Warning: Permanently added '10.128.1.239' (ED25519) to the list of known hosts. 1970/01/01 00:00:33 parsed 1 programs [ 35.062270][ T6576] cgroup: Unknown subsys name 'net' [ 35.212369][ T6576] cgroup: Unknown subsys name 'cpuset' [ 35.214389][ T6576] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 35.356370][ T6576] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 40.443678][ T6588] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.966954][ T6614] chnl_net:caif_netlink_parms(): no params data found [ 40.990960][ T6614] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.000667][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.001964][ T6614] bridge_slave_0: entered allmulticast mode [ 41.003347][ T6614] bridge_slave_0: entered promiscuous mode [ 41.006539][ T6614] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.007843][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.009316][ T6614] bridge_slave_1: entered allmulticast mode [ 41.010708][ T6614] bridge_slave_1: entered promiscuous mode [ 41.019905][ T6614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.028299][ T6614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.035598][ T6614] team0: Port device team_slave_0 added [ 41.036235][ T6614] team0: Port device team_slave_1 added [ 41.042988][ T6614] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.043008][ T6614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.043023][ T6614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.043740][ T6614] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.043747][ T6614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.043760][ T6614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.058585][ T6614] hsr_slave_0: entered promiscuous mode [ 41.058903][ T6614] hsr_slave_1: entered promiscuous mode [ 41.175470][ T6614] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.178719][ T6614] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.181735][ T6614] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.184151][ T6614] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.193272][ T6614] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.193309][ T6614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.193516][ T6614] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.193544][ T6614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.207480][ T6614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.210880][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.212309][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.216180][ T6614] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.218251][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.218403][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.220293][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.220316][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.230421][ T6614] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 41.230449][ T6614] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.266439][ T6614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.280098][ T6614] veth0_vlan: entered promiscuous mode [ 41.281934][ T6614] veth1_vlan: entered promiscuous mode [ 41.287960][ T6614] veth0_macvtap: entered promiscuous mode [ 41.289037][ T6614] veth1_macvtap: entered promiscuous mode [ 41.293567][ T6614] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.294783][ T6614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.298652][ T3278] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.300254][ T3278] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.303442][ T3278] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.303472][ T3278] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.616571][ T2647] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.641640][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.641668][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.649510][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.649700][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.665939][ T2647] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.702092][ T2647] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.745405][ T2647] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.034232][ T6164] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.035596][ T6164] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.036789][ T6164] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.038196][ T6164] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.039498][ T6164] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:42 executed programs: 0 [ 42.493579][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.494032][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.494199][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.494462][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.494627][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 42.552316][ T6685] chnl_net:caif_netlink_parms(): no params data found [ 42.570755][ T6685] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.570820][ T6685] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.570894][ T6685] bridge_slave_0: entered allmulticast mode [ 42.571747][ T6685] bridge_slave_0: entered promiscuous mode [ 42.573626][ T6685] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.573669][ T6685] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.573723][ T6685] bridge_slave_1: entered allmulticast mode [ 42.574122][ T6685] bridge_slave_1: entered promiscuous mode [ 42.585343][ T6685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.586324][ T6685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.594035][ T6685] team0: Port device team_slave_0 added [ 42.594749][ T6685] team0: Port device team_slave_1 added [ 42.600860][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.600885][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.600896][ T6685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.601695][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.601702][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.601713][ T6685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.620164][ T6685] hsr_slave_0: entered promiscuous mode [ 42.620481][ T6685] hsr_slave_1: entered promiscuous mode [ 42.620685][ T6685] debugfs: 'hsr0' already exists in 'hsr' [ 42.620718][ T6685] Cannot create hsr debugfs directory [ 44.561264][ T54] Bluetooth: hci0: command tx timeout [ 45.017985][ T2647] bridge_slave_1: left allmulticast mode [ 45.018030][ T2647] bridge_slave_1: left promiscuous mode [ 45.018335][ T2647] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.022026][ T2647] bridge_slave_0: left allmulticast mode [ 45.022046][ T2647] bridge_slave_0: left promiscuous mode [ 45.022304][ T2647] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.133624][ T2647] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.172185][ T2647] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.222021][ T2647] bond0 (unregistering): Released all slaves [ 45.326044][ T2647] hsr_slave_0: left promiscuous mode [ 45.327369][ T2647] hsr_slave_1: left promiscuous mode [ 45.328728][ T2647] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.330222][ T2647] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.333479][ T2647] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.334901][ T2647] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.340432][ T2647] veth1_macvtap: left promiscuous mode [ 45.340487][ T2647] veth0_macvtap: left promiscuous mode [ 45.340535][ T2647] veth1_vlan: left promiscuous mode [ 45.340580][ T2647] veth0_vlan: left promiscuous mode [ 45.447301][ T2647] team0 (unregistering): Port device team_slave_1 removed [ 45.453760][ T2647] team0 (unregistering): Port device team_slave_0 removed [ 45.650872][ T6685] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.658240][ T6685] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.660285][ T6685] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.663881][ T6685] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.686846][ T6685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.690533][ T6685] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.692671][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.692707][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.696664][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.696691][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.748778][ T6685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.758339][ T6685] veth0_vlan: entered promiscuous mode [ 45.759896][ T6685] veth1_vlan: entered promiscuous mode [ 45.827737][ T6685] veth0_macvtap: entered promiscuous mode [ 45.828671][ T6685] veth1_macvtap: entered promiscuous mode [ 45.832587][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.833522][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.836035][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.836086][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.836205][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.836380][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.856592][ T3278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.858455][ T3278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.868050][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.868075][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.124254][ T6734] loop0: detected capacity change from 0 to 32768 [ 46.125975][ T6734] ======================================================= [ 46.125975][ T6734] WARNING: The mand mount option has been deprecated and [ 46.125975][ T6734] and is ignored by this kernel. Remove the mand [ 46.125975][ T6734] option from the mount to silence this warning. [ 46.125975][ T6734] ======================================================= [ 46.152931][ T6734] JBD2: Ignoring recovery information on journal [ 46.168718][ T6734] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 46.177303][ T6734] overlayfs: upper fs does not support tmpfile. [ 46.179593][ T6734] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 46.181474][ T6734] [ 46.181799][ T6734] ====================================================== [ 46.182817][ T6734] WARNING: possible circular locking dependency detected [ 46.183919][ T6734] syzkaller #0 Not tainted [ 46.184643][ T6734] ------------------------------------------------------ [ 46.185657][ T6734] syz.0.17/6734 is trying to acquire lock: [ 46.186573][ T6734] ffff0000f49342c0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.188742][ T6734] [ 46.188742][ T6734] but task is already holding lock: [ 46.189871][ T6734] ffff0000f49d06f8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 46.191483][ T6734] [ 46.191483][ T6734] which lock already depends on the new lock. [ 46.191483][ T6734] [ 46.193137][ T6734] [ 46.193137][ T6734] the existing dependency chain (in reverse order) is: [ 46.194527][ T6734] [ 46.194527][ T6734] -> #3 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 46.195770][ T6734] down_write+0x50/0xc0 [ 46.196484][ T6734] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 46.197433][ T6734] ocfs2_init_security_set+0xb4/0xd8 [ 46.198301][ T6734] ocfs2_mknod+0x104c/0x1cf0 [ 46.199071][ T6734] ocfs2_mkdir+0x178/0x474 [ 46.199790][ T6734] vfs_mkdir+0x408/0x48c [ 46.200571][ T6734] do_mkdirat+0x238/0x448 [ 46.201307][ T6734] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.202197][ T6734] invoke_syscall+0x98/0x254 [ 46.202950][ T6734] el0_svc_common+0xe8/0x23c [ 46.203707][ T6734] do_el0_svc+0x48/0x58 [ 46.204430][ T6734] el0_svc+0x5c/0x26c [ 46.205093][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.205932][ T6734] el0t_64_sync+0x198/0x19c [ 46.206750][ T6734] [ 46.206750][ T6734] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 46.208018][ T6734] down_read+0x58/0x308 [ 46.208702][ T6734] ocfs2_start_trans+0x35c/0x6b0 [ 46.209576][ T6734] ocfs2_reserve_suballoc_bits+0x74c/0x3ea0 [ 46.210581][ T6734] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 46.211599][ T6734] ocfs2_mknod+0xbb8/0x1cf0 [ 46.212381][ T6734] ocfs2_mkdir+0x178/0x474 [ 46.213156][ T6734] vfs_mkdir+0x408/0x48c [ 46.213877][ T6734] do_mkdirat+0x238/0x448 [ 46.214577][ T6734] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.215372][ T6734] invoke_syscall+0x98/0x254 [ 46.216122][ T6734] el0_svc_common+0xe8/0x23c [ 46.216840][ T6734] do_el0_svc+0x48/0x58 [ 46.217582][ T6734] el0_svc+0x5c/0x26c [ 46.218211][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.219074][ T6734] el0t_64_sync+0x198/0x19c [ 46.219873][ T6734] [ 46.219873][ T6734] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 46.221095][ T6734] ocfs2_start_trans+0x1f4/0x6b0 [ 46.221937][ T6734] ocfs2_mknod+0xc30/0x1cf0 [ 46.222763][ T6734] ocfs2_mkdir+0x178/0x474 [ 46.223518][ T6734] vfs_mkdir+0x408/0x48c [ 46.224226][ T6734] do_mkdirat+0x238/0x448 [ 46.224992][ T6734] __arm64_sys_mkdirat+0x8c/0xa4 [ 46.225831][ T6734] invoke_syscall+0x98/0x254 [ 46.226591][ T6734] el0_svc_common+0xe8/0x23c [ 46.227336][ T6734] do_el0_svc+0x48/0x58 [ 46.228079][ T6734] el0_svc+0x5c/0x26c [ 46.228757][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.229643][ T6734] el0t_64_sync+0x198/0x19c [ 46.230342][ T6734] [ 46.230342][ T6734] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 46.231950][ T6734] __lock_acquire+0x1774/0x30a4 [ 46.232866][ T6734] lock_acquire+0x140/0x2e0 [ 46.233643][ T6734] down_write+0x50/0xc0 [ 46.234349][ T6734] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.235262][ T6734] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 46.236158][ T6734] ocfs2_reserve_clusters+0x3c/0x50 [ 46.236957][ T6734] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 46.237834][ T6734] ocfs2_xattr_set+0x920/0xe9c [ 46.238654][ T6734] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.239495][ T6734] __vfs_setxattr+0x3d8/0x400 [ 46.240271][ T6734] __vfs_setxattr_noperm+0x120/0x5c4 [ 46.241182][ T6734] __vfs_setxattr_locked+0x1e8/0x214 [ 46.242122][ T6734] vfs_setxattr+0x158/0x2a8 [ 46.242914][ T6734] ovl_fill_super+0x3d74/0x4cdc [ 46.243763][ T6734] get_tree_nodev+0xb4/0x144 [ 46.244546][ T6734] ovl_get_tree+0x28/0x38 [ 46.245307][ T6734] vfs_get_tree+0x90/0x28c [ 46.246065][ T6734] do_new_mount+0x284/0x944 [ 46.246833][ T6734] path_mount+0x5b4/0xdfc [ 46.247536][ T6734] __arm64_sys_mount+0x3e8/0x468 [ 46.248401][ T6734] invoke_syscall+0x98/0x254 [ 46.249235][ T6734] el0_svc_common+0xe8/0x23c [ 46.250058][ T6734] do_el0_svc+0x48/0x58 [ 46.250743][ T6734] el0_svc+0x5c/0x26c [ 46.251456][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.252308][ T6734] el0t_64_sync+0x198/0x19c [ 46.253123][ T6734] [ 46.253123][ T6734] other info that might help us debug this: [ 46.253123][ T6734] [ 46.254609][ T6734] Chain exists of: [ 46.254609][ T6734] &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &journal->j_trans_barrier --> &oi->ip_xattr_sem [ 46.254609][ T6734] [ 46.257296][ T6734] Possible unsafe locking scenario: [ 46.257296][ T6734] [ 46.258404][ T6734] CPU0 CPU1 [ 46.259255][ T6734] ---- ---- [ 46.260057][ T6734] lock(&oi->ip_xattr_sem); [ 46.260730][ T6734] lock(&journal->j_trans_barrier); [ 46.261897][ T6734] lock(&oi->ip_xattr_sem); [ 46.262952][ T6734] lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]); [ 46.264060][ T6734] [ 46.264060][ T6734] *** DEADLOCK *** [ 46.264060][ T6734] [ 46.265317][ T6734] 4 locks held by syz.0.17/6734: [ 46.266064][ T6734] #0: ffff0000c76840e0 (&type->s_umount_key#54/1){+.+.}-{4:4}, at: alloc_super+0x210/0x908 [ 46.267689][ T6734] #1: ffff0000c6b16420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 46.269118][ T6734] #2: ffff0000f49d09c0 (&sb->s_type->i_mutex_key#24){++++}-{4:4}, at: vfs_setxattr+0x138/0x2a8 [ 46.270768][ T6734] #3: ffff0000f49d06f8 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x330/0xe9c [ 46.272286][ T6734] [ 46.272286][ T6734] stack backtrace: [ 46.273216][ T6734] CPU: 0 UID: 0 PID: 6734 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.274595][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.276223][ T6734] Call trace: [ 46.276715][ T6734] show_stack+0x2c/0x3c (C) [ 46.277435][ T6734] __dump_stack+0x30/0x40 [ 46.278044][ T6734] dump_stack_lvl+0xd8/0x12c [ 46.278712][ T6734] dump_stack+0x1c/0x28 [ 46.279360][ T6734] print_circular_bug+0x324/0x32c [ 46.280147][ T6734] check_noncircular+0x154/0x174 [ 46.280913][ T6734] __lock_acquire+0x1774/0x30a4 [ 46.281719][ T6734] lock_acquire+0x140/0x2e0 [ 46.282431][ T6734] down_write+0x50/0xc0 [ 46.283082][ T6734] ocfs2_reserve_local_alloc_bits+0x104/0x26a8 [ 46.284054][ T6734] ocfs2_reserve_clusters_with_limit+0x198/0x9e0 [ 46.285075][ T6734] ocfs2_reserve_clusters+0x3c/0x50 [ 46.285736][ T6734] ocfs2_init_xattr_set_ctxt+0x364/0x778 [ 46.286553][ T6734] ocfs2_xattr_set+0x920/0xe9c [ 46.287304][ T6734] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.288084][ T6734] __vfs_setxattr+0x3d8/0x400 [ 46.288822][ T6734] __vfs_setxattr_noperm+0x120/0x5c4 [ 46.289634][ T6734] __vfs_setxattr_locked+0x1e8/0x214 [ 46.290469][ T6734] vfs_setxattr+0x158/0x2a8 [ 46.291175][ T6734] ovl_fill_super+0x3d74/0x4cdc [ 46.291949][ T6734] get_tree_nodev+0xb4/0x144 [ 46.292683][ T6734] ovl_get_tree+0x28/0x38 [ 46.293364][ T6734] vfs_get_tree+0x90/0x28c [ 46.293998][ T6734] do_new_mount+0x284/0x944 [ 46.294756][ T6734] path_mount+0x5b4/0xdfc [ 46.295454][ T6734] __arm64_sys_mount+0x3e8/0x468 [ 46.296188][ T6734] invoke_syscall+0x98/0x254 [ 46.296875][ T6734] el0_svc_common+0xe8/0x23c [ 46.297535][ T6734] do_el0_svc+0x48/0x58 [ 46.298123][ T6734] el0_svc+0x5c/0x26c [ 46.298713][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.299520][ T6734] el0t_64_sync+0x198/0x19c [ 46.303287][ T6734] ------------[ cut here ]------------ [ 46.304205][ T6734] UBSAN: array-index-out-of-bounds in fs/ocfs2/xattr.c:1985:3 [ 46.305391][ T6734] index 2 is out of range for type 'struct ocfs2_xattr_entry[] __counted_by(xh_count)' (aka 'struct ocfs2_xattr_entry[]') [ 46.307433][ T6734] CPU: 0 UID: 0 PID: 6734 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.307448][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.307453][ T6734] Call trace: [ 46.307456][ T6734] show_stack+0x2c/0x3c (C) [ 46.307 ** replaying previous printk message ** [ 46.307467][ T6734] __dump_stack+0x30/0x40 [ 46.307474][ T6734] dump_stack_lvl+0xd8/0x12c [ 46.307479][ T6734] dump_stack+0x1c/0x28 [ 46.307484][ T6734] ubsan_epilogue+0x14/0x48 [ 46.307489][ T6734] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 46.307495][ T6734] ocfs2_xa_remove_entry+0x314/0x384 [ 46.307502][ T6734] ocfs2_xa_set+0x938/0x23c0 [ 46.307508][ T6734] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.307514][ T6734] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.307520][ T6734] ocfs2_xattr_set+0xb38/0xe9c [ 46.307525][ T6734] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.307531][ T6734] __vfs_removexattr+0x3bc/0x3e4 [ 46.307536][ T6734] __vfs_removexattr_locked+0x1cc/0x204 [ 46.307541][ T6734] vfs_removexattr+0x80/0x18c [ 46.307546][ T6734] ovl_fill_super+0x3e40/0x4cdc [ 46.307552][ T6734] get_tree_nodev+0xb4/0x144 [ 46.307558][ T6734] ovl_get_tree+0x28/0x38 [ 46.307564][ T6734] vfs_get_tree+0x90/0x28c [ 46.307570][ T6734] do_new_mount+0x284/0x944 [ 46.307576][ T6734] path_mount+0x5b4/0xdfc [ 46.307581][ T6734] __arm64_sys_mount+0x3e8/0x468 [ 46.307587][ T6734] invoke_syscall+0x98/0x254 [ 46.307592][ T6734] el0_svc_common+0xe8/0x23c [ 46.307597][ T6734] do_el0_svc+0x48/0x58 [ 46.307602][ T6734] el0_svc+0x5c/0x26c [ 46.307608][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.307613][ T6734] el0t_64_sync+0x198/0x19c [ 46.312253][ T6734] ---[ end trace ]--- [ 46.312266][ T6734] ------------[ cut here ]------------ [ 46.312275][ T6734] memset: detected buffer overflow: 16 byte write of buffer size 0 [ 46.312395][ T6734] WARNING: lib/string_helpers.c:1036 at __fortify_report+0xa4/0xc0, CPU#1: syz.0.17/6734 [ 46.336003][ T6734] Modules linked in: [ 46.336589][ T6734] CPU: 1 UID: 0 PID: 6734 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 46.337861][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.339282][ T6734] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 46.340445][ T6734] pc : __fortify_report+0xa4/0xc0 [ 46.341202][ T6734] lr : __fortify_report+0xa4/0xc0 [ 46.341986][ T6734] sp : ffff8000a3b36660 [ 46.342670][ T6734] x29: ffff8000a3b36660 x28: 1fffe0001e3450c6 x27: dfff800000000000 [ 46.343893][ T6734] x26: ffff0000f1a28640 x25: 0000000000000000 x24: 0000000000000001 [ 46.345087][ T6734] x23: 000000000000000f x22: ffff80008b5a20d8 x21: 0000000000000001 [ 46.346277][ T6734] x20: 0000000000000010 x19: 0000000000000000 x18: 1fffe0003377d090 [ 46.347457][ T6734] x17: ffff80008f86e000 x16: ffff800082e5e68c x15: 0000000000000001 [ 46.348720][ T6734] x14: 1fffe000337818fa x13: 0000000000000000 x12: 0000000000000000 [ 46.350023][ T6734] x11: ffff6000337818fb x10: 0000000000ff0100 x9 : 709748904fabb400 [ 46.351224][ T6734] x8 : 709748904fabb400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 46.352475][ T6734] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 46.353724][ T6734] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 46.354974][ T6734] Call trace: [ 46.355477][ T6734] __fortify_report+0xa4/0xc0 (P) [ 46.356235][ T6734] __fortify_panic+0x10/0x14 [ 46.356912][ T6734] ocfs2_xa_remove_entry+0x34c/0x384 [ 46.357751][ T6734] ocfs2_xa_set+0x938/0x23c0 [ 46.358457][ T6734] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.359312][ T6734] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.360122][ T6734] ocfs2_xattr_set+0xb38/0xe9c [ 46.360822][ T6734] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.361601][ T6734] __vfs_removexattr+0x3bc/0x3e4 [ 46.362354][ T6734] __vfs_removexattr_locked+0x1cc/0x204 [ 46.363196][ T6734] vfs_removexattr+0x80/0x18c [ 46.363875][ T6734] ovl_fill_super+0x3e40/0x4cdc [ 46.364530][ T6734] get_tree_nodev+0xb4/0x144 [ 46.365165][ T6734] ovl_get_tree+0x28/0x38 [ 46.365796][ T6734] vfs_get_tree+0x90/0x28c [ 46.366492][ T6734] do_new_mount+0x284/0x944 [ 46.367182][ T6734] path_mount+0x5b4/0xdfc [ 46.367813][ T6734] __arm64_sys_mount+0x3e8/0x468 [ 46.368551][ T6734] invoke_syscall+0x98/0x254 [ 46.369244][ T6734] el0_svc_common+0xe8/0x23c [ 46.369937][ T6734] do_el0_svc+0x48/0x58 [ 46.370523][ T6734] el0_svc+0x5c/0x26c [ 46.371126][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.371929][ T6734] el0t_64_sync+0x198/0x19c [ 46.372595][ T6734] irq event stamp: 50467 [ 46.373225][ T6734] hardirqs last enabled at (50467): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 46.374751][ T6734] hardirqs last disabled at (50466): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 46.376198][ T6734] softirqs last enabled at (50452): [] handle_softirqs+0xaf8/0xc88 [ 46.377586][ T6734] softirqs last disabled at (50421): [] __do_softirq+0x14/0x20 [ 46.378854][ T6734] ---[ end trace 0000000000000000 ]--- [ 46.380260][ T6734] ------------[ cut here ]------------ [ 46.380268][ T6734] kernel BUG at lib/string_helpers.c:1043! [ 46.380275][ T6734] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 46.383059][ T6734] Modules linked in: [ 46.383652][ T6734] CPU: 1 UID: 0 PID: 6734 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT [ 46.385186][ T6734] Tainted: [W]=WARN [ 46.385756][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 46.387238][ T6734] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 46.388368][ T6734] pc : __fortify_panic+0x10/0x14 [ 46.389100][ T6734] lr : __fortify_panic+0x10/0x14 [ 46.389761][ T6734] sp : ffff8000a3b366a0 [ 46.390375][ T6734] x29: ffff8000a3b366a0 x28: 1fffe0001e3450c6 x27: dfff800000000000 [ 46.391657][ T6734] x26: ffff0000f1a28640 x25: 0000000000000000 x24: 0000000000000001 [ 46.392897][ T6734] x23: ffff0000f1a28650 x22: 0000000000000001 x21: 0000000000000001 [ 46.394154][ T6734] x20: 0000000000000001 x19: ffff0000f1a28630 x18: 1fffe0003377d090 [ 46.395397][ T6734] x17: ffff80008f86e000 x16: ffff800082e5e68c x15: 0000000000000001 [ 46.396647][ T6734] x14: 1fffe000337818fa x13: 0000000000000000 x12: 0000000000000000 [ 46.397922][ T6734] x11: ffff6000337818fb x10: 0000000000ff0100 x9 : 709748904fabb400 [ 46.399166][ T6734] x8 : 709748904fabb400 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 46.400437][ T6734] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1034 [ 46.401758][ T6734] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 46.403034][ T6734] Call trace: [ 46.403502][ T6734] __fortify_panic+0x10/0x14 (P) [ 46.404272][ T6734] ocfs2_xa_remove_entry+0x34c/0x384 [ 46.405115][ T6734] ocfs2_xa_set+0x938/0x23c0 [ 46.405870][ T6734] ocfs2_xattr_block_set+0x328/0x2a88 [ 46.406663][ T6734] __ocfs2_xattr_set_handle+0x200/0xc28 [ 46.407458][ T6734] ocfs2_xattr_set+0xb38/0xe9c [ 46.408149][ T6734] ocfs2_xattr_trusted_set+0x4c/0x64 [ 46.408920][ T6734] __vfs_removexattr+0x3bc/0x3e4 [ 46.409645][ T6734] __vfs_removexattr_locked+0x1cc/0x204 [ 46.410479][ T6734] vfs_removexattr+0x80/0x18c [ 46.411112][ T6734] ovl_fill_super+0x3e40/0x4cdc [ 46.411803][ T6734] get_tree_nodev+0xb4/0x144 [ 46.412489][ T6734] ovl_get_tree+0x28/0x38 [ 46.413142][ T6734] vfs_get_tree+0x90/0x28c [ 46.413828][ T6734] do_new_mount+0x284/0x944 [ 46.414548][ T6734] path_mount+0x5b4/0xdfc [ 46.415186][ T6734] __arm64_sys_mount+0x3e8/0x468 [ 46.415941][ T6734] invoke_syscall+0x98/0x254 [ 46.416632][ T6734] el0_svc_common+0xe8/0x23c [ 46.417328][ T6734] do_el0_svc+0x48/0x58 [ 46.417953][ T6734] el0_svc+0x5c/0x26c [ 46.418522][ T6734] el0t_64_sync_handler+0x84/0x12c [ 46.419216][ T6734] el0t_64_sync+0x198/0x19c [ 46.419870][ T6734] Code: d503233f a9bf7bfd 910003fd 94b2f454 (d4210000) [ 46.420829][ T6734] ---[ end trace 0000000000000000 ]--- [ 46.628715][ T6734] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 46.629680][ T6734] SMP: stopping secondary CPUs [ 46.630385][ T6734] Kernel Offset: disabled [ 46.631036][ T6734] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 46.631944][ T6734] Memory Limit: none [ 46.834960][ T6734] Rebooting in 86400 seconds..