Warning: Permanently added '[localhost]:17176' (ED25519) to the list of known hosts. 2025/11/25 23:21:16 parsed 1 programs syzkaller login: [ 84.554899][ T5310] cgroup: Unknown subsys name 'net' [ 84.626991][ T5310] cgroup: Unknown subsys name 'cpuset' [ 84.632333][ T5310] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.275558][ T5310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.939554][ T5325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.417787][ T5331] chnl_net:caif_netlink_parms(): no params data found [ 90.526833][ T5331] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.530585][ T5331] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.536999][ T5331] bridge_slave_0: entered allmulticast mode [ 90.553374][ T5331] bridge_slave_0: entered promiscuous mode [ 90.559368][ T5331] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.562414][ T5331] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.572848][ T5331] bridge_slave_1: entered allmulticast mode [ 90.576531][ T5331] bridge_slave_1: entered promiscuous mode [ 90.626746][ T5331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.643774][ T5331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.685493][ T5331] team0: Port device team_slave_0 added [ 90.689413][ T5331] team0: Port device team_slave_1 added [ 90.730321][ T5331] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.742716][ T5331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.763615][ T5331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.779112][ T5331] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.782062][ T5331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.808105][ T5331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.876153][ T5331] hsr_slave_0: entered promiscuous mode [ 90.893180][ T5331] hsr_slave_1: entered promiscuous mode [ 91.080631][ T5331] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.090750][ T5331] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.097508][ T5331] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.109198][ T5331] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.138894][ T5331] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.141886][ T5331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.145845][ T5331] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.148817][ T5331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.263510][ T5331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.286850][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.292017][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.311886][ T5331] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.335114][ T1042] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.338287][ T1042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.343437][ T1042] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.346575][ T1042] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.741271][ T5331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.814535][ T5331] veth0_vlan: entered promiscuous mode [ 91.821450][ T5331] veth1_vlan: entered promiscuous mode [ 91.874876][ T5331] veth0_macvtap: entered promiscuous mode [ 91.885701][ T5331] veth1_macvtap: entered promiscuous mode [ 91.910251][ T5331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.930327][ T5331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.955301][ T10] cfg80211: failed to load regulatory.db [ 91.966422][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.983448][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.987371][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.991094][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.201810][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.251038][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.508370][ T1042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.511639][ T1042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.546435][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.549793][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.397718][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.174277][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.178694][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.182318][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.187588][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.191011][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.315670][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.946228][ T12] bridge_slave_1: left allmulticast mode [ 94.948780][ T12] bridge_slave_1: left promiscuous mode [ 94.951985][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.036459][ T12] bridge_slave_0: left allmulticast mode [ 95.038719][ T12] bridge_slave_0: left promiscuous mode [ 95.056818][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.064974][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 96.071130][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 96.086118][ T12] bond0 (unregistering): Released all slaves [ 96.210933][ T12] hsr_slave_0: left promiscuous mode [ 96.223319][ T12] hsr_slave_1: left promiscuous mode [ 96.225978][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.228896][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 96.244055][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 96.247039][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 96.267171][ T12] veth1_macvtap: left promiscuous mode [ 96.269490][ T12] veth0_macvtap: left promiscuous mode [ 96.271820][ T12] veth1_vlan: left promiscuous mode [ 96.283475][ T12] veth0_vlan: left promiscuous mode [ 96.576796][ T12] team0 (unregistering): Port device team_slave_1 removed [ 96.596603][ T12] team0 (unregistering): Port device team_slave_0 removed 2025/11/25 23:21:34 executed programs: 0 [ 100.280050][ T4666] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.285104][ T4666] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.288757][ T4666] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.299558][ T4666] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.303216][ T4666] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.489936][ T5455] chnl_net:caif_netlink_parms(): no params data found [ 100.563235][ T5455] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.566199][ T5455] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.571202][ T5455] bridge_slave_0: entered allmulticast mode [ 100.576280][ T5455] bridge_slave_0: entered promiscuous mode [ 100.583973][ T5455] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.587247][ T5455] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.590446][ T5455] bridge_slave_1: entered allmulticast mode [ 100.595482][ T5455] bridge_slave_1: entered promiscuous mode [ 100.622157][ T5455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.629084][ T5455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.652388][ T5455] team0: Port device team_slave_0 added [ 100.657307][ T5455] team0: Port device team_slave_1 added [ 100.679736][ T5455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.684160][ T5455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.694368][ T5455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.700572][ T5455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.704120][ T5455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.715439][ T5455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.750357][ T5455] hsr_slave_0: entered promiscuous mode [ 100.754294][ T5455] hsr_slave_1: entered promiscuous mode [ 101.172278][ T5455] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.184347][ T5455] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.198236][ T5455] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.211656][ T5455] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.260459][ T5455] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.263717][ T5455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.266951][ T5455] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.269951][ T5455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.397009][ T5455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.425439][ T1081] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.429562][ T1081] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.458575][ T5455] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.475705][ T3055] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.478622][ T3055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.487471][ T1081] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.490350][ T1081] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.558764][ T5455] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 101.571277][ T5455] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.837503][ T5455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.911452][ T5455] veth0_vlan: entered promiscuous mode [ 101.930648][ T5455] veth1_vlan: entered promiscuous mode [ 101.988279][ T5455] veth0_macvtap: entered promiscuous mode [ 102.004892][ T5455] veth1_macvtap: entered promiscuous mode [ 102.021151][ T5455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.040775][ T5455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.059651][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.079637][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.084943][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.088590][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.177127][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.180315][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.238293][ T3055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.241563][ T3055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.344668][ T48] Bluetooth: hci0: command tx timeout [ 102.716050][ T5496] loop0: detected capacity change from 0 to 32768 [ 102.742174][ T5496] ======================================================= [ 102.742174][ T5496] WARNING: The mand mount option has been deprecated and [ 102.742174][ T5496] and is ignored by this kernel. Remove the mand [ 102.742174][ T5496] option from the mount to silence this warning. [ 102.742174][ T5496] ======================================================= [ 102.863762][ T5496] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 102.891478][ T5496] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 102.914240][ T5496] [ 102.915146][ T5496] ====================================================== [ 102.918073][ T5496] WARNING: possible circular locking dependency detected [ 102.921033][ T5496] syzkaller #0 Not tainted [ 102.922853][ T5496] ------------------------------------------------------ [ 102.925831][ T5496] syz.0.17/5496 is trying to acquire lock: [ 102.928181][ T5496] ffff888036676d80 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.934523][ T5496] [ 102.934523][ T5496] but task is already holding lock: [ 102.937434][ T5496] ffff8880412cbff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0 [ 102.941151][ T5496] [ 102.941151][ T5496] which lock already depends on the new lock. [ 102.941151][ T5496] [ 102.945360][ T5496] [ 102.945360][ T5496] the existing dependency chain (in reverse order) is: [ 102.949307][ T5496] [ 102.949307][ T5496] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}: [ 102.952705][ T5496] lock_acquire+0x120/0x360 [ 102.954893][ T5496] down_read+0x46/0x2e0 [ 102.957038][ T5496] ocfs2_init_acl+0x2f9/0x720 [ 102.959332][ T5496] ocfs2_mknod+0x1321/0x2050 [ 102.961623][ T5496] ocfs2_create+0x1a5/0x440 [ 102.963850][ T5496] path_openat+0x14f4/0x3830 [ 102.966171][ T5496] do_filp_open+0x1fa/0x410 [ 102.968374][ T5496] do_sys_openat2+0x121/0x1c0 [ 102.970631][ T5496] __x64_sys_openat+0x138/0x170 [ 102.972951][ T5496] do_syscall_64+0xfa/0xfa0 [ 102.974961][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.977792][ T5496] [ 102.977792][ T5496] -> #4 (jbd2_handle){.+.+}-{0:0}: [ 102.980934][ T5496] lock_acquire+0x120/0x360 [ 102.982974][ T5496] start_this_handle+0x1fa7/0x21c0 [ 102.985237][ T5496] jbd2__journal_start+0x2c1/0x5b0 [ 102.987542][ T5496] jbd2_journal_start+0x2a/0x40 [ 102.989749][ T5496] ocfs2_start_trans+0x376/0x6d0 [ 102.991932][ T5496] ocfs2_mknod+0xe93/0x2050 [ 102.993970][ T5496] ocfs2_create+0x1a5/0x440 [ 102.996053][ T5496] path_openat+0x14f4/0x3830 [ 102.998359][ T5496] do_filp_open+0x1fa/0x410 [ 103.000618][ T5496] do_sys_openat2+0x121/0x1c0 [ 103.002881][ T5496] __x64_sys_openat+0x138/0x170 [ 103.005176][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.007358][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.010119][ T5496] [ 103.010119][ T5496] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 103.013653][ T5496] lock_acquire+0x120/0x360 [ 103.015873][ T5496] down_read+0x46/0x2e0 [ 103.017885][ T5496] ocfs2_start_trans+0x36a/0x6d0 [ 103.020096][ T5496] ocfs2_mknod+0xe93/0x2050 [ 103.022072][ T5496] ocfs2_create+0x1a5/0x440 [ 103.023953][ T5496] path_openat+0x14f4/0x3830 [ 103.026203][ T5496] do_filp_open+0x1fa/0x410 [ 103.028472][ T5496] do_sys_openat2+0x121/0x1c0 [ 103.030539][ T5496] __x64_sys_openat+0x138/0x170 [ 103.032681][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.034873][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.037668][ T5496] [ 103.037668][ T5496] -> #2 (sb_internal#2){.+.+}-{0:0}: [ 103.040791][ T5496] lock_acquire+0x120/0x360 [ 103.043390][ T5496] ocfs2_start_trans+0x26b/0x6d0 [ 103.045905][ T5496] ocfs2_mknod+0xe93/0x2050 [ 103.048032][ T5496] ocfs2_create+0x1a5/0x440 [ 103.050202][ T5496] path_openat+0x14f4/0x3830 [ 103.052365][ T5496] do_filp_open+0x1fa/0x410 [ 103.054559][ T5496] do_sys_openat2+0x121/0x1c0 [ 103.056975][ T5496] __x64_sys_openat+0x138/0x170 [ 103.059303][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.061484][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.064316][ T5496] [ 103.064316][ T5496] -> #1 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 103.068931][ T5496] lock_acquire+0x120/0x360 [ 103.071205][ T5496] down_write+0x96/0x1f0 [ 103.073275][ T5496] ocfs2_reserve_local_alloc_bits+0x125/0x24e0 [ 103.076153][ T5496] ocfs2_reserve_clusters_with_limit+0x1be/0xba0 [ 103.079168][ T5496] ocfs2_mknod+0xe32/0x2050 [ 103.081341][ T5496] ocfs2_create+0x1a5/0x440 [ 103.083521][ T5496] path_openat+0x14f4/0x3830 [ 103.085838][ T5496] do_filp_open+0x1fa/0x410 [ 103.088062][ T5496] do_sys_openat2+0x121/0x1c0 [ 103.090343][ T5496] __x64_sys_openat+0x138/0x170 [ 103.092719][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.094944][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.097765][ T5496] [ 103.097765][ T5496] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 103.102483][ T5496] validate_chain+0xb9b/0x2140 [ 103.104861][ T5496] __lock_acquire+0xab9/0xd20 [ 103.107173][ T5496] lock_acquire+0x120/0x360 [ 103.109536][ T5496] down_write+0x96/0x1f0 [ 103.111644][ T5496] ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 103.114519][ T5496] ocfs2_reserve_new_metadata_blocks+0x403/0x940 [ 103.117519][ T5496] ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 103.120193][ T5496] ocfs2_xattr_set+0xb70/0x11f0 [ 103.122578][ T5496] __vfs_setxattr+0x43c/0x480 [ 103.124902][ T5496] __vfs_setxattr_noperm+0x12d/0x660 [ 103.127419][ T5496] vfs_setxattr+0x16b/0x2f0 [ 103.129710][ T5496] file_setxattr+0x1da/0x2b0 [ 103.132008][ T5496] path_setxattrat+0x327/0x3a0 [ 103.134404][ T5496] __x64_sys_fsetxattr+0xbc/0xe0 [ 103.136854][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.139164][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.142077][ T5496] [ 103.142077][ T5496] other info that might help us debug this: [ 103.142077][ T5496] [ 103.146475][ T5496] Chain exists of: [ 103.146475][ T5496] &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem [ 103.146475][ T5496] [ 103.153315][ T5496] Possible unsafe locking scenario: [ 103.153315][ T5496] [ 103.156664][ T5496] CPU0 CPU1 [ 103.159019][ T5496] ---- ---- [ 103.161427][ T5496] lock(&oi->ip_xattr_sem); [ 103.163374][ T5496] lock(jbd2_handle); [ 103.166291][ T5496] lock(&oi->ip_xattr_sem); [ 103.169364][ T5496] lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]); [ 103.172703][ T5496] [ 103.172703][ T5496] *** DEADLOCK *** [ 103.172703][ T5496] [ 103.176281][ T5496] 3 locks held by syz.0.17/5496: [ 103.178490][ T5496] #0: ffff888035b7a420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write_file+0x60/0x200 [ 103.182779][ T5496] #1: ffff8880412cc2c0 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 103.187308][ T5496] #2: ffff8880412cbff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0 [ 103.191568][ T5496] [ 103.191568][ T5496] stack backtrace: [ 103.194267][ T5496] CPU: 0 UID: 0 PID: 5496 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 103.194282][ T5496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.194289][ T5496] Call Trace: [ 103.194296][ T5496] [ 103.194302][ T5496] dump_stack_lvl+0x189/0x250 [ 103.194322][ T5496] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.194336][ T5496] ? __pfx__printk+0x10/0x10 [ 103.194348][ T5496] ? print_lock_name+0xde/0x100 [ 103.194360][ T5496] print_circular_bug+0x2ee/0x310 [ 103.194375][ T5496] check_noncircular+0x134/0x160 [ 103.194390][ T5496] validate_chain+0xb9b/0x2140 [ 103.194404][ T5496] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 103.194423][ T5496] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 103.194440][ T5496] __lock_acquire+0xab9/0xd20 [ 103.194452][ T5496] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 103.194463][ T5496] lock_acquire+0x120/0x360 [ 103.194473][ T5496] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 103.194486][ T5496] down_write+0x96/0x1f0 [ 103.194496][ T5496] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 103.194506][ T5496] ? __pfx_down_write+0x10/0x10 [ 103.194518][ T5496] ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 103.194530][ T5496] ? do_raw_spin_lock+0x121/0x290 [ 103.194546][ T5496] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 103.194559][ T5496] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.194575][ T5496] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 103.194591][ T5496] ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10 [ 103.194602][ T5496] ? stack_depot_save_flags+0x41b/0x860 [ 103.194619][ T5496] ? kasan_save_track+0x4f/0x80 [ 103.194639][ T5496] ? kasan_save_track+0x3e/0x80 [ 103.194651][ T5496] ? __kasan_kmalloc+0x93/0xb0 [ 103.194663][ T5496] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 103.194677][ T5496] ? ocfs2_reserve_new_metadata_blocks+0x113/0x940 [ 103.194694][ T5496] ? ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 103.194707][ T5496] ? ocfs2_xattr_set+0xb70/0x11f0 [ 103.194718][ T5496] ? __vfs_setxattr+0x43c/0x480 [ 103.194732][ T5496] ? __vfs_setxattr_noperm+0x12d/0x660 [ 103.194745][ T5496] ? vfs_setxattr+0x16b/0x2f0 [ 103.194758][ T5496] ? file_setxattr+0x1da/0x2b0 [ 103.194772][ T5496] ? path_setxattrat+0x327/0x3a0 [ 103.194782][ T5496] ? __x64_sys_fsetxattr+0xbc/0xe0 [ 103.194796][ T5496] ? do_syscall_64+0xfa/0xfa0 [ 103.194811][ T5496] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.194832][ T5496] ? __kasan_kmalloc+0x93/0xb0 [ 103.194846][ T5496] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 103.194860][ T5496] ? do_raw_spin_unlock+0x4d/0x240 [ 103.194875][ T5496] ocfs2_reserve_new_metadata_blocks+0x403/0x940 [ 103.194894][ T5496] ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10 [ 103.194911][ T5496] ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10 [ 103.194926][ T5496] ? __lock_acquire+0xab9/0xd20 [ 103.194938][ T5496] ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 103.194953][ T5496] ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10 [ 103.194966][ T5496] ? ocfs2_xattr_set+0xb36/0x11f0 [ 103.194978][ T5496] ? up_write+0x1c4/0x420 [ 103.194992][ T5496] ocfs2_xattr_set+0xb70/0x11f0 [ 103.195009][ T5496] ? __pfx_ocfs2_xattr_set+0x10/0x10 [ 103.195021][ T5496] ? check_path+0x21/0x40 [ 103.195035][ T5496] ? lockdep_unlock+0x89/0x120 [ 103.195056][ T5496] ? evm_protected_xattr_common+0x170/0x190 [ 103.195074][ T5496] ? evm_protect_xattr+0x71d/0xa90 [ 103.195086][ T5496] ? __pfx_evm_protect_xattr+0x10/0x10 [ 103.195096][ T5496] ? __pfx_ocfs2_xattr_security_set+0x10/0x10 [ 103.195109][ T5496] __vfs_setxattr+0x43c/0x480 [ 103.195125][ T5496] __vfs_setxattr_noperm+0x12d/0x660 [ 103.195142][ T5496] vfs_setxattr+0x16b/0x2f0 [ 103.195157][ T5496] ? __pfx_vfs_setxattr+0x10/0x10 [ 103.195171][ T5496] ? sb_start_write+0x114/0x1c0 [ 103.195182][ T5496] ? mnt_want_write_file+0x164/0x200 [ 103.195194][ T5496] file_setxattr+0x1da/0x2b0 [ 103.195209][ T5496] path_setxattrat+0x327/0x3a0 [ 103.195229][ T5496] ? __pfx_path_setxattrat+0x10/0x10 [ 103.195240][ T5496] ? do_futex+0x395/0x420 [ 103.195263][ T5496] ? __pfx___se_sys_futex+0x10/0x10 [ 103.195280][ T5496] __x64_sys_fsetxattr+0xbc/0xe0 [ 103.195296][ T5496] do_syscall_64+0xfa/0xfa0 [ 103.195309][ T5496] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.195323][ T5496] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.195334][ T5496] ? clear_bhb_loop+0x60/0xb0 [ 103.195346][ T5496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.195355][ T5496] RIP: 0033:0x7f220ad8f749 [ 103.195390][ T5496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.195400][ T5496] RSP: 002b:00007fffb39884f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 103.195413][ T5496] RAX: ffffffffffffffda RBX: 00007f220afe5fa0 RCX: 00007f220ad8f749 [ 103.195421][ T5496] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 103.195428][ T5496] RBP: 00007f220ae13f91 R08: 0000000000000000 R09: 0000000000000000 [ 103.195435][ T5496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.195441][ T5496] R13: 00007f220afe5fa0 R14: 00007f220afe5fa0 R15: 0000000000000005 [ 103.195454][ T5496] [ 103.548327][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 103.955592][ T5516] loop0: detected capacity change from 0 to 32768 [ 103.970453][ T5516] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 103.982336][ T5516] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 104.006736][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 104.192652][ T5524] loop0: detected capacity change from 0 to 32768 [ 104.203487][ T5524] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 104.214736][ T5524] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 104.240193][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 104.406203][ T5527] loop0: detected capacity change from 0 to 32768 [ 104.422246][ T5527] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 104.425817][ T48] Bluetooth: hci0: command tx timeout [ 104.436676][ T5527] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 104.465066][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 104.639486][ T5530] loop0: detected capacity change from 0 to 32768 [ 104.651638][ T5530] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 104.665365][ T5530] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 104.689206][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 104.857222][ T5533] loop0: detected capacity change from 0 to 32768 [ 104.870466][ T5533] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 104.880490][ T5533] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 104.906747][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 105.067206][ T5536] loop0: detected capacity change from 0 to 32768 [ 105.076888][ T5536] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 105.087753][ T5536] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.110265][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 105.266671][ T5539] loop0: detected capacity change from 0 to 32768 [ 105.279312][ T5539] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 105.299020][ T5539] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.323170][ T5455] ocfs2: Unmounting device (7,0) on (node local) 2025/11/25 23:21:40 executed programs: 10 [ 105.483012][ T5542] loop0: detected capacity change from 0 to 32768 [ 105.494369][ T5542] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 105.505654][ T5542] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.530857][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 105.707309][ T5545] loop0: detected capacity change from 0 to 32768 [ 105.718726][ T5545] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 105.728749][ T5545] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.749225][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 105.925542][ T5548] loop0: detected capacity change from 0 to 32768 [ 105.938686][ T5548] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 105.950878][ T5548] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 105.975061][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 106.132289][ T5551] loop0: detected capacity change from 0 to 32768 [ 106.143869][ T5551] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 106.155521][ T5551] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.178994][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 106.341945][ T5554] loop0: detected capacity change from 0 to 32768 [ 106.354147][ T5554] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 106.383377][ T5554] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.398468][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 106.503177][ T48] Bluetooth: hci0: command tx timeout [ 106.566692][ T5557] loop0: detected capacity change from 0 to 32768 [ 106.580027][ T5557] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 106.600395][ T5557] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.617391][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 106.796953][ T5560] loop0: detected capacity change from 0 to 32768 [ 106.809449][ T5560] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 106.820729][ T5560] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.846326][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 107.011885][ T5563] loop0: detected capacity change from 0 to 32768 [ 107.025325][ T5563] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 107.035708][ T5563] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.060374][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 107.231219][ T5566] loop0: detected capacity change from 0 to 32768 [ 107.243736][ T5566] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 107.254884][ T5566] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.280158][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 107.433832][ T5569] loop0: detected capacity change from 0 to 32768 [ 107.445232][ T5569] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 107.474034][ T5569] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.488750][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 107.651544][ T5572] loop0: detected capacity change from 0 to 32768 [ 107.660946][ T5572] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 107.671683][ T5572] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.697617][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 107.855993][ T5575] loop0: detected capacity change from 0 to 32768 [ 107.867631][ T5575] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 107.878553][ T5575] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.898964][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 108.066508][ T5578] loop0: detected capacity change from 0 to 32768 [ 108.080552][ T5578] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.094042][ T5578] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.117377][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 108.287338][ T5581] loop0: detected capacity change from 0 to 32768 [ 108.298588][ T5581] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.308987][ T5581] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.333085][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 108.495704][ T5584] loop0: detected capacity change from 0 to 32768 [ 108.504900][ T5584] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.516227][ T5584] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.539182][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 108.582834][ T48] Bluetooth: hci0: command tx timeout [ 108.713395][ T5587] loop0: detected capacity change from 0 to 32768 [ 108.725070][ T5587] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.735915][ T5587] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.759037][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 108.932846][ T5590] loop0: detected capacity change from 0 to 32768 [ 108.942782][ T5590] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.953691][ T5590] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.978570][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 109.138569][ T5593] loop0: detected capacity change from 0 to 32768 [ 109.150969][ T5593] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 109.161733][ T5593] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.186713][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 109.350484][ T5596] loop0: detected capacity change from 0 to 32768 [ 109.361021][ T5596] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 109.372855][ T5596] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.397537][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 109.549790][ T5599] loop0: detected capacity change from 0 to 32768 [ 109.558945][ T5599] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 109.568375][ T5599] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.590994][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 109.758492][ T5602] loop0: detected capacity change from 0 to 32768 [ 109.771550][ T5602] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 109.794560][ T5602] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.814756][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 109.981718][ T5605] loop0: detected capacity change from 0 to 32768 [ 109.992836][ T5605] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 110.002000][ T5605] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 110.029200][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 110.197446][ T5608] loop0: detected capacity change from 0 to 32768 [ 110.207543][ T5608] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 110.218294][ T5608] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 110.239251][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 110.405038][ T5611] loop0: detected capacity change from 0 to 32768 [ 110.418024][ T5611] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 110.428676][ T5611] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 110.456877][ T5455] ocfs2: Unmounting device (7,0) on (node local) 2025/11/25 23:21:45 executed programs: 34 [ 110.639578][ T5614] loop0: detected capacity change from 0 to 32768 [ 110.650911][ T5614] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 110.662462][ T5614] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 110.697096][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 110.865004][ T5617] loop0: detected capacity change from 0 to 32768 [ 110.879818][ T5617] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 110.891545][ T5617] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 110.914105][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 111.078532][ T5620] loop0: detected capacity change from 0 to 32768 [ 111.089500][ T5620] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.101769][ T5620] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.126817][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 111.298628][ T5623] loop0: detected capacity change from 0 to 32768 [ 111.311068][ T5623] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.323516][ T5623] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.349321][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 111.512314][ T5626] loop0: detected capacity change from 0 to 32768 [ 111.522288][ T5626] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.534038][ T5626] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.559872][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 111.730359][ T5629] loop0: detected capacity change from 0 to 32768 [ 111.745400][ T5629] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.762923][ T5629] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.776987][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 111.947858][ T5632] loop0: detected capacity change from 0 to 32768 [ 111.962202][ T5632] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.972920][ T5632] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.996659][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 112.165178][ T5635] loop0: detected capacity change from 0 to 32768 [ 112.179122][ T5635] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 112.189027][ T5635] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 112.212304][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 112.391231][ T5638] loop0: detected capacity change from 0 to 32768 [ 112.405069][ T5638] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 112.415765][ T5638] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 112.438555][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 112.605170][ T5641] loop0: detected capacity change from 0 to 32768 [ 112.615454][ T5641] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 112.626729][ T5641] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 112.649596][ T5455] ocfs2: Unmounting device (7,0) on (node local) [ 112.821459][ T5644] loop0: detected capacity change from 0 to 32768 [ 112.849741][ T5644] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 112.861622][ T5644] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 112.879426][ T5455] ocfs2: Unmounting device (7,0) on (node local)