PID: 6745 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.682504][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.683948][ T6745] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 46.685202][ T6745] pc : __fortify_report+0xa4/0xc0 [ 46.685885][ T6745] lr : __fortify_report+0xa4/0xc0 [ 46.686638][ T6745] sp : ffff8000a3e16660 [ 46.687196][ T6745] x29: ffff8000a3e16660 x28: 1fffe0001efd02c6 x27: dfff800000000000 [ 46.688371][ T6745] x26: ffff0000f7e81640 x25: 0000000000000000 x24: 0000000000000001 [ 46.689646][ T6745] x23: 000000000000000f x22: ffff80008b5a20d8 x21: 0000000000000001 [ 46.690891][ T6745] x20: 0000000000000010 x19: 0000000000000000 x18: 00000000ffffffff [ 46.692032][ T6745] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 46.693242][ T6745] x14: 1ffff000147c2c04 x13: 0000000000000000 x12: 0000000000000000 [ 46.694421][ T6745] x11: 0000000000000855 x10: 0000000000ff0100 x9 : d85746ba435ac400 [ 46.695670][ T6745] x8 : d85746ba435ac400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 46.696862][ T6745] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 46.698023][ T6745] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 46.699140][ T6745] Call trace: [ 46.699648][ T6745] __fortify_report+0xa4/0xc0 (P) [ 46.700429][ T6745] __fortify_panic+0x10/0x14 [ 46.701093][ T6745] ocfs2_xa_remove_entry+0x34c/0x384 [ 46.701958][ T6745] ocfs2_xa_set+0x938/0x23c0 [ 46.702711][ T6745] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.703495][ T6745] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.704305][ T6745] ocfs2_xattr_set+0xb38/0xe9c [ 46.704973][ T6745] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.705770][ T6745] __vfs_removexattr+0x3bc/0x3e4 [ 46.706512][ T6745] __vfs_removexattr_locked+0x1cc/0x204 [ 46.707319][ T6745] vfs_removexattr+0x80/0x18c [ 46.708041][ T6745] ovl_fill_super+0x3e40/0x4cdc [ 46.708800][ T6745] get_tree_nodev+0xb4/0x144 [ 46.709505][ T6745] ovl_get_tree+0x28/0x38 [ 46.710142][ T6745] vfs_get_tree+0x90/0x28c [ 46.710829][ T6745] do_new_mount+0x284/0x944 [ 46.711551][ T6745] path_mount+0x5b4/0xdfc [ 46.712199][ T6745] __arm64_sys_mount+0x3e8/0x468 [ 46.712896][ T6745] invoke_syscall+0x98/0x254 [ 46.713581][ T6745] el0_svc_common+0xe8/0x23c [ 46.714247][ T6745] do_el0_svc+0x48/0x58 [ 46.714918][ T6745] el0_svc+0x5c/0x26c [ 46.715525][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.716275][ T6745] el0t_64_sync+0x198/0x19c [ 46.716973][ T6745] irq event stamp: 49861 [ 46.717552][ T6745] hardirqs last enabled at (49861): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 46.719288][ T6745] hardirqs last disabled at (49860): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 46.720998][ T6745] softirqs last enabled at (48690): [] local_bh_enable+0x10/0x34 [ 46.722634][ T6745] softirqs last disabled at (48688): [] local_bh_disable+0x10/0x34 [ 46.724235][ T6745] ---[ end trace 0000000000000000 ]--- [ 46.726821][ T6745] ------------[ cut here ]------------ [ 46.726827][ T6745] kernel BUG at lib/string_helpers.c:1043! [ 46.726833][ T6745] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 46.729649][ T6745] Modules linked in: [ 46.730284][ T6745] CPU: 1 UID: 0 PID: 6745 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT [ 46.731886][ T6745] Tainted: [W]=WARN [ 46.732486][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.734061][ T6745] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 46.735306][ T6745] pc : __fortify_panic+0x10/0x14 [ 46.736120][ T6745] lr : __fortify_panic+0x10/0x14 [ 46.736905][ T6745] sp : ffff8000a3e166a0 [ 46.737575][ T6745] x29: ffff8000a3e166a0 x28: 1fffe0001efd02c6 x27: dfff800000000000 [ 46.738835][ T6745] x26: ffff0000f7e81640 x25: 0000000000000000 x24: 0000000000000001 [ 46.740151][ T6745] x23: ffff0000f7e81650 x22: 0000000000000001 x21: 0000000000000001 [ 46.741501][ T6745] x20: 0000000000000001 x19: ffff0000f7e81630 x18: 00000000ffffffff [ 46.742727][ T6745] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 46.743927][ T6745] x14: 1ffff000147c2c04 x13: 0000000000000000 x12: 0000000000000000 [ 46.745149][ T6745] x11: 0000000000000855 x10: 0000000000ff0100 x9 : d85746ba435ac400 [ 46.746343][ T6745] x8 : d85746ba435ac400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 46.747496][ T6745] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 46.748660][ T6745] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 46.749863][ T6745] Call trace: [ 46.750382][ T6745] __fortify_panic+0x10/0x14 (P) [ 46.751181][ T6745] ocfs2_xa_remove_entry+0x34c/0x384 [ 46.751969][ T6745] ocfs2_xa_set+0x938/0x23c0 [ 46.752756][ T6745] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.753626][ T6745] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.754483][ T6745] ocfs2_xattr_set+0xb38/0xe9c [ 46.755211][ T6745] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.756025][ T6745] __vfs_removexattr+0x3bc/0x3e4 [ 46.756791][ T6745] __vfs_removexattr_locked+0x1cc/0x204 [ 46.757602][ T6745] vfs_removexattr+0x80/0x18c [ 46.758284][ T6745] ovl_fill_super+0x3e40/0x4cdc [ 46.759062][ T6745] get_tree_nodev+0xb4/0x144 [ 46.759783][ T6745] ovl_get_tree+0x28/0x38 [ 46.760442][ T6745] vfs_get_tree+0x90/0x28c [ 46.761131][ T6745] do_new_mount+0x284/0x944 [ 46.761864][ T6745] path_mount+0x5b4/0xdfc [ 46.762536][ T6745] __arm64_sys_mount+0x3e8/0x468 [ 46.763305][ T6745] invoke_syscall+0x98/0x254 [ 46.764013][ T6745] el0_svc_common+0xe8/0x23c [ 46.764701][ T6745] do_el0_svc+0x48/0x58 [ 46.765363][ T6745] el0_svc+0x5c/0x26c [ 46.765974][ T6745] el0t_64_sync_handler+0x84/0x12c [ 46.766725][ T6745] el0t_64_sync+0x198/0x19c [ 46.767426][ T6745] Code: d503233f a9bf7bfd 910003fd 94b2f454 (d4210000) [ 46.768499][ T6745] ---[ end trace 0000000000000000 ]--- [ 47.058930][ T6745] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 47.059911][ T6745] SMP: stopping secondary CPUs [ 47.060560][ T6745] Kernel Offset: disabled [ 47.061156][ T6745] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 47.062098][ T6745] Memory Limit: none [ 47.294321][ T6745] Rebooting in 86400 seconds..