[ 97.361087][ T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.10.22' (ED25519) to the list of known hosts.
2026/01/02 15:32:11 parsed 1 programs
[ 106.285522][ T5814] cgroup: Unknown subsys name 'net'
[ 106.526565][ T5814] cgroup: Unknown subsys name 'cpuset'
[ 106.581552][ T5814] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 108.536775][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 115.024080][ T5857] chnl_net:caif_netlink_parms(): no params data found
[ 115.491388][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.493002][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.493175][ T5857] bridge_slave_0: entered allmulticast mode
[ 115.495197][ T5857] bridge_slave_0: entered promiscuous mode
[ 115.503023][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.503586][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.504166][ T5857] bridge_slave_1: entered allmulticast mode
[ 115.512006][ T5857] bridge_slave_1: entered promiscuous mode
[ 115.747581][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 115.761263][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 115.905557][ T5857] team0: Port device team_slave_0 added
[ 115.910018][ T5857] team0: Port device team_slave_1 added
[ 116.173580][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 116.173595][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.173618][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 116.176914][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 116.176931][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.176959][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 116.419006][ T5857] hsr_slave_0: entered promiscuous mode
[ 116.420216][ T5857] hsr_slave_1: entered promiscuous mode
[ 116.817603][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 116.862840][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 116.886182][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 116.925071][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.119976][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.151890][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.160454][ T1479] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.179406][ T1479] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.208544][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.208913][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.477212][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 117.532484][ T5857] veth0_vlan: entered promiscuous mode
[ 117.539463][ T5857] veth1_vlan: entered promiscuous mode
[ 117.582813][ T5857] veth0_macvtap: entered promiscuous mode
[ 117.587350][ T5857] veth1_macvtap: entered promiscuous mode
[ 117.624027][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 117.638647][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 117.660467][ T1479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.672640][ T1479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.672690][ T1479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.672728][ T1479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.426595][ T1479] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.664379][ T1479] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.895493][ T1479] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.942518][ T5886] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.945226][ T5886] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 118.946247][ T5886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 118.947705][ T5886] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 118.948737][ T5886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 119.737071][ T1479] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 119.964996][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.965019][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.028055][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.028078][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.236228][ T1479] bridge_slave_1: left allmulticast mode
[ 121.236384][ T1479] bridge_slave_1: left promiscuous mode
[ 121.238534][ T1479] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.362280][ T1479] bridge_slave_0: left allmulticast mode
[ 121.362312][ T1479] bridge_slave_0: left promiscuous mode
[ 121.362787][ T1479] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.131482][ T1479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 123.191980][ T1479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 123.233449][ T1479] bond0 (unregistering): Released all slaves
[ 123.540869][ T1479] hsr_slave_0: left promiscuous mode
[ 123.580834][ T1479] hsr_slave_1: left promiscuous mode
[ 123.581827][ T1479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 123.581900][ T1479] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 123.642735][ T1479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 123.642763][ T1479] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 123.746092][ T1479] veth1_macvtap: left promiscuous mode
[ 123.746348][ T1479] veth0_macvtap: left promiscuous mode
[ 123.746649][ T1479] veth1_vlan: left promiscuous mode
[ 123.746972][ T1479] veth0_vlan: left promiscuous mode
[ 125.921488][ T1479] team0 (unregistering): Port device team_slave_1 removed
[ 126.111583][ T1479] team0 (unregistering): Port device team_slave_0 removed
2026/01/02 15:32:38 executed programs: 0
[ 129.121795][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 129.129030][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 129.130472][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 129.136987][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 129.138539][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 130.252924][ T5967] chnl_net:caif_netlink_parms(): no params data found
[ 130.607275][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.607503][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.607708][ T5967] bridge_slave_0: entered allmulticast mode
[ 130.628299][ T5967] bridge_slave_0: entered promiscuous mode
[ 130.638432][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.638638][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.638816][ T5967] bridge_slave_1: entered allmulticast mode
[ 130.642972][ T5967] bridge_slave_1: entered promiscuous mode
[ 130.845242][ T5967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 130.848935][ T5967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.193055][ T5886] Bluetooth: hci0: command tx timeout
[ 131.395792][ T5967] team0: Port device team_slave_0 added
[ 131.414078][ T5967] team0: Port device team_slave_1 added
[ 131.883252][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.883269][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.883293][ T5967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.941358][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.941372][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.941391][ T5967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 132.297167][ T5967] hsr_slave_0: entered promiscuous mode
[ 132.298212][ T5967] hsr_slave_1: entered promiscuous mode
[ 133.270761][ T5886] Bluetooth: hci0: command tx timeout
[ 134.143420][ T5967] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 134.184957][ T5967] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 134.234612][ T5967] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 134.275820][ T5967] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 134.444351][ T5967] 8021q: adding VLAN 0 to HW filter on device bond0
[ 134.489998][ T5967] 8021q: adding VLAN 0 to HW filter on device team0
[ 134.513319][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 134.514271][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 134.539573][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 134.540169][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 134.955524][ T5967] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 135.029069][ T5967] veth0_vlan: entered promiscuous mode
[ 135.046783][ T5967] veth1_vlan: entered promiscuous mode
[ 135.096583][ T5967] veth0_macvtap: entered promiscuous mode
[ 135.109678][ T5967] veth1_macvtap: entered promiscuous mode
[ 135.152740][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 135.173042][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 135.195174][ T1479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 135.195228][ T1479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 135.195269][ T1479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 135.195307][ T1479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 135.350829][ T5886] Bluetooth: hci0: command tx timeout
[ 135.456906][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 135.456930][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 135.532818][ T3533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 135.532841][ T3533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/02 15:32:45 executed programs: 2
[ 136.124696][ T6072] loop0: detected capacity change from 0 to 32768
[ 136.186692][ T6072] (syz.0.17,6072,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 136.190229][ T6072] (syz.0.17,6072,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 136.333943][ T6072] JBD2: Ignoring recovery information on journal
[ 136.482944][ T6072] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 136.676092][ T6072]
[ 136.676106][ T6072] ======================================================
[ 136.676114][ T6072] WARNING: possible circular locking dependency detected
[ 136.676132][ T6072] syzkaller #0 Not tainted
[ 136.676144][ T6072] ------------------------------------------------------
[ 136.676151][ T6072] syz.0.17/6072 is trying to acquire lock:
[ 136.676163][ T6072] ffff888036370770 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_setattr+0x9a4/0x1bb0
[ 136.676249][ T6072]
[ 136.676249][ T6072] but task is already holding lock:
[ 136.676256][ T6072] ffff88805860a950 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x995/0x1bb0
[ 136.676313][ T6072]
[ 136.676313][ T6072] which lock already depends on the new lock.
[ 136.676313][ T6072]
[ 136.676319][ T6072]
[ 136.676319][ T6072] the existing dependency chain (in reverse order) is:
[ 136.676327][ T6072]
[ 136.676327][ T6072] -> #3 (&oi->ip_alloc_sem){+.+.}-{4:4}:
[ 136.676354][ T6072] down_write+0x3a/0x50
[ 136.676374][ T6072] ocfs2_try_remove_refcount_tree+0xb6/0x320
[ 136.676397][ T6072] ocfs2_xattr_set+0x595/0x11f0
[ 136.676420][ T6072] ocfs2_set_acl+0x701/0x7b0
[ 136.676439][ T6072] ocfs2_iop_set_acl+0x1aa/0x2a0
[ 136.676459][ T6072] vfs_remove_acl+0x48e/0x700
[ 136.676477][ T6072] ovl_workdir_create+0x57d/0x900
[ 136.676504][ T6072] ovl_fill_super+0x188f/0x5a90
[ 136.676527][ T6072] get_tree_nodev+0xbb/0x150
[ 136.676553][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.676581][ T6072] do_new_mount+0x302/0xa10
[ 136.676599][ T6072] __se_sys_mount+0x313/0x410
[ 136.676618][ T6072] do_syscall_64+0xec/0xf80
[ 136.676635][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.676654][ T6072]
[ 136.676654][ T6072] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[ 136.676693][ T6072] down_read+0x97/0x1f0
[ 136.676712][ T6072] ocfs2_init_acl+0x1a5/0x7b0
[ 136.676734][ T6072] ocfs2_mknod+0x12ff/0x2030
[ 136.676752][ T6072] ocfs2_mkdir+0x181/0x420
[ 136.676769][ T6072] vfs_mkdir+0x52d/0x5d0
[ 136.676796][ T6072] do_mkdirat+0x27a/0x4b0
[ 136.676822][ T6072] __x64_sys_mkdir+0x6c/0x80
[ 136.676850][ T6072] do_syscall_64+0xec/0xf80
[ 136.676867][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.676887][ T6072]
[ 136.676887][ T6072] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[ 136.676915][ T6072] down_read+0x97/0x1f0
[ 136.676934][ T6072] ocfs2_start_trans+0x36b/0x6d0
[ 136.676957][ T6072] ocfs2_modify_bh+0xe8/0x470
[ 136.676976][ T6072] ocfs2_local_read_info+0x1465/0x17e0
[ 136.676996][ T6072] dquot_load_quota_sb+0x791/0xbd0
[ 136.677025][ T6072] dquot_load_quota_inode+0x2e1/0x5d0
[ 136.677054][ T6072] ocfs2_enable_quotas+0x1c6/0x450
[ 136.677083][ T6072] ocfs2_fill_super+0x5155/0x65b0
[ 136.677110][ T6072] get_tree_bdev_flags+0x40e/0x4d0
[ 136.677138][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.677165][ T6072] do_new_mount+0x302/0xa10
[ 136.677182][ T6072] __se_sys_mount+0x313/0x410
[ 136.677201][ T6072] do_syscall_64+0xec/0xf80
[ 136.677218][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.677243][ T6072]
[ 136.677243][ T6072] -> #0 (sb_internal#2){.+.+}-{0:0}:
[ 136.677277][ T6072] __lock_acquire+0x15a6/0x2cf0
[ 136.677305][ T6072] lock_acquire+0x107/0x340
[ 136.677329][ T6072] ocfs2_start_trans+0x26b/0x6d0
[ 136.677351][ T6072] ocfs2_setattr+0x9a4/0x1bb0
[ 136.677380][ T6072] notify_change+0xc18/0xf60
[ 136.677408][ T6072] ovl_workdir_create+0x717/0x900
[ 136.677435][ T6072] ovl_fill_super+0x188f/0x5a90
[ 136.677461][ T6072] get_tree_nodev+0xbb/0x150
[ 136.677487][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.677513][ T6072] do_new_mount+0x302/0xa10
[ 136.677531][ T6072] __se_sys_mount+0x313/0x410
[ 136.677549][ T6072] do_syscall_64+0xec/0xf80
[ 136.677566][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.677585][ T6072]
[ 136.677585][ T6072] other info that might help us debug this:
[ 136.677585][ T6072]
[ 136.677592][ T6072] Chain exists of:
[ 136.677592][ T6072] sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[ 136.677592][ T6072]
[ 136.677630][ T6072] Possible unsafe locking scenario:
[ 136.677630][ T6072]
[ 136.677637][ T6072] CPU0 CPU1
[ 136.677643][ T6072] ---- ----
[ 136.677650][ T6072] lock(&oi->ip_alloc_sem);
[ 136.677663][ T6072] lock(&oi->ip_xattr_sem);
[ 136.677688][ T6072] lock(&oi->ip_alloc_sem);
[ 136.677704][ T6072] rlock(sb_internal#2);
[ 136.677722][ T6072]
[ 136.677722][ T6072] *** DEADLOCK ***
[ 136.677722][ T6072]
[ 136.677727][ T6072] 4 locks held by syz.0.17/6072:
[ 136.677739][ T6072] #0: ffff888029a520d0 (&type->s_umount_key#55/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0
[ 136.677802][ T6072] #1: ffff888036370480 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 136.677863][ T6072] #2: ffff88805860ad00 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: ovl_workdir_create+0x6a1/0x900
[ 136.677925][ T6072] #3: ffff88805860a950 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x995/0x1bb0
[ 136.677984][ T6072]
[ 136.677984][ T6072] stack backtrace:
[ 136.678013][ T6072] CPU: 0 UID: 0 PID: 6072 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 136.678037][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 136.678060][ T6072] Call Trace:
[ 136.678072][ T6072]
[ 136.678081][ T6072] dump_stack_lvl+0xe8/0x150
[ 136.678117][ T6072] print_circular_bug+0x2e2/0x300
[ 136.678140][ T6072] check_noncircular+0x12e/0x150
[ 136.678179][ T6072] __lock_acquire+0x15a6/0x2cf0
[ 136.678214][ T6072] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.678236][ T6072] ? lockdep_hardirqs_on+0x7b/0x110
[ 136.678256][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.678279][ T6072] ? ocfs2_setattr+0x9a4/0x1bb0
[ 136.678310][ T6072] lock_acquire+0x107/0x340
[ 136.678338][ T6072] ? ocfs2_setattr+0x9a4/0x1bb0
[ 136.678378][ T6072] ocfs2_start_trans+0x26b/0x6d0
[ 136.678402][ T6072] ? ocfs2_setattr+0x9a4/0x1bb0
[ 136.678434][ T6072] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.678458][ T6072] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 136.678489][ T6072] ocfs2_setattr+0x9a4/0x1bb0
[ 136.678528][ T6072] ? __pfx_ocfs2_setattr+0x10/0x10
[ 136.678560][ T6072] ? smk_access+0x14c/0x4e0
[ 136.678591][ T6072] ? smack_inode_setattr+0x17b/0x200
[ 136.678617][ T6072] ? __pfx_smack_inode_setattr+0x10/0x10
[ 136.678647][ T6072] ? current_time+0x222/0x360
[ 136.678673][ T6072] ? evm_inode_setattr+0x1bd/0x7d0
[ 136.678715][ T6072] ? __pfx_current_time+0x10/0x10
[ 136.678744][ T6072] ? try_break_deleg+0x7c/0x130
[ 136.678774][ T6072] ? __pfx_ocfs2_setattr+0x10/0x10
[ 136.678809][ T6072] notify_change+0xc18/0xf60
[ 136.678847][ T6072] ovl_workdir_create+0x717/0x900
[ 136.678880][ T6072] ? __pfx_ovl_workdir_create+0x10/0x10
[ 136.678917][ T6072] ? mnt_get_write_access+0x262/0x2d0
[ 136.678948][ T6072] ovl_fill_super+0x188f/0x5a90
[ 136.678986][ T6072] ? __pfx_stack_trace_save+0x10/0x10
[ 136.679016][ T6072] ? check_path+0x21/0x40
[ 136.679051][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.679080][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.679111][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.679143][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.679173][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.679204][ T6072] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.679225][ T6072] ? lockdep_hardirqs_on+0x7b/0x110
[ 136.679245][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.679266][ T6072] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 136.679297][ T6072] ? __raw_spin_lock_init+0x45/0x100
[ 136.679328][ T6072] ? sget_fc+0x962/0xa40
[ 136.679355][ T6072] ? __pfx_set_anon_super_fc+0x10/0x10
[ 136.679384][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.679413][ T6072] get_tree_nodev+0xbb/0x150
[ 136.679444][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.679477][ T6072] do_new_mount+0x302/0xa10
[ 136.679515][ T6072] ? safesetid_security_capable+0xa9/0x1a0
[ 136.679548][ T6072] ? __pfx_do_new_mount+0x10/0x10
[ 136.679569][ T6072] ? ns_capable+0x8a/0xf0
[ 136.679594][ T6072] ? path_mount+0x628/0xff0
[ 136.679619][ T6072] __se_sys_mount+0x313/0x410
[ 136.679643][ T6072] ? __pfx___se_sys_mount+0x10/0x10
[ 136.679668][ T6072] ? __x64_sys_mount+0x20/0xc0
[ 136.679699][ T6072] do_syscall_64+0xec/0xf80
[ 136.679720][ T6072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.679741][ T6072] ? trace_irq_disable+0x37/0x100
[ 136.679765][ T6072] ? clear_bhb_loop+0x60/0xb0
[ 136.679789][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.679810][ T6072] RIP: 0033:0x7ff9a531f749
[ 136.679836][ T6072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.679854][ T6072] RSP: 002b:00007fff89e7b458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 136.679875][ T6072] RAX: ffffffffffffffda RBX: 00007ff9a5575fa0 RCX: 00007ff9a531f749
[ 136.679891][ T6072] RDX: 0000200000000b80 RSI: 0000200000000000 RDI: 0000000000000000
[ 136.679904][ T6072] RBP: 00007ff9a53a3f91 R08: 0000200000000180 R09: 0000000000000000
[ 136.679918][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.679931][ T6072] R13: 00007ff9a5575fa0 R14: 00007ff9a5575fa0 R15: 0000000000000005
[ 136.679954][ T6072]
[ 136.680372][ T6072] overlayfs: upper fs does not support tmpfile.
[ 136.724210][ T6072] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 136.727611][ T6072] ------------[ cut here ]------------
[ 136.727643][ T6072] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3
[ 136.727707][ T6072] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]')
[ 136.727771][ T6072] CPU: 0 UID: 0 PID: 6072 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 136.727857][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 136.727898][ T6072] Call Trace:
[ 136.727920][ T6072]
[ 136.727941][ T6072] dump_stack_lvl+0xe8/0x150
[ 136.728035][ T6072] ubsan_epilogue+0xa/0x40
[ 136.728091][ T6072] __ubsan_handle_out_of_bounds+0xe9/0xf0
[ 136.728190][ T6072] ocfs2_xa_remove_entry+0x36d/0x3e0
[ 136.728288][ T6072] ocfs2_xa_set+0xaf4/0x2a70
[ 136.728336][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728359][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728378][ T6072] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 136.728408][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.728429][ T6072] ? rt_mutex_slowunlock+0x493/0x8a0
[ 136.728460][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728478][ T6072] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 136.728504][ T6072] ? lock_release+0x4b/0x3b0
[ 136.728533][ T6072] ? try_to_take_rt_mutex+0x840/0xb00
[ 136.728564][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728583][ T6072] ? rtlock_slowlock_locked+0xd8/0x4010
[ 136.728639][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.728706][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728759][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728815][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.728888][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.728940][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.729011][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.729062][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.729128][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.729202][ T6072] ? is_bpf_text_address+0x26/0x2b0
[ 136.729289][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.729342][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.729395][ T6072] ? lock_release+0x4b/0x3b0
[ 136.729455][ T6072] ? lock_release+0x4b/0x3b0
[ 136.729538][ T6072] ? is_bpf_text_address+0x292/0x2b0
[ 136.729607][ T6072] ? rt_read_lock+0x203/0x490
[ 136.729683][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.729738][ T6072] ? lock_acquire+0x5f/0x340
[ 136.729813][ T6072] ocfs2_xattr_block_set+0x3ca/0x31b0
[ 136.729914][ T6072] ? lock_acquire+0x5f/0x340
[ 136.729995][ T6072] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 136.730078][ T6072] ? start_this_handle+0x2068/0x21c0
[ 136.730177][ T6072] ? __pfx_start_this_handle+0x10/0x10
[ 136.730271][ T6072] ? jbd2__journal_start+0x146/0x5b0
[ 136.730335][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.730389][ T6072] __ocfs2_xattr_set_handle+0x27e/0xf20
[ 136.730482][ T6072] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 136.730558][ T6072] ? jbd2_journal_start+0x2a/0x40
[ 136.730582][ T6072] ? ocfs2_start_trans+0x497/0x6d0
[ 136.730644][ T6072] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 136.730731][ T6072] ocfs2_xattr_set+0xde8/0x11f0
[ 136.730834][ T6072] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 136.730920][ T6072] ? smack_log+0xef/0x3f0
[ 136.730973][ T6072] ? __pfx_smack_log+0x10/0x10
[ 136.730993][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.731054][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.731131][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.731199][ T6072] ? smk_tskacc+0x2fc/0x370
[ 136.731265][ T6072] ? posix_xattr_acl+0x93/0xc0
[ 136.731321][ T6072] ? evm_protect_xattr+0x4d4/0xa90
[ 136.731405][ T6072] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 136.731476][ T6072] __vfs_removexattr+0x431/0x470
[ 136.731551][ T6072] __vfs_removexattr_locked+0x1ee/0x230
[ 136.731610][ T6072] vfs_removexattr+0x80/0x1b0
[ 136.731684][ T6072] ovl_fill_super+0x487b/0x5a90
[ 136.731780][ T6072] ? __pfx_stack_trace_save+0x10/0x10
[ 136.731854][ T6072] ? check_path+0x21/0x40
[ 136.731947][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.732015][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.732099][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.732175][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.732259][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.732334][ T6072] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.732389][ T6072] ? lockdep_hardirqs_on+0x7b/0x110
[ 136.732447][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.732513][ T6072] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 136.732618][ T6072] ? __raw_spin_lock_init+0x45/0x100
[ 136.732694][ T6072] ? sget_fc+0x962/0xa40
[ 136.732768][ T6072] ? __pfx_set_anon_super_fc+0x10/0x10
[ 136.732843][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.732917][ T6072] get_tree_nodev+0xbb/0x150
[ 136.733001][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.733079][ T6072] do_new_mount+0x302/0xa10
[ 136.733132][ T6072] ? safesetid_security_capable+0xa9/0x1a0
[ 136.733218][ T6072] ? __pfx_do_new_mount+0x10/0x10
[ 136.733264][ T6072] ? ns_capable+0x8a/0xf0
[ 136.733329][ T6072] ? path_mount+0x628/0xff0
[ 136.733403][ T6072] __se_sys_mount+0x313/0x410
[ 136.733454][ T6072] ? __pfx___se_sys_mount+0x10/0x10
[ 136.733518][ T6072] ? __x64_sys_mount+0x20/0xc0
[ 136.733579][ T6072] do_syscall_64+0xec/0xf80
[ 136.733632][ T6072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.733694][ T6072] ? trace_irq_disable+0x37/0x100
[ 136.733756][ T6072] ? clear_bhb_loop+0x60/0xb0
[ 136.733817][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.733883][ T6072] RIP: 0033:0x7ff9a531f749
[ 136.733950][ T6072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.734002][ T6072] RSP: 002b:00007fff89e7b458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 136.734058][ T6072] RAX: ffffffffffffffda RBX: 00007ff9a5575fa0 RCX: 00007ff9a531f749
[ 136.734101][ T6072] RDX: 0000200000000b80 RSI: 0000200000000000 RDI: 0000000000000000
[ 136.734141][ T6072] RBP: 00007ff9a53a3f91 R08: 0000200000000180 R09: 0000000000000000
[ 136.734176][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.734208][ T6072] R13: 00007ff9a5575fa0 R14: 00007ff9a5575fa0 R15: 0000000000000005
[ 136.734270][ T6072]
[ 136.754562][ T6072] ---[ end trace ]---
[ 136.754598][ T6072] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 136.754660][ T6072] CPU: 0 UID: 0 PID: 6072 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 136.754734][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 136.754775][ T6072] Call Trace:
[ 136.754789][ T6072]
[ 136.754818][ T6072] vpanic+0x1e0/0x670
[ 136.754906][ T6072] panic+0xb9/0xc0
[ 136.754995][ T6072] ? __pfx_panic+0x10/0x10
[ 136.755101][ T6072] ? __pfx__printk+0x10/0x10
[ 136.755173][ T6072] check_panic_on_warn+0x89/0xb0
[ 136.755260][ T6072] __ubsan_handle_out_of_bounds+0xe9/0xf0
[ 136.755359][ T6072] ocfs2_xa_remove_entry+0x36d/0x3e0
[ 136.755453][ T6072] ocfs2_xa_set+0xaf4/0x2a70
[ 136.755538][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.755604][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.755658][ T6072] ? __pfx_ocfs2_xa_set+0x10/0x10
[ 136.755743][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.755798][ T6072] ? rt_mutex_slowunlock+0x493/0x8a0
[ 136.755882][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.755901][ T6072] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 136.755928][ T6072] ? lock_release+0x4b/0x3b0
[ 136.755958][ T6072] ? try_to_take_rt_mutex+0x840/0xb00
[ 136.755988][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756031][ T6072] ? rtlock_slowlock_locked+0xd8/0x4010
[ 136.756116][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.756174][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756228][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756283][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.756356][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756435][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.756521][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756573][ T6072] ? unwind_next_frame+0xa5/0x23d0
[ 136.756639][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756703][ T6072] ? is_bpf_text_address+0x26/0x2b0
[ 136.756778][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756833][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.756886][ T6072] ? lock_release+0x4b/0x3b0
[ 136.756962][ T6072] ? lock_release+0x4b/0x3b0
[ 136.757046][ T6072] ? is_bpf_text_address+0x292/0x2b0
[ 136.757122][ T6072] ? rt_read_lock+0x203/0x490
[ 136.757197][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.757253][ T6072] ? lock_acquire+0x5f/0x340
[ 136.757331][ T6072] ocfs2_xattr_block_set+0x3ca/0x31b0
[ 136.757431][ T6072] ? lock_acquire+0x5f/0x340
[ 136.757517][ T6072] ? __pfx_ocfs2_xattr_block_set+0x10/0x10
[ 136.757594][ T6072] ? start_this_handle+0x2068/0x21c0
[ 136.757715][ T6072] ? __pfx_start_this_handle+0x10/0x10
[ 136.757849][ T6072] ? jbd2__journal_start+0x146/0x5b0
[ 136.757925][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.757984][ T6072] __ocfs2_xattr_set_handle+0x27e/0xf20
[ 136.758063][ T6072] ? __pfx___ocfs2_xattr_set_handle+0x10/0x10
[ 136.758139][ T6072] ? jbd2_journal_start+0x2a/0x40
[ 136.758202][ T6072] ? ocfs2_start_trans+0x497/0x6d0
[ 136.758284][ T6072] ? __pfx_ocfs2_start_trans+0x10/0x10
[ 136.758361][ T6072] ocfs2_xattr_set+0xde8/0x11f0
[ 136.758450][ T6072] ? __pfx_ocfs2_xattr_set+0x10/0x10
[ 136.758535][ T6072] ? smack_log+0xef/0x3f0
[ 136.758591][ T6072] ? __pfx_smack_log+0x10/0x10
[ 136.758644][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.758719][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.758773][ T6072] ? rcu_is_watching+0x15/0xb0
[ 136.758829][ T6072] ? smk_tskacc+0x2fc/0x370
[ 136.758893][ T6072] ? posix_xattr_acl+0x93/0xc0
[ 136.758948][ T6072] ? evm_protect_xattr+0x4d4/0xa90
[ 136.759009][ T6072] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[ 136.759084][ T6072] __vfs_removexattr+0x431/0x470
[ 136.759174][ T6072] __vfs_removexattr_locked+0x1ee/0x230
[ 136.759245][ T6072] vfs_removexattr+0x80/0x1b0
[ 136.759311][ T6072] ovl_fill_super+0x487b/0x5a90
[ 136.759403][ T6072] ? __pfx_stack_trace_save+0x10/0x10
[ 136.759473][ T6072] ? check_path+0x21/0x40
[ 136.759563][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.759632][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.759735][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.759777][ T6072] ? __lock_acquire+0x6b6/0x2cf0
[ 136.759805][ T6072] ? do_raw_spin_lock+0x121/0x290
[ 136.759833][ T6072] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.759853][ T6072] ? lockdep_hardirqs_on+0x7b/0x110
[ 136.759871][ T6072] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 136.759892][ T6072] ? rt_mutex_slowunlock+0x1be/0x2e0
[ 136.759923][ T6072] ? __raw_spin_lock_init+0x45/0x100
[ 136.759954][ T6072] ? sget_fc+0x962/0xa40
[ 136.759981][ T6072] ? __pfx_set_anon_super_fc+0x10/0x10
[ 136.760011][ T6072] ? __pfx_ovl_fill_super+0x10/0x10
[ 136.760039][ T6072] get_tree_nodev+0xbb/0x150
[ 136.760070][ T6072] vfs_get_tree+0x92/0x2a0
[ 136.760102][ T6072] do_new_mount+0x302/0xa10
[ 136.760123][ T6072] ? safesetid_security_capable+0xa9/0x1a0
[ 136.760156][ T6072] ? __pfx_do_new_mount+0x10/0x10
[ 136.760177][ T6072] ? ns_capable+0x8a/0xf0
[ 136.760202][ T6072] ? path_mount+0x628/0xff0
[ 136.760229][ T6072] __se_sys_mount+0x313/0x410
[ 136.760254][ T6072] ? __pfx___se_sys_mount+0x10/0x10
[ 136.760280][ T6072] ? __x64_sys_mount+0x20/0xc0
[ 136.760303][ T6072] do_syscall_64+0xec/0xf80
[ 136.760325][ T6072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.760347][ T6072] ? trace_irq_disable+0x37/0x100
[ 136.760370][ T6072] ? clear_bhb_loop+0x60/0xb0
[ 136.760394][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.760415][ T6072] RIP: 0033:0x7ff9a531f749
[ 136.760434][ T6072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.760452][ T6072] RSP: 002b:00007fff89e7b458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 136.760475][ T6072] RAX: ffffffffffffffda RBX: 00007ff9a5575fa0 RCX: 00007ff9a531f749
[ 136.760492][ T6072] RDX: 0000200000000b80 RSI: 0000200000000000 RDI: 0000000000000000
[ 136.760506][ T6072] RBP: 00007ff9a53a3f91 R08: 0000200000000180 R09: 0000000000000000
[ 136.760520][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.760532][ T6072] R13: 00007ff9a5575fa0 R14: 00007ff9a5575fa0 R15: 0000000000000005
[ 136.760554][ T6072]
[ 136.761168][ T6072] Kernel Offset: disabled