Warning: Permanently added '10.128.1.230' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 parsed 1 programs [ 33.952545][ T6573] cgroup: Unknown subsys name 'net' [ 34.092357][ T6573] cgroup: Unknown subsys name 'cpuset' [ 34.094324][ T6573] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 34.315718][ T6573] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 38.533669][ T6581] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.772019][ T6592] chnl_net:caif_netlink_parms(): no params data found [ 38.792875][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.793140][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.793203][ T6592] bridge_slave_0: entered allmulticast mode [ 38.793643][ T6592] bridge_slave_0: entered promiscuous mode [ 38.794795][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.794834][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.794875][ T6592] bridge_slave_1: entered allmulticast mode [ 38.795281][ T6592] bridge_slave_1: entered promiscuous mode [ 38.819451][ T6592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.820293][ T6592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.827184][ T6592] team0: Port device team_slave_0 added [ 38.827855][ T6592] team0: Port device team_slave_1 added [ 38.835292][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.835312][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.835322][ T6592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.836016][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.836023][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.836035][ T6592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.858104][ T6592] hsr_slave_0: entered promiscuous mode [ 38.858425][ T6592] hsr_slave_1: entered promiscuous mode [ 38.900607][ T6592] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.903630][ T6592] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.905752][ T6592] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.908654][ T6592] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.917692][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.917738][ T6592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.917909][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.917942][ T6592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.930740][ T6592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.935574][ T6592] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.027234][ T6592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.038794][ T6592] veth0_vlan: entered promiscuous mode [ 39.040957][ T6592] veth1_vlan: entered promiscuous mode [ 39.047612][ T6592] veth0_macvtap: entered promiscuous mode [ 39.048530][ T6592] veth1_macvtap: entered promiscuous mode [ 39.056732][ T6592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.058026][ T6592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.060673][ T3086] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.063306][ T3086] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.063349][ T3086] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.063386][ T3086] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.316408][ T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.365864][ T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.417591][ T41] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.467205][ T41] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.603059][ T6162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.605615][ T6162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.607073][ T6162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.608699][ T6162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.610281][ T6162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.946804][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.946831][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.956143][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.956165][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:00:40 executed programs: 0 [ 40.386083][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.387653][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.389316][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.391874][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.393391][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.443442][ T6682] chnl_net:caif_netlink_parms(): no params data found [ 40.462561][ T6682] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.462626][ T6682] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.462712][ T6682] bridge_slave_0: entered allmulticast mode [ 40.463133][ T6682] bridge_slave_0: entered promiscuous mode [ 40.463898][ T6682] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.463940][ T6682] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.463993][ T6682] bridge_slave_1: entered allmulticast mode [ 40.464429][ T6682] bridge_slave_1: entered promiscuous mode [ 40.476838][ T6682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.478508][ T6682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.485715][ T6682] team0: Port device team_slave_0 added [ 40.486487][ T6682] team0: Port device team_slave_1 added [ 40.493896][ T6682] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.493914][ T6682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.493934][ T6682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.494859][ T6682] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.494866][ T6682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.494879][ T6682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.510144][ T6682] hsr_slave_0: entered promiscuous mode [ 40.510466][ T6682] hsr_slave_1: entered promiscuous mode [ 40.510766][ T6682] debugfs: 'hsr0' already exists in 'hsr' [ 40.510807][ T6682] Cannot create hsr debugfs directory [ 42.411321][ T6162] Bluetooth: hci0: command tx timeout [ 42.461961][ T41] bridge_slave_1: left allmulticast mode [ 42.461999][ T41] bridge_slave_1: left promiscuous mode [ 42.462375][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.465787][ T41] bridge_slave_0: left allmulticast mode [ 42.465810][ T41] bridge_slave_0: left promiscuous mode [ 42.465870][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.603932][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 42.652199][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 42.671699][ T41] bond0 (unregistering): Released all slaves [ 42.767972][ T41] hsr_slave_0: left promiscuous mode [ 42.768897][ T41] hsr_slave_1: left promiscuous mode [ 42.769167][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 42.769181][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 42.769542][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 42.769551][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 42.777030][ T41] veth1_macvtap: left promiscuous mode [ 42.777083][ T41] veth0_macvtap: left promiscuous mode [ 42.777278][ T41] veth1_vlan: left promiscuous mode [ 42.777323][ T41] veth0_vlan: left promiscuous mode [ 42.887548][ T41] team0 (unregistering): Port device team_slave_1 removed [ 42.893701][ T41] team0 (unregistering): Port device team_slave_0 removed [ 43.085753][ T6682] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.088355][ T6682] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.090448][ T6682] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.095572][ T6682] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.118046][ T6682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.122271][ T6682] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.124129][ T547] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.124213][ T547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.128898][ T3086] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.128937][ T3086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.140577][ T6682] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 43.140608][ T6682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.185216][ T6682] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.196680][ T6682] veth0_vlan: entered promiscuous mode [ 43.198395][ T6682] veth1_vlan: entered promiscuous mode [ 43.224618][ T6682] veth0_macvtap: entered promiscuous mode [ 43.226922][ T6682] veth1_macvtap: entered promiscuous mode [ 43.233598][ T6682] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.237207][ T6682] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.239305][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.241355][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.243625][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.245182][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.258304][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.261395][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.268836][ T3086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.268875][ T3086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.398973][ T6731] loop0: detected capacity change from 0 to 32768 [ 43.410227][ T6731] ======================================================= [ 43.410227][ T6731] WARNING: The mand mount option has been deprecated and [ 43.410227][ T6731] and is ignored by this kernel. Remove the mand [ 43.410227][ T6731] option from the mount to silence this warning. [ 43.410227][ T6731] ======================================================= [ 43.421157][ T6731] JBD2: Ignoring recovery information on journal [ 43.437525][ T6731] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 43.455222][ T6731] overlayfs: upper fs does not support tmpfile. [ 43.467249][ T6731] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 43.470273][ T6731] [ 43.470634][ T6731] ====================================================== [ 43.471679][ T6731] WARNING: possible circular locking dependency detected [ 43.472721][ T6731] syzkaller #0 Not tainted [ 43.473356][ T6731] ------------------------------------------------------ [ 43.474337][ T6731] syz.0.17/6731 is trying to acquire lock: [ 43.475160][ T6731] ffff0000f8c42640 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 43.477208][ T6731] [ 43.477208][ T6731] but task is already holding lock: [ 43.478247][ T6731] ffff0000f8d12378 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 43.479613][ T6731] [ 43.479613][ T6731] which lock already depends on the new lock. [ 43.479613][ T6731] [ 43.481079][ T6731] [ 43.481079][ T6731] the existing dependency chain (in reverse order) is: [ 43.482444][ T6731] [ 43.482444][ T6731] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 43.483541][ T6731] down_write+0x50/0xc0 [ 43.484257][ T6731] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 43.485108][ T6731] ocfs2_init_security_set+0xb4/0xd8 [ 43.485995][ T6731] ocfs2_mknod+0x104c/0x1cf0 [ 43.486745][ T6731] ocfs2_mkdir+0x178/0x474 [ 43.487410][ T6731] vfs_mkdir+0x408/0x48c [ 43.488134][ T6731] do_mkdirat+0x238/0x448 [ 43.488881][ T6731] __arm64_sys_mkdirat+0x8c/0xa4 [ 43.489739][ T6731] invoke_syscall+0x98/0x254 [ 43.490532][ T6731] el0_svc_common+0xe8/0x23c [ 43.491386][ T6731] do_el0_svc+0x48/0x58 [ 43.492100][ T6731] el0_svc+0x5c/0x26c [ 43.492824][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.493687][ T6731] el0t_64_sync+0x198/0x19c [ 43.494465][ T6731] [ 43.494465][ T6731] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 43.495724][ T6731] down_read+0x58/0x308 [ 43.496389][ T6731] ocfs2_start_trans+0x35c/0x6b0 [ 43.497132][ T6731] ocfs2_reserve_suballoc_bits+0x74c/0x3ea0 [ 43.498070][ T6731] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 43.499067][ T6731] ocfs2_mknod+0xbb8/0x1cf0 [ 43.499797][ T6731] ocfs2_mkdir+0x178/0x474 [ 43.500526][ T6731] vfs_mkdir+0x408/0x48c [ 43.501295][ T6731] do_mkdirat+0x238/0x448 [ 43.501986][ T6731] __arm64_sys_mkdirat+0x8c/0xa4 [ 43.502825][ T6731] invoke_syscall+0x98/0x254 [ 43.503564][ T6731] el0_svc_common+0xe8/0x23c [ 43.504312][ T6731] do_el0_svc+0x48/0x58 [ 43.504971][ T6731] el0_svc+0x5c/0x26c [ 43.505687][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.506529][ T6731] el0t_64_sync+0x198/0x19c [ 43.507310][ T6731] [ 43.507310][ T6731] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 43.508402][ T6731] ocfs2_start_trans+0x1f4/0x6b0 [ 43.509165][ T6731] ocfs2_mknod+0xc30/0x1cf0 [ 43.509868][ T6731] ocfs2_mkdir+0x178/0x474 [ 43.510602][ T6731] vfs_mkdir+0x408/0x48c [ 43.511276][ T6731] do_mkdirat+0x238/0x448 [ 43.511937][ T6731] __arm64_sys_mkdirat+0x8c/0xa4 [ 43.512738][ T6731] invoke_syscall+0x98/0x254 [ 43.513442][ T6731] el0_svc_common+0xe8/0x23c [ 43.514124][ T6731] do_el0_svc+0x48/0x58 [ 43.514822][ T6731] el0_svc+0x5c/0x26c [ 43.515457][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.516266][ T6731] el0t_64_sync+0x198/0x19c [ 43.517026][ T6731] [ 43.517026][ T6731] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 43.518540][ T6731] __lock_acquire+0x1774/0x30a4 [ 43.519344][ T6731] lock_acquire+0x140/0x2e0 [ 43.520098][ T6731] down_write+0x50/0xc0 [ 43.520758][ T6731] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 43.521796][ T6731] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 43.522785][ T6731] ocfs2_reserve_clusters+0x3c/0x50 [ 43.523574][ T6731] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 43.524450][ T6731] ocfs2_xattr_set+0x920/0xe9c [ 43.525222][ T6731] ocfs2_xattr_trusted_set+0x4c/0x64 [ 43.526112][ T6731] __vfs_setxattr+0x3d8/0x400 [ 43.526844][ T6731] __vfs_setxattr_noperm+0x120/0x5c4 [ 43.527716][ T6731] __vfs_setxattr_locked+0x1e8/0x214 [ 43.528598][ T6731] vfs_setxattr+0x158/0x2a8 [ 43.529310][ T6731] ovl_fill_super+0x3d74/0x4cdc [ 43.530103][ T6731] get_tree_nodev+0xb4/0x144 [ 43.530868][ T6731] ovl_get_tree+0x28/0x38 [ 43.531601][ T6731] vfs_get_tree+0x90/0x28c [ 43.532262][ T6731] do_new_mount+0x284/0x944 [ 43.532937][ T6731] path_mount+0x5b4/0xdfc [ 43.533653][ T6731] __arm64_sys_mount+0x3e8/0x468 [ 43.534396][ T6731] invoke_syscall+0x98/0x254 [ 43.535123][ T6731] el0_svc_common+0xe8/0x23c [ 43.535867][ T6731] do_el0_svc+0x48/0x58 [ 43.536529][ T6731] el0_svc+0x5c/0x26c [ 43.537205][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.538025][ T6731] el0t_64_sync+0x198/0x19c [ 43.538710][ T6731] [ 43.538710][ T6731] other info that might help us debug this: [ 43.538710][ T6731] [ 43.540294][ T6731] Chain exists of: [ 43.540294][ T6731] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem [ 43.540294][ T6731] [ 43.542928][ T6731] Possible unsafe locking scenario: [ 43.542928][ T6731] [ 43.544079][ T6731] CPU0 CPU1 [ 43.544867][ T6731] ---- ---- [ 43.545693][ T6731] lock(&oi->ip_xattr_sem); [ 43.546392][ T6731] lock(&journal->j_trans_barrier); [ 43.547553][ T6731] lock(&oi->ip_xattr_sem); [ 43.548583][ T6731] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]); [ 43.549657][ T6731] [ 43.549657][ T6731] *** DEADLOCK *** [ 43.549657][ T6731] [ 43.550805][ T6731] 4 locks held by syz.0.17/6731: [ 43.551513][ T6731] #0: ffff0000c92e40e0 (&type->s_umount_key#54/1){+.+.}-{4:4}, at: alloc_super+0x210/0x908 [ 43.552992][ T6731] #1: ffff0000c868a420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 43.554317][ T6731] #2: ffff0000f8d12640 (&sb->s_type->i_mutex_key#24){++++}-{4:4}, at: vfs_setxattr+0x138/0x2a8 [ 43.555889][ T6731] #3: ffff0000f8d12378 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 43.557444][ T6731] [ 43.557444][ T6731] stack backtrace: [ 43.558285][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 43.559458][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.560936][ T6731] Call trace: [ 43.561373][ T6731] show_stack+0x2c/0x3c (C) [ 43.561981][ T6731] __dump_stack+0x30/0x40 [ 43.562592][ T6731] dump_stack_lvl+0xd8/0x12c [ 43.563224][ T6731] dump_stack+0x1c/0x28 [ 43.563903][ T6731] print_circular_bug+0x324/0x32c [ 43.564684][ T6731] check_noncircular+0x154/0x174 [ 43.565434][ T6731] __lock_acquire+0x1774/0x30a4 [ 43.566159][ T6731] lock_acquire+0x140/0x2e0 [ 43.566819][ T6731] down_write+0x50/0xc0 [ 43.567481][ T6731] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 43.568407][ T6731] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 43.569321][ T6731] ocfs2_reserve_clusters+0x3c/0x50 [ 43.570086][ T6731] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 43.570961][ T6731] ocfs2_xattr_set+0x920/0xe9c [ 43.571631][ T6731] ocfs2_xattr_trusted_set+0x4c/0x64 [ 43.572397][ T6731] __vfs_setxattr+0x3d8/0x400 [ 43.573099][ T6731] __vfs_setxattr_noperm+0x120/0x5c4 [ 43.573859][ T6731] __vfs_setxattr_locked+0x1e8/0x214 [ 43.574647][ T6731] vfs_setxattr+0x158/0x2a8 [ 43.575300][ T6731] ovl_fill_super+0x3d74/0x4cdc [ 43.576028][ T6731] get_tree_nodev+0xb4/0x144 [ 43.576721][ T6731] ovl_get_tree+0x28/0x38 [ 43.577368][ T6731] vfs_get_tree+0x90/0x28c [ 43.578002][ T6731] do_new_mount+0x284/0x944 [ 43.578676][ T6731] path_mount+0x5b4/0xdfc [ 43.579303][ T6731] __arm64_sys_mount+0x3e8/0x468 [ 43.580084][ T6731] invoke_syscall+0x98/0x254 [ 43.580782][ T6731] el0_svc_common+0xe8/0x23c [ 43.581438][ T6731] do_el0_svc+0x48/0x58 [ 43.582058][ T6731] el0_svc+0x5c/0x26c [ 43.582635][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.583448][ T6731] el0t_64_sync+0x198/0x19c [ 43.587960][ T6731] ** replaying previous printk message ** [ 43.587960][ T6731] ------------[ cut here ]------------ [ 43.587977][ T6731] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3 [ 43.587989][ T6731] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]') [ 43.588002][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 43.588011][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.588015][ T6731] Call trace: [ 43.588017][ T6731] show_stack+0x2c/0x3c (C) [ 43.588028][ T6731] __dump_stack+0x30/0x40 [ 43.588034][ T6731] dump_stack_lvl+0xd8/0x12c [ 43.588039][ T6731] dump_stack+0x1c/0x28 [ 43.588044][ T6731] ubsan_epilogue+0x14/0x48 [ 43.588049][ T6731] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 43.588055][ T6731] ocfs2_xa_remove_entry+0x314/0x384 [ 43.588062][ T6731] ocfs2_xa_set+0x938/0x23c0 [ 43.588068][ T6731] ocfs2_xattr_block_set+0x328/0x2a88 [ 43.588074][ T6731] __ocfs2_xattr_set_handle+0x200/0xc28 [ 43.588080][ T6731] ocfs2_xattr_set+0xb38/0xe9c [ 43.588085][ T6731] ocfs2_xattr_trusted_set+0x4c/0x64 [ 43.588091][ T6731] __vfs_removexattr+0x3bc/0x3e4 [ 43.588096][ T6731] __vfs_removexattr_locked+0x1cc/0x204 [ 43.588101][ T6731] vfs_removexattr+0x80/0x18c [ 43.588106][ T6731] ovl_fill_super+0x3e40/0x4cdc [ 43.588113][ T6731] get_tree_nodev+0xb4/0x144 [ 43.588119][ T6731] ovl_get_tree+0x28/0x38 [ 43.588125][ T6731] vfs_get_tree+0x90/0x28c [ 43.588131][ T6731] do_new_mount+0x284/0x944 [ 43.588137][ T6731] path_mount+0x5b4/0xdfc [ 43.588142][ T6731] __arm64_sys_mount+0x3e8/0x468 [ 43.588148][ T6731] invoke_syscall+0x98/0x254 [ 43.588153][ T6731] el0_svc_common+0xe8/0x23c [ 43.588158][ T6731] do_el0_svc+0x48/0x58 [ 43.588163][ T6731] el0_svc+0x5c/0x26c [ 43.588169][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.588174][ T6731] el0t_64_sync+0x198/0x19c [ 43.588180][ T6731] ---[ end trace ]--- [ 43.588183][ T6731] ------------[ cut here ]------------ [ 43.588185][ T6731] memset: detected buffer overflow: 16 byte write of buffer size 0 [ 43.588307][ T6731] WARNING: lib/string_helpers.c:1036 at __fortify_report+0xa4/0xc0, CPU#0: syz.0.17/6731 [ 43.619028][ T6731] Modules linked in: [ 43.619626][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 43.620881][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.622450][ T6731] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 43.623547][ T6731] pc : __fortify_report+0xa4/0xc0 [ 43.624292][ T6731] lr : __fortify_report+0xa4/0xc0 [ 43.625028][ T6731] sp : ffff8000a3966660 [ 43.625604][ T6731] x29: ffff8000a3966660 x28: 1fffe0001d6f72c6 x27: dfff800000000000 [ 43.626771][ T6731] x26: ffff0000eb7b9640 x25: 0000000000000000 x24: 0000000000000001 [ 43.627977][ T6731] x23: 000000000000000f x22: ffff80008b5a20d8 x21: 0000000000000001 [ 43.629107][ T6731] x20: 0000000000000010 x19: 0000000000000000 x18: 00000000ffffffff [ 43.630206][ T6731] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 43.631362][ T6731] x14: 1fffe0003377d0fa x13: 0000000000000000 x12: 0000000000000000 [ 43.632514][ T6731] x11: ffff60003377d0fb x10: 0000000000ff0100 x9 : b5f63e0593b2ff00 [ 43.633667][ T6731] x8 : b5f63e0593b2ff00 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 43.634775][ T6731] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 43.635831][ T6731] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 43.636961][ T6731] Call trace: [ 43.637371][ T6731] __fortify_report+0xa4/0xc0 (P) [ 43.638089][ T6731] __fortify_panic+0x10/0x14 [ 43.638725][ T6731] ocfs2_xa_remove_entry+0x34c/0x384 [ 43.639370][ T6731] ocfs2_xa_set+0x938/0x23c0 [ 43.639983][ T6731] ocfs2_xattr_block_set+0x328/0x2a88 [ 43.640749][ T6731] __ocfs2_xattr_set_handle+0x200/0xc28 [ 43.641549][ T6731] ocfs2_xattr_set+0xb38/0xe9c [ 43.642229][ T6731] ocfs2_xattr_trusted_set+0x4c/0x64 [ 43.643037][ T6731] __vfs_removexattr+0x3bc/0x3e4 [ 43.643770][ T6731] __vfs_removexattr_locked+0x1cc/0x204 [ 43.644628][ T6731] vfs_removexattr+0x80/0x18c [ 43.645298][ T6731] ovl_fill_super+0x3e40/0x4cdc [ 43.646047][ T6731] get_tree_nodev+0xb4/0x144 [ 43.646719][ T6731] ovl_get_tree+0x28/0x38 [ 43.647358][ T6731] vfs_get_tree+0x90/0x28c [ 43.647975][ T6731] do_new_mount+0x284/0x944 [ 43.648704][ T6731] path_mount+0x5b4/0xdfc [ 43.649357][ T6731] __arm64_sys_mount+0x3e8/0x468 [ 43.650085][ T6731] invoke_syscall+0x98/0x254 [ 43.650728][ T6731] el0_svc_common+0xe8/0x23c [ 43.651444][ T6731] do_el0_svc+0x48/0x58 [ 43.652074][ T6731] el0_svc+0x5c/0x26c [ 43.652701][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.653432][ T6731] el0t_64_sync+0x198/0x19c [ 43.654067][ T6731] irq event stamp: 55115 [ 43.654679][ T6731] hardirqs last enabled at (55115): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 43.656232][ T6731] hardirqs last disabled at (55114): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 43.657632][ T6731] softirqs last enabled at (54106): [] handle_softirqs+0xaf8/0xc88 [ 43.659050][ T6731] softirqs last disabled at (54009): [] __do_softirq+0x14/0x20 [ 43.660406][ T6731] ---[ end trace 0000000000000000 ]--- [ 43.663070][ T6731] ------------[ cut here ]------------ [ 43.663080][ T6731] kernel BUG at lib/string_helpers.c:1043! [ 43.663087][ T6731] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 43.665705][ T6731] Modules linked in: [ 43.666247][ T6731] CPU: 1 UID: 0 PID: 6731 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT [ 43.667777][ T6731] Tainted: [W]=WARN [ 43.668339][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.669859][ T6731] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 43.670993][ T6731] pc : __fortify_panic+0x10/0x14 [ 43.671707][ T6731] lr : __fortify_panic+0x10/0x14 [ 43.672434][ T6731] sp : ffff8000a39666a0 [ 43.673038][ T6731] x29: ffff8000a39666a0 x28: 1fffe0001d6f72c6 x27: dfff800000000000 [ 43.674212][ T6731] x26: ffff0000eb7b9640 x25: 0000000000000000 x24: 0000000000000001 [ 43.675399][ T6731] x23: ffff0000eb7b9650 x22: 0000000000000001 x21: 0000000000000001 [ 43.676596][ T6731] x20: 0000000000000001 x19: ffff0000eb7b9630 x18: 00000000ffffffff [ 43.677803][ T6731] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 43.678990][ T6731] x14: 1fffe0003377d0fa x13: 0000000000000000 x12: 0000000000000000 [ 43.680179][ T6731] x11: ffff60003377d0fb x10: 0000000000ff0100 x9 : b5f63e0593b2ff00 [ 43.681386][ T6731] x8 : b5f63e0593b2ff00 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 43.682570][ T6731] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 43.683763][ T6731] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 43.684899][ T6731] Call trace: [ 43.685404][ T6731] __fortify_panic+0x10/0x14 (P) [ 43.686119][ T6731] ocfs2_xa_remove_entry+0x34c/0x384 [ 43.686938][ T6731] ocfs2_xa_set+0x938/0x23c0 [ 43.687599][ T6731] ocfs2_xattr_block_set+0x328/0x2a88 [ 43.688451][ T6731] __ocfs2_xattr_set_handle+0x200/0xc28 [ 43.689257][ T6731] ocfs2_xattr_set+0xb38/0xe9c [ 43.689963][ T6731] ocfs2_xattr_trusted_set+0x4c/0x64 [ 43.690706][ T6731] __vfs_removexattr+0x3bc/0x3e4 [ 43.691442][ T6731] __vfs_removexattr_locked+0x1cc/0x204 [ 43.692250][ T6731] vfs_removexattr+0x80/0x18c [ 43.692933][ T6731] ovl_fill_super+0x3e40/0x4cdc [ 43.693707][ T6731] get_tree_nodev+0xb4/0x144 [ 43.694366][ T6731] ovl_get_tree+0x28/0x38 [ 43.695011][ T6731] vfs_get_tree+0x90/0x28c [ 43.695609][ T6731] do_new_mount+0x284/0x944 [ 43.696234][ T6731] path_mount+0x5b4/0xdfc [ 43.696872][ T6731] __arm64_sys_mount+0x3e8/0x468 [ 43.697690][ T6731] invoke_syscall+0x98/0x254 [ 43.698320][ T6731] el0_svc_common+0xe8/0x23c [ 43.698999][ T6731] do_el0_svc+0x48/0x58 [ 43.699628][ T6731] el0_svc+0x5c/0x26c [ 43.700260][ T6731] el0t_64_sync_handler+0x84/0x12c [ 43.700979][ T6731] el0t_64_sync+0x198/0x19c [ 43.701653][ T6731] Code: d503233f a9bf7bfd 910003fd 94b2f454 (d4210000) [ 43.702629][ T6731] ---[ end trace 0000000000000000 ]--- [ 43.871495][ T6731] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 43.872492][ T6731] SMP: stopping secondary CPUs [ 43.873166][ T6731] Kernel Offset: disabled [ 43.873756][ T6731] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 43.874670][ T6731] Memory Limit: none [ 44.048058][ T6731] Rebooting in 86400 seconds..