Warning: Permanently added '10.128.1.44' (ED25519) to the list of known hosts.
2025/12/23 01:59:10 parsed 1 programs
[  109.274690][ T5813] cgroup: Unknown subsys name 'net'
[  109.515843][ T5813] cgroup: Unknown subsys name 'cpuset'
[  109.570339][ T5813] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  111.653793][ T5813] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  117.622751][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.625879][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.627323][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.637877][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.651986][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.743249][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.743273][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.833472][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.833496][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.673572][ T5890] chnl_net:caif_netlink_parms(): no params data found
[  123.093043][ T5890] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.095110][ T5890] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.095275][ T5890] bridge_slave_0: entered allmulticast mode
[  123.097232][ T5890] bridge_slave_0: entered promiscuous mode
[  123.131950][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.132056][ T5890] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.132232][ T5890] bridge_slave_1: entered allmulticast mode
[  123.134132][ T5890] bridge_slave_1: entered promiscuous mode
[  123.305658][ T5890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.309364][ T5890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.483433][ T5890] team0: Port device team_slave_0 added
[  123.486174][ T5890] team0: Port device team_slave_1 added
[  123.652513][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.652527][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.652546][ T5890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.656099][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.656124][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.656144][ T5890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.857904][ T5890] hsr_slave_0: entered promiscuous mode
[  123.859473][ T5890] hsr_slave_1: entered promiscuous mode
[  124.486985][ T5890] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  124.516061][ T5890] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  124.544878][ T5890] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  124.584084][ T5890] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  124.746844][ T5890] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.785809][ T5890] 8021q: adding VLAN 0 to HW filter on device team0
[  124.806338][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.807242][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.851183][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.851348][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.158746][ T5890] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.230058][ T5890] veth0_vlan: entered promiscuous mode
[  125.237977][ T5890] veth1_vlan: entered promiscuous mode
[  125.288244][ T5890] veth0_macvtap: entered promiscuous mode
[  125.302931][ T5890] veth1_macvtap: entered promiscuous mode
[  125.327801][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.348589][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.372062][ T1179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.375511][ T1179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.376567][ T1179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.376614][ T1179] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.216385][  T182] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.537352][  T182] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/23 01:59:32 executed programs: 0
[  126.837258][  T182] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.963635][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  126.969061][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  126.984928][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  126.989009][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  127.006088][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  127.283034][ T5915] chnl_net:caif_netlink_parms(): no params data found
[  127.561996][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.562176][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.562328][ T5915] bridge_slave_0: entered allmulticast mode
[  127.564188][ T5915] bridge_slave_0: entered promiscuous mode
[  127.569388][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.580167][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.580658][ T5915] bridge_slave_1: entered allmulticast mode
[  127.589275][ T5915] bridge_slave_1: entered promiscuous mode
[  127.795793][ T5915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.813952][ T5915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.095617][  T182] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.144048][ T5915] team0: Port device team_slave_0 added
[  128.146995][ T5915] team0: Port device team_slave_1 added
[  128.425554][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.425569][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  128.425588][ T5915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.427923][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.427943][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  128.427962][ T5915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.679303][ T5915] hsr_slave_0: entered promiscuous mode
[  128.683927][ T5915] hsr_slave_1: entered promiscuous mode
[  128.687441][ T5915] debugfs: 'hsr0' already exists in 'hsr'
[  128.687743][ T5915] Cannot create hsr debugfs directory
[  129.062833][   T61] Bluetooth: hci0: command tx timeout
[  129.141724][  T182] bridge_slave_1: left allmulticast mode
[  129.141928][  T182] bridge_slave_1: left promiscuous mode
[  129.143838][  T182] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.233088][  T182] bridge_slave_0: left allmulticast mode
[  129.233113][  T182] bridge_slave_0: left promiscuous mode
[  129.233302][  T182] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.020498][  T182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.080745][  T182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.102754][  T182] bond0 (unregistering): Released all slaves
[  131.139925][   T61] Bluetooth: hci0: command tx timeout
[  131.469830][  T182] hsr_slave_0: left promiscuous mode
[  131.510052][  T182] hsr_slave_1: left promiscuous mode
[  131.511162][  T182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.511244][  T182] batman_adv: batadv0: Removing interface: batadv_slave_0
[  131.544148][  T182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.544179][  T182] batman_adv: batadv0: Removing interface: batadv_slave_1
[  131.647638][  T182] veth1_macvtap: left promiscuous mode
[  131.647827][  T182] veth0_macvtap: left promiscuous mode
[  131.648012][  T182] veth1_vlan: left promiscuous mode
[  131.648212][  T182] veth0_vlan: left promiscuous mode
[  133.219894][   T61] Bluetooth: hci0: command tx timeout
[  133.700408][  T182] team0 (unregistering): Port device team_slave_1 removed
[  133.920565][  T182] team0 (unregistering): Port device team_slave_0 removed
[  135.299747][   T61] Bluetooth: hci0: command tx timeout
[  136.770733][ T5915] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  136.812204][ T5915] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  136.881270][ T5915] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  136.925753][ T5915] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  137.268388][ T5915] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.305910][ T5915] 8021q: adding VLAN 0 to HW filter on device team0
[  137.327351][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.327810][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.376495][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.376659][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.955259][ T5915] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.022707][ T5915] veth0_vlan: entered promiscuous mode
[  138.046808][ T5915] veth1_vlan: entered promiscuous mode
[  138.092069][ T5915] veth0_macvtap: entered promiscuous mode
[  138.096395][ T5915] veth1_macvtap: entered promiscuous mode
[  138.115860][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  138.115928][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  138.159258][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.183198][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.206611][  T182] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.206670][  T182] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.206707][  T182] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.206750][  T182] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.472085][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.472110][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.536975][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.536999][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/23 01:59:44 executed programs: 2
[  138.971878][ T5970] loop0: detected capacity change from 0 to 32768
[  139.038919][ T5970] (syz.0.17,5970,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  139.073726][ T5970] (syz.0.17,5970,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  139.155095][ T5970] JBD2: Ignoring recovery information on journal
[  139.328900][ T5970] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  139.442958][ T5970] 
[  139.442969][ T5970] ======================================================
[  139.442974][ T5970] WARNING: possible circular locking dependency detected
[  139.442987][ T5970] syzkaller #0 Not tainted
[  139.442995][ T5970] ------------------------------------------------------
[  139.443000][ T5970] syz.0.17/5970 is trying to acquire lock:
[  139.443009][ T5970] ffff888033550770 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_setattr+0x9a4/0x1bb0
[  139.443070][ T5970] 
[  139.443070][ T5970] but task is already holding lock:
[  139.443075][ T5970] ffff88805a3e07d0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x995/0x1bb0
[  139.443114][ T5970] 
[  139.443114][ T5970] which lock already depends on the new lock.
[  139.443114][ T5970] 
[  139.443119][ T5970] 
[  139.443119][ T5970] the existing dependency chain (in reverse order) is:
[  139.443124][ T5970] 
[  139.443124][ T5970] -> #3 (&oi->ip_alloc_sem){+.+.}-{4:4}:
[  139.443143][ T5970]        down_write+0x3a/0x50
[  139.443165][ T5970]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  139.443182][ T5970]        ocfs2_xattr_set+0x595/0x11f0
[  139.443200][ T5970]        ocfs2_set_acl+0x701/0x7b0
[  139.443216][ T5970]        ocfs2_iop_set_acl+0x1aa/0x2a0
[  139.443231][ T5970]        vfs_remove_acl+0x48e/0x700
[  139.443244][ T5970]        ovl_workdir_create+0x57d/0x900
[  139.443265][ T5970]        ovl_fill_super+0x188f/0x5a90
[  139.443283][ T5970]        get_tree_nodev+0xbb/0x150
[  139.443302][ T5970]        vfs_get_tree+0x92/0x2a0
[  139.443322][ T5970]        do_new_mount+0x302/0xa10
[  139.443338][ T5970]        __se_sys_mount+0x313/0x410
[  139.443654][ T5970]        do_syscall_64+0xec/0xf80
[  139.443669][ T5970]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.443683][ T5970] 
[  139.443683][ T5970] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[  139.443706][ T5970]        down_read+0x97/0x1f0
[  139.443720][ T5970]        ocfs2_init_acl+0x1a5/0x7b0
[  139.443736][ T5970]        ocfs2_mknod+0x12ff/0x2030
[  139.443749][ T5970]        ocfs2_mkdir+0x181/0x420
[  139.443761][ T5970]        vfs_mkdir+0x52d/0x5d0
[  139.443781][ T5970]        do_mkdirat+0x27a/0x4b0
[  139.443801][ T5970]        __x64_sys_mkdirat+0x87/0xa0
[  139.443827][ T5970]        do_syscall_64+0xec/0xf80
[  139.443840][ T5970]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.443854][ T5970] 
[  139.443854][ T5970] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  139.443875][ T5970]        down_read+0x97/0x1f0
[  139.443888][ T5970]        ocfs2_start_trans+0x36b/0x6d0
[  139.443905][ T5970]        ocfs2_modify_bh+0xe8/0x470
[  139.443919][ T5970]        ocfs2_local_read_info+0x1465/0x17e0
[  139.443934][ T5970]        dquot_load_quota_sb+0x791/0xbd0
[  139.443956][ T5970]        dquot_load_quota_inode+0x2e1/0x5d0
[  139.443977][ T5970]        ocfs2_enable_quotas+0x1c6/0x450
[  139.443998][ T5970]        ocfs2_fill_super+0x5155/0x65b0
[  139.444023][ T5970]        get_tree_bdev_flags+0x40e/0x4d0
[  139.444045][ T5970]        vfs_get_tree+0x92/0x2a0
[  139.444065][ T5970]        do_new_mount+0x302/0xa10
[  139.444078][ T5970]        __se_sys_mount+0x313/0x410
[  139.444091][ T5970]        do_syscall_64+0xec/0xf80
[  139.444104][ T5970]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.444119][ T5970] 
[  139.444119][ T5970] -> #0 (sb_internal#2){.+.+}-{0:0}:
[  139.444143][ T5970]        __lock_acquire+0x15a6/0x2cf0
[  139.444163][ T5970]        lock_acquire+0x107/0x340
[  139.444181][ T5970]        ocfs2_start_trans+0x26b/0x6d0
[  139.444197][ T5970]        ocfs2_setattr+0x9a4/0x1bb0
[  139.444219][ T5970]        notify_change+0xc18/0xf60
[  139.444247][ T5970]        ovl_workdir_create+0x717/0x900
[  139.444267][ T5970]        ovl_fill_super+0x188f/0x5a90
[  139.444287][ T5970]        get_tree_nodev+0xbb/0x150
[  139.444307][ T5970]        vfs_get_tree+0x92/0x2a0
[  139.444327][ T5970]        do_new_mount+0x302/0xa10
[  139.444340][ T5970]        __se_sys_mount+0x313/0x410
[  139.444354][ T5970]        do_syscall_64+0xec/0xf80
[  139.444368][ T5970]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.444382][ T5970] 
[  139.444382][ T5970] other info that might help us debug this:
[  139.444382][ T5970] 
[  139.444387][ T5970] Chain exists of:
[  139.444387][ T5970]   sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[  139.444387][ T5970] 
[  139.444416][ T5970]  Possible unsafe locking scenario:
[  139.444416][ T5970] 
[  139.444420][ T5970]        CPU0                    CPU1
[  139.444424][ T5970]        ----                    ----
[  139.444429][ T5970]   lock(&oi->ip_alloc_sem);
[  139.444439][ T5970]                                lock(&oi->ip_xattr_sem);
[  139.444450][ T5970]                                lock(&oi->ip_alloc_sem);
[  139.444461][ T5970]   rlock(sb_internal#2);
[  139.444474][ T5970] 
[  139.444474][ T5970]  *** DEADLOCK ***
[  139.444474][ T5970] 
[  139.444478][ T5970] 4 locks held by syz.0.17/5970:
[  139.444489][ T5970]  #0: ffff888034b2a0d0 (&type->s_umount_key#55/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0
[  139.444539][ T5970]  #1: ffff888033550480 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  139.444583][ T5970]  #2: ffff88805a3e0b80 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: ovl_workdir_create+0x6a1/0x900
[  139.444630][ T5970]  #3: ffff88805a3e07d0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x995/0x1bb0
[  139.444674][ T5970] 
[  139.444674][ T5970] stack backtrace:
[  139.444700][ T5970] CPU: 1 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  139.444718][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.444734][ T5970] Call Trace:
[  139.444744][ T5970]  <TASK>
[  139.444751][ T5970]  dump_stack_lvl+0xe8/0x150
[  139.444777][ T5970]  print_circular_bug+0x2e2/0x300
[  139.444793][ T5970]  check_noncircular+0x12e/0x150
[  139.444820][ T5970]  __lock_acquire+0x15a6/0x2cf0
[  139.444845][ T5970]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  139.444861][ T5970]  ? lockdep_hardirqs_on+0x7b/0x110
[  139.444876][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.444893][ T5970]  ? ocfs2_setattr+0x9a4/0x1bb0
[  139.444915][ T5970]  lock_acquire+0x107/0x340
[  139.444936][ T5970]  ? ocfs2_setattr+0x9a4/0x1bb0
[  139.444964][ T5970]  ocfs2_start_trans+0x26b/0x6d0
[  139.444982][ T5970]  ? ocfs2_setattr+0x9a4/0x1bb0
[  139.445004][ T5970]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  139.445022][ T5970]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  139.445044][ T5970]  ocfs2_setattr+0x9a4/0x1bb0
[  139.445071][ T5970]  ? __pfx_ocfs2_setattr+0x10/0x10
[  139.445094][ T5970]  ? smk_access+0x14c/0x4e0
[  139.445155][ T5970]  ? smack_inode_setattr+0x17b/0x200
[  139.445180][ T5970]  ? __pfx_smack_inode_setattr+0x10/0x10
[  139.445207][ T5970]  ? current_time+0x222/0x360
[  139.445231][ T5970]  ? evm_inode_setattr+0x1bd/0x7d0
[  139.445288][ T5970]  ? __pfx_current_time+0x10/0x10
[  139.445314][ T5970]  ? try_break_deleg+0x7c/0x130
[  139.445346][ T5970]  ? __pfx_ocfs2_setattr+0x10/0x10
[  139.445371][ T5970]  notify_change+0xc18/0xf60
[  139.445397][ T5970]  ovl_workdir_create+0x717/0x900
[  139.445422][ T5970]  ? __pfx_ovl_workdir_create+0x10/0x10
[  139.445448][ T5970]  ? mnt_get_write_access+0x262/0x2d0
[  139.445471][ T5970]  ovl_fill_super+0x188f/0x5a90
[  139.445500][ T5970]  ? __pfx_stack_trace_save+0x10/0x10
[  139.445521][ T5970]  ? check_path+0x21/0x40
[  139.445546][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.445566][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.445589][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.445612][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.445641][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.445663][ T5970]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  139.445678][ T5970]  ? lockdep_hardirqs_on+0x7b/0x110
[  139.445692][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.445706][ T5970]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  139.445728][ T5970]  ? __raw_spin_lock_init+0x45/0x100
[  139.445750][ T5970]  ? sget_fc+0x962/0xa40
[  139.445769][ T5970]  ? __pfx_set_anon_super_fc+0x10/0x10
[  139.445789][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.445809][ T5970]  get_tree_nodev+0xbb/0x150
[  139.445831][ T5970]  vfs_get_tree+0x92/0x2a0
[  139.445854][ T5970]  do_new_mount+0x302/0xa10
[  139.445869][ T5970]  ? safesetid_security_capable+0xa9/0x1a0
[  139.445893][ T5970]  ? __pfx_do_new_mount+0x10/0x10
[  139.445907][ T5970]  ? ns_capable+0x8a/0xf0
[  139.445924][ T5970]  ? path_mount+0x628/0xff0
[  139.445942][ T5970]  __se_sys_mount+0x313/0x410
[  139.445959][ T5970]  ? __pfx___se_sys_mount+0x10/0x10
[  139.445977][ T5970]  ? __x64_sys_mount+0x20/0xc0
[  139.446006][ T5970]  do_syscall_64+0xec/0xf80
[  139.446020][ T5970]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.446035][ T5970]  ? trace_irq_disable+0x37/0x100
[  139.446052][ T5970]  ? clear_bhb_loop+0x60/0xb0
[  139.446069][ T5970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.446084][ T5970] RIP: 0033:0x7f90b32ff749
[  139.446104][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.446117][ T5970] RSP: 002b:00007ffc764fc108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  139.446133][ T5970] RAX: ffffffffffffffda RBX: 00007f90b3555fa0 RCX: 00007f90b32ff749
[  139.446145][ T5970] RDX: 0000200000000440 RSI: 0000200000000100 RDI: 0000000000000000
[  139.446155][ T5970] RBP: 00007f90b3383f91 R08: 0000200000000300 R09: 0000000000000000
[  139.446165][ T5970] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  139.446174][ T5970] R13: 00007f90b3555fa0 R14: 00007f90b3555fa0 R15: 0000000000000005
[  139.446190][ T5970]  </TASK>
[  139.446610][ T5970] overlayfs: upper fs does not support tmpfile.
[  139.447743][ T5970] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  139.448628][ T5970] ------------[ cut here ]------------
[  139.448634][ T5970] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3
[  139.448649][ T5970] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]')
[  139.448666][ T5970] CPU: 1 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  139.448683][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.448692][ T5970] Call Trace:
[  139.448697][ T5970]  <TASK>
[  139.448704][ T5970]  dump_stack_lvl+0xe8/0x150
[  139.448728][ T5970]  ubsan_epilogue+0xa/0x40
[  139.448742][ T5970]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  139.448775][ T5970]  ocfs2_xa_remove_entry+0x36d/0x3e0
[  139.448803][ T5970]  ocfs2_xa_set+0xaf4/0x2a70
[  139.448825][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.448843][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.448857][ T5970]  ? __pfx_ocfs2_xa_set+0x10/0x10
[  139.448878][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.448893][ T5970]  ? rt_mutex_slowunlock+0x493/0x8a0
[  139.448916][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.448929][ T5970]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  139.448949][ T5970]  ? lock_release+0x4b/0x3b0
[  139.448971][ T5970]  ? try_to_take_rt_mutex+0x840/0xb00
[  139.448994][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449009][ T5970]  ? rtlock_slowlock_locked+0xd8/0x4010
[  139.449031][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.449047][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449061][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449076][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.449096][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449110][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.449129][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449143][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.449162][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449176][ T5970]  ? is_bpf_text_address+0x26/0x2b0
[  139.449196][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449210][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449223][ T5970]  ? lock_release+0x4b/0x3b0
[  139.449249][ T5970]  ? lock_release+0x4b/0x3b0
[  139.449270][ T5970]  ? is_bpf_text_address+0x292/0x2b0
[  139.449290][ T5970]  ? rt_read_lock+0x203/0x490
[  139.449310][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449324][ T5970]  ? lock_acquire+0x5f/0x340
[  139.449355][ T5970]  ocfs2_xattr_block_set+0x3ca/0x31b0
[  139.449381][ T5970]  ? lock_acquire+0x5f/0x340
[  139.449404][ T5970]  ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[  139.449426][ T5970]  ? start_this_handle+0x2068/0x21c0
[  139.449454][ T5970]  ? __pfx_start_this_handle+0x10/0x10
[  139.449487][ T5970]  ? jbd2__journal_start+0x146/0x5b0
[  139.449537][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449556][ T5970]  __ocfs2_xattr_set_handle+0x27e/0xf20
[  139.449588][ T5970]  ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[  139.449616][ T5970]  ? jbd2_journal_start+0x2a/0x40
[  139.449639][ T5970]  ? ocfs2_start_trans+0x497/0x6d0
[  139.449666][ T5970]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  139.449687][ T5970]  ocfs2_xattr_set+0xde8/0x11f0
[  139.449714][ T5970]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  139.449737][ T5970]  ? smack_log+0xef/0x3f0
[  139.449754][ T5970]  ? __pfx_smack_log+0x10/0x10
[  139.449768][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.449784][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449798][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.449813][ T5970]  ? smk_tskacc+0x2fc/0x370
[  139.449831][ T5970]  ? posix_xattr_acl+0x93/0xc0
[  139.449846][ T5970]  ? evm_protect_xattr+0x4d4/0xa90
[  139.449861][ T5970]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  139.449883][ T5970]  __vfs_removexattr+0x431/0x470
[  139.449904][ T5970]  __vfs_removexattr_locked+0x1ee/0x230
[  139.449922][ T5970]  vfs_removexattr+0x80/0x1b0
[  139.449939][ T5970]  ovl_fill_super+0x487b/0x5a90
[  139.449966][ T5970]  ? __pfx_stack_trace_save+0x10/0x10
[  139.449986][ T5970]  ? check_path+0x21/0x40
[  139.450013][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.450033][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.450056][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.450079][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.450100][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.450121][ T5970]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  139.450136][ T5970]  ? lockdep_hardirqs_on+0x7b/0x110
[  139.450150][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.450164][ T5970]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  139.450186][ T5970]  ? __raw_spin_lock_init+0x45/0x100
[  139.450207][ T5970]  ? sget_fc+0x962/0xa40
[  139.450227][ T5970]  ? __pfx_set_anon_super_fc+0x10/0x10
[  139.450253][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.450272][ T5970]  get_tree_nodev+0xbb/0x150
[  139.450294][ T5970]  vfs_get_tree+0x92/0x2a0
[  139.450319][ T5970]  do_new_mount+0x302/0xa10
[  139.450333][ T5970]  ? safesetid_security_capable+0xa9/0x1a0
[  139.450356][ T5970]  ? __pfx_do_new_mount+0x10/0x10
[  139.450375][ T5970]  ? ns_capable+0x8a/0xf0
[  139.450393][ T5970]  ? path_mount+0x628/0xff0
[  139.450410][ T5970]  __se_sys_mount+0x313/0x410
[  139.450428][ T5970]  ? __pfx___se_sys_mount+0x10/0x10
[  139.450445][ T5970]  ? __x64_sys_mount+0x20/0xc0
[  139.450461][ T5970]  do_syscall_64+0xec/0xf80
[  139.450475][ T5970]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.450490][ T5970]  ? trace_irq_disable+0x37/0x100
[  139.450506][ T5970]  ? clear_bhb_loop+0x60/0xb0
[  139.450523][ T5970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.450538][ T5970] RIP: 0033:0x7f90b32ff749
[  139.450552][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.450564][ T5970] RSP: 002b:00007ffc764fc108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  139.450581][ T5970] RAX: ffffffffffffffda RBX: 00007f90b3555fa0 RCX: 00007f90b32ff749
[  139.450593][ T5970] RDX: 0000200000000440 RSI: 0000200000000100 RDI: 0000000000000000
[  139.450603][ T5970] RBP: 00007f90b3383f91 R08: 0000200000000300 R09: 0000000000000000
[  139.450617][ T5970] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  139.450626][ T5970] R13: 00007f90b3555fa0 R14: 00007f90b3555fa0 R15: 0000000000000005
[  139.450642][ T5970]  </TASK>
[  139.486465][ T5970] ---[ end trace ]---
[  139.486510][ T5970] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  139.486580][ T5970] CPU: 1 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  139.486645][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.486678][ T5970] Call Trace:
[  139.486700][ T5970]  <TASK>
[  139.486722][ T5970]  vpanic+0x1e0/0x670
[  139.486817][ T5970]  panic+0xb9/0xc0
[  139.486892][ T5970]  ? __pfx_panic+0x10/0x10
[  139.486968][ T5970]  ? __pfx__printk+0x10/0x10
[  139.487034][ T5970]  check_panic_on_warn+0x89/0xb0
[  139.487128][ T5970]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  139.487233][ T5970]  ocfs2_xa_remove_entry+0x36d/0x3e0
[  139.487329][ T5970]  ocfs2_xa_set+0xaf4/0x2a70
[  139.487406][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487474][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487527][ T5970]  ? __pfx_ocfs2_xa_set+0x10/0x10
[  139.487609][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.487666][ T5970]  ? rt_mutex_slowunlock+0x493/0x8a0
[  139.487749][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487799][ T5970]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  139.487826][ T5970]  ? lock_release+0x4b/0x3b0
[  139.487861][ T5970]  ? try_to_take_rt_mutex+0x840/0xb00
[  139.487885][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487904][ T5970]  ? rtlock_slowlock_locked+0xd8/0x4010
[  139.487943][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.487965][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487979][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.487994][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.488014][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488028][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.488047][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488061][ T5970]  ? unwind_next_frame+0xa5/0x23d0
[  139.488080][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488095][ T5970]  ? is_bpf_text_address+0x26/0x2b0
[  139.488114][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488129][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488143][ T5970]  ? lock_release+0x4b/0x3b0
[  139.488162][ T5970]  ? lock_release+0x4b/0x3b0
[  139.488184][ T5970]  ? is_bpf_text_address+0x292/0x2b0
[  139.488765][ T5970]  ? rt_read_lock+0x203/0x490
[  139.488791][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.488806][ T5970]  ? lock_acquire+0x5f/0x340
[  139.488828][ T5970]  ocfs2_xattr_block_set+0x3ca/0x31b0
[  139.488864][ T5970]  ? lock_acquire+0x5f/0x340
[  139.488888][ T5970]  ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[  139.488910][ T5970]  ? start_this_handle+0x2068/0x21c0
[  139.488938][ T5970]  ? __pfx_start_this_handle+0x10/0x10
[  139.488968][ T5970]  ? jbd2__journal_start+0x146/0x5b0
[  139.488986][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.489001][ T5970]  __ocfs2_xattr_set_handle+0x27e/0xf20
[  139.489023][ T5970]  ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[  139.489044][ T5970]  ? jbd2_journal_start+0x2a/0x40
[  139.489062][ T5970]  ? ocfs2_start_trans+0x497/0x6d0
[  139.489083][ T5970]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  139.489105][ T5970]  ocfs2_xattr_set+0xde8/0x11f0
[  139.489132][ T5970]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  139.489155][ T5970]  ? smack_log+0xef/0x3f0
[  139.489172][ T5970]  ? __pfx_smack_log+0x10/0x10
[  139.489186][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.489202][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.489220][ T5970]  ? rcu_is_watching+0x15/0xb0
[  139.489238][ T5970]  ? smk_tskacc+0x2fc/0x370
[  139.489259][ T5970]  ? posix_xattr_acl+0x93/0xc0
[  139.489276][ T5970]  ? evm_protect_xattr+0x4d4/0xa90
[  139.489292][ T5970]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  139.489313][ T5970]  __vfs_removexattr+0x431/0x470
[  139.489334][ T5970]  __vfs_removexattr_locked+0x1ee/0x230
[  139.489353][ T5970]  vfs_removexattr+0x80/0x1b0
[  139.489370][ T5970]  ovl_fill_super+0x487b/0x5a90
[  139.489398][ T5970]  ? __pfx_stack_trace_save+0x10/0x10
[  139.489419][ T5970]  ? check_path+0x21/0x40
[  139.489444][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.489618][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.489648][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.489678][ T5970]  ? __lock_acquire+0x6b6/0x2cf0
[  139.489706][ T5970]  ? do_raw_spin_lock+0x121/0x290
[  139.489734][ T5970]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  139.489755][ T5970]  ? lockdep_hardirqs_on+0x7b/0x110
[  139.489773][ T5970]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  139.489792][ T5970]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  139.489825][ T5970]  ? __raw_spin_lock_init+0x45/0x100
[  139.489848][ T5970]  ? sget_fc+0x962/0xa40
[  139.489867][ T5970]  ? __pfx_set_anon_super_fc+0x10/0x10
[  139.489888][ T5970]  ? __pfx_ovl_fill_super+0x10/0x10
[  139.489908][ T5970]  get_tree_nodev+0xbb/0x150
[  139.489930][ T5970]  vfs_get_tree+0x92/0x2a0
[  139.489953][ T5970]  do_new_mount+0x302/0xa10
[  139.489967][ T5970]  ? safesetid_security_capable+0xa9/0x1a0
[  139.489991][ T5970]  ? __pfx_do_new_mount+0x10/0x10
[  139.490006][ T5970]  ? ns_capable+0x8a/0xf0
[  139.490024][ T5970]  ? path_mount+0x628/0xff0
[  139.490042][ T5970]  __se_sys_mount+0x313/0x410
[  139.490059][ T5970]  ? __pfx___se_sys_mount+0x10/0x10
[  139.490077][ T5970]  ? __x64_sys_mount+0x20/0xc0
[  139.490093][ T5970]  do_syscall_64+0xec/0xf80
[  139.490108][ T5970]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.490123][ T5970]  ? trace_irq_disable+0x37/0x100
[  139.490140][ T5970]  ? clear_bhb_loop+0x60/0xb0
[  139.490157][ T5970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.490172][ T5970] RIP: 0033:0x7f90b32ff749
[  139.490186][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.490199][ T5970] RSP: 002b:00007ffc764fc108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  139.490217][ T5970] RAX: ffffffffffffffda RBX: 00007f90b3555fa0 RCX: 00007f90b32ff749
[  139.490229][ T5970] RDX: 0000200000000440 RSI: 0000200000000100 RDI: 0000000000000000
[  139.490239][ T5970] RBP: 00007f90b3383f91 R08: 0000200000000300 R09: 0000000000000000
[  139.490249][ T5970] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  139.490258][ T5970] R13: 00007f90b3555fa0 R14: 00007f90b3555fa0 R15: 0000000000000005
[  139.490275][ T5970]  </TASK>
[  139.490889][ T5970] Kernel Offset: disabled