BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 PID: 22483 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 add_chain_cache kernel/locking/lockdep.c:2259 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2371 [inline] validate_chain kernel/locking/lockdep.c:2391 [inline] __lock_acquire.cold+0x420/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline] read_seqcount_begin include/linux/seqlock.h:164 [inline] read_seqbegin include/linux/seqlock.h:440 [inline] zone_span_seqbegin include/linux/memory_hotplug.h:65 [inline] page_outside_zone_boundaries mm/page_alloc.c:491 [inline] bad_range+0xc0/0x3c0 mm/page_alloc.c:520 __free_one_page mm/page_alloc.c:820 [inline] free_one_page+0x12b/0x10b0 mm/page_alloc.c:1201 __free_pages_ok+0x41a/0xd30 mm/page_alloc.c:1285 free_thread_stack kernel/fork.c:270 [inline] release_task_stack kernel/fork.c:385 [inline] put_task_stack+0xd2/0x1f0 kernel/fork.c:396 finish_task_switch+0x523/0x760 kernel/sched/core.c:2710 context_switch kernel/sched/core.c:2831 [inline] __schedule+0x88f/0x2040 kernel/sched/core.c:3517 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744 retint_kernel+0x1b/0x2d RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:lock_release+0x429/0x8b0 kernel/locking/lockdep.c:3930 Code: 84 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 95 03 00 00 48 83 3d 7b 34 a6 08 00 0f 84 cc 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 49 c7 04 04 00 00 00 RSP: 0018:ffff88809ee6f360 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: ffff8880b3246100 RCX: 1ffff11016648d40 RDX: dffffc0000000000 RSI: 0000000000000004 RDI: 0000000000000286 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000003 R10: 0000000000000005 R11: 0000000000000000 R12: 1ffff11013dcde6f R13: 4cc3bb2ccd13f187 R14: ffff8880b3246100 R15: 0000000000000004 __set_page_dirty_buffers+0x24f/0x4c0 fs/buffer.c:644 set_page_dirty+0x25f/0x640 mm/page-writeback.c:2569 block_page_mkwrite+0x246/0x300 fs/buffer.c:2500 ext4_page_mkwrite+0xca7/0x1320 fs/ext4/inode.c:6304 do_page_mkwrite+0xd4/0x410 mm/memory.c:2486 wp_page_shared mm/memory.c:2794 [inline] do_wp_page+0x980/0x2210 mm/memory.c:2894 handle_pte_fault mm/memory.c:4191 [inline] __handle_mm_fault+0x258b/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 0f 1f 80 00 00 00 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 01 ca c3 66 2e 0f 1f 84 00 00 00 00 00 0f 01 cb 83 RSP: 0018:ffff88809ee6f9a8 EFLAGS: 00050206 RAX: ffffed100dee7600 RBX: 0000000000001000 RCX: 0000000000000080 RDX: 0000000000001000 RSI: ffff88806f73af80 RDI: 00000000200d0000 RBP: 00000000200cf080 R08: 0000000000000000 R09: ffffed100dee75ff R10: ffff88806f73afff R11: 0000000000000000 R12: ffff88806f73a000 R13: 00000000200d0080 R14: 00007ffffffff000 R15: 0000000000000000 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:128 [inline] copyout+0xcd/0xf0 lib/iov_iter.c:137 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline] copy_page_to_iter+0x3ac/0xe00 lib/iov_iter.c:853 generic_file_buffered_read mm/filemap.c:2208 [inline] generic_file_read_iter+0x9f6/0x2b60 mm/filemap.c:2385 ext4_file_read_iter+0x17b/0x3a0 fs/ext4/file.c:78 call_read_iter include/linux/fs.h:1815 [inline] do_iter_readv_writev+0x569/0x790 fs/read_write.c:679 do_iter_read+0x26f/0x630 fs/read_write.c:923 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7ff2f6be10f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff2f5132168 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007ff2f6d01050 RCX: 00007ff2f6be10f9 RDX: 0000000000000005 RSI: 00000000200015c0 RDI: 0000000000000006 RBP: 00007ff2f6c3cae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffe6a6d89f R14: 00007ff2f5132300 R15: 0000000000022000 netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'. batman_adv: batadv0: Interface deactivated: batadv_slave_1 audit: type=1107 audit(1678091152.636:37614): pid=22882 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='' IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 ---------------- Code disassembly (best guess): 0: 84 08 test %cl,(%rax) 2: 00 00 add %al,(%rax) 4: 00 00 add %al,(%rax) 6: 00 00 add %al,(%rax) 8: 48 c1 e8 03 shr $0x3,%rax c: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 10: 0f 85 95 03 00 00 jne 0x3ab 16: 48 83 3d 7b 34 a6 08 cmpq $0x0,0x8a6347b(%rip) # 0x8a63499 1d: 00 1e: 0f 84 cc 01 00 00 je 0x1f0 24: 48 8b 3c 24 mov (%rsp),%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 36: fc ff df 39: 49 rex.WB 3a: c7 .byte 0xc7 3b: 04 04 add $0x4,%al 3d: 00 00 add %al,(%rax)