new mount options do not match the existing superblock, will be ignored ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/12219 is trying to acquire lock: 0000000071bd5d05 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting fs/proc/base.c:2750 [inline] 0000000071bd5d05 (&sig->cred_guard_mutex){+.+.}, at: proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 but task is already holding lock: 00000000e77a340b (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x11c0 fs/seq_file.c:164 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_link+0x73/0x2b0 fs/overlayfs/dir.c:676 vfs_link+0x7e6/0xc80 fs/namei.c:4243 do_linkat+0x52a/0x810 fs/namei.c:4311 __do_sys_link fs/namei.c:4340 [inline] __se_sys_link fs/namei.c:4338 [inline] __x64_sys_link+0x5d/0x80 fs/namei.c:4338 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_key[depth]#2){+.+.}: inode_lock include/linux/fs.h:748 [inline] process_measurement+0x926/0x1440 security/integrity/ima/ima_main.c:205 ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:391 do_last fs/namei.c:3425 [inline] path_openat+0x7e4/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 device erspan1 entered promiscuous mode ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(sb_writers#3); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 2 locks held by syz-executor.1/12219: #0: 00000000498ccad4 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000e77a340b (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 stack backtrace: CPU: 0 PID: 12219 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd4e08b0109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd4df225168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007fd4e09c2f60 RCX: 00007fd4e08b0109 RDX: 0000000000002020 RSI: 0000000020000000 RDI: 0000000000000005 RBP: 00007fd4e090a0ad R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccee13c8f R14: 00007fd4df225300 R15: 0000000000022000 capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) new mount options do not match the existing superblock, will be ignored TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. device erspan1 entered promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode Bluetooth: hci4: command 0x0406 tx timeout device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves IPVS: ftp: loaded support on port[0] = 21 chnl_net:caif_netlink_parms(): no params data found bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode bond0: Enslaving bond_slave_0 as an active interface with an up link bond0: Enslaving bond_slave_1 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready team0: Port device team_slave_0 added IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready team0: Port device team_slave_1 added batman_adv: batadv0: Adding interface: batadv_slave_0 batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active batman_adv: batadv0: Adding interface: batadv_slave_1 batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready device hsr_slave_0 entered promiscuous mode device hsr_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready bridge0: port 1(bridge_slave_0) entered disabled state bridge0: port 2(bridge_slave_1) entered disabled state IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready device veth0_vlan entered promiscuous mode device veth1_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready device veth1_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: batadv0: Interface activated: batadv_slave_0 IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready ieee80211 phy48: Selected rate control algorithm 'minstrel_ht' IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 ieee80211 phy49: Selected rate control algorithm 'minstrel_ht' wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 Bluetooth: hci2: command 0x0409 tx timeout IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready kauditd_printk_skb: 33 callbacks suppressed audit: type=1804 audit(1655091771.484:358): pid=12642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/749/bus" dev="sda1" ino=15745 res=1 (syz-executor.5,12649,0):ocfs2_parse_options:1513 ERROR: Invalid heartbeat mount options TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. (syz-executor.5,12649,0):ocfs2_fill_super:1225 ERROR: status = -22 MTD: Attempt to mount non-MTD device "/dev/loop5" romfs: VFS: Can't find a romfs filesystem on dev loop5. audit: type=1804 audit(1655091771.695:359): pid=12688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/749/bus" dev="sda1" ino=15745 res=1 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access audit: type=1804 audit(1655091771.725:360): pid=12688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/749/bus" dev="sda1" ino=15745 res=1 audit: type=1804 audit(1655091771.735:361): pid=12688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/749/bus" dev="sda1" ino=15745 res=1 general protection fault: 0000 [#1] PREEMPT SMP KASAN audit: type=1804 audit(1655091771.745:362): pid=12698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/749/bus" dev="sda1" ino=15745 res=1 CPU: 1 PID: 12703 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__write_once_size include/linux/compiler.h:290 [inline] RIP: 0010:__hlist_del include/linux/list.h:688 [inline] RIP: 0010:hlist_del_rcu include/linux/rculist.h:457 [inline] RIP: 0010:vxlan_fdb_destroy+0xbe/0x1f0 drivers/net/vxlan.c:788 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 11 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 09 01 00 00 48 85 ed 49 89 2c 24 74 28 e8 4a 06 (syz-executor.5,12712,0):ocfs2_parse_options:1513 ERROR: Invalid heartbeat mount options RSP: 0018:ffff8880a0be6d90 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffff8880a9103d00 RCX: ffffc9000624f000 RDX: 1bd5a00000000040 RSI: ffffffff844f7ebc RDI: ffff8880a9103d08 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 1ffff11012a4f1dd R12: dead000000000200 R13: 0000000000000000 R14: ffff8880a0be6eb0 R15: ffff88804cdb9880 FS: 00007fd4df204700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f44288a2fc8 CR3: 00000000462da000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: (syz-executor.5,12712,0):ocfs2_fill_super:1225 ERROR: status = -22 __vxlan_dev_create+0x477/0x820 drivers/net/vxlan.c:3279 vxlan_newlink+0xc0/0x120 drivers/net/vxlan.c:3506 rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 sock_no_sendpage+0xf5/0x140 net/core/sock.c:2686 kernel_sendpage net/socket.c:3585 [inline] sock_sendpage+0xdf/0x140 net/socket.c:912 pipe_to_sendpage+0x268/0x330 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x389/0x800 fs/splice.c:627 splice_from_pipe fs/splice.c:662 [inline] generic_splice_sendpage+0xd4/0x140 fs/splice.c:833 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd4e08b0109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd4df204168 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007fd4e09c3030 RCX: 00007fd4e08b0109 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007fd4e090a0ad R08: 000000000004fff2 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccee13c8f R14: 00007fd4df204300 R15: 0000000000022000 Modules linked in: ---[ end trace eff76a9cabd312b0 ]--- RIP: 0010:__write_once_size include/linux/compiler.h:290 [inline] RIP: 0010:__hlist_del include/linux/list.h:688 [inline] RIP: 0010:hlist_del_rcu include/linux/rculist.h:457 [inline] RIP: 0010:vxlan_fdb_destroy+0xbe/0x1f0 drivers/net/vxlan.c:788 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 11 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 09 01 00 00 48 85 ed 49 89 2c 24 74 28 e8 4a 06 RSP: 0018:ffff8880a0be6d90 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffff8880a9103d00 RCX: ffffc9000624f000 RDX: 1bd5a00000000040 RSI: ffffffff844f7ebc RDI: ffff8880a9103d08 audit: type=1804 audit(1655091772.555:363): pid=12729 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir402433640/syzkaller.9dOESg/750/bus" dev="sda1" ino=15750 res=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 1ffff11012a4f1dd R12: dead000000000200 R13: 0000000000000000 R14: ffff8880a0be6eb0 R15: ffff88804cdb9880 FS: 00007fd4df204700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 (syz-executor.2,12732,0):ocfs2_parse_options:1513 ERROR: Invalid heartbeat mount options CR2: 00007fcc2efd6000 CR3: 00000000462da000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: df 48 89 fisttps -0x77(%rax) 3: fa cli 4: 48 c1 ea 03 shr $0x3,%rdx 8: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) c: 0f 85 11 01 00 00 jne 0x123 12: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 19: fc ff df 1c: 4c 8b 63 08 mov 0x8(%rbx),%r12 20: 4c 89 e2 mov %r12,%rdx 23: 48 c1 ea 03 shr $0x3,%rdx * 27: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2b: 0f 85 09 01 00 00 jne 0x13a 31: 48 85 ed test %rbp,%rbp 34: 49 89 2c 24 mov %rbp,(%r12) 38: 74 28 je 0x62 3a: e8 .byte 0xe8 3b: 4a 06 rex.WX (bad)