Warning: Permanently added '10.128.1.180' (ED25519) to the list of known hosts.
[   81.698698][  T886] cfg80211: failed to load regulatory.db
2026/02/14 21:18:01 parsed 1 programs
[   86.577454][ T5808] cgroup: Unknown subsys name 'net'
[   86.829472][ T5808] cgroup: Unknown subsys name 'cpuset'
[   86.894328][ T5808] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   88.838075][ T5808] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.139094][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   92.237726][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.238703][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.239050][ T5822] bridge_slave_0: entered allmulticast mode
[   92.240530][ T5822] bridge_slave_0: entered promiscuous mode
[   92.272587][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.272706][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.272981][ T5822] bridge_slave_1: entered allmulticast mode
[   92.277419][ T5822] bridge_slave_1: entered promiscuous mode
[   92.319747][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.322317][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.369981][ T5822] team0: Port device team_slave_0 added
[   92.372602][ T5822] team0: Port device team_slave_1 added
[   92.402797][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.402810][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.402823][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.411334][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.411351][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.411375][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.486905][ T5822] hsr_slave_0: entered promiscuous mode
[   92.488820][ T5822] hsr_slave_1: entered promiscuous mode
[   92.751874][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.772404][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.808778][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.847458][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.930657][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.931979][ T5822] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.932900][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.932985][ T5822] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.042360][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.106886][ T3328] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.154438][ T3328] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.322723][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   93.341014][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.341309][ T3318] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.363132][ T3328] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.364577][ T3328] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.575745][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.632953][ T5822] veth0_vlan: entered promiscuous mode
[   93.648319][ T5822] veth1_vlan: entered promiscuous mode
[   93.682449][ T5822] veth0_macvtap: entered promiscuous mode
[   93.695155][ T5822] veth1_macvtap: entered promiscuous mode
[   93.712894][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.725920][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.741791][ T3318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.751777][ T3318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.752469][ T3318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.752669][ T3318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.599326][ T3328] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.836931][ T3328] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.107122][ T3328] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.368909][ T3328] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.567848][ T3279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.567872][ T3279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.711375][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.711391][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.793991][ T3328] bridge_slave_1: left allmulticast mode
[   96.794167][ T3328] bridge_slave_1: left promiscuous mode
[   96.796207][ T3328] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.898397][ T3328] bridge_slave_0: left allmulticast mode
[   96.898426][ T3328] bridge_slave_0: left promiscuous mode
[   96.898931][ T3328] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.315068][ T3328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.417733][ T3328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.435878][ T3328] bond0 (unregistering): Released all slaves
[   98.823524][ T3328] hsr_slave_0: left promiscuous mode
[   98.863850][ T3328] hsr_slave_1: left promiscuous mode
[   98.865069][ T3328] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.865154][ T3328] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.905485][ T3328] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.905514][ T3328] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.026231][ T3328] veth1_macvtap: left promiscuous mode
[   99.026457][ T3328] veth0_macvtap: left promiscuous mode
[   99.026707][ T3328] veth1_vlan: left promiscuous mode
[   99.026992][ T3328] veth0_vlan: left promiscuous mode
[  101.344065][ T3328] team0 (unregistering): Port device team_slave_1 removed
[  101.544233][ T3328] team0 (unregistering): Port device team_slave_0 removed
[  104.376353][ T5934] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  104.383560][ T5934] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.400017][ T5934] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.401656][ T5934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.402368][ T5934] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/02/14 21:18:25 executed programs: 0
[  107.919082][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.921662][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.922739][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.940280][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.940931][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.439029][ T5984] chnl_net:caif_netlink_parms(): no params data found
[  108.567313][ T5984] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.567433][ T5984] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.567519][ T5984] bridge_slave_0: entered allmulticast mode
[  108.568832][ T5984] bridge_slave_0: entered promiscuous mode
[  108.570722][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.570830][ T5984] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.570916][ T5984] bridge_slave_1: entered allmulticast mode
[  108.572290][ T5984] bridge_slave_1: entered promiscuous mode
[  108.627722][ T5984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.632690][ T5984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.726296][ T5984] team0: Port device team_slave_0 added
[  108.728623][ T5984] team0: Port device team_slave_1 added
[  108.758293][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.758310][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.758329][ T5984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.759511][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.759522][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.759540][ T5984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.888031][ T5984] hsr_slave_0: entered promiscuous mode
[  108.888811][ T5984] hsr_slave_1: entered promiscuous mode
[  110.005211][   T60] Bluetooth: hci0: command tx timeout
[  110.633891][ T5984] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.679387][ T5984] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.712470][ T5984] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.748508][ T5984] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.897436][ T5984] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.932403][ T5984] 8021q: adding VLAN 0 to HW filter on device team0
[  110.944966][ T1358] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.945082][ T1358] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.946889][ T1358] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.946992][ T1358] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.244892][ T5984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.318557][ T5984] veth0_vlan: entered promiscuous mode
[  111.328238][ T5984] veth1_vlan: entered promiscuous mode
[  111.375569][ T5984] veth0_macvtap: entered promiscuous mode
[  111.385085][ T5984] veth1_macvtap: entered promiscuous mode
[  111.400329][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.415685][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.427701][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.427920][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.427954][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.427986][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.657558][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.657577][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.728364][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.728384][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.086076][   T60] Bluetooth: hci0: command tx timeout
[  112.226963][ T6076] loop0: detected capacity change from 0 to 32768
[  112.289870][ T6076] (syz.0.17,6076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  112.299656][ T6076] (syz.0.17,6076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  112.369865][ T6076] JBD2: Ignoring recovery information on journal
[  112.478001][ T6076] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  112.621839][ T6076] 
[  112.621851][ T6076] ======================================================
[  112.621858][ T6076] WARNING: possible circular locking dependency detected
[  112.621875][ T6076] syzkaller #0 Not tainted
[  112.621883][ T6076] ------------------------------------------------------
[  112.621889][ T6076] syz.0.17/6076 is trying to acquire lock:
[  112.621899][ T6076] ffff888039346770 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_setattr+0xcc6/0x1c70
[  112.621953][ T6076] 
[  112.621953][ T6076] but task is already holding lock:
[  112.621959][ T6076] ffff88805ae72950 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0xcb7/0x1c70
[  112.621993][ T6076] 
[  112.621993][ T6076] which lock already depends on the new lock.
[  112.621993][ T6076] 
[  112.622000][ T6076] 
[  112.622000][ T6076] the existing dependency chain (in reverse order) is:
[  112.622006][ T6076] 
[  112.622006][ T6076] -> #3 (&oi->ip_alloc_sem){+.+.}-{4:4}:
[  112.622029][ T6076]        down_write+0x3a/0x50
[  112.622050][ T6076]        ocfs2_try_remove_refcount_tree+0xb6/0x340
[  112.622069][ T6076]        ocfs2_xattr_set+0x61a/0x13e0
[  112.622086][ T6076]        ocfs2_set_acl+0x701/0x7b0
[  112.622103][ T6076]        ocfs2_iop_set_acl+0x1b1/0x2b0
[  112.622119][ T6076]        vfs_remove_acl+0x54e/0x840
[  112.622137][ T6076]        ovl_workdir_create+0x5b3/0x940
[  112.622158][ T6076]        ovl_fill_super+0x1a1e/0x5e60
[  112.622176][ T6076]        get_tree_nodev+0xbb/0x150
[  112.622189][ T6076]        vfs_get_tree+0x92/0x2a0
[  112.622201][ T6076]        do_new_mount+0x341/0xd30
[  112.622219][ T6076]        __se_sys_mount+0x31d/0x420
[  112.622237][ T6076]        do_syscall_64+0x14d/0xf80
[  112.622255][ T6076]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.622271][ T6076] 
[  112.622271][ T6076] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[  112.622296][ T6076]        down_read+0x97/0x200
[  112.622314][ T6076]        ocfs2_init_acl+0x1c3/0x800
[  112.622330][ T6076]        ocfs2_mknod+0x1423/0x2210
[  112.622346][ T6076]        ocfs2_mkdir+0x181/0x430
[  112.622359][ T6076]        vfs_mkdir+0x40b/0x630
[  112.622374][ T6076]        filename_mkdirat+0x289/0x520
[  112.622390][ T6076]        __se_sys_mkdirat+0x35/0x150
[  112.622405][ T6076]        do_syscall_64+0x14d/0xf80
[  112.622422][ T6076]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.622437][ T6076] 
[  112.622437][ T6076] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  112.622466][ T6076]        down_read+0x97/0x200
[  112.622484][ T6076]        ocfs2_start_trans+0x3ac/0x700
[  112.622502][ T6076]        ocfs2_modify_bh+0xe3/0x4d0
[  112.622519][ T6076]        ocfs2_local_read_info+0x1454/0x1810
[  112.622536][ T6076]        dquot_load_quota_sb+0x791/0xbd0
[  112.622552][ T6076]        dquot_load_quota_inode+0x2e1/0x5d0
[  112.622568][ T6076]        ocfs2_enable_quotas+0x1c8/0x4a0
[  112.622588][ T6076]        ocfs2_fill_super+0x5340/0x6920
[  112.622607][ T6076]        get_tree_bdev_flags+0x431/0x4f0
[  112.622622][ T6076]        vfs_get_tree+0x92/0x2a0
[  112.622637][ T6076]        do_new_mount+0x341/0xd30
[  112.622654][ T6076]        __se_sys_mount+0x31d/0x420
[  112.622672][ T6076]        do_syscall_64+0x14d/0xf80
[  112.622690][ T6076]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.622705][ T6076] 
[  112.622705][ T6076] -> #0 (sb_internal#2){.+.+}-{0:0}:
[  112.622733][ T6076]        __lock_acquire+0x15a5/0x2cf0
[  112.622752][ T6076]        lock_acquire+0x106/0x330
[  112.622769][ T6076]        ocfs2_start_trans+0x2ac/0x700
[  112.622786][ T6076]        ocfs2_setattr+0xcc6/0x1c70
[  112.622800][ T6076]        notify_change+0xc18/0xf60
[  112.622816][ T6076]        ovl_workdir_create+0x716/0x940
[  112.622836][ T6076]        ovl_fill_super+0x1a1e/0x5e60
[  112.622854][ T6076]        get_tree_nodev+0xbb/0x150
[  112.622868][ T6076]        vfs_get_tree+0x92/0x2a0
[  112.622882][ T6076]        do_new_mount+0x341/0xd30
[  112.622899][ T6076]        __se_sys_mount+0x31d/0x420
[  112.622915][ T6076]        do_syscall_64+0x14d/0xf80
[  112.622931][ T6076]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.622946][ T6076] 
[  112.622946][ T6076] other info that might help us debug this:
[  112.622946][ T6076] 
[  112.622951][ T6076] Chain exists of:
[  112.622951][ T6076]   sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[  112.622951][ T6076] 
[  112.622982][ T6076]  Possible unsafe locking scenario:
[  112.622982][ T6076] 
[  112.622987][ T6076]        CPU0                    CPU1
[  112.622993][ T6076]        ----                    ----
[  112.622998][ T6076]   lock(&oi->ip_alloc_sem);
[  112.623009][ T6076]                                lock(&oi->ip_xattr_sem);
[  112.623023][ T6076]                                lock(&oi->ip_alloc_sem);
[  112.623036][ T6076]   rlock(sb_internal#2);
[  112.623052][ T6076] 
[  112.623052][ T6076]  *** DEADLOCK ***
[  112.623052][ T6076] 
[  112.623057][ T6076] 4 locks held by syz.0.17/6076:
[  112.623068][ T6076]  #0: ffff888039ce20d0 (&type->s_umount_key#56/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0
[  112.623122][ T6076]  #1: ffff888039346480 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  112.623162][ T6076]  #2: ffff88805ae72d00 (&sb->s_type->i_mutex_key#26){+.+.}-{4:4}, at: ovl_workdir_create+0x6b7/0x940
[  112.623209][ T6076]  #3: ffff88805ae72950 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0xcb7/0x1c70
[  112.623248][ T6076] 
[  112.623248][ T6076] stack backtrace:
[  112.623266][ T6076] CPU: 1 UID: 0 PID: 6076 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.623283][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  112.623300][ T6076] Call Trace:
[  112.623310][ T6076]  <TASK>
[  112.623317][ T6076]  dump_stack_lvl+0xe8/0x150
[  112.623340][ T6076]  print_circular_bug+0x2e1/0x300
[  112.623357][ T6076]  check_noncircular+0x12e/0x150
[  112.623375][ T6076]  __lock_acquire+0x15a5/0x2cf0
[  112.623401][ T6076]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.623422][ T6076]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.623441][ T6076]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  112.623470][ T6076]  ? ocfs2_setattr+0xcc6/0x1c70
[  112.623485][ T6076]  lock_acquire+0x106/0x330
[  112.623504][ T6076]  ? ocfs2_setattr+0xcc6/0x1c70
[  112.623523][ T6076]  ocfs2_start_trans+0x2ac/0x700
[  112.623541][ T6076]  ? ocfs2_setattr+0xcc6/0x1c70
[  112.623555][ T6076]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.623577][ T6076]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  112.623601][ T6076]  ocfs2_setattr+0xcc6/0x1c70
[  112.623621][ T6076]  ? __pfx_ocfs2_setattr+0x10/0x10
[  112.623635][ T6076]  ? smk_access+0x14c/0x4e0
[  112.623660][ T6076]  ? smack_inode_setattr+0x191/0x230
[  112.623679][ T6076]  ? __pfx_smack_inode_setattr+0x10/0x10
[  112.623702][ T6076]  ? current_time+0x22a/0x370
[  112.623724][ T6076]  ? evm_inode_setattr+0x1bd/0x7d0
[  112.623742][ T6076]  ? __pfx_current_time+0x10/0x10
[  112.623765][ T6076]  ? try_break_deleg+0x5b/0x190
[  112.623782][ T6076]  ? __pfx_ocfs2_setattr+0x10/0x10
[  112.623798][ T6076]  notify_change+0xc18/0xf60
[  112.623820][ T6076]  ovl_workdir_create+0x716/0x940
[  112.623843][ T6076]  ? __pfx_ovl_workdir_create+0x10/0x10
[  112.623868][ T6076]  ? mnt_get_write_access+0x262/0x2d0
[  112.623888][ T6076]  ovl_fill_super+0x1a1e/0x5e60
[  112.623907][ T6076]  ? unwind_get_return_address+0x4d/0x90
[  112.623935][ T6076]  ? stack_trace_save+0xa9/0x100
[  112.623953][ T6076]  ? __pfx_stack_trace_save+0x10/0x10
[  112.623976][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.623996][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.624020][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.624043][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.624063][ T6076]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.624084][ T6076]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.624104][ T6076]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.624123][ T6076]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  112.624142][ T6076]  ? rt_mutex_slowunlock+0x1cb/0x300
[  112.624162][ T6076]  ? __raw_spin_lock_init+0x45/0x100
[  112.624185][ T6076]  ? sget_fc+0x962/0xa40
[  112.624205][ T6076]  ? __pfx_set_anon_super_fc+0x10/0x10
[  112.624219][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.624240][ T6076]  get_tree_nodev+0xbb/0x150
[  112.624256][ T6076]  vfs_get_tree+0x92/0x2a0
[  112.624273][ T6076]  do_new_mount+0x341/0xd30
[  112.624292][ T6076]  ? safesetid_security_capable+0xa9/0x1a0
[  112.624317][ T6076]  ? __pfx_do_new_mount+0x10/0x10
[  112.624336][ T6076]  ? ns_capable+0x89/0xe0
[  112.624355][ T6076]  ? path_mount+0x690/0x10e0
[  112.624373][ T6076]  ? user_path_at+0xd4/0x160
[  112.624396][ T6076]  ? user_path_at+0xd4/0x160
[  112.624418][ T6076]  __se_sys_mount+0x31d/0x420
[  112.624440][ T6076]  ? __pfx___se_sys_mount+0x10/0x10
[  112.624535][ T6076]  ? __x64_sys_mount+0x20/0xc0
[  112.624566][ T6076]  do_syscall_64+0x14d/0xf80
[  112.624586][ T6076]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.624603][ T6076]  ? trace_irq_disable+0x37/0x100
[  112.624618][ T6076]  ? clear_bhb_loop+0x40/0x90
[  112.624636][ T6076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.624653][ T6076] RIP: 0033:0x7f637efcbf79
[  112.624678][ T6076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.624692][ T6076] RSP: 002b:00007ffcd8703048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.624709][ T6076] RAX: ffffffffffffffda RBX: 00007f637f245fa0 RCX: 00007f637efcbf79
[  112.624720][ T6076] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  112.624730][ T6076] RBP: 00007f637f0627e0 R08: 0000200000000a00 R09: 0000000000000000
[  112.624741][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.624752][ T6076] R13: 00007f637f245fac R14: 00007f637f245fa0 R15: 00007f637f245fa0
[  112.624770][ T6076]  </TASK>
[  112.627906][ T6076] overlayfs: upper fs does not support tmpfile.
[  112.629235][ T6076] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  112.630373][ T6076] ------------[ cut here ]------------
[  112.630381][ T6076] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3
[  112.630396][ T6076] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]')
[  112.630414][ T6076] CPU: 1 UID: 0 PID: 6076 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.630434][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  112.630444][ T6076] Call Trace:
[  112.630450][ T6076]  <TASK>
[  112.630457][ T6076]  dump_stack_lvl+0xe8/0x150
[  112.630480][ T6076]  ubsan_epilogue+0xa/0x30
[  112.630497][ T6076]  __ubsan_handle_out_of_bounds+0xe8/0xf0
[  112.630522][ T6076]  ocfs2_xa_remove_entry+0x49e/0x670
[  112.630543][ T6076]  ocfs2_xa_set+0xdb2/0x2ec0
[  112.630565][ T6076]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  112.630585][ T6076]  ? try_to_take_rt_mutex+0x840/0xb00
[  112.630604][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630626][ T6076]  ? __pfx_ocfs2_xa_set+0x10/0x10
[  112.630648][ T6076]  ? rtlock_slowlock_locked+0xfb/0x3c80
[  112.630666][ T6076]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.630683][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630706][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.630726][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630748][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.630768][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630789][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.630809][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630830][ T6076]  ? is_bpf_text_address+0x26/0x2b0
[  112.630847][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630869][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630889][ T6076]  ? lock_release+0x4b/0x3a0
[  112.630908][ T6076]  ? lock_release+0x4b/0x3a0
[  112.630929][ T6076]  ? is_bpf_text_address+0x292/0x2b0
[  112.630946][ T6076]  ? rt_read_lock+0x277/0x4b0
[  112.630961][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.630983][ T6076]  ? lock_acquire+0x5f/0x330
[  112.631004][ T6076]  ocfs2_xattr_block_set+0x3e0/0x3350
[  112.631028][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.631049][ T6076]  ? lock_acquire+0x5f/0x330
[  112.631069][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.631093][ T6076]  ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[  112.631113][ T6076]  ? start_this_handle+0x2135/0x2290
[  112.631144][ T6076]  ? __pfx_start_this_handle+0x10/0x10
[  112.631174][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.631195][ T6076]  __ocfs2_xattr_set_handle+0x262/0xf50
[  112.631218][ T6076]  ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[  112.631239][ T6076]  ? jbd2_journal_start+0x2a/0x40
[  112.631265][ T6076]  ? ocfs2_start_trans+0x4e2/0x700
[  112.631287][ T6076]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  112.631309][ T6076]  ocfs2_xattr_set+0xf3f/0x13e0
[  112.631342][ T6076]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  112.631365][ T6076]  ? smk_tskacc+0x311/0x3a0
[  112.631384][ T6076]  ? smack_log+0xf5/0x3f0
[  112.631402][ T6076]  ? __pfx_smack_log+0x10/0x10
[  112.631424][ T6076]  ? smk_tskacc+0x311/0x3a0
[  112.631445][ T6076]  ? posix_xattr_acl+0x93/0xc0
[  112.631463][ T6076]  ? evm_protect_xattr+0x4d4/0xac0
[  112.631481][ T6076]  ? __pfx_evm_protect_xattr+0x10/0x10
[  112.631498][ T6076]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  112.631520][ T6076]  __vfs_removexattr+0x431/0x470
[  112.631544][ T6076]  __vfs_removexattr_locked+0xe2/0x280
[  112.631566][ T6076]  vfs_removexattr+0x7f/0x230
[  112.631604][ T6076]  ovl_fill_super+0x4c39/0x5e60
[  112.631624][ T6076]  ? unwind_get_return_address+0x4d/0x90
[  112.631651][ T6076]  ? __pfx_stack_trace_save+0x10/0x10
[  112.631674][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.631694][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.631720][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.631743][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.631763][ T6076]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.631785][ T6076]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.631805][ T6076]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.631824][ T6076]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  112.631844][ T6076]  ? rt_mutex_slowunlock+0x1cb/0x300
[  112.631861][ T6076]  ? __raw_spin_lock_init+0x45/0x100
[  112.631884][ T6076]  ? sget_fc+0x962/0xa40
[  112.631905][ T6076]  ? __pfx_set_anon_super_fc+0x10/0x10
[  112.631920][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.631941][ T6076]  get_tree_nodev+0xbb/0x150
[  112.631956][ T6076]  vfs_get_tree+0x92/0x2a0
[  112.631972][ T6076]  do_new_mount+0x341/0xd30
[  112.631991][ T6076]  ? safesetid_security_capable+0xa9/0x1a0
[  112.632015][ T6076]  ? __pfx_do_new_mount+0x10/0x10
[  112.632034][ T6076]  ? ns_capable+0x89/0xe0
[  112.632053][ T6076]  ? path_mount+0x690/0x10e0
[  112.632070][ T6076]  ? user_path_at+0xd4/0x160
[  112.632093][ T6076]  ? user_path_at+0xd4/0x160
[  112.632115][ T6076]  __se_sys_mount+0x31d/0x420
[  112.632136][ T6076]  ? __pfx___se_sys_mount+0x10/0x10
[  112.632158][ T6076]  ? __x64_sys_mount+0x20/0xc0
[  112.632177][ T6076]  do_syscall_64+0x14d/0xf80
[  112.632197][ T6076]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.632213][ T6076]  ? trace_irq_disable+0x37/0x100
[  112.632227][ T6076]  ? clear_bhb_loop+0x40/0x90
[  112.632245][ T6076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.632268][ T6076] RIP: 0033:0x7f637efcbf79
[  112.632284][ T6076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.632298][ T6076] RSP: 002b:00007ffcd8703048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.632316][ T6076] RAX: ffffffffffffffda RBX: 00007f637f245fa0 RCX: 00007f637efcbf79
[  112.632329][ T6076] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  112.632341][ T6076] RBP: 00007f637f0627e0 R08: 0000200000000a00 R09: 0000000000000000
[  112.632352][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.632363][ T6076] R13: 00007f637f245fac R14: 00007f637f245fa0 R15: 00007f637f245fa0
[  112.632381][ T6076]  </TASK>
[  112.632388][ T6076] ---[ end trace ]---
[  112.632397][ T6076] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  112.632415][ T6076] CPU: 1 UID: 0 PID: 6076 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.632435][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  112.632445][ T6076] Call Trace:
[  112.632451][ T6076]  <TASK>
[  112.632458][ T6076]  vpanic+0x1e0/0x670
[  112.632481][ T6076]  panic+0xc5/0xd0
[  112.632500][ T6076]  ? __pfx_panic+0x10/0x10
[  112.632521][ T6076]  ? __pfx__printk+0x10/0x10
[  112.632540][ T6076]  check_panic_on_warn+0x89/0xb0
[  112.632558][ T6076]  __ubsan_handle_out_of_bounds+0xe8/0xf0
[  112.632581][ T6076]  ocfs2_xa_remove_entry+0x49e/0x670
[  112.632600][ T6076]  ocfs2_xa_set+0xdb2/0x2ec0
[  112.632622][ T6076]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  112.632641][ T6076]  ? try_to_take_rt_mutex+0x840/0xb00
[  112.632660][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632681][ T6076]  ? __pfx_ocfs2_xa_set+0x10/0x10
[  112.632703][ T6076]  ? rtlock_slowlock_locked+0xfb/0x3c80
[  112.632721][ T6076]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.632738][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632761][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.632782][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632803][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.632823][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632844][ T6076]  ? unwind_next_frame+0xa5/0x23c0
[  112.632864][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632886][ T6076]  ? is_bpf_text_address+0x26/0x2b0
[  112.632902][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632925][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.632946][ T6076]  ? lock_release+0x4b/0x3a0
[  112.632965][ T6076]  ? lock_release+0x4b/0x3a0
[  112.632986][ T6076]  ? is_bpf_text_address+0x292/0x2b0
[  112.633003][ T6076]  ? rt_read_lock+0x277/0x4b0
[  112.633019][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.633040][ T6076]  ? lock_acquire+0x5f/0x330
[  112.633062][ T6076]  ocfs2_xattr_block_set+0x3e0/0x3350
[  112.633085][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.633107][ T6076]  ? lock_acquire+0x5f/0x330
[  112.633126][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.633150][ T6076]  ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[  112.633172][ T6076]  ? start_this_handle+0x2135/0x2290
[  112.633202][ T6076]  ? __pfx_start_this_handle+0x10/0x10
[  112.633232][ T6076]  ? rcu_is_watching+0x15/0xb0
[  112.633260][ T6076]  __ocfs2_xattr_set_handle+0x262/0xf50
[  112.633279][ T6076]  ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[  112.633298][ T6076]  ? jbd2_journal_start+0x2a/0x40
[  112.633315][ T6076]  ? ocfs2_start_trans+0x4e2/0x700
[  112.633337][ T6076]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  112.633360][ T6076]  ocfs2_xattr_set+0xf3f/0x13e0
[  112.633389][ T6076]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  112.633413][ T6076]  ? smk_tskacc+0x311/0x3a0
[  112.633431][ T6076]  ? smack_log+0xf5/0x3f0
[  112.633450][ T6076]  ? __pfx_smack_log+0x10/0x10
[  112.633471][ T6076]  ? smk_tskacc+0x311/0x3a0
[  112.633492][ T6076]  ? posix_xattr_acl+0x93/0xc0
[  112.633510][ T6076]  ? evm_protect_xattr+0x4d4/0xac0
[  112.633530][ T6076]  ? __pfx_evm_protect_xattr+0x10/0x10
[  112.633546][ T6076]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  112.633567][ T6076]  __vfs_removexattr+0x431/0x470
[  112.633592][ T6076]  __vfs_removexattr_locked+0xe2/0x280
[  112.633615][ T6076]  vfs_removexattr+0x7f/0x230
[  112.633637][ T6076]  ovl_fill_super+0x4c39/0x5e60
[  112.633656][ T6076]  ? unwind_get_return_address+0x4d/0x90
[  112.633684][ T6076]  ? __pfx_stack_trace_save+0x10/0x10
[  112.633707][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.633727][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.633750][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.633773][ T6076]  ? __lock_acquire+0x6b5/0x2cf0
[  112.633793][ T6076]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.633815][ T6076]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.633835][ T6076]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.633854][ T6076]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  112.633874][ T6076]  ? rt_mutex_slowunlock+0x1cb/0x300
[  112.633892][ T6076]  ? __raw_spin_lock_init+0x45/0x100
[  112.633915][ T6076]  ? sget_fc+0x962/0xa40
[  112.633936][ T6076]  ? __pfx_set_anon_super_fc+0x10/0x10
[  112.633951][ T6076]  ? __pfx_ovl_fill_super+0x10/0x10
[  112.633971][ T6076]  get_tree_nodev+0xbb/0x150
[  112.633987][ T6076]  vfs_get_tree+0x92/0x2a0
[  112.634004][ T6076]  do_new_mount+0x341/0xd30
[  112.634023][ T6076]  ? safesetid_security_capable+0xa9/0x1a0
[  112.634047][ T6076]  ? __pfx_do_new_mount+0x10/0x10
[  112.634066][ T6076]  ? ns_capable+0x89/0xe0
[  112.634084][ T6076]  ? path_mount+0x690/0x10e0
[  112.634102][ T6076]  ? user_path_at+0xd4/0x160
[  112.634125][ T6076]  ? user_path_at+0xd4/0x160
[  112.634146][ T6076]  __se_sys_mount+0x31d/0x420
[  112.634169][ T6076]  ? __pfx___se_sys_mount+0x10/0x10
[  112.634191][ T6076]  ? __x64_sys_mount+0x20/0xc0
[  112.634211][ T6076]  do_syscall_64+0x14d/0xf80
[  112.634231][ T6076]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.634245][ T6076]  ? trace_irq_disable+0x37/0x100
[  112.634265][ T6076]  ? clear_bhb_loop+0x40/0x90
[  112.634281][ T6076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.634295][ T6076] RIP: 0033:0x7f637efcbf79
[  112.634309][ T6076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.634321][ T6076] RSP: 002b:00007ffcd8703048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.634338][ T6076] RAX: ffffffffffffffda RBX: 00007f637f245fa0 RCX: 00007f637efcbf79
[  112.634348][ T6076] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  112.634358][ T6076] RBP: 00007f637f0627e0 R08: 0000200000000a00 R09: 0000000000000000
[  112.634368][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.634378][ T6076] R13: 00007f637f245fac R14: 00007f637f245fa0 R15: 00007f637f245fa0
[  112.634395][ T6076]  </TASK>
[  112.634789][ T6076] Kernel Offset: disabled