Warning: Permanently added '10.128.0.51' (ED25519) to the list of known hosts. 1970/01/01 00:00:35 parsed 1 programs [ 37.256506][ T6577] cgroup: Unknown subsys name 'net' [ 37.387363][ T6577] cgroup: Unknown subsys name 'cpuset' [ 37.389195][ T6577] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 37.593584][ T6577] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 42.538004][ T6588] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 42.707277][ T6164] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.708777][ T6164] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.709046][ T6164] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.711853][ T6164] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.713219][ T6164] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 43.180161][ T6625] chnl_net:caif_netlink_parms(): no params data found [ 43.237748][ T6625] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.238021][ T6625] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.238090][ T6625] bridge_slave_0: entered allmulticast mode [ 43.238544][ T6625] bridge_slave_0: entered promiscuous mode [ 43.239714][ T6625] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.239756][ T6625] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.239798][ T6625] bridge_slave_1: entered allmulticast mode [ 43.240196][ T6625] bridge_slave_1: entered promiscuous mode [ 43.254008][ T6625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.255147][ T6625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.268316][ T6625] team0: Port device team_slave_0 added [ 43.269368][ T6625] team0: Port device team_slave_1 added [ 43.275893][ T6625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.275917][ T6625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 43.275929][ T6625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.276788][ T6625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.276795][ T6625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 43.276807][ T6625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.300545][ T6625] hsr_slave_0: entered promiscuous mode [ 43.300913][ T6625] hsr_slave_1: entered promiscuous mode [ 43.342375][ T6625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.346895][ T6625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.425155][ T6625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.445079][ T6625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.457643][ T6625] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.457691][ T6625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.457872][ T6625] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.457896][ T6625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.474137][ T6625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.478501][ T2087] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.480326][ T2087] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.484823][ T6625] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.487981][ T3301] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.488027][ T3301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.492779][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.492810][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.541017][ T6625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.554192][ T6625] veth0_vlan: entered promiscuous mode [ 43.556513][ T6625] veth1_vlan: entered promiscuous mode [ 43.562962][ T6625] veth0_macvtap: entered promiscuous mode [ 43.563906][ T6625] veth1_macvtap: entered promiscuous mode [ 43.568214][ T6625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.569471][ T6625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.573060][ T3301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.573426][ T3301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.573448][ T3301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.573465][ T3301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.903233][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.955895][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.989366][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.050601][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.470820][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.472308][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.483025][ T2087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.484550][ T2087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:00:44 executed programs: 0 [ 44.693603][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.695570][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.697061][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.698217][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.698430][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.759064][ T6685] chnl_net:caif_netlink_parms(): no params data found [ 44.778142][ T6685] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.778230][ T6685] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.778285][ T6685] bridge_slave_0: entered allmulticast mode [ 44.778706][ T6685] bridge_slave_0: entered promiscuous mode [ 44.779684][ T6685] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.779714][ T6685] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.779766][ T6685] bridge_slave_1: entered allmulticast mode [ 44.780187][ T6685] bridge_slave_1: entered promiscuous mode [ 44.791607][ T6685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.792494][ T6685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.799607][ T6685] team0: Port device team_slave_0 added [ 44.800321][ T6685] team0: Port device team_slave_1 added [ 44.807442][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.807462][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 44.807475][ T6685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.807970][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.807976][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 44.807989][ T6685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.824756][ T6685] hsr_slave_0: entered promiscuous mode [ 44.826321][ T6685] hsr_slave_1: entered promiscuous mode [ 44.826561][ T6685] debugfs: 'hsr0' already exists in 'hsr' [ 44.826603][ T6685] Cannot create hsr debugfs directory [ 46.735193][ T53] Bluetooth: hci0: command tx timeout [ 47.113647][ T42] bridge_slave_1: left allmulticast mode [ 47.113694][ T42] bridge_slave_1: left promiscuous mode [ 47.114053][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.117205][ T42] bridge_slave_0: left allmulticast mode [ 47.117226][ T42] bridge_slave_0: left promiscuous mode [ 47.117309][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.317212][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 47.366611][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 47.385773][ T42] bond0 (unregistering): Released all slaves [ 47.499724][ T42] hsr_slave_0: left promiscuous mode [ 47.500760][ T42] hsr_slave_1: left promiscuous mode [ 47.501467][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.501484][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.502174][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.502184][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.510932][ T42] veth1_macvtap: left promiscuous mode [ 47.510986][ T42] veth0_macvtap: left promiscuous mode [ 47.511157][ T42] veth1_vlan: left promiscuous mode [ 47.511210][ T42] veth0_vlan: left promiscuous mode [ 47.621002][ T42] team0 (unregistering): Port device team_slave_1 removed [ 47.626929][ T42] team0 (unregistering): Port device team_slave_0 removed [ 47.916389][ T6685] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.918677][ T6685] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.920989][ T6685] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.923093][ T6685] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.952011][ T6685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.961647][ T6685] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.966018][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.966098][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.972981][ T3301] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.973018][ T3301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.032693][ T6685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.049669][ T6685] veth0_vlan: entered promiscuous mode [ 48.051184][ T6685] veth1_vlan: entered promiscuous mode [ 48.162458][ T6685] veth0_macvtap: entered promiscuous mode [ 48.163383][ T6685] veth1_macvtap: entered promiscuous mode [ 48.168256][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.169121][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.172443][ T3495] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.172561][ T3495] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.172651][ T3495] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.172777][ T3495] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.204107][ T3880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.204460][ T3880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.222875][ T3880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.222905][ T3880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.351141][ T6749] loop0: detected capacity change from 0 to 32768 [ 48.352976][ T6749] ======================================================= [ 48.352976][ T6749] WARNING: The mand mount option has been deprecated and [ 48.352976][ T6749] and is ignored by this kernel. Remove the mand [ 48.352976][ T6749] option from the mount to silence this warning. [ 48.352976][ T6749] ======================================================= [ 48.375691][ T6749] JBD2: Ignoring recovery information on journal [ 48.389307][ T6749] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 48.399334][ T6749] overlayfs: upper fs does not support tmpfile. [ 48.401696][ T6749] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 48.403457][ T6749] [ 48.403828][ T6749] ====================================================== [ 48.404858][ T6749] WARNING: possible circular locking dependency detected [ 48.405949][ T6749] syzkaller #0 Not tainted [ 48.406599][ T6749] ------------------------------------------------------ [ 48.407710][ T6749] syz.0.17/6749 is trying to acquire lock: [ 48.408638][ T6749] ffff0000eb712640 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 48.410803][ T6749] [ 48.410803][ T6749] but task is already holding lock: [ 48.411908][ T6749] ffff0000eb715c78 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 48.413301][ T6749] [ 48.413301][ T6749] which lock already depends on the new lock. [ 48.413301][ T6749] [ 48.414814][ T6749] [ 48.414814][ T6749] the existing dependency chain (in reverse order) is: [ 48.416164][ T6749] [ 48.416164][ T6749] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 48.417416][ T6749] down_write+0x50/0xc0 [ 48.418167][ T6749] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 48.419043][ T6749] ocfs2_init_security_set+0xb4/0xd8 [ 48.419942][ T6749] ocfs2_mknod+0x104c/0x1cf0 [ 48.420654][ T6749] ocfs2_mkdir+0x178/0x474 [ 48.421440][ T6749] vfs_mkdir+0x408/0x48c [ 48.422130][ T6749] do_mkdirat+0x238/0x448 [ 48.422904][ T6749] __arm64_sys_mkdirat+0x8c/0xa4 [ 48.423674][ T6749] invoke_syscall+0x98/0x254 [ 48.424380][ T6749] el0_svc_common+0xe8/0x23c [ 48.425235][ T6749] do_el0_svc+0x48/0x58 [ 48.426002][ T6749] el0_svc+0x5c/0x26c [ 48.426752][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.427665][ T6749] el0t_64_sync+0x198/0x19c [ 48.428457][ T6749] [ 48.428457][ T6749] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 48.429829][ T6749] down_read+0x58/0x308 [ 48.430554][ T6749] ocfs2_start_trans+0x35c/0x6b0 [ 48.431425][ T6749] ocfs2_reserve_suballoc_bits+0x74c/0x3ea0 [ 48.432355][ T6749] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 48.433408][ T6749] ocfs2_mknod+0xbb8/0x1cf0 [ 48.434126][ T6749] ocfs2_mkdir+0x178/0x474 [ 48.434887][ T6749] vfs_mkdir+0x408/0x48c [ 48.435572][ T6749] do_mkdirat+0x238/0x448 [ 48.436242][ T6749] __arm64_sys_mkdirat+0x8c/0xa4 [ 48.437017][ T6749] invoke_syscall+0x98/0x254 [ 48.437801][ T6749] el0_svc_common+0xe8/0x23c [ 48.438566][ T6749] do_el0_svc+0x48/0x58 [ 48.439310][ T6749] el0_svc+0x5c/0x26c [ 48.439970][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.440788][ T6749] el0t_64_sync+0x198/0x19c [ 48.441579][ T6749] [ 48.441579][ T6749] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 48.442675][ T6749] ocfs2_start_trans+0x1f4/0x6b0 [ 48.443483][ T6749] ocfs2_mknod+0xc30/0x1cf0 [ 48.444239][ T6749] ocfs2_mkdir+0x178/0x474 [ 48.445022][ T6749] vfs_mkdir+0x408/0x48c [ 48.445728][ T6749] do_mkdirat+0x238/0x448 [ 48.446463][ T6749] __arm64_sys_mkdirat+0x8c/0xa4 [ 48.447285][ T6749] invoke_syscall+0x98/0x254 [ 48.448103][ T6749] el0_svc_common+0xe8/0x23c [ 48.448824][ T6749] do_el0_svc+0x48/0x58 [ 48.449519][ T6749] el0_svc+0x5c/0x26c [ 48.450142][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.450935][ T6749] el0t_64_sync+0x198/0x19c [ 48.451706][ T6749] [ 48.451706][ T6749] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 48.453350][ T6749] __lock_acquire+0x1774/0x30a4 [ 48.454181][ T6749] lock_acquire+0x140/0x2e0 [ 48.454987][ T6749] down_write+0x50/0xc0 [ 48.455688][ T6749] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 48.456717][ T6749] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 48.457785][ T6749] ocfs2_reserve_clusters+0x3c/0x50 [ 48.458677][ T6749] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 48.459613][ T6749] ocfs2_xattr_set+0x920/0xe9c [ 48.460356][ T6749] ocfs2_xattr_trusted_set+0x4c/0x64 [ 48.461203][ T6749] __vfs_setxattr+0x3d8/0x400 [ 48.462027][ T6749] __vfs_setxattr_noperm+0x120/0x5c4 [ 48.462965][ T6749] __vfs_setxattr_locked+0x1e8/0x214 [ 48.463794][ T6749] vfs_setxattr+0x158/0x2a8 [ 48.464598][ T6749] ovl_fill_super+0x3d74/0x4cdc [ 48.465389][ T6749] get_tree_nodev+0xb4/0x144 [ 48.466144][ T6749] ovl_get_tree+0x28/0x38 [ 48.466881][ T6749] vfs_get_tree+0x90/0x28c [ 48.467562][ T6749] do_new_mount+0x284/0x944 [ 48.468320][ T6749] path_mount+0x5b4/0xdfc [ 48.469045][ T6749] __arm64_sys_mount+0x3e8/0x468 [ 48.469867][ T6749] invoke_syscall+0x98/0x254 [ 48.470592][ T6749] el0_svc_common+0xe8/0x23c [ 48.471353][ T6749] do_el0_svc+0x48/0x58 [ 48.472027][ T6749] el0_svc+0x5c/0x26c [ 48.472686][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.473587][ T6749] el0t_64_sync+0x198/0x19c [ 48.474317][ T6749] [ 48.474317][ T6749] other info that might help us debug this: [ 48.474317][ T6749] [ 48.475809][ T6749] Chain exists of: [ 48.475809][ T6749] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem [ 48.475809][ T6749] [ 48.478446][ T6749] Possible unsafe locking scenario: [ 48.478446][ T6749] [ 48.479598][ T6749] CPU0 CPU1 [ 48.480336][ T6749] ---- ---- [ 48.481181][ T6749] lock(&oi->ip_xattr_sem); [ 48.481937][ T6749] lock(&journal->j_trans_barrier); [ 48.483079][ T6749] lock(&oi->ip_xattr_sem); [ 48.484197][ T6749] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]); [ 48.485299][ T6749] [ 48.485299][ T6749] *** DEADLOCK *** [ 48.485299][ T6749] [ 48.486556][ T6749] 4 locks held by syz.0.17/6749: [ 48.487316][ T6749] #0: ffff0000ca7c40e0 (&type->s_umount_key#54/1){+.+.}-{4:4}, at: alloc_super+0x210/0x908 [ 48.488939][ T6749] #1: ffff0000c9746420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 48.490396][ T6749] #2: ffff0000eb715f40 (&sb->s_type->i_mutex_key#24){++++}-{4:4}, at: vfs_setxattr+0x138/0x2a8 [ 48.492067][ T6749] #3: ffff0000eb715c78 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 48.493647][ T6749] [ 48.493647][ T6749] stack backtrace: [ 48.494469][ T6749] CPU: 1 UID: 0 PID: 6749 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 48.495655][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 48.497230][ T6749] Call trace: [ 48.497713][ T6749] show_stack+0x2c/0x3c (C) [ 48.498392][ T6749] __dump_stack+0x30/0x40 [ 48.499047][ T6749] dump_stack_lvl+0xd8/0x12c [ 48.499746][ T6749] dump_stack+0x1c/0x28 [ 48.500385][ T6749] print_circular_bug+0x324/0x32c [ 48.501109][ T6749] check_noncircular+0x154/0x174 [ 48.501861][ T6749] __lock_acquire+0x1774/0x30a4 [ 48.502577][ T6749] lock_acquire+0x140/0x2e0 [ 48.503263][ T6749] down_write+0x50/0xc0 [ 48.503897][ T6749] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 48.504879][ T6749] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 48.505766][ T6749] ocfs2_reserve_clusters+0x3c/0x50 [ 48.506562][ T6749] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 48.507397][ T6749] ocfs2_xattr_set+0x920/0xe9c [ 48.508093][ T6749] ocfs2_xattr_trusted_set+0x4c/0x64 [ 48.508892][ T6749] __vfs_setxattr+0x3d8/0x400 [ 48.509606][ T6749] __vfs_setxattr_noperm+0x120/0x5c4 [ 48.510370][ T6749] __vfs_setxattr_locked+0x1e8/0x214 [ 48.511150][ T6749] vfs_setxattr+0x158/0x2a8 [ 48.511819][ T6749] ovl_fill_super+0x3d74/0x4cdc [ 48.512563][ T6749] get_tree_nodev+0xb4/0x144 [ 48.513262][ T6749] ovl_get_tree+0x28/0x38 [ 48.513873][ T6749] vfs_get_tree+0x90/0x28c [ 48.514504][ T6749] do_new_mount+0x284/0x944 [ 48.515142][ T6749] path_mount+0x5b4/0xdfc [ 48.515801][ T6749] __arm64_sys_mount+0x3e8/0x468 [ 48.516600][ T6749] invoke_syscall+0x98/0x254 [ 48.517291][ T6749] el0_svc_common+0xe8/0x23c [ 48.517939][ T6749] do_el0_svc+0x48/0x58 [ 48.518604][ T6749] el0_svc+0x5c/0x26c [ 48.519153][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.519907][ T6749] el0t_64_sync+0x198/0x19c [ 48.522639][ T6749] ------------[ cut here ]------------ [ 48.523557][ T6749] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3 [ 48.524808][ T6749] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]') [ 48.527111][ T6749] CPU: 1 UID: 0 PID: 6749 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 48.527125][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 48.527129][ T6749] Call trace: [ 48.527132][ T6749] show_stack+0x2c/0x3c (C) [ 48.527144][ T6749] __dump_stack+0x30/0x40 [ 48.527150][ T6749] dump_stack_lvl+0xd8/0x12c [ 48.527156][ T6749] dump_stack+0x1c/0x28 [ 48.527161][ T6749] ubsan_epilogue+0x14/0x48 [ 48.527166][ T6749] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 48.527172][ T6749] ocfs2_xa_remove_entry+0x314/0x384 [ 48.527179][ T6749] ocfs2_xa_set+0x938/0x23c0 ** replaying previous printk message ** [ 48.527179][ T6749] ocfs2_xa_set+0x938/0x23c0 [ 48.527185][ T6749] ocfs2_xattr_block_set+0x328/0x2a88 [ 48.527191][ T6749] __ocfs2_xattr_set_handle+0x200/0xc28 [ 48.527197][ T6749] ocfs2_xattr_set+0xb38/0xe9c [ 48.527203][ T6749] ocfs2_xattr_trusted_set+0x4c/0x64 [ 48.527208][ T6749] __vfs_removexattr+0x3bc/0x3e4 [ 48.527214][ T6749] __vfs_removexattr_locked+0x1cc/0x204 [ 48.527219][ T6749] vfs_removexattr+0x80/0x18c [ 48.527224][ T6749] ovl_fill_super+0x3e40/0x4cdc [ 48.527231][ T6749] get_tree_nodev+0xb4/0x144 [ 48.527237][ T6749] ovl_get_tree+0x28/0x38 [ 48.527244][ T6749] vfs_get_tree+0x90/0x28c [ 48.527249][ T6749] do_new_mount+0x284/0x944 [ 48.527255][ T6749] path_mount+0x5b4/0xdfc [ 48.527261][ T6749] __arm64_sys_mount+0x3e8/0x468 [ 48.527267][ T6749] invoke_syscall+0x98/0x254 [ 48.527272][ T6749] el0_svc_common+0xe8/0x23c [ 48.527277][ T6749] do_el0_svc+0x48/0x58 [ 48.527282][ T6749] el0_svc+0x5c/0x26c [ 48.527288][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.527293][ T6749] el0t_64_sync+0x198/0x19c [ 48.536144][ T6749] ---[ end trace ]--- [ 48.536157][ T6749] ------------[ cut here ]------------ [ 48.536166][ T6749] memset: detected buffer overflow: 16 byte write of buffer size 0 [ 48.536290][ T6749] WARNING: lib/string_helpers.c:1036 at __fortify_report+0xa4/0xc0, CPU#0: syz.0.17/6749 [ 48.555872][ T6749] Modules linked in: [ 48.556467][ T6749] CPU: 0 UID: 0 PID: 6749 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 48.557751][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 48.559388][ T6749] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 48.560646][ T6749] pc : __fortify_report+0xa4/0xc0 [ 48.561370][ T6749] lr : __fortify_report+0xa4/0xc0 [ 48.562184][ T6749] sp : ffff8000a4796660 [ 48.562833][ T6749] x29: ffff8000a4796660 x28: 1fffe0001e2840c6 x27: dfff800000000000 [ 48.564084][ T6749] x26: ffff0000f1420640 x25: 0000000000000000 x24: 0000000000000001 [ 48.565265][ T6749] x23: 000000000000000f x22: ffff80008b5a20d8 x21: 0000000000000001 [ 48.566552][ T6749] x20: 0000000000000010 x19: 0000000000000000 x18: 1fffe00033781890 [ 48.567794][ T6749] x17: ffff80008f86e000 x16: ffff800082e5e68c x15: 0000000000000001 [ 48.569026][ T6749] x14: 1fffe0003377d0fa x13: 0000000000000000 x12: 0000000000000000 [ 48.570365][ T6749] x11: ffff60003377d0fb x10: 0000000000ff0100 x9 : 911fe7cbb4143200 [ 48.571603][ T6749] x8 : 911fe7cbb4143200 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 48.572877][ T6749] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 48.574101][ T6749] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 48.575424][ T6749] Call trace: [ 48.575943][ T6749] __fortify_report+0xa4/0xc0 (P) [ 48.576680][ T6749] __fortify_panic+0x10/0x14 [ 48.577438][ T6749] ocfs2_xa_remove_entry+0x34c/0x384 [ 48.578241][ T6749] ocfs2_xa_set+0x938/0x23c0 [ 48.578978][ T6749] ocfs2_xattr_block_set+0x328/0x2a88 [ 48.579802][ T6749] __ocfs2_xattr_set_handle+0x200/0xc28 [ 48.580664][ T6749] ocfs2_xattr_set+0xb38/0xe9c [ 48.581409][ T6749] ocfs2_xattr_trusted_set+0x4c/0x64 [ 48.582193][ T6749] __vfs_removexattr+0x3bc/0x3e4 [ 48.582958][ T6749] __vfs_removexattr_locked+0x1cc/0x204 [ 48.583737][ T6749] vfs_removexattr+0x80/0x18c [ 48.584426][ T6749] ovl_fill_super+0x3e40/0x4cdc [ 48.585129][ T6749] get_tree_nodev+0xb4/0x144 [ 48.585862][ T6749] ovl_get_tree+0x28/0x38 [ 48.586516][ T6749] vfs_get_tree+0x90/0x28c [ 48.587222][ T6749] do_new_mount+0x284/0x944 [ 48.587982][ T6749] path_mount+0x5b4/0xdfc [ 48.588660][ T6749] __arm64_sys_mount+0x3e8/0x468 [ 48.589408][ T6749] invoke_syscall+0x98/0x254 [ 48.590172][ T6749] el0_svc_common+0xe8/0x23c [ 48.590900][ T6749] do_el0_svc+0x48/0x58 [ 48.591545][ T6749] el0_svc+0x5c/0x26c [ 48.592182][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.592953][ T6749] el0t_64_sync+0x198/0x19c [ 48.593674][ T6749] irq event stamp: 49821 [ 48.594386][ T6749] hardirqs last enabled at (49821): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 48.596034][ T6749] hardirqs last disabled at (49820): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 48.597624][ T6749] softirqs last enabled at (49110): [] local_bh_enable+0x10/0x34 [ 48.599022][ T6749] softirqs last disabled at (49108): [] local_bh_disable+0x10/0x34 [ 48.600445][ T6749] ---[ end trace 0000000000000000 ]--- [ 48.603784][ T6749] ------------[ cut here ]------------ [ 48.603794][ T6749] kernel BUG at lib/string_helpers.c:1043! [ 48.603801][ T6749] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 48.606537][ T6749] Modules linked in: [ 48.607141][ T6749] CPU: 0 UID: 0 PID: 6749 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT [ 48.608792][ T6749] Tainted: [W]=WARN [ 48.609369][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 48.610893][ T6749] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 48.612133][ T6749] pc : __fortify_panic+0x10/0x14 [ 48.612939][ T6749] lr : __fortify_panic+0x10/0x14 [ 48.613731][ T6749] sp : ffff8000a47966a0 [ 48.614371][ T6749] x29: ffff8000a47966a0 x28: 1fffe0001e2840c6 x27: dfff800000000000 [ 48.615611][ T6749] x26: ffff0000f1420640 x25: 0000000000000000 x24: 0000000000000001 [ 48.616813][ T6749] x23: ffff0000f1420650 x22: 0000000000000001 x21: 0000000000000001 [ 48.618053][ T6749] x20: 0000000000000001 x19: ffff0000f1420630 x18: 1fffe00033781890 [ 48.619248][ T6749] x17: ffff80008f86e000 x16: ffff800082e5e68c x15: 0000000000000001 [ 48.620534][ T6749] x14: 1fffe0003377d0fa x13: 0000000000000000 x12: 0000000000000000 [ 48.621816][ T6749] x11: ffff60003377d0fb x10: 0000000000ff0100 x9 : 911fe7cbb4143200 [ 48.623032][ T6749] x8 : 911fe7cbb4143200 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 48.624190][ T6749] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 48.625374][ T6749] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 48.626567][ T6749] Call trace: [ 48.627061][ T6749] __fortify_panic+0x10/0x14 (P) [ 48.627767][ T6749] ocfs2_xa_remove_entry+0x34c/0x384 [ 48.628581][ T6749] ocfs2_xa_set+0x938/0x23c0 [ 48.629267][ T6749] ocfs2_xattr_block_set+0x328/0x2a88 [ 48.630075][ T6749] __ocfs2_xattr_set_handle+0x200/0xc28 [ 48.630948][ T6749] ocfs2_xattr_set+0xb38/0xe9c [ 48.631682][ T6749] ocfs2_xattr_trusted_set+0x4c/0x64 [ 48.632433][ T6749] __vfs_removexattr+0x3bc/0x3e4 [ 48.633168][ T6749] __vfs_removexattr_locked+0x1cc/0x204 [ 48.634072][ T6749] vfs_removexattr+0x80/0x18c [ 48.634857][ T6749] ovl_fill_super+0x3e40/0x4cdc [ 48.635574][ T6749] get_tree_nodev+0xb4/0x144 [ 48.636292][ T6749] ovl_get_tree+0x28/0x38 [ 48.636976][ T6749] vfs_get_tree+0x90/0x28c [ 48.637667][ T6749] do_new_mount+0x284/0x944 [ 48.638344][ T6749] path_mount+0x5b4/0xdfc [ 48.638988][ T6749] __arm64_sys_mount+0x3e8/0x468 [ 48.639736][ T6749] invoke_syscall+0x98/0x254 [ 48.640429][ T6749] el0_svc_common+0xe8/0x23c [ 48.641111][ T6749] do_el0_svc+0x48/0x58 [ 48.641738][ T6749] el0_svc+0x5c/0x26c [ 48.642335][ T6749] el0t_64_sync_handler+0x84/0x12c [ 48.643053][ T6749] el0t_64_sync+0x198/0x19c [ 48.643719][ T6749] Code: d503233f a9bf7bfd 910003fd 94b2f454 (d4210000) [ 48.644726][ T6749] ---[ end trace 0000000000000000 ]--- [ 48.818448][ T6749] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 48.819445][ T6749] SMP: stopping secondary CPUs [ 48.820130][ T6749] Kernel Offset: disabled [ 48.820757][ T6749] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 48.821774][ T6749] Memory Limit: none [ 48.985968][ T6749] Rebooting in 86400 seconds..