[ 58.372011][ T5437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.382047][ T5437] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK [ 59.124628][ T5525] sshd (5525) used greatest stack depth: 20696 bytes left syzkaller Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts. 2026/06/29 09:14:32 parsed 1 programs 2026/06/29 09:14:32 serving rpc on tcp://45769 syzkaller login: [ 91.475861][ T5788] cgroup: Unknown subsys name 'net' [ 91.622945][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.126992][ T27] cfg80211: failed to load regulatory.db [ 93.385627][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.311117][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 97.403187][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.411133][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.418782][ T5839] bridge_slave_0: entered allmulticast mode [ 97.426430][ T5839] bridge_slave_0: entered promiscuous mode [ 97.446276][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.453413][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.461106][ T5839] bridge_slave_1: entered allmulticast mode [ 97.468397][ T5839] bridge_slave_1: entered promiscuous mode [ 97.499671][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.520720][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.553676][ T5839] team0: Port device team_slave_0 added [ 97.562876][ T5839] team0: Port device team_slave_1 added [ 97.587869][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.597483][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.623673][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.645882][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.652916][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.678974][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.721265][ T5839] hsr_slave_0: entered promiscuous mode [ 97.728886][ T5839] hsr_slave_1: entered promiscuous mode [ 97.910333][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.923646][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.934349][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.947357][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.985121][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.992505][ T5839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.000404][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.007630][ T5839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.088202][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.107823][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.117147][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.133932][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.152212][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.159783][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.173439][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.180629][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.399732][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.442199][ T5839] veth0_vlan: entered promiscuous mode [ 98.463128][ T5839] veth1_vlan: entered promiscuous mode [ 98.492307][ T5839] veth0_macvtap: entered promiscuous mode [ 98.507228][ T5839] veth1_macvtap: entered promiscuous mode [ 98.531077][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.549563][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.566658][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.576850][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.585749][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.594746][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.787985][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.796922][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.804189][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.815525][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.824111][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.832884][ T5855] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 98.842334][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.953482][ T1080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.961989][ T1080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.996233][ T2996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.004135][ T2996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/06/29 09:14:44 executed programs: 0 [ 100.783443][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.793674][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.802381][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.810984][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.819431][ T5855] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 100.827984][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.980080][ T5891] chnl_net:caif_netlink_parms(): no params data found [ 101.053192][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.060588][ T5891] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.068086][ T5891] bridge_slave_0: entered allmulticast mode [ 101.075568][ T5891] bridge_slave_0: entered promiscuous mode [ 101.084230][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.091873][ T5891] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.099426][ T5891] bridge_slave_1: entered allmulticast mode [ 101.106950][ T5891] bridge_slave_1: entered promiscuous mode [ 101.135814][ T5891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.147718][ T5891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.180984][ T5891] team0: Port device team_slave_0 added [ 101.190012][ T5891] team0: Port device team_slave_1 added [ 101.217539][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.224836][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.251211][ T5891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.264236][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.271666][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.298443][ T5891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.345629][ T5891] hsr_slave_0: entered promiscuous mode [ 101.352380][ T5891] hsr_slave_1: entered promiscuous mode [ 101.359354][ T5891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.368140][ T5891] Cannot create hsr debugfs directory [ 101.687537][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.855837][ T5855] Bluetooth: hci0: command tx timeout [ 104.047645][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.129980][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.925344][ T5855] Bluetooth: hci0: command tx timeout [ 105.076267][ T5891] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.088158][ T5891] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.125757][ T12] hsr_slave_0: left promiscuous mode [ 105.143427][ T12] hsr_slave_1: left promiscuous mode [ 105.158865][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.174731][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.202505][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.225065][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.236305][ T12] bridge_slave_1: left allmulticast mode [ 105.242023][ T12] bridge_slave_1: left promiscuous mode [ 105.261734][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.289754][ T12] bridge_slave_0: left allmulticast mode [ 105.310051][ T12] bridge_slave_0: left promiscuous mode [ 105.324936][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.377692][ T12] veth1_macvtap: left promiscuous mode [ 105.384251][ T12] veth0_macvtap: left promiscuous mode [ 105.393206][ T12] veth1_vlan: left promiscuous mode [ 105.398878][ T12] veth0_vlan: left promiscuous mode [ 105.909921][ T12] team0 (unregistering): Port device team_slave_1 removed [ 105.941305][ T12] team0 (unregistering): Port device team_slave_0 removed [ 105.976446][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.010465][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.246119][ T12] bond0 (unregistering): Released all slaves [ 106.326794][ T5891] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.337526][ T5891] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.427227][ T5891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.451267][ T5891] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.483253][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.490441][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.502926][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.510094][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.746710][ T5891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.802762][ T5891] veth0_vlan: entered promiscuous mode [ 106.821554][ T5891] veth1_vlan: entered promiscuous mode [ 106.889699][ T5891] veth0_macvtap: entered promiscuous mode [ 106.903512][ T5891] veth1_macvtap: entered promiscuous mode [ 106.941329][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.956771][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.969331][ T5891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.978243][ T5891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.987717][ T5891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.997441][ T5891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.006569][ T5855] Bluetooth: hci0: command tx timeout [ 107.069654][ T1080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.085713][ T1080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.113269][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.121475][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.181989][ T5931] syz.0.17[5931]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.468854][ T5931] loop0: detected capacity change from 0 to 32768 [ 107.510893][ T5931] (syz.0.17,5931,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.549844][ T5931] (syz.0.17,5931,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.591140][ T5931] JBD2: Ignoring recovery information on journal [ 107.641517][ T5931] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.715757][ T28] audit: type=1800 audit(1782724491.432:2): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="bus" dev="loop0" ino=16978 res=0 errno=0 [ 107.828246][ T5931] [ 107.830627][ T5931] ====================================================== [ 107.837658][ T5931] WARNING: possible circular locking dependency detected [ 107.844692][ T5931] syzkaller #0 Not tainted [ 107.849130][ T5931] ------------------------------------------------------ [ 107.856166][ T5931] syz.0.17/5931 is trying to acquire lock: [ 107.861977][ T5931] ffff888071762658 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_evict_inode+0x1daa/0x41a0 [ 107.874443][ T5931] [ 107.874443][ T5931] but task is already holding lock: [ 107.881813][ T5931] ffff8880717609d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x2d0a/0x41a0 [ 107.894084][ T5931] [ 107.894084][ T5931] which lock already depends on the new lock. [ 107.894084][ T5931] [ 107.904514][ T5931] [ 107.904514][ T5931] the existing dependency chain (in reverse order) is: [ 107.913548][ T5931] [ 107.913548][ T5931] -> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}: [ 107.923892][ T5931] down_write+0x97/0x200 [ 107.928677][ T5931] ocfs2_del_inode_from_orphan+0x12f/0x7b0 [ 107.935046][ T5931] ocfs2_dio_end_io+0x107a/0x13f0 [ 107.940603][ T5931] dio_complete+0x24c/0x710 [ 107.945636][ T5931] __blockdev_direct_IO+0x2c42/0x32e0 [ 107.951557][ T5931] ocfs2_direct_IO+0x235/0x2a0 [ 107.956860][ T5931] generic_file_direct_write+0x1c9/0x3e0 [ 107.963034][ T5931] __generic_file_write_iter+0x11b/0x230 [ 107.969207][ T5931] ocfs2_file_write_iter+0x1724/0x1ef0 [ 107.975218][ T5931] do_iter_write+0x747/0xc50 [ 107.980395][ T5931] do_pwritev+0x242/0x3a0 [ 107.985289][ T5931] do_syscall_64+0x55/0xb0 [ 107.990251][ T5931] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.996718][ T5931] [ 107.996718][ T5931] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: [ 108.007251][ T5931] down_write+0x97/0x200 [ 108.012069][ T5931] ocfs2_reserve_suballoc_bits+0x171/0x44a0 [ 108.018564][ T5931] ocfs2_reserve_new_metadata_blocks+0x416/0x9a0 [ 108.025464][ T5931] ocfs2_mknod+0xea5/0x2310 [ 108.030553][ T5931] ocfs2_create+0x196/0x430 [ 108.035590][ T5931] path_openat+0x1705/0x3270 [ 108.040707][ T5931] do_filp_open+0x1f2/0x430 [ 108.045746][ T5931] do_sys_openat2+0x134/0x1d0 [ 108.050989][ T5931] __x64_sys_open+0x11f/0x140 [ 108.056221][ T5931] do_syscall_64+0x55/0xb0 [ 108.061182][ T5931] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.067627][ T5931] [ 108.067627][ T5931] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}: [ 108.078169][ T5931] __lock_acquire+0x37ef/0x7d80 [ 108.083590][ T5931] lock_acquire+0x19e/0x420 [ 108.088659][ T5931] down_write+0x97/0x200 [ 108.093457][ T5931] ocfs2_evict_inode+0x1daa/0x41a0 [ 108.099106][ T5931] evict+0x4b7/0x8a0 [ 108.103552][ T5931] vfs_rmdir+0x378/0x4b0 [ 108.108319][ T5931] do_rmdir+0x29f/0x590 [ 108.113015][ T5931] __x64_sys_rmdir+0x49/0x50 [ 108.118143][ T5931] do_syscall_64+0x55/0xb0 [ 108.123179][ T5931] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.129618][ T5931] [ 108.129618][ T5931] other info that might help us debug this: [ 108.129618][ T5931] [ 108.139881][ T5931] Chain exists of: [ 108.139881][ T5931] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type] [ 108.139881][ T5931] [ 108.161431][ T5931] Possible unsafe locking scenario: [ 108.161431][ T5931] [ 108.168887][ T5931] CPU0 CPU1 [ 108.174251][ T5931] ---- ---- [ 108.179639][ T5931] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 108.186758][ T5931] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5); [ 108.196577][ T5931] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 108.206228][ T5931] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2); [ 108.213543][ T5931] [ 108.213543][ T5931] *** DEADLOCK *** [ 108.213543][ T5931] [ 108.221692][ T5931] 4 locks held by syz.0.17/5931: [ 108.226645][ T5931] #0: ffff88807e2a4418 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 108.235972][ T5931] #1: ffff8880717589d8 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: do_rmdir+0x1c6/0x590 [ 108.246019][ T5931] #2: ffff888027008bd0 (&osb->nfs_sync_rwlock){.+.+}-{3:3}, at: ocfs2_nfs_sync_lock+0x107/0x270 [ 108.256570][ T5931] #3: ffff8880717609d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x2d0a/0x41a0 [ 108.269295][ T5931] [ 108.269295][ T5931] stack backtrace: [ 108.275213][ T5931] CPU: 0 PID: 5931 Comm: syz.0.17 Not tainted syzkaller #0 [ 108.282432][ T5931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 108.292508][ T5931] Call Trace: [ 108.295809][ T5931] [ 108.298756][ T5931] dump_stack_lvl+0x18c/0x250 [ 108.303445][ T5931] ? load_image+0x420/0x420 [ 108.307976][ T5931] ? show_regs_print_info+0x20/0x20 [ 108.313201][ T5931] ? print_circular_bug+0x12b/0x1a0 [ 108.318427][ T5931] check_noncircular+0x2fc/0x400 [ 108.323389][ T5931] ? print_deadlock_bug+0x5d0/0x5d0 [ 108.328609][ T5931] ? lockdep_lock+0xf5/0x230 [ 108.333207][ T5931] ? _find_first_zero_bit+0xd6/0x100 [ 108.338504][ T5931] __lock_acquire+0x37ef/0x7d80 [ 108.343365][ T5931] ? verify_lock_unused+0x140/0x140 [ 108.348583][ T5931] ? __lock_acquire+0x7d80/0x7d80 [ 108.353635][ T5931] ? verify_lock_unused+0x140/0x140 [ 108.359035][ T5931] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 108.364681][ T5931] ? do_raw_spin_lock+0x11f/0x2b0 [ 108.369731][ T5931] ? mutex_unlock+0x10/0x10 [ 108.374258][ T5931] lock_acquire+0x19e/0x420 [ 108.378808][ T5931] ? ocfs2_evict_inode+0x1daa/0x41a0 [ 108.384099][ T5931] ? ocfs2_get_system_file_inode+0x1f1/0x820 [ 108.390108][ T5931] ? __might_sleep+0xe0/0xe0 [ 108.394715][ T5931] ? read_lock_is_recursive+0x20/0x20 [ 108.400109][ T5931] ? ocfs2_fast_symlink_read_folio+0x550/0x550 [ 108.406280][ T5931] ? ocfs2_evict_inode+0x1832/0x41a0 [ 108.411572][ T5931] down_write+0x97/0x200 [ 108.415826][ T5931] ? ocfs2_evict_inode+0x1daa/0x41a0 [ 108.421113][ T5931] ? down_read_killable+0x340/0x340 [ 108.426340][ T5931] ocfs2_evict_inode+0x1daa/0x41a0 [ 108.431500][ T5931] ? ocfs2_sync_blockdev+0x40/0x40 [ 108.436640][ T5931] ? is_bpf_text_address+0x28f/0x2a0 [ 108.441947][ T5931] ? is_bpf_text_address+0x26/0x2a0 [ 108.447152][ T5931] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.453255][ T5931] ? kernel_text_address+0xa0/0xd0 [ 108.458401][ T5931] ? __kernel_text_address+0xd/0x30 [ 108.463614][ T5931] ? unwind_get_return_address+0x91/0xc0 [ 108.469261][ T5931] ? stack_trace_save+0x100/0x100 [ 108.474294][ T5931] ? arch_stack_walk+0x160/0x190 [ 108.479247][ T5931] ? mark_lock+0x94/0x320 [ 108.483585][ T5931] ? __lock_acquire+0x1336/0x7d80 [ 108.488629][ T5931] ? __lock_acquire+0x1336/0x7d80 [ 108.493668][ T5931] ? verify_lock_unused+0x140/0x140 [ 108.498904][ T5931] ? inode_wait_for_writeback+0x1e3/0x230 [ 108.504633][ T5931] ? __lock_acquire+0x7d80/0x7d80 [ 108.509662][ T5931] ? do_raw_spin_lock+0x11f/0x2b0 [ 108.514714][ T5931] ? __rwlock_init+0x150/0x150 [ 108.519493][ T5931] ? do_raw_spin_unlock+0x121/0x230 [ 108.524716][ T5931] ? _raw_spin_unlock+0x28/0x40 [ 108.529607][ T5931] ? inode_wait_for_writeback+0x1e3/0x230 [ 108.535354][ T5931] ? evict+0x482/0x8a0 [ 108.539437][ T5931] ? sb_clear_inode_writeback+0x330/0x330 [ 108.545185][ T5931] ? do_raw_spin_lock+0x11f/0x2b0 [ 108.550231][ T5931] ? bit_waitqueue+0x30/0x30 [ 108.554841][ T5931] ? do_raw_spin_unlock+0x121/0x230 [ 108.560054][ T5931] ? ocfs2_sync_blockdev+0x40/0x40 [ 108.565190][ T5931] evict+0x4b7/0x8a0 [ 108.569116][ T5931] ? __lock_acquire+0x7d80/0x7d80 [ 108.574171][ T5931] ? proc_nr_inodes+0x230/0x230 [ 108.579049][ T5931] ? do_raw_spin_unlock+0x121/0x230 [ 108.584288][ T5931] ? _raw_spin_unlock+0x28/0x40 [ 108.589157][ T5931] vfs_rmdir+0x378/0x4b0 [ 108.593415][ T5931] do_rmdir+0x29f/0x590 [ 108.597586][ T5931] ? __check_object_size+0x4fc/0xa40 [ 108.602904][ T5931] ? d_delete_notify+0x150/0x150 [ 108.607852][ T5931] ? getname_flags+0x20a/0x500 [ 108.612636][ T5931] __x64_sys_rmdir+0x49/0x50 [ 108.617336][ T5931] do_syscall_64+0x55/0xb0 [ 108.621774][ T5931] ? clear_bhb_loop+0x40/0x90 [ 108.626472][ T5931] ? clear_bhb_loop+0x40/0x90 [ 108.631199][ T5931] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.637157][ T5931] RIP: 0033:0x7fc42b39ce59 [ 108.641587][ T5931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.661212][ T5931] RSP: 002b:00007ffc2f407678 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 108.669641][ T5931] RAX: ffffffffffffffda RBX: 00007fc42b615fa0 RCX: 00007fc42b39ce59 [ 108.677627][ T5931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400 [ 108.685629][ T5931] RBP: 00007fc42b432e6f R08: 0000000000000000 R09: 0000000000000000 [ 108.693632][ T5931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.701606][ T5931] R13: 00007fc42b615fac R14: 00007fc42b615fa0 R15: 00007fc42b615fa0 [ 108.709598][ T5931] [ 108.747412][ T5931] syz.0.17 (5931) used greatest stack depth: 19480 bytes left [ 108.810488][ T5891] ocfs2: Unmounting device (7,0) on (node local)