Warning: Permanently added '10.128.0.117' (ED25519) to the list of known hosts.
2026/02/01 14:17:47 parsed 1 programs
[ 81.667979][ T1238] cfg80211: failed to load regulatory.db
[ 82.029193][ T5803] cgroup: Unknown subsys name 'net'
[ 82.258916][ T5803] cgroup: Unknown subsys name 'cpuset'
[ 82.314961][ T5803] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 83.933314][ T5803] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.197390][ T5865] chnl_net:caif_netlink_parms(): no params data found
[ 90.480881][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.481892][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[ 90.481998][ T5865] bridge_slave_0: entered allmulticast mode
[ 90.483396][ T5865] bridge_slave_0: entered promiscuous mode
[ 90.488842][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.489021][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[ 90.489166][ T5865] bridge_slave_1: entered allmulticast mode
[ 90.491449][ T5865] bridge_slave_1: entered promiscuous mode
[ 90.538920][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 90.541295][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 90.574069][ T5865] team0: Port device team_slave_0 added
[ 90.588302][ T5865] team0: Port device team_slave_1 added
[ 90.615425][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 90.615436][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 90.615449][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.617931][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.617944][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 90.617965][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.677640][ T5865] hsr_slave_0: entered promiscuous mode
[ 90.679097][ T5865] hsr_slave_1: entered promiscuous mode
[ 90.904162][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.943714][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.979284][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 91.114955][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.658004][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.682715][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.700483][ T1378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.701380][ T1378] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.731997][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.732179][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.928560][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.980094][ T5865] veth0_vlan: entered promiscuous mode
[ 91.991327][ T5865] veth1_vlan: entered promiscuous mode
[ 92.027462][ T5865] veth0_macvtap: entered promiscuous mode
[ 92.031348][ T5865] veth1_macvtap: entered promiscuous mode
[ 92.057352][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.073327][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.093044][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.103696][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.114114][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.117419][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.471361][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 92.473219][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 92.474142][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 92.486853][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 92.487635][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 92.899138][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.150531][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.372199][ T1378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.384603][ T1378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.438349][ T1378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.438370][ T1378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.116182][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/01 14:18:02 executed programs: 0
[ 94.962399][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.964465][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.965736][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.971567][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.972469][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.181094][ T5913] chnl_net:caif_netlink_parms(): no params data found
[ 95.349083][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.471305][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.471491][ T5913] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.471969][ T5913] bridge_slave_0: entered allmulticast mode
[ 95.473985][ T5913] bridge_slave_0: entered promiscuous mode
[ 95.480162][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.480348][ T5913] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.480773][ T5913] bridge_slave_1: entered allmulticast mode
[ 95.483229][ T5913] bridge_slave_1: entered promiscuous mode
[ 95.531636][ T5913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.537354][ T5913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.572921][ T5913] team0: Port device team_slave_0 added
[ 95.575979][ T5913] team0: Port device team_slave_1 added
[ 95.605185][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.605200][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.605225][ T5913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.606728][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.606739][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.606756][ T5913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.669153][ T5913] hsr_slave_0: entered promiscuous mode
[ 95.670853][ T5913] hsr_slave_1: entered promiscuous mode
[ 95.672031][ T5913] debugfs: 'hsr0' already exists in 'hsr'
[ 95.672129][ T5913] Cannot create hsr debugfs directory
[ 96.008014][ T12] bridge_slave_1: left allmulticast mode
[ 96.008093][ T12] bridge_slave_1: left promiscuous mode
[ 96.009459][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.116096][ T12] bridge_slave_0: left allmulticast mode
[ 96.116125][ T12] bridge_slave_0: left promiscuous mode
[ 96.116355][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.016614][ T5118] Bluetooth: hci0: command tx timeout
[ 97.575233][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 97.634966][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 97.676446][ T12] bond0 (unregistering): Released all slaves
[ 98.254520][ T12] hsr_slave_0: left promiscuous mode
[ 98.294463][ T12] hsr_slave_1: left promiscuous mode
[ 98.295361][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.295429][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.335841][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.335868][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.402254][ T12] veth1_macvtap: left promiscuous mode
[ 98.402393][ T12] veth0_macvtap: left promiscuous mode
[ 98.402543][ T12] veth1_vlan: left promiscuous mode
[ 98.402707][ T12] veth0_vlan: left promiscuous mode
[ 99.084437][ T5118] Bluetooth: hci0: command tx timeout
[ 100.634957][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 100.794965][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 101.164429][ T5118] Bluetooth: hci0: command tx timeout
[ 103.126393][ T5913] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.150713][ T5913] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.198967][ T5913] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.249789][ T5118] Bluetooth: hci0: command tx timeout
[ 103.258236][ T5913] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.430767][ T5913] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.452744][ T5913] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.468316][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.468453][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.478312][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.478505][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.925992][ T5913] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.979695][ T5913] veth0_vlan: entered promiscuous mode
[ 103.994027][ T5913] veth1_vlan: entered promiscuous mode
[ 104.039226][ T5913] veth0_macvtap: entered promiscuous mode
[ 104.042659][ T5913] veth1_macvtap: entered promiscuous mode
[ 104.068736][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.091288][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.110905][ T1378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.111145][ T1378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.111617][ T1378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.111655][ T1378] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.332501][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.332521][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.390393][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.390413][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/02/01 14:18:12 executed programs: 2
[ 104.748082][ T5961] loop0: detected capacity change from 0 to 32768
[ 104.770614][ T5961] =======================================================
[ 104.770614][ T5961] WARNING: The mand mount option has been deprecated and
[ 104.770614][ T5961] and is ignored by this kernel. Remove the mand
[ 104.770614][ T5961] option from the mount to silence this warning.
[ 104.770614][ T5961] =======================================================
[ 104.923067][ T5961] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 104.979581][ T5961] overlayfs: upper fs does not support tmpfile.
[ 104.996735][ T5961] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 104.997817][ T5961]
[ 104.997825][ T5961] =========================================[ 104.997825][ T5961] ======================================================
[ 104.997832][ T5961] WARNING: possible circular locking dependency detected
[ 104.997851][ T5961] syzkaller #0 Not tainted
[ 104.997862][ T5961] ------------------------------------------------------
[ 104.997868][ T5961] syz.0.17/5961 is trying to acquire lock:
[ 104.997879][ T5961] ffff88805a692d00 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.997937][ T5961]
[ 104.997937][ T5961] but task is already holding lock:
[ 104.997943][ T5961] ffff88805a696cd8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x475/0x13e0
[ 104.997987][ T5961]
[ 104.997987][ T5961] which lock already depends on the new lock.
[ 104.997987][ T5961]
[ 104.997994][ T5961]
[ 104.997994][ T5961] the existing dependency chain (in reverse order) is:
[ 104.998000][ T5961]
[ 104.998000][ T5961] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}:
[ 104.998024][ T5961] down_write+0x3a/0x50
[ 104.998047][ T5961] ocfs2_xattr_set_handle+0x3e6/0x810
[ 104.998067][ T5961] ocfs2_init_security_set+0xbd/0xe0
[ 104.998088][ T5961] ocfs2_mknod+0x1481/0x2210
[ 104.998106][ T5961] ocfs2_mkdir+0x181/0x430
[ 104.998123][ T5961] vfs_mkdir+0x75d/0x870
[ 104.998142][ T5961] do_mkdirat+0x281/0x4c0
[ 104.998162][ T5961] __x64_sys_mkdirat+0x87/0xa0
[ 104.998182][ T5961] do_syscall_64+0xe2/0xf80
[ 104.998204][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.998222][ T5961]
[ 104.998222][ T5961] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[ 104.998246][ T5961] down_read+0x97/0x200
[ 104.998265][ T5961] ocfs2_start_trans+0x3ac/0x700
[ 104.998286][ T5961] ocfs2_reserve_suballoc_bits+0x7bb/0x4790
[ 104.998307][ T5961] ocfs2_reserve_new_metadata_blocks+0x415/0x9a0
[ 104.998328][ T5961] ocfs2_mknod+0xea3/0x2210
[ 104.998346][ T5961] ocfs2_mkdir+0x181/0x430
[ 104.998362][ T5961] vfs_mkdir+0x75d/0x870
[ 104.998381][ T5961] do_mkdirat+0x281/0x4c0
[ 104.998400][ T5961] __x64_sys_mkdirat+0x87/0xa0
[ 104.998420][ T5961] do_syscall_64+0xe2/0xf80
[ 104.998441][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.998458][ T5961]
[ 104.998458][ T5961] -> #1 (sb_internal#2){.+.+}-{0:0}:
[ 104.998487][ T5961] ocfs2_start_trans+0x2ac/0x700
[ 104.998508][ T5961] ocfs2_mknod+0xf31/0x2210
[ 104.998523][ T5961] ocfs2_mkdir+0x181/0x430
[ 104.998539][ T5961] vfs_mkdir+0x75d/0x870
[ 104.998556][ T5961] do_mkdirat+0x281/0x4c0
[ 104.998573][ T5961] __x64_sys_mkdirat+0x87/0xa0
[ 104.998593][ T5961] do_syscall_64+0xe2/0xf80
[ 104.998615][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.998631][ T5961]
[ 104.998631][ T5961] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[ 104.998657][ T5961] __lock_acquire+0x15a5/0x2cf0
[ 104.998674][ T5961] lock_acquire+0x106/0x330
[ 104.998699][ T5961] down_write+0x3a/0x50
[ 104.998722][ T5961] ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.998740][ T5961] ocfs2_reserve_clusters_with_limit+0x1b9/0xc20
[ 104.998763][ T5961] ocfs2_init_xattr_set_ctxt+0x375/0x710
[ 104.998787][ T5961] ocfs2_xattr_set+0xc42/0x13e0
[ 104.998809][ T5961] __vfs_setxattr+0x43c/0x480
[ 104.998831][ T5961] __vfs_setxattr_noperm+0x12d/0x660
[ 104.998854][ T5961] vfs_setxattr+0x16a/0x2f0
[ 104.998877][ T5961] ovl_fill_super+0x4b50/0x5e60
[ 104.998902][ T5961] get_tree_nodev+0xbb/0x150
[ 104.998922][ T5961] vfs_get_tree+0x92/0x2a0
[ 104.998941][ T5961] do_new_mount+0x329/0xa50
[ 104.998963][ T5961] __se_sys_mount+0x31d/0x420
[ 104.998987][ T5961] do_syscall_64+0xe2/0xf80
[ 104.999008][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.999025][ T5961]
[ 104.999025][ T5961] other info that might help us debug this:
[ 104.999025][ T5961]
[ 104.999031][ T5961] Chain exists of:
[ 104.999031][ T5961] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem
[ 104.999031][ T5961]
[ 104.999063][ T5961] Possible unsafe locking scenario:
[ 104.999063][ T5961]
[ 104.999069][ T5961] CPU0 CPU1
[ 104.999075][ T5961] ---- ----
[ 104.999080][ T5961] lock(&oi->ip_xattr_sem);
[ 104.999092][ T5961] lock(&journal->j_trans_barrier);
[ 104.999105][ T5961] lock(&oi->ip_xattr_sem);
[ 104.999118][ T5961] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]);
[ 104.999130][ T5961]
[ 104.999130][ T5961] *** DEADLOCK ***
[ 104.999130][ T5961]
[ 104.999135][ T5961] 4 locks held by syz.0.17/5961:
[ 104.999146][ T5961] #0: ffff88803bd900d0 (&type->s_umount_key#55/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0
[ 104.999199][ T5961] #1: ffff888032c1e480 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 104.999247][ T5961] #2: ffff88805a697000 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: vfs_setxattr+0x143/0x2f0
[ 104.999300][ T5961] #3: ffff88805a696cd8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x475/0x13e0
[ 104.999350][ T5961]
[ 104.999350][ T5961] stack backtrace:
[ 104.999369][ T5961] CPU: 1 UID: 0 PID: 5961 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 104.999390][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 104.999407][ T5961] Call Trace:
[ 104.999414][ T5961]
[ 104.999425][ T5961] dump_stack_lvl+0xe8/0x150
[ 104.999450][ T5961] print_circular_bug+0x2e1/0x300
[ 104.999476][ T5961] check_noncircular+0x12e/0x150
[ 104.999502][ T5961] __lock_acquire+0x15a5/0x2cf0
[ 104.999524][ T5961] ? ocfs2_get_system_file_inode+0x202/0x7e0
[ 104.999546][ T5961] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[ 104.999568][ T5961] ? ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.999587][ T5961] lock_acquire+0x106/0x330
[ 104.999606][ T5961] ? ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.999631][ T5961] down_write+0x3a/0x50
[ 104.999655][ T5961] ? ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.999673][ T5961] ocfs2_reserve_local_alloc_bits+0x11f/0x2610
[ 104.999700][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 104.999721][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 104.999740][ T5961] ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10
[ 104.999762][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 104.999793][ T5961] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 104.999815][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 104.999837][ T5961] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 104.999860][ T5961] ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 104.999878][ T5961] ? reacquire_held_locks+0x104/0x190
[ 104.999901][ T5961] ? rt_spin_lock+0x1e0/0x400
[ 104.999920][ T5961] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 104.999939][ T5961] ? rt_spin_unlock+0x14f/0x200
[ 104.999959][ T5961] ? rt_spin_unlock+0x160/0x200
[ 104.999978][ T5961] ? ocfs2_alloc_should_use_local+0x13e/0x2e0
[ 104.999996][ T5961] ? ocfs2_reserve_clusters_with_limit+0x160/0xc20
[ 105.000021][ T5961] ocfs2_reserve_clusters_with_limit+0x1b9/0xc20
[ 105.000048][ T5961] ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10
[ 105.000075][ T5961] ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[ 105.000094][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.000123][ T5961] ocfs2_init_xattr_set_ctxt+0x375/0x710
[ 105.000148][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.000173][ T5961] ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[ 105.000200][ T5961] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 105.000227][ T5961] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 105.000250][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.000273][ T5961] ocfs2_xattr_set+0xc42/0x13e0
[ 105.000304][ T5961] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 105.000328][ T5961] ? desc_update_last_finalized+0x193/0x1f0
[ 105.000356][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.000382][ T5961] ? smk_tskacc+0x311/0x3a0
[ 105.000406][ T5961] ? posix_xattr_acl+0x93/0xc0
[ 105.000424][ T5961] ? evm_protect_xattr+0x4d4/0xac0
[ 105.000441][ T5961] ? __pfx_evm_protect_xattr+0x10/0x10
[ 105.000456][ T5961] ? safesetid_security_capable+0xa9/0x1a0
[ 105.000480][ T5961] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 105.000506][ T5961] __vfs_setxattr+0x43c/0x480
[ 105.000536][ T5961] __vfs_setxattr_noperm+0x12d/0x660
[ 105.000565][ T5961] vfs_setxattr+0x16a/0x2f0
[ 105.000592][ T5961] ? __pfx_vfs_setxattr+0x10/0x10
[ 105.000617][ T5961] ? __dentry_kill+0x4b2/0x5e0
[ 105.000640][ T5961] ? finish_dput+0xad/0x480
[ 105.000667][ T5961] ? finish_dput+0x3da/0x480
[ 105.000699][ T5961] ovl_fill_super+0x4b50/0x5e60
[ 105.000724][ T5961] ? unwind_get_return_address+0x4d/0x90
[ 105.000753][ T5961] ? __pfx_stack_trace_save+0x10/0x10
[ 105.000775][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.000801][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.000824][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.000845][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.000865][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.000896][ T5961] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 105.000919][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.000941][ T5961] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 105.000965][ T5961] ? rt_mutex_slowunlock+0x1cb/0x300
[ 105.000985][ T5961] ? __raw_spin_lock_init+0x45/0x100
[ 105.001029][ T5961] ? sget_fc+0x962/0xa40
[ 105.001048][ T5961] ? __pfx_set_anon_super_fc+0x10/0x10
[ 105.001069][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.001095][ T5961] get_tree_nodev+0xbb/0x150
[ 105.001117][ T5961] vfs_get_tree+0x92/0x2a0
[ 105.001140][ T5961] do_new_mount+0x329/0xa50
[ 105.001164][ T5961] ? safesetid_security_capable+0xa9/0x1a0
[ 105.001190][ T5961] ? __pfx_do_new_mount+0x10/0x10
[ 105.001215][ T5961] ? ns_capable+0x89/0xe0
[ 105.001233][ T5961] ? path_mount+0x690/0x10e0
[ 105.001257][ T5961] ? kmem_cache_free+0x18d/0x8c0
[ 105.001286][ T5961] __se_sys_mount+0x31d/0x420
[ 105.001313][ T5961] ? __pfx___se_sys_mount+0x10/0x10
[ 105.001340][ T5961] ? __x64_sys_mount+0x20/0xc0
[ 105.001367][ T5961] do_syscall_64+0xe2/0xf80
[ 105.001390][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.001408][ T5961] ? trace_irq_disable+0x37/0x100
[ 105.001431][ T5961] ? clear_bhb_loop+0x60/0xb0
[ 105.001450][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.001468][ T5961] RIP: 0033:0x7ffa37feaeb9
[ 105.001491][ T5961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 105.001507][ T5961] RSP: 002b:00007fff84e7d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 105.001526][ T5961] RAX: ffffffffffffffda RBX: 00007ffa38265fa0 RCX: 00007ffa37feaeb9
[ 105.001539][ T5961] RDX: 0000200000000b80 RSI: 0000200000000080 RDI: 0000000000000000
[ 105.001552][ T5961] RBP: 00007ffa38058c1f R08: 0000200000000240 R09: 0000000000000000
[ 105.001563][ T5961] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 105.001574][ T5961] R13: 00007ffa38265fac R14: 00007ffa38265fa0 R15: 00007ffa38265fa0
[ 105.001592][ T5961]
[ 105.002501][ T5961] ------------[ cut here ]------------
[ 105.002509][ T5961] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3
[ 105.002524][ T5961] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]')
[ 105.002542][ T5961] CPU: 1 UID: 0 PID: 5961 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 105.002563][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 105.002574][ T5961] Call Trace:
[ 105.002580][ T5961]
[ 105.002588][ T5961] dump_stack_lvl+0xe8/0x150
[ 105.002614][ T5961] ubsan_epilogue+0xa/0x30
[ 105.002631][ T5961] __ubsan_handle_out_of_bounds+0xe8/0xf0
[ 105.002657][ T5961] ocfs2_xa_remove_entry+0x49e/0x670
[ 105.002687][ T5961] ocfs2_xa_set+0xdb2/0x2ec0
[ 105.002704][ T5961] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 105.002726][ T5961] ? try_to_take_rt_mutex+0x840/0xb00
[ 105.002748][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.002772][ T5961] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 105.002789][ T5961] ? rtlock_slowlock_locked+0xfb/0x3c80
[ 105.002809][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.002835][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.002859][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.002880][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.002903][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.002924][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.002945][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.002964][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.002987][ T5961] ? is_bpf_text_address+0x26/0x2b0
[ 105.003013][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003037][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003060][ T5961] ? lock_release+0x4b/0x3a0
[ 105.003077][ T5961] ? lock_release+0x4b/0x3a0
[ 105.003094][ T5961] ? is_bpf_text_address+0x292/0x2b0
[ 105.003118][ T5961] ? rt_read_lock+0x277/0x4b0
[ 105.003135][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003158][ T5961] ? lock_acquire+0x5f/0x330
[ 105.003187][ T5961] ocfs2_xattr_block_set+0x3e0/0x3350
[ 105.003208][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003227][ T5961] ? lock_acquire+0x5f/0x330
[ 105.003248][ T5961] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 105.003270][ T5961] ? start_this_handle+0x2135/0x2290
[ 105.003306][ T5961] ? __pfx_start_this_handle+0x10/0x10
[ 105.003340][ T5961] ? jbd2__journal_start+0x145/0x5b0
[ 105.003364][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003387][ T5961] __ocfs2_xattr_set_handle+0x262/0xf50
[ 105.003415][ T5961] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 105.003443][ T5961] ? jbd2_journal_start+0x2a/0x40
[ 105.003469][ T5961] ? ocfs2_start_trans+0x4e2/0x700
[ 105.003494][ T5961] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 105.003520][ T5961] ocfs2_xattr_set+0xf3f/0x13e0
[ 105.003553][ T5961] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 105.003581][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.003615][ T5961] ? posix_xattr_acl+0x93/0xc0
[ 105.003633][ T5961] ? evm_protect_xattr+0x4d4/0xac0
[ 105.003648][ T5961] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 105.003672][ T5961] __vfs_removexattr+0x431/0x470
[ 105.003710][ T5961] __vfs_removexattr_locked+0x1ee/0x230
[ 105.003738][ T5961] vfs_removexattr+0x80/0x1b0
[ 105.003767][ T5961] ovl_fill_super+0x4c39/0x5e60
[ 105.003792][ T5961] ? unwind_get_return_address+0x4d/0x90
[ 105.003820][ T5961] ? __pfx_stack_trace_save+0x10/0x10
[ 105.003841][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.003867][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.003889][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.003911][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.003929][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.003959][ T5961] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 105.003983][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.004006][ T5961] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 105.004030][ T5961] ? rt_mutex_slowunlock+0x1cb/0x300
[ 105.004050][ T5961] ? __raw_spin_lock_init+0x45/0x100
[ 105.004081][ T5961] ? sget_fc+0x962/0xa40
[ 105.004100][ T5961] ? __pfx_set_anon_super_fc+0x10/0x10
[ 105.004120][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.004146][ T5961] get_tree_nodev+0xbb/0x150
[ 105.004168][ T5961] vfs_get_tree+0x92/0x2a0
[ 105.004191][ T5961] do_new_mount+0x329/0xa50
[ 105.004218][ T5961] ? safesetid_security_capable+0xa9/0x1a0
[ 105.004240][ T5961] ? __pfx_do_new_mount+0x10/0x10
[ 105.004261][ T5961] ? ns_capable+0x89/0xe0
[ 105.004276][ T5961] ? path_mount+0x690/0x10e0
[ 105.004297][ T5961] ? kmem_cache_free+0x18d/0x8c0
[ 105.004325][ T5961] __se_sys_mount+0x31d/0x420
[ 105.004351][ T5961] ? __pfx___se_sys_mount+0x10/0x10
[ 105.004376][ T5961] ? __x64_sys_mount+0x20/0xc0
[ 105.004399][ T5961] do_syscall_64+0xe2/0xf80
[ 105.004420][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.004437][ T5961] ? trace_irq_disable+0x37/0x100
[ 105.004459][ T5961] ? clear_bhb_loop+0x60/0xb0
[ 105.004477][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.004492][ T5961] RIP: 0033:0x7ffa37feaeb9
[ 105.004506][ T5961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 105.004519][ T5961] RSP: 002b:00007fff84e7d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 105.004536][ T5961] RAX: ffffffffffffffda RBX: 00007ffa38265fa0 RCX: 00007ffa37feaeb9
[ 105.004547][ T5961] RDX: 0000200000000b80 RSI: 0000200000000080 RDI: 0000000000000000
[ 105.004557][ T5961] RBP: 00007ffa38058c1f R08: 0000200000000240 R09: 0000000000000000
[ 105.004566][ T5961] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 105.004575][ T5961] R13: 00007ffa38265fac R14: 00007ffa38265fa0 R15: 00007ffa38265fa0
[ 105.004592][ T5961]
[ 105.016363][ T5961] ---[ end trace ]---
[ 105.016377][ T5961] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 105.016405][ T5961] CPU: 0 UID: 0 PID: 5961 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 105.016427][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 105.016437][ T5961] Call Trace:
[ 105.016444][ T5961]
[ 105.016452][ T5961] vpanic+0x1e0/0x670
[ 105.016487][ T5961] panic+0xc5/0xd0
[ 105.016509][ T5961] ? __pfx_panic+0x10/0x10
[ 105.016533][ T5961] ? __pfx__printk+0x10/0x10
[ 105.016553][ T5961] check_panic_on_warn+0x89/0xb0
[ 105.016579][ T5961] __ubsan_handle_out_of_bounds+0xe8/0xf0
[ 105.016604][ T5961] ocfs2_xa_remove_entry+0x49e/0x670
[ 105.016627][ T5961] ocfs2_xa_set+0xdb2/0x2ec0
[ 105.016645][ T5961] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 105.016666][ T5961] ? try_to_take_rt_mutex+0x840/0xb00
[ 105.016688][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016717][ T5961] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 105.016735][ T5961] ? rtlock_slowlock_locked+0xfb/0x3c80
[ 105.016755][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.016789][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016812][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.016833][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016855][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.016876][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016898][ T5961] ? unwind_next_frame+0xa5/0x23c0
[ 105.016918][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016940][ T5961] ? is_bpf_text_address+0x26/0x2b0
[ 105.016966][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.016989][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.017011][ T5961] ? lock_release+0x4b/0x3a0
[ 105.017029][ T5961] ? lock_release+0x4b/0x3a0
[ 105.017060][ T5961] ? is_bpf_text_address+0x292/0x2b0
[ 105.017086][ T5961] ? rt_read_lock+0x277/0x4b0
[ 105.017104][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.017126][ T5961] ? lock_acquire+0x5f/0x330
[ 105.017147][ T5961] ocfs2_xattr_block_set+0x3e0/0x3350
[ 105.017166][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.017188][ T5961] ? lock_acquire+0x5f/0x330
[ 105.017210][ T5961] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 105.017227][ T5961] ? start_this_handle+0x2135/0x2290
[ 105.017264][ T5961] ? __pfx_start_this_handle+0x10/0x10
[ 105.017298][ T5961] ? jbd2__journal_start+0x145/0x5b0
[ 105.017323][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.017346][ T5961] __ocfs2_xattr_set_handle+0x262/0xf50
[ 105.017374][ T5961] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 105.017400][ T5961] ? jbd2_journal_start+0x2a/0x40
[ 105.017426][ T5961] ? ocfs2_start_trans+0x4e2/0x700
[ 105.017451][ T5961] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 105.017478][ T5961] ocfs2_xattr_set+0xf3f/0x13e0
[ 105.017510][ T5961] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 105.017538][ T5961] ? rcu_is_watching+0x15/0xb0
[ 105.017571][ T5961] ? posix_xattr_acl+0x93/0xc0
[ 105.017588][ T5961] ? evm_protect_xattr+0x4d4/0xac0
[ 105.017606][ T5961] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 105.017633][ T5961] __vfs_removexattr+0x431/0x470
[ 105.017664][ T5961] __vfs_removexattr_locked+0x1ee/0x230
[ 105.017692][ T5961] vfs_removexattr+0x80/0x1b0
[ 105.017724][ T5961] ovl_fill_super+0x4c39/0x5e60
[ 105.017750][ T5961] ? unwind_get_return_address+0x4d/0x90
[ 105.017778][ T5961] ? __pfx_stack_trace_save+0x10/0x10
[ 105.017799][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.017825][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.017847][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.017869][ T5961] ? __lock_acquire+0x6b5/0x2cf0
[ 105.017888][ T5961] ? do_raw_spin_lock+0x12b/0x2f0
[ 105.017918][ T5961] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 105.017942][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 105.017965][ T5961] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 105.017987][ T5961] ? rt_mutex_slowunlock+0x1cb/0x300
[ 105.018007][ T5961] ? __raw_spin_lock_init+0x45/0x100
[ 105.018039][ T5961] ? sget_fc+0x962/0xa40
[ 105.018057][ T5961] ? __pfx_set_anon_super_fc+0x10/0x10
[ 105.018078][ T5961] ? __pfx_ovl_fill_super+0x10/0x10
[ 105.018103][ T5961] get_tree_nodev+0xbb/0x150
[ 105.018125][ T5961] vfs_get_tree+0x92/0x2a0
[ 105.018148][ T5961] do_new_mount+0x329/0xa50
[ 105.018172][ T5961] ? safesetid_security_capable+0xa9/0x1a0
[ 105.018198][ T5961] ? __pfx_do_new_mount+0x10/0x10
[ 105.018222][ T5961] ? ns_capable+0x89/0xe0
[ 105.018239][ T5961] ? path_mount+0x690/0x10e0
[ 105.018263][ T5961] ? kmem_cache_free+0x18d/0x8c0
[ 105.018291][ T5961] __se_sys_mount+0x31d/0x420
[ 105.018326][ T5961] ? __pfx___se_sys_mount+0x10/0x10
[ 105.018354][ T5961] ? __x64_sys_mount+0x20/0xc0
[ 105.018379][ T5961] do_syscall_64+0xe2/0xf80
[ 105.018402][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.018420][ T5961] ? trace_irq_disable+0x37/0x100
[ 105.018443][ T5961] ? clear_bhb_loop+0x60/0xb0
[ 105.018462][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.018480][ T5961] RIP: 0033:0x7ffa37feaeb9
[ 105.018496][ T5961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 105.018511][ T5961] RSP: 002b:00007fff84e7d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 105.018530][ T5961] RAX: ffffffffffffffda RBX: 00007ffa38265fa0 RCX: 00007ffa37feaeb9
[ 105.018544][ T5961] RDX: 0000200000000b80 RSI: 0000200000000080 RDI: 0000000000000000
[ 105.018557][ T5961] RBP: 00007ffa38058c1f R08: 0000200000000240 R09: 0000000000000000
[ 105.018569][ T5961] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 105.018580][ T5961] R13: 00007ffa38265fac R14: 00007ffa38265fa0 R15: 00007ffa38265fa0
[ 105.018599][ T5961]
[ 105.019052][ T5961] Kernel Offset: disabled