Warning: Permanently added '10.128.0.7' (ED25519) to the list of known hosts.
[ 81.735114][ T50] cfg80211: failed to load regulatory.db
2025/12/10 01:31:55 parsed 1 programs
[ 84.728527][ T5801] cgroup: Unknown subsys name 'net'
[ 84.978597][ T5801] cgroup: Unknown subsys name 'cpuset'
[ 85.034578][ T5801] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 86.677281][ T5801] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.792553][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.801617][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.802433][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.803651][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.815705][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 93.587418][ T5866] chnl_net:caif_netlink_parms(): no params data found
[ 94.106721][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.107990][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.108181][ T5866] bridge_slave_0: entered allmulticast mode
[ 94.110032][ T5866] bridge_slave_0: entered promiscuous mode
[ 94.114424][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.114660][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.114817][ T5866] bridge_slave_1: entered allmulticast mode
[ 94.117324][ T5866] bridge_slave_1: entered promiscuous mode
[ 94.359444][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.398678][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.525913][ T5866] team0: Port device team_slave_0 added
[ 94.527982][ T5866] team0: Port device team_slave_1 added
[ 94.686023][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.686035][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 94.686050][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.689157][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.689172][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 94.689193][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.850267][ T5866] hsr_slave_0: entered promiscuous mode
[ 94.851280][ T5866] hsr_slave_1: entered promiscuous mode
[ 95.245446][ T5866] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.281947][ T5866] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.299000][ T5866] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.338294][ T5866] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 95.607682][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0
[ 95.635552][ T5866] 8021q: adding VLAN 0 to HW filter on device team0
[ 95.642091][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.643131][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 95.680014][ T4801] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.680638][ T4801] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 95.882958][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 95.936259][ T5866] veth0_vlan: entered promiscuous mode
[ 95.943549][ T5866] veth1_vlan: entered promiscuous mode
[ 95.992708][ T5866] veth0_macvtap: entered promiscuous mode
[ 96.003565][ T5866] veth1_macvtap: entered promiscuous mode
[ 96.023386][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.037049][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.050059][ T70] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.068106][ T70] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.071666][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.071710][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.798928][ T43] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.086142][ T43] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.336698][ T43] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.648317][ T1549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.648346][ T1549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.722491][ T4801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.722511][ T4801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.078779][ T43] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/10 01:32:11 executed programs: 0
[ 99.003221][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.014849][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.016462][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.021920][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.022765][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.345335][ T5910] chnl_net:caif_netlink_parms(): no params data found
[ 99.466071][ T43] bridge_slave_1: left allmulticast mode
[ 99.466286][ T43] bridge_slave_1: left promiscuous mode
[ 99.468326][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.556242][ T43] bridge_slave_0: left allmulticast mode
[ 99.556272][ T43] bridge_slave_0: left promiscuous mode
[ 99.556513][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.065735][ T5820] Bluetooth: hci0: command tx timeout
[ 101.214785][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.284540][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.307163][ T43] bond0 (unregistering): Released all slaves
[ 101.566469][ T5910] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.566762][ T5910] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.566937][ T5910] bridge_slave_0: entered allmulticast mode
[ 101.568518][ T5910] bridge_slave_0: entered promiscuous mode
[ 101.684074][ T43] hsr_slave_0: left promiscuous mode
[ 101.724081][ T43] hsr_slave_1: left promiscuous mode
[ 101.724920][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.724981][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.755646][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.755672][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.830086][ T43] veth1_macvtap: left promiscuous mode
[ 101.830246][ T43] veth0_macvtap: left promiscuous mode
[ 101.830414][ T43] veth1_vlan: left promiscuous mode
[ 101.830594][ T43] veth0_vlan: left promiscuous mode
[ 103.145199][ T5820] Bluetooth: hci0: command tx timeout
[ 103.994557][ T43] team0 (unregistering): Port device team_slave_1 removed
[ 104.167117][ T43] team0 (unregistering): Port device team_slave_0 removed
[ 105.224042][ T5820] Bluetooth: hci0: command tx timeout
[ 106.064902][ T5910] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.065029][ T5910] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.065170][ T5910] bridge_slave_1: entered allmulticast mode
[ 106.066690][ T5910] bridge_slave_1: entered promiscuous mode
[ 106.269211][ T5910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 106.274474][ T5910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 106.448800][ T5910] team0: Port device team_slave_0 added
[ 106.452518][ T5910] team0: Port device team_slave_1 added
[ 106.636698][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 106.636715][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 106.636739][ T5910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 106.639077][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 106.639090][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 106.639113][ T5910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.931672][ T5910] hsr_slave_0: entered promiscuous mode
[ 106.932478][ T5910] hsr_slave_1: entered promiscuous mode
[ 107.304052][ T5820] Bluetooth: hci0: command tx timeout
[ 109.694172][ T5910] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 109.774376][ T5910] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 109.834309][ T5910] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 109.914376][ T5910] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 110.128798][ T5910] 8021q: adding VLAN 0 to HW filter on device bond0
[ 110.153017][ T5910] 8021q: adding VLAN 0 to HW filter on device team0
[ 110.168600][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.168738][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 110.176591][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.176793][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 110.370867][ T5910] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 110.421005][ T5910] veth0_vlan: entered promiscuous mode
[ 110.432640][ T5910] veth1_vlan: entered promiscuous mode
[ 110.461827][ T5910] veth0_macvtap: entered promiscuous mode
[ 110.471722][ T5910] veth1_macvtap: entered promiscuous mode
[ 110.491312][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 110.507260][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.514694][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.530023][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.530880][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.531088][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.710579][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.710602][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.757888][ T1549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.757908][ T1549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/10 01:32:23 executed programs: 2
[ 111.081105][ T6028] loop0: detected capacity change from 0 to 32768
[ 111.127411][ T6028] (syz.0.17,6028,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 111.133342][ T6028] (syz.0.17,6028,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 111.204330][ T6028] JBD2: Ignoring recovery information on journal
[ 111.267325][ T6028] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 111.345700][ T6028]
[ 111.345710][ T6028] ======================================================
[ 111.345714][ T6028] WARNING: possible circular locking dependency detected
[ 111.345725][ T6028] syzkaller #0 Not tainted
[ 111.345730][ T6028] ------------------------------------------------------
[ 111.345734][ T6028] syz.0.17/6028 is trying to acquire lock:
[ 111.345739][ T6028] ffff888034d6e770 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_setattr+0x959/0x1b20
[ 111.345781][ T6028]
[ 111.345781][ T6028] but task is already holding lock:
[ 111.345784][ T6028] ffff888052f65b90 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x94a/0x1b20
[ 111.345806][ T6028]
[ 111.345806][ T6028] which lock already depends on the new lock.
[ 111.345806][ T6028]
[ 111.345809][ T6028]
[ 111.345809][ T6028] the existing dependency chain (in reverse order) is:
[ 111.345813][ T6028]
[ 111.345813][ T6028] -> #3 (&oi->ip_alloc_sem){+.+.}-{4:4}:
[ 111.345826][ T6028] down_write+0x3a/0x50
[ 111.345838][ T6028] ocfs2_try_remove_refcount_tree+0xb6/0x320
[ 111.345847][ T6028] ocfs2_xattr_set+0x595/0x11f0
[ 111.345857][ T6028] ocfs2_set_acl+0x701/0x7b0
[ 111.345865][ T6028] ocfs2_iop_set_acl+0x1aa/0x2a0
[ 111.345872][ T6028] vfs_remove_acl+0x48e/0x700
[ 111.345880][ T6028] ovl_workdir_create+0x57d/0x900
[ 111.345891][ T6028] ovl_fill_super+0x188f/0x5a90
[ 111.345900][ T6028] get_tree_nodev+0xbb/0x150
[ 111.345911][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.345922][ T6028] do_new_mount+0x302/0xa10
[ 111.345930][ T6028] __se_sys_mount+0x313/0x410
[ 111.345938][ T6028] do_syscall_64+0xfa/0xf80
[ 111.345948][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.345957][ T6028]
[ 111.345957][ T6028] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[ 111.345969][ T6028] down_read+0x97/0x1f0
[ 111.345979][ T6028] ocfs2_init_acl+0x1a5/0x7b0
[ 111.345987][ T6028] ocfs2_mknod+0x12ff/0x2030
[ 111.345999][ T6028] ocfs2_mkdir+0x181/0x420
[ 111.346010][ T6028] vfs_mkdir+0x52d/0x5d0
[ 111.346021][ T6028] do_mkdirat+0x27a/0x4b0
[ 111.346032][ T6028] __x64_sys_mkdirat+0x87/0xa0
[ 111.346043][ T6028] do_syscall_64+0xfa/0xf80
[ 111.346053][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.346061][ T6028]
[ 111.346061][ T6028] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[ 111.346073][ T6028] down_read+0x97/0x1f0
[ 111.346083][ T6028] ocfs2_start_trans+0x36b/0x6d0
[ 111.346092][ T6028] ocfs2_modify_bh+0xe8/0x470
[ 111.346105][ T6028] ocfs2_local_read_info+0x1465/0x17e0
[ 111.346112][ T6028] dquot_load_quota_sb+0x791/0xbd0
[ 111.346125][ T6028] dquot_load_quota_inode+0x2e1/0x5d0
[ 111.346136][ T6028] ocfs2_enable_quotas+0x1c6/0x450
[ 111.346147][ T6028] ocfs2_fill_super+0x5155/0x65b0
[ 111.346157][ T6028] get_tree_bdev_flags+0x40e/0x4d0
[ 111.346168][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.346179][ T6028] do_new_mount+0x302/0xa10
[ 111.346186][ T6028] __se_sys_mount+0x313/0x410
[ 111.346194][ T6028] do_syscall_64+0xfa/0xf80
[ 111.346204][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.346212][ T6028]
[ 111.346212][ T6028] -> #0 (sb_internal#2){.+.+}-{0:0}:
[ 111.346226][ T6028] __lock_acquire+0x15a6/0x2cf0
[ 111.346238][ T6028] lock_acquire+0x117/0x340
[ 111.346248][ T6028] ocfs2_start_trans+0x26b/0x6d0
[ 111.346256][ T6028] ocfs2_setattr+0x959/0x1b20
[ 111.346267][ T6028] notify_change+0xc18/0xf60
[ 111.346278][ T6028] ovl_workdir_create+0x717/0x900
[ 111.346288][ T6028] ovl_fill_super+0x188f/0x5a90
[ 111.346297][ T6028] get_tree_nodev+0xbb/0x150
[ 111.346307][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.346318][ T6028] do_new_mount+0x302/0xa10
[ 111.346325][ T6028] __se_sys_mount+0x313/0x410
[ 111.346333][ T6028] do_syscall_64+0xfa/0xf80
[ 111.346343][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.346351][ T6028]
[ 111.346351][ T6028] other info that might help us debug this:
[ 111.346351][ T6028]
[ 111.346354][ T6028] Chain exists of:
[ 111.346354][ T6028] sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[ 111.346354][ T6028]
[ 111.346370][ T6028] Possible unsafe locking scenario:
[ 111.346370][ T6028]
[ 111.346373][ T6028] CPU0 CPU1
[ 111.346376][ T6028] ---- ----
[ 111.346379][ T6028] lock(&oi->ip_alloc_sem);
[ 111.346385][ T6028] lock(&oi->ip_xattr_sem);
[ 111.346391][ T6028] lock(&oi->ip_alloc_sem);
[ 111.346398][ T6028] rlock(sb_internal#2);
[ 111.346406][ T6028]
[ 111.346406][ T6028] *** DEADLOCK ***
[ 111.346406][ T6028]
[ 111.346409][ T6028] 4 locks held by syz.0.17/6028:
[ 111.346414][ T6028] #0: ffff888035fc60d0 (&type->s_umount_key#55/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0
[ 111.346441][ T6028] #1: ffff888034d6e480 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 111.346472][ T6028] #2: ffff888052f65f40 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: ovl_workdir_create+0x6a1/0x900
[ 111.346497][ T6028] #3: ffff888052f65b90 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x94a/0x1b20
[ 111.346520][ T6028]
[ 111.346520][ T6028] stack backtrace:
[ 111.346531][ T6028] CPU: 1 UID: 0 PID: 6028 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 111.346542][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 111.346554][ T6028] Call Trace:
[ 111.346563][ T6028]
[ 111.346567][ T6028] dump_stack_lvl+0x189/0x250
[ 111.346581][ T6028] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.346593][ T6028] ? __pfx__printk+0x10/0x10
[ 111.346602][ T6028] ? print_lock_name+0xde/0x100
[ 111.346616][ T6028] print_circular_bug+0x2e2/0x300
[ 111.346626][ T6028] check_noncircular+0x12e/0x150
[ 111.346635][ T6028] __lock_acquire+0x15a6/0x2cf0
[ 111.346651][ T6028] ? ocfs2_setattr+0x959/0x1b20
[ 111.346662][ T6028] lock_acquire+0x117/0x340
[ 111.346673][ T6028] ? ocfs2_setattr+0x959/0x1b20
[ 111.346685][ T6028] ? rt_spin_unlock+0x150/0x200
[ 111.346695][ T6028] ocfs2_start_trans+0x26b/0x6d0
[ 111.346704][ T6028] ? ocfs2_setattr+0x959/0x1b20
[ 111.346716][ T6028] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 111.346725][ T6028] ? setattr_prepare+0x1e7/0xac0
[ 111.346739][ T6028] ocfs2_setattr+0x959/0x1b20
[ 111.346752][ T6028] ? __pfx_ocfs2_setattr+0x10/0x10
[ 111.346764][ T6028] ? smk_tskacc+0x2fc/0x370
[ 111.346778][ T6028] ? smack_inode_setattr+0x17b/0x200
[ 111.346791][ T6028] ? __pfx_smack_inode_setattr+0x10/0x10
[ 111.346805][ T6028] ? current_time+0x222/0x360
[ 111.346815][ T6028] ? evm_inode_setattr+0x1bd/0x7d0
[ 111.346826][ T6028] ? __pfx_current_time+0x10/0x10
[ 111.346837][ T6028] ? try_break_deleg+0x7c/0x130
[ 111.346849][ T6028] ? __pfx_ocfs2_setattr+0x10/0x10
[ 111.346860][ T6028] notify_change+0xc18/0xf60
[ 111.346874][ T6028] ovl_workdir_create+0x717/0x900
[ 111.346886][ T6028] ? __pfx_ovl_workdir_create+0x10/0x10
[ 111.346899][ T6028] ? mnt_get_write_access+0x262/0x2d0
[ 111.346911][ T6028] ovl_fill_super+0x188f/0x5a90
[ 111.346924][ T6028] ? check_path+0x21/0x40
[ 111.346935][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.346944][ T6028] ? __lock_acquire+0x6b6/0x2cf0
[ 111.346958][ T6028] ? do_raw_spin_lock+0x121/0x290
[ 111.346971][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.346982][ T6028] ? lockdep_hardirqs_on+0x98/0x140
[ 111.346993][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.347004][ T6028] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.347016][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.347026][ T6028] ? lockdep_hardirqs_on+0x98/0x140
[ 111.347038][ T6028] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 111.347047][ T6028] ? __raw_spin_lock_init+0x45/0x100
[ 111.347059][ T6028] ? sget_fc+0x962/0xa40
[ 111.347070][ T6028] ? __pfx_set_anon_super_fc+0x10/0x10
[ 111.347081][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.347091][ T6028] get_tree_nodev+0xbb/0x150
[ 111.347103][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.347116][ T6028] do_new_mount+0x302/0xa10
[ 111.347124][ T6028] ? safesetid_security_capable+0xa9/0x1a0
[ 111.347135][ T6028] ? __pfx_do_new_mount+0x10/0x10
[ 111.347143][ T6028] ? ns_capable+0x8a/0xf0
[ 111.347154][ T6028] ? path_mount+0x628/0xff0
[ 111.347164][ T6028] __se_sys_mount+0x313/0x410
[ 111.347174][ T6028] ? __pfx___se_sys_mount+0x10/0x10
[ 111.347184][ T6028] ? do_syscall_64+0xbe/0xf80
[ 111.347194][ T6028] ? __x64_sys_mount+0x20/0xc0
[ 111.347203][ T6028] do_syscall_64+0xfa/0xf80
[ 111.347214][ T6028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.347223][ T6028] ? clear_bhb_loop+0x60/0xb0
[ 111.347233][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.347242][ T6028] RIP: 0033:0x7f2f6f77f749
[ 111.347254][ T6028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 111.347261][ T6028] RSP: 002b:00007fffa22edc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 111.347271][ T6028] RAX: ffffffffffffffda RBX: 00007f2f6f9d5fa0 RCX: 00007f2f6f77f749
[ 111.347278][ T6028] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 111.347285][ T6028] RBP: 00007f2f6f803f91 R08: 0000200000000400 R09: 0000000000000000
[ 111.347291][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.347296][ T6028] R13: 00007f2f6f9d5fa0 R14: 00007f2f6f9d5fa0 R15: 0000000000000005
[ 111.347306][ T6028]
[ 111.347552][ T6028] overlayfs: upper fs does not support tmpfile.
[ 111.348375][ T6028] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 111.348980][ T6028] ------------[ cut here ]------------
[ 111.348985][ T6028] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1955:3
[ 111.348993][ T6028] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]')
[ 111.349003][ T6028] CPU: 1 UID: 0 PID: 6028 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 111.349014][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 111.349020][ T6028] Call Trace:
[ 111.349024][ T6028]
[ 111.349028][ T6028] dump_stack_lvl+0x189/0x250
[ 111.349044][ T6028] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.349056][ T6028] ? __pfx__printk+0x10/0x10
[ 111.349064][ T6028] ? __ocfs2_journal_access+0x605/0x800
[ 111.349076][ T6028] ? ocfs2_xa_set+0x1713/0x2a70
[ 111.349089][ T6028] ubsan_epilogue+0xa/0x40
[ 111.349098][ T6028] __ubsan_handle_out_of_bounds+0xe9/0xf0
[ 111.349112][ T6028] ocfs2_xa_remove_entry+0x36d/0x3e0
[ 111.349125][ T6028] ocfs2_xa_set+0xaf4/0x2a70
[ 111.349138][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349148][ T6028] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.349160][ T6028] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 111.349171][ T6028] ? rt_mutex_slowunlock+0x493/0x8a0
[ 111.349181][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349189][ T6028] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 111.349198][ T6028] ? lock_release+0x4b/0x3b0
[ 111.349210][ T6028] ? try_to_take_rt_mutex+0x840/0xb00
[ 111.349222][ T6028] ? rtlock_slowlock_locked+0xd8/0x4010
[ 111.349231][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349241][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.349252][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.349264][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349272][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.349284][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.349295][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349303][ T6028] ? is_bpf_text_address+0x26/0x2b0
[ 111.349316][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349324][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349333][ T6028] ? lock_release+0x4b/0x3b0
[ 111.349344][ T6028] ? lock_release+0x4b/0x3b0
[ 111.349357][ T6028] ? rt_read_lock+0x203/0x490
[ 111.349365][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349373][ T6028] ? lock_acquire+0x5f/0x340
[ 111.349385][ T6028] ocfs2_xattr_block_set+0x3ca/0x31b0
[ 111.349399][ T6028] ? lock_acquire+0x5f/0x340
[ 111.349412][ T6028] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 111.349422][ T6028] ? start_this_handle+0x2068/0x21c0
[ 111.349438][ T6028] ? __pfx_start_this_handle+0x10/0x10
[ 111.349458][ T6028] ? jbd2__journal_start+0x146/0x5b0
[ 111.349468][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349477][ T6028] __ocfs2_xattr_set_handle+0x27e/0xf20
[ 111.349488][ T6028] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 111.349499][ T6028] ? jbd2_journal_start+0x2a/0x40
[ 111.349509][ T6028] ? ocfs2_start_trans+0x497/0x6d0
[ 111.349519][ T6028] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 111.349528][ T6028] ? ocfs2_xattr_ibody_find+0xcb/0x7c0
[ 111.349537][ T6028] ? __kmalloc_cache_noprof+0x1fb/0x6d0
[ 111.349552][ T6028] ocfs2_xattr_set+0xde8/0x11f0
[ 111.349566][ T6028] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 111.349578][ T6028] ? smack_log+0xef/0x3f0
[ 111.349591][ T6028] ? __pfx_smack_log+0x10/0x10
[ 111.349602][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.349611][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.349623][ T6028] ? smk_tskacc+0x2fc/0x370
[ 111.349636][ T6028] ? posix_xattr_acl+0x93/0xc0
[ 111.349648][ T6028] ? evm_protect_xattr+0x4d4/0xa90
[ 111.349659][ T6028] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 111.349670][ T6028] __vfs_removexattr+0x431/0x470
[ 111.349682][ T6028] __vfs_removexattr_locked+0x1ee/0x230
[ 111.349693][ T6028] vfs_removexattr+0x80/0x1b0
[ 111.349703][ T6028] ovl_fill_super+0x487b/0x5a90
[ 111.349717][ T6028] ? check_path+0x21/0x40
[ 111.349728][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.349738][ T6028] ? __lock_acquire+0x6b6/0x2cf0
[ 111.349754][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.349766][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.349777][ T6028] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.349789][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.349799][ T6028] ? lockdep_hardirqs_on+0x98/0x140
[ 111.349811][ T6028] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 111.349821][ T6028] ? __raw_spin_lock_init+0x45/0x100
[ 111.349834][ T6028] ? sget_fc+0x962/0xa40
[ 111.349845][ T6028] ? __pfx_set_anon_super_fc+0x10/0x10
[ 111.349856][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.349866][ T6028] get_tree_nodev+0xbb/0x150
[ 111.349878][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.349891][ T6028] do_new_mount+0x302/0xa10
[ 111.349900][ T6028] ? safesetid_security_capable+0xa9/0x1a0
[ 111.349911][ T6028] ? __pfx_do_new_mount+0x10/0x10
[ 111.349919][ T6028] ? ns_capable+0x8a/0xf0
[ 111.349930][ T6028] ? path_mount+0x628/0xff0
[ 111.349940][ T6028] __se_sys_mount+0x313/0x410
[ 111.349950][ T6028] ? __pfx___se_sys_mount+0x10/0x10
[ 111.349960][ T6028] ? do_syscall_64+0xbe/0xf80
[ 111.349970][ T6028] ? __x64_sys_mount+0x20/0xc0
[ 111.349980][ T6028] do_syscall_64+0xfa/0xf80
[ 111.349991][ T6028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.350000][ T6028] ? clear_bhb_loop+0x60/0xb0
[ 111.350010][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.350019][ T6028] RIP: 0033:0x7f2f6f77f749
[ 111.350028][ T6028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 111.350036][ T6028] RSP: 002b:00007fffa22edc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 111.350046][ T6028] RAX: ffffffffffffffda RBX: 00007f2f6f9d5fa0 RCX: 00007f2f6f77f749
[ 111.350053][ T6028] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 111.350060][ T6028] RBP: 00007f2f6f803f91 R08: 0000200000000400 R09: 0000000000000000
[ 111.350066][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.350071][ T6028] R13: 00007f2f6f9d5fa0 R14: 00007f2f6f9d5fa0 R15: 0000000000000005
[ 111.350081][ T6028]
[ 111.350084][ T6028] ---[ end trace ]---
[ 111.350090][ T6028] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 111.350100][ T6028] CPU: 1 UID: 0 PID: 6028 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 111.350110][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 111.350116][ T6028] Call Trace:
[ 111.350119][ T6028]
[ 111.350122][ T6028] dump_stack_lvl+0x99/0x250
[ 111.350135][ T6028] ? __asan_memcpy+0x40/0x70
[ 111.350146][ T6028] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.350157][ T6028] ? __pfx__printk+0x10/0x10
[ 111.350168][ T6028] vpanic+0x237/0x6d0
[ 111.350181][ T6028] ? __pfx_vpanic+0x10/0x10
[ 111.350194][ T6028] panic+0xb9/0xc0
[ 111.350206][ T6028] ? __pfx_panic+0x10/0x10
[ 111.350218][ T6028] ? __pfx__printk+0x10/0x10
[ 111.350226][ T6028] ? __ocfs2_journal_access+0x605/0x800
[ 111.350237][ T6028] ? ocfs2_xa_set+0x1713/0x2a70
[ 111.350249][ T6028] check_panic_on_warn+0x89/0xb0
[ 111.350264][ T6028] __ubsan_handle_out_of_bounds+0xe9/0xf0
[ 111.350276][ T6028] ocfs2_xa_remove_entry+0x36d/0x3e0
[ 111.350289][ T6028] ocfs2_xa_set+0xaf4/0x2a70
[ 111.350302][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350311][ T6028] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.350323][ T6028] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 111.350334][ T6028] ? rt_mutex_slowunlock+0x493/0x8a0
[ 111.350344][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350352][ T6028] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 111.350361][ T6028] ? lock_release+0x4b/0x3b0
[ 111.350373][ T6028] ? try_to_take_rt_mutex+0x840/0xb00
[ 111.350384][ T6028] ? rtlock_slowlock_locked+0xd8/0x4010
[ 111.350394][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350403][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.350415][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.350426][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350434][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.350450][ T6028] ? unwind_next_frame+0xa5/0x2390
[ 111.350461][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350470][ T6028] ? is_bpf_text_address+0x26/0x2b0
[ 111.350481][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350490][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350498][ T6028] ? lock_release+0x4b/0x3b0
[ 111.350509][ T6028] ? lock_release+0x4b/0x3b0
[ 111.350523][ T6028] ? rt_read_lock+0x203/0x490
[ 111.350531][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350539][ T6028] ? lock_acquire+0x5f/0x340
[ 111.350552][ T6028] ocfs2_xattr_block_set+0x3ca/0x31b0
[ 111.350565][ T6028] ? lock_acquire+0x5f/0x340
[ 111.350578][ T6028] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 111.350589][ T6028] ? start_this_handle+0x2068/0x21c0
[ 111.350604][ T6028] ? __pfx_start_this_handle+0x10/0x10
[ 111.350619][ T6028] ? jbd2__journal_start+0x146/0x5b0
[ 111.350629][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350638][ T6028] __ocfs2_xattr_set_handle+0x27e/0xf20
[ 111.350649][ T6028] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 111.350660][ T6028] ? jbd2_journal_start+0x2a/0x40
[ 111.350670][ T6028] ? ocfs2_start_trans+0x497/0x6d0
[ 111.350681][ T6028] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 111.350689][ T6028] ? ocfs2_xattr_ibody_find+0xcb/0x7c0
[ 111.350699][ T6028] ? __kmalloc_cache_noprof+0x1fb/0x6d0
[ 111.350713][ T6028] ocfs2_xattr_set+0xde8/0x11f0
[ 111.350727][ T6028] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 111.350739][ T6028] ? smack_log+0xef/0x3f0
[ 111.350751][ T6028] ? __pfx_smack_log+0x10/0x10
[ 111.350762][ T6028] ? rcu_is_watching+0x15/0xb0
[ 111.350771][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.350783][ T6028] ? smk_tskacc+0x2fc/0x370
[ 111.350796][ T6028] ? posix_xattr_acl+0x93/0xc0
[ 111.350807][ T6028] ? evm_protect_xattr+0x4d4/0xa90
[ 111.350819][ T6028] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 111.350830][ T6028] __vfs_removexattr+0x431/0x470
[ 111.350842][ T6028] __vfs_removexattr_locked+0x1ee/0x230
[ 111.350852][ T6028] vfs_removexattr+0x80/0x1b0
[ 111.350863][ T6028] ovl_fill_super+0x487b/0x5a90
[ 111.350875][ T6028] ? check_path+0x21/0x40
[ 111.350886][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.350896][ T6028] ? __lock_acquire+0x6b6/0x2cf0
[ 111.350912][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.350924][ T6028] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.350935][ T6028] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.350947][ T6028] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 111.350958][ T6028] ? lockdep_hardirqs_on+0x98/0x140
[ 111.350969][ T6028] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 111.350979][ T6028] ? __raw_spin_lock_init+0x45/0x100
[ 111.350991][ T6028] ? sget_fc+0x962/0xa40
[ 111.351002][ T6028] ? __pfx_set_anon_super_fc+0x10/0x10
[ 111.351014][ T6028] ? __pfx_ovl_fill_super+0x10/0x10
[ 111.351024][ T6028] get_tree_nodev+0xbb/0x150
[ 111.351036][ T6028] vfs_get_tree+0x92/0x2a0
[ 111.351048][ T6028] do_new_mount+0x302/0xa10
[ 111.351057][ T6028] ? safesetid_security_capable+0xa9/0x1a0
[ 111.351067][ T6028] ? __pfx_do_new_mount+0x10/0x10
[ 111.351076][ T6028] ? ns_capable+0x8a/0xf0
[ 111.351086][ T6028] ? path_mount+0x628/0xff0
[ 111.351097][ T6028] __se_sys_mount+0x313/0x410
[ 111.351107][ T6028] ? __pfx___se_sys_mount+0x10/0x10
[ 111.351117][ T6028] ? do_syscall_64+0xbe/0xf80
[ 111.351127][ T6028] ? __x64_sys_mount+0x20/0xc0
[ 111.351136][ T6028] do_syscall_64+0xfa/0xf80
[ 111.351147][ T6028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.351156][ T6028] ? clear_bhb_loop+0x60/0xb0
[ 111.351166][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.351175][ T6028] RIP: 0033:0x7f2f6f77f749
[ 111.351182][ T6028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 111.351190][ T6028] RSP: 002b:00007fffa22edc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 111.351199][ T6028] RAX: ffffffffffffffda RBX: 00007f2f6f9d5fa0 RCX: 00007f2f6f77f749
[ 111.351206][ T6028] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 111.351212][ T6028] RBP: 00007f2f6f803f91 R08: 0000200000000400 R09: 0000000000000000
[ 111.351218][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.351224][ T6028] R13: 00007f2f6f9d5fa0 R14: 00007f2f6f9d5fa0 R15: 0000000000000005
[ 111.351233][ T6028]
[ 111.351637][ T6028] Kernel Offset: disabled