Warning: Permanently added '10.128.1.216' (ED25519) to the list of known hosts. 1970/01/01 00:00:24 parsed 1 programs [ 25.804417][ T6574] cgroup: Unknown subsys name 'net' [ 25.925296][ T6574] cgroup: Unknown subsys name 'cpuset' [ 25.927354][ T6574] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.133432][ T6574] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 31.999936][ T5855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.001402][ T5855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.010547][ T5855] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.011823][ T5855] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.046972][ T6582] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.169113][ T6162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 32.171041][ T6162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 32.172618][ T6162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 32.174150][ T6162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 32.175567][ T6162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.101389][ T6629] chnl_net:caif_netlink_parms(): no params data found [ 33.130736][ T6629] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.131366][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.131439][ T6629] bridge_slave_0: entered allmulticast mode [ 33.131896][ T6629] bridge_slave_0: entered promiscuous mode [ 33.133616][ T6629] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.134335][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.134434][ T6629] bridge_slave_1: entered allmulticast mode [ 33.134947][ T6629] bridge_slave_1: entered promiscuous mode [ 33.146259][ T6629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.147085][ T6629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.153481][ T6629] team0: Port device team_slave_0 added [ 33.154138][ T6629] team0: Port device team_slave_1 added [ 33.191757][ T6629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.191783][ T6629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.191797][ T6629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.192619][ T6629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.192627][ T6629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.192641][ T6629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.214629][ T6629] hsr_slave_0: entered promiscuous mode [ 33.215903][ T6629] hsr_slave_1: entered promiscuous mode [ 33.263876][ T6629] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.267210][ T6629] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.269931][ T6629] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.272174][ T6629] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 33.289352][ T6629] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.289401][ T6629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.289565][ T6629] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.289591][ T6629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.308296][ T6629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.311734][ T6629] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.314590][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.315848][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.321181][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.321225][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.453748][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.453888][ T5855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.466153][ T6629] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.466194][ T6629] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.501849][ T6629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.515481][ T6629] veth0_vlan: entered promiscuous mode [ 33.518132][ T6629] veth1_vlan: entered promiscuous mode [ 33.526032][ T6629] veth0_macvtap: entered promiscuous mode [ 33.527130][ T6629] veth1_macvtap: entered promiscuous mode [ 33.531181][ T6629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.532491][ T6629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.537001][ T2649] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.538658][ T2649] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.540480][ T2649] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.541050][ T2649] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.799404][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.847979][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.892688][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.938698][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:34 executed programs: 0 [ 34.277218][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 34.278537][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 34.279968][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 34.281470][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 34.282893][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 34.324947][ T6680] chnl_net:caif_netlink_parms(): no params data found [ 34.344735][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.344808][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.344866][ T6680] bridge_slave_0: entered allmulticast mode [ 34.345283][ T6680] bridge_slave_0: entered promiscuous mode [ 34.346046][ T6680] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.346092][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.346134][ T6680] bridge_slave_1: entered allmulticast mode [ 34.346541][ T6680] bridge_slave_1: entered promiscuous mode [ 34.355152][ T6680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.356041][ T6680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.362136][ T6680] team0: Port device team_slave_0 added [ 34.362849][ T6680] team0: Port device team_slave_1 added [ 34.368144][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.368165][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 34.368178][ T6680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.368665][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.368671][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 34.368683][ T6680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.378229][ T6680] hsr_slave_0: entered promiscuous mode [ 34.378498][ T6680] hsr_slave_1: entered promiscuous mode [ 34.378684][ T6680] debugfs: 'hsr0' already exists in 'hsr' [ 34.378732][ T6680] Cannot create hsr debugfs directory [ 36.353311][ T53] Bluetooth: hci0: command tx timeout [ 37.238678][ T42] bridge_slave_1: left allmulticast mode [ 37.238726][ T42] bridge_slave_1: left promiscuous mode [ 37.239318][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.242520][ T42] bridge_slave_0: left allmulticast mode [ 37.242658][ T42] bridge_slave_0: left promiscuous mode [ 37.242725][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.447740][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 37.474325][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 37.543806][ T42] bond0 (unregistering): Released all slaves [ 37.619103][ T42] hsr_slave_0: left promiscuous mode [ 37.620121][ T42] hsr_slave_1: left promiscuous mode [ 37.620384][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 37.620397][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 37.620808][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 37.620818][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 37.626358][ T42] veth1_macvtap: left promiscuous mode [ 37.626401][ T42] veth0_macvtap: left promiscuous mode [ 37.626623][ T42] veth1_vlan: left promiscuous mode [ 37.626670][ T42] veth0_vlan: left promiscuous mode [ 37.759498][ T42] team0 (unregistering): Port device team_slave_1 removed [ 37.765516][ T42] team0 (unregistering): Port device team_slave_0 removed [ 38.138156][ T6680] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.142534][ T6680] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.147477][ T6680] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.150004][ T6680] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.270602][ T6680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.276151][ T6680] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.277831][ T2649] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.277864][ T2649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.279912][ T2649] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.279932][ T2649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.351224][ T6680] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.361856][ T6680] veth0_vlan: entered promiscuous mode [ 38.363556][ T6680] veth1_vlan: entered promiscuous mode [ 38.368926][ T6680] veth0_macvtap: entered promiscuous mode [ 38.370438][ T6680] veth1_macvtap: entered promiscuous mode [ 38.374538][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.375820][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.378006][ T3491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.378061][ T3491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.378079][ T3491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.378145][ T3491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.414247][ T5855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.417231][ T5855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.423104][ T53] Bluetooth: hci0: command tx timeout [ 38.576335][ T282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.577697][ T282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.687669][ T6756] loop0: detected capacity change from 0 to 32768 [ 38.688255][ T6756] ======================================================= [ 38.688255][ T6756] WARNING: The mand mount option has been deprecated and [ 38.688255][ T6756] and is ignored by this kernel. Remove the mand [ 38.688255][ T6756] option from the mount to silence this warning. [ 38.688255][ T6756] ======================================================= [ 38.706293][ T6756] JBD2: Ignoring recovery information on journal [ 38.716434][ T6756] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 38.722424][ T6756] overlayfs: upper fs does not support tm ** replaying previous printk message ** [ 38.722424][ T6756] overlayfs: upper fs does not support tmpfile. [ 38.723480][ T6756] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 38.723589][ T6756] [ 38.726597][ T6756] ====================================================== [ 38.727684][ T6756] WARNING: possible circular locking dependency detected [ 38.728788][ T6756] syzkaller #0 Not tainted [ 38.729486][ T6756] ------------------------------------------------------ [ 38.730563][ T6756] syz.0.17/6756 is trying to acquire lock: [ 38.731461][ T6756] ffff0000f584c2c0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 38.733664][ T6756] [ 38.733664][ T6756] but task is already holding lock: [ 38.734795][ T6756] ffff0000f59286f8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 38.736310][ T6756] [ 38.736310][ T6756] which lock already depends on the new lock. [ 38.736310][ T6756] [ 38.737856][ T6756] [ 38.737856][ T6756] the existing dependency chain (in reverse order) is: [ 38.739254][ T6756] [ 38.739254][ T6756] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 38.740532][ T6756] down_write+0x50/0xc0 [ 38.741274][ T6756] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 38.742162][ T6756] ocfs2_init_security_set+0xb4/0xd8 [ 38.743042][ T6756] ocfs2_mknod+0x104c/0x1cf0 [ 38.743800][ T6756] ocfs2_mkdir+0x178/0x474 [ 38.744605][ T6756] vfs_mkdir+0x408/0x48c [ 38.745348][ T6756] do_mkdirat+0x238/0x448 [ 38.746064][ T6756] __arm64_sys_mkdirat+0x8c/0xa4 [ 38.746858][ T6756] invoke_syscall+0x98/0x254 [ 38.747598][ T6756] el0_svc_common+0xe8/0x23c [ 38.748419][ T6756] do_el0_svc+0x48/0x58 [ 38.749182][ T6756] el0_svc+0x5c/0x26c [ 38.749879][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.750705][ T6756] el0t_64_sync+0x198/0x19c [ 38.751452][ T6756] [ 38.751452][ T6756] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 38.752714][ T6756] down_read+0x58/0x308 [ 38.753431][ T6756] ocfs2_start_trans+0x35c/0x6b0 [ 38.754307][ T6756] ocfs2_reserve_suballoc_bits+0x74c/0x3ea0 [ 38.755269][ T6756] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 38.756295][ T6756] ocfs2_mknod+0xbb8/0x1cf0 [ 38.757063][ T6756] ocfs2_mkdir+0x178/0x474 [ 38.757829][ T6756] vfs_mkdir+0x408/0x48c [ 38.758574][ T6756] do_mkdirat+0x238/0x448 [ 38.759265][ T6756] __arm64_sys_mkdirat+0x8c/0xa4 [ 38.760113][ T6756] invoke_syscall+0x98/0x254 [ 38.760870][ T6756] el0_svc_common+0xe8/0x23c [ 38.761656][ T6756] do_el0_svc+0x48/0x58 [ 38.762308][ T6756] el0_svc+0x5c/0x26c [ 38.762962][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.763849][ T6756] el0t_64_sync+0x198/0x19c [ 38.764624][ T6756] [ 38.764624][ T6756] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 38.765766][ T6756] ocfs2_start_trans+0x1f4/0x6b0 [ 38.766589][ T6756] ocfs2_mknod+0xc30/0x1cf0 [ 38.767447][ T6756] ocfs2_mkdir+0x178/0x474 [ 38.768178][ T6756] vfs_mkdir+0x408/0x48c [ 38.769029][ T6756] do_mkdirat+0x238/0x448 [ 38.769738][ T6756] __arm64_sys_mkdirat+0x8c/0xa4 [ 38.770537][ T6756] invoke_syscall+0x98/0x254 [ 38.771301][ T6756] el0_svc_common+0xe8/0x23c [ 38.772075][ T6756] do_el0_svc+0x48/0x58 [ 38.772817][ T6756] el0_svc+0x5c/0x26c [ 38.773563][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.774513][ T6756] el0t_64_sync+0x198/0x19c [ 38.775256][ T6756] [ 38.775256][ T6756] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 38.776818][ T6756] __lock_acquire+0x1774/0x30a4 [ 38.777617][ T6756] lock_acquire+0x140/0x2e0 [ 38.778349][ T6756] down_write+0x50/0xc0 [ 38.779088][ T6756] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 38.780105][ T6756] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 38.781179][ T6756] ocfs2_reserve_clusters+0x3c/0x50 [ 38.782017][ T6756] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 38.782904][ T6756] ocfs2_xattr_set+0x920/0xe9c [ 38.783706][ T6756] ocfs2_xattr_trusted_set+0x4c/0x64 [ 38.784536][ T6756] __vfs_setxattr+0x3d8/0x400 [ 38.785233][ T6756] __vfs_setxattr_noperm+0x120/0x5c4 [ 38.786034][ T6756] __vfs_setxattr_locked+0x1e8/0x214 [ 38.786840][ T6756] vfs_setxattr+0x158/0x2a8 [ 38.787642][ T6756] ovl_fill_super+0x3d74/0x4cdc [ 38.788423][ T6756] get_tree_nodev+0xb4/0x144 [ 38.789130][ T6756] ovl_get_tree+0x28/0x38 [ 38.789869][ T6756] vfs_get_tree+0x90/0x28c [ 38.790575][ T6756] do_new_mount+0x284/0x944 [ 38.791335][ T6756] path_mount+0x5b4/0xdfc [ 38.792042][ T6756] __arm64_sys_mount+0x3e8/0x468 [ 38.792855][ T6756] invoke_syscall+0x98/0x254 [ 38.793585][ T6756] el0_svc_common+0xe8/0x23c [ 38.794302][ T6756] do_el0_svc+0x48/0x58 [ 38.794954][ T6756] el0_svc+0x5c/0x26c [ 38.795599][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.796404][ T6756] el0t_64_sync+0x198/0x19c [ 38.797160][ T6756] [ 38.797160][ T6756] other info that might help us debug this: [ 38.797160][ T6756] [ 38.798679][ T6756] Chain exists of: [ 38.798679][ T6756] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem [ 38.798679][ T6756] [ 38.801193][ T6756] Possible unsafe locking scenario: [ 38.801193][ T6756] [ 38.802256][ T6756] CPU0 CPU1 [ 38.803009][ T6756] ---- ---- [ 38.803745][ T6756] lock(&oi->ip_xattr_sem); [ 38.804409][ T6756] lock(&journal->j_trans_barrier); [ 38.805562][ T6756] lock(&oi->ip_xattr_sem); [ 38.806568][ T6756] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]); [ 38.807533][ T6756] [ 38.807533][ T6756] *** DEADLOCK *** [ 38.807533][ T6756] [ 38.808674][ T6756] 4 locks held by syz.0.17/6756: [ 38.809374][ T6756] #0: ffff0000c89960e0 (&type->s_umount_key#53/1){+.+.}-{4:4}, at: alloc_super+0x210/0x908 [ 38.810815][ T6756] #1: ffff0000c7d36420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 38.812191][ T6756] #2: ffff0000f59289c0 (&sb->s_type->i_mutex_key#24){++++}-{4:4}, at: vfs_setxattr+0x138/0x2a8 [ 38.813795][ T6756] #3: ffff0000f59286f8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 38.815202][ T6756] [ 38.815202][ T6756] stack backtrace: [ 38.816067][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 38.817259][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 38.818788][ T6756] Call trace: [ 38.819263][ T6756] show_stack+0x2c/0x3c (C) [ 38.819905][ T6756] __dump_stack+0x30/0x40 [ 38.820608][ T6756] dump_stack_lvl+0xd8/0x12c [ 38.821282][ T6756] dump_stack+0x1c/0x28 [ 38.821899][ T6756] print_circular_bug+0x324/0x32c [ 38.822658][ T6756] check_noncircular+0x154/0x174 [ 38.823380][ T6756] __lock_acquire+0x1774/0x30a4 [ 38.824115][ T6756] lock_acquire+0x140/0x2e0 [ 38.824776][ T6756] down_write+0x50/0xc0 [ 38.825405][ T6756] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 38.826321][ T6756] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 38.827236][ T6756] ocfs2_reserve_clusters+0x3c/0x50 [ 38.827969][ T6756] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 38.828865][ T6756] ocfs2_xattr_set+0x920/0xe9c [ 38.829564][ T6756] ocfs2_xattr_trusted_set+0x4c/0x64 [ 38.830339][ T6756] __vfs_setxattr+0x3d8/0x400 [ 38.831010][ T6756] __vfs_setxattr_noperm+0x120/0x5c4 [ 38.831735][ T6756] __vfs_setxattr_locked+0x1e8/0x214 [ 38.832545][ T6756] vfs_setxattr+0x158/0x2a8 [ 38.833242][ T6756] ovl_fill_super+0x3d74/0x4cdc [ 38.833949][ T6756] get_tree_nodev+0xb4/0x144 [ 38.834628][ T6756] ovl_get_tree+0x28/0x38 [ 38.835263][ T6756] vfs_get_tree+0x90/0x28c [ 38.835930][ T6756] do_new_mount+0x284/0x944 [ 38.836610][ T6756] path_mount+0x5b4/0xdfc [ 38.837261][ T6756] __arm64_sys_mount+0x3e8/0x468 [ 38.838038][ T6756] invoke_syscall+0x98/0x254 [ 38.838773][ T6756] el0_svc_common+0xe8/0x23c [ 38.839443][ T6756] do_el0_svc+0x48/0x58 [ 38.840023][ T6756] el0_svc+0x5c/0x26c [ 38.840604][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.841332][ T6756] el0t_64_sync+0x198/0x19c [ 38.844850][ T6756 ** replaying previous printk message ** [ 38.844850][ T6756] ------------[ cut here ]------------ [ 38.844871][ T6756] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3 [ 38.844881][ T6756] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]') [ 38.844890][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 38.844897][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 38.844901][ T6756] Call trace: [ 38.844903][ T6756] show_stack+0x2c/0x3c (C) [ 38.844912][ T6756] __dump_stack+0x30/0x40 [ 38.844918][ T6756] dump_stack_lvl+0xd8/0x12c [ 38.844923][ T6756] dump_stack+0x1c/0x28 [ 38.844927][ T6756] ubsan_epilogue+0x14/0x48 [ 38.844932][ T6756] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 38.844938][ T6756] ocfs2_xa_remove_entry+0x314/0x384 [ 38.844945][ T6756] ocfs2_xa_set+0x938/0x23c0 [ 38.844951][ T6756] ocfs2_xattr_block_set+0x328/0x2a88 [ 38.844957][ T6756] __ocfs2_xattr_set_handle+0x200/0xc28 [ 38.844963][ T6756] ocfs2_xattr_set+0xb38/0xe9c [ 38.844968][ T6756] ocfs2_xattr_trusted_set+0x4c/0x64 [ 38.844974][ T6756] __vfs_removexattr+0x3bc/0x3e4 [ 38.844979][ T6756] __vfs_removexattr_locked+0x1cc/0x204 [ 38.844984][ T6756] vfs_removexattr+0x80/0x18c [ 38.844989][ T6756] ovl_fill_super+0x3e40/0x4cdc [ 38.844995][ T6756] get_tree_nodev+0xb4/0x144 [ 38.845001][ T6756] ovl_get_tree+0x28/0x38 [ 38.845007][ T6756] vfs_get_tree+0x90/0x28c [ 38.845013][ T6756] do_new_mount+0x284/0x944 [ 38.845018][ T6756] path_mount+0x5b4/0xdfc [ 38.845024][ T6756] __arm64_sys_mount+0x3e8/0x468 [ 38.845030][ T6756] invoke_syscall+0x98/0x254 [ 38.845035][ T6756] el0_svc_common+0xe8/0x23c [ 38.845040][ T6756] do_el0_svc+0x48/0x58 [ 38.845045][ T6756] el0_svc+0x5c/0x26c [ 38.845051][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.845056][ T6756] el0t_64_sync+0x198/0x19c [ 38.845061][ T6756] ---[ end trace ]--- [ 38.845064][ T6756] ------------[ cut here ]------------ [ 38.845067][ T6756] memset: detected buffer overflow: 16 byte write of buffer size 0 [ 38.845185][ T6756] WARNING: lib/string_helpers.c:1036 at __fortify_report+0xa4/0xc0, CPU#1: syz.0.17/6756 [ 38.876826][ T6756] Modules linked in: [ 38.877393][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 38.878720][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 38.880273][ T6756] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 38.881561][ T6756] pc : __fortify_report+0xa4/0xc0 [ 38.882390][ T6756] lr : __fortify_report+0xa4/0xc0 [ 38.883060][ T6756] sp : ffff80009f286660 [ 38.883635][ T6756] x29: ffff80009f286660 x28: 1fffe0001e3d22c6 x27: dfff800000000000 [ 38.884781][ T6756] x26: ffff0000f1e91640 x25: 0000000000000000 x24: 0000000000000001 [ 38.885948][ T6756] x23: 000000000000000f x22: ffff80008b5a20d8 x21: 0000000000000001 [ 38.887096][ T6756] x20: 0000000000000010 x19: 0000000000000000 x18: 00000000ffffffff [ 38.888191][ T6756] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 38.889328][ T6756] x14: 1ffff00013e50c04 x13: 0000000000000000 x12: 0000000000000000 [ 38.890531][ T6756] x11: 0000000000000867 x10: 0000000000ff0100 x9 : 6eb5c7eab8e60400 [ 38.891779][ T6756] x8 : 6eb5c7eab8e60400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 38.892919][ T6756] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 38.894169][ T6756] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 38.895383][ T6756] Call trace: [ 38.895861][ T6756] __fortify_report+0xa4/0xc0 (P) [ 38.896618][ T6756] __fortify_panic+0x10/0x14 [ 38.897302][ T6756] ocfs2_xa_remove_entry+0x34c/0x384 [ 38.898121][ T6756] ocfs2_xa_set+0x938/0x23c0 [ 38.898799][ T6756] ocfs2_xattr_block_set+0x328/0x2a88 [ 38.899552][ T6756] __ocfs2_xattr_set_handle+0x200/0xc28 [ 38.900438][ T6756] ocfs2_xattr_set+0xb38/0xe9c [ 38.901154][ T6756] ocfs2_xattr_trusted_set+0x4c/0x64 [ 38.901905][ T6756] __vfs_removexattr+0x3bc/0x3e4 [ 38.902672][ T6756] __vfs_removexattr_locked+0x1cc/0x204 [ 38.903520][ T6756] vfs_removexattr+0x80/0x18c [ 38.904214][ T6756] ovl_fill_super+0x3e40/0x4cdc [ 38.904945][ T6756] get_tree_nodev+0xb4/0x144 [ 38.905613][ T6756] ovl_get_tree+0x28/0x38 [ 38.906251][ T6756] vfs_get_tree+0x90/0x28c [ 38.906941][ T6756] do_new_mount+0x284/0x944 [ 38.907658][ T6756] path_mount+0x5b4/0xdfc [ 38.908320][ T6756] __arm64_sys_mount+0x3e8/0x468 [ 38.909025][ T6756] invoke_syscall+0x98/0x254 [ 38.909719][ T6756] el0_svc_common+0xe8/0x23c [ 38.910427][ T6756] do_el0_svc+0x48/0x58 [ 38.911103][ T6756] el0_svc+0x5c/0x26c [ 38.911647][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.912447][ T6756] el0t_64_sync+0x198/0x19c [ 38.913101][ T6756] irq event stamp: 49005 [ 38.913757][ T6756] hardirqs last enabled at (49005): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 38.915294][ T6756] hardirqs last disabled at (49004): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 38.916736][ T6756] softirqs last enabled at (48894): [] handle_softirqs+0xaf8/0xc88 [ 38.918139][ T6756] softirqs last disabled at (48883): [] __do_softirq+0x14/0x20 [ 38.919425][ T6756] ---[ end trace 0000000000000000 ]--- [ 38.921099][ T6756] ------------[ cut here ]------------ [ 38.921105][ T6756] kernel BUG at lib/string_helpers.c:1043! [ 38.921112][ T6756] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 38.923639][ T6756] Modules linked in: [ 38.924195][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT [ 38.925673][ T6756] Tainted: [W]=WARN [ 38.926243][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 38.927668][ T6756] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 38.928811][ T6756] pc : __fortify_panic+0x10/0x14 [ 38.929537][ T6756] lr : __fortify_panic+0x10/0x14 [ 38.930252][ T6756] sp : ffff80009f2866a0 [ 38.930838][ T6756] x29: ffff80009f2866a0 x28: 1fffe0001e3d22c6 x27: dfff800000000000 [ 38.932173][ T6756] x26: ffff0000f1e91640 x25: 0000000000000000 x24: 0000000000000001 [ 38.933370][ T6756] x23: ffff0000f1e91650 x22: 0000000000000001 x21: 0000000000000001 [ 38.934637][ T6756] x20: 0000000000000001 x19: ffff0000f1e91630 x18: 00000000ffffffff [ 38.935872][ T6756] x17: 635f5f205d5b7972 x16: ffff800082e5e68c x15: 0000000000000001 [ 38.937108][ T6756] x14: 1ffff00013e50c04 x13: 0000000000000000 x12: 0000000000000000 [ 38.938332][ T6756] x11: 0000000000000867 x10: 0000000000ff0100 x9 : 6eb5c7eab8e60400 [ 38.939550][ T6756] x8 : 6eb5c7eab8e60400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 38.940723][ T6756] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 38.941988][ T6756] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 38.943277][ T6756] Call trace: [ 38.943760][ T6756] __fortify_panic+0x10/0x14 (P) [ 38.944472][ T6756] ocfs2_xa_remove_entry+0x34c/0x384 [ 38.945374][ T6756] ocfs2_xa_set+0x938/0x23c0 [ 38.946195][ T6756] ocfs2_xattr_block_set+0x328/0x2a88 [ 38.947101][ T6756] __ocfs2_xattr_set_handle+0x200/0xc28 [ 38.948007][ T6756] ocfs2_xattr_set+0xb38/0xe9c [ 38.948829][ T6756] ocfs2_xattr_trusted_set+0x4c/0x64 [ 38.949666][ T6756] __vfs_removexattr+0x3bc/0x3e4 [ 38.950497][ T6756] __vfs_removexattr_locked+0x1cc/0x204 [ 38.951375][ T6756] vfs_removexattr+0x80/0x18c [ 38.952100][ T6756] ovl_fill_super+0x3e40/0x4cdc [ 38.952880][ T6756] get_tree_nodev+0xb4/0x144 [ 38.953579][ T6756] ovl_get_tree+0x28/0x38 [ 38.954218][ T6756] vfs_get_tree+0x90/0x28c [ 38.954924][ T6756] do_new_mount+0x284/0x944 [ 38.955596][ T6756] path_mount+0x5b4/0xdfc [ 38.956288][ T6756] __arm64_sys_mount+0x3e8/0x468 [ 38.957058][ T6756] invoke_syscall+0x98/0x254 [ 38.957777][ T6756] el0_svc_common+0xe8/0x23c [ 38.958460][ T6756] do_el0_svc+0x48/0x58 [ 38.959022][ T6756] el0_svc+0x5c/0x26c [ 38.959612][ T6756] el0t_64_sync_handler+0x84/0x12c [ 38.960370][ T6756] el0t_64_sync+0x198/0x19c [ 38.961158][ T6756] Code: d503233f a9bf7bfd 910003fd 94b2f454 (d4210000) [ 38.962220][ T6756] ---[ end trace 0000000000000000 ]--- [ 39.189165][ T6756] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 39.190144][ T6756] SMP: stopping secondary CPUs [ 39.190821][ T6756] Kernel Offset: disabled [ 39.191388][ T6756] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 39.192322][ T6756] Memory Limit: none [ 39.394577][ T6756] Rebooting in 86400 seconds..