BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 1 PID: 12105 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 add_chain_cache kernel/locking/lockdep.c:2259 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2371 [inline] validate_chain kernel/locking/lockdep.c:2391 [inline] __lock_acquire.cold+0x420/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 perf_event_context_sched_out kernel/events/core.c:3145 [inline] __perf_event_task_sched_out+0xa49/0x1470 kernel/events/core.c:3237 perf_event_task_sched_out include/linux/perf_event.h:1132 [inline] prepare_task_switch kernel/sched/core.c:2612 [inline] context_switch kernel/sched/core.c:2793 [inline] __schedule+0xd8a/0x2040 kernel/sched/core.c:3517 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744 retint_kernel+0x1b/0x2d RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:lock_acquire+0x1ec/0x3c0 kernel/locking/lockdep.c:3911 Code: 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 b7 01 00 00 48 83 3d 09 2e a6 08 00 0f 84 2a 01 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 65 8b RSP: 0018:ffff88809e17f3d0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: ffff8880a9898100 RCX: c55f040cf2f29afc RDX: dffffc0000000000 RSI: 00000000654626f1 RDI: 0000000000000286 RBP: ffffffff89f85fa0 R08: 0000000018f108cd R09: 0000000000000004 R10: ffff8880a9898a28 R11: 0000000000074071 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:627 [inline] is_bpf_text_address+0x36/0x1b0 kernel/bpf/core.c:546 kernel_text_address kernel/extable.c:152 [inline] kernel_text_address+0xbd/0xf0 kernel/extable.c:122 __kernel_text_address+0x9/0x30 kernel/extable.c:107 unwind_get_return_address arch/x86/kernel/unwind_orc.c:297 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:292 __save_stack_trace+0xaf/0x190 arch/x86/kernel/stacktrace.c:45 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 __do_kmalloc_node mm/slab.c:3689 [inline] __kmalloc_node+0x4c/0x70 mm/slab.c:3696 kmalloc_node include/linux/slab.h:557 [inline] kvmalloc_node+0x61/0xf0 mm/util.c:423 kvmalloc include/linux/mm.h:577 [inline] kvzalloc include/linux/mm.h:585 [inline] allocate_hook_entries_size net/netfilter/core.c:60 [inline] nf_hook_entries_grow+0x5e6/0x780 net/netfilter/core.c:127 __nf_register_net_hook+0x15a/0x480 net/netfilter/core.c:336 nf_register_net_hook net/netfilter/core.c:463 [inline] nf_register_net_hooks+0x4c/0x190 net/netfilter/core.c:479 nf_defrag_ipv6_enable net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:147 [inline] nf_defrag_ipv6_enable+0xe5/0x170 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:134 nf_ct_netns_do_get+0x3f3/0x5a0 net/netfilter/nf_conntrack_proto.c:826 nf_ct_netns_get net/netfilter/nf_conntrack_proto.c:885 [inline] nf_ct_netns_get+0x7f/0xc0 net/netfilter/nf_conntrack_proto.c:877 nf_conncount_init net/netfilter/nf_conncount.c:532 [inline] nf_conncount_init+0x115/0x3d0 net/netfilter/nf_conncount.c:515 ovs_ct_limit_init net/openvswitch/conntrack.c:1817 [inline] ovs_ct_init+0x397/0x6b0 net/openvswitch/conntrack.c:2220 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd0db5f50f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd0d9b67118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fd0db714f80 RCX: 00007fd0db5f50f9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000040000000 RBP: 00007fd0db650ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 00007fffca882e9f R14: 00007fd0d9b67300 R15: 0000000000022000 Enabling of bearer rejected, failed to enable media base_sock_release(00000000630c3ca8) sk=00000000a355e7f2 audit: type=1804 audit(1678156270.240:1014): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4077979769/syzkaller.pRwTeH/39/bus/bus" dev="loop4" ino=263 res=1 Enabling of bearer rejected, failed to enable media Enabling of bearer rejected, failed to enable media base_sock_release(00000000276cec06) sk= (null) audit: type=1804 audit(1678156271.070:1015): pid=12204 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1877628418/syzkaller.Yj20b5/705/bus" dev="sda1" ino=14178 res=1 Enabling of bearer rejected, failed to enable media Enabling of bearer rejected, failed to enable media Enabling of bearer rejected, failed to enable media audit: type=1804 audit(1678156271.100:1016): pid=12211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1877628418/syzkaller.Yj20b5/705/bus" dev="sda1" ino=14178 res=1 Enabling of bearer rejected, failed to enable media base_sock_release(000000002fcc9941) sk=000000006916b54b base_sock_release(00000000fd444028) sk=0000000082a0fa37 Enabling of bearer rejected, failed to enable media base_sock_release(00000000323ff74c) sk=0000000069bd0d93 Enabling of bearer rejected, failed to enable media base_sock_release(000000008c6a8d10) sk=00000000381b05a3 Enabling of bearer rejected, failed to enable media base_sock_release(00000000a7cedaf4) sk=00000000c3f3cfcb Enabling of bearer rejected, failed to enable media base_sock_release(00000000c350a477) sk=00000000e5556559 base_sock_release(000000005df70a6d) sk=00000000063593ce Enabling of bearer rejected, failed to enable media base_sock_release(0000000083d47745) sk=00000000931ee420 base_sock_release(00000000fc789068) sk=00000000b506003f Enabling of bearer rejected, failed to enable media base_sock_release(0000000018f57380) sk=000000005b816efe base_sock_release(000000005a77fc0e) sk=00000000ff1fc0cc base_sock_release(00000000d0bccd63) sk=00000000acbe1372 Enabling of bearer rejected, failed to enable media base_sock_release(00000000bc22883c) sk=0000000054f8d424 base_sock_release(000000005a330dfb) sk=000000000021586e Enabling of bearer rejected, failed to enable media base_sock_release(000000005a8fa292) sk=0000000091052eef base_sock_release(00000000817a8194) sk=000000002b1f72e1 Enabling of bearer rejected, failed to enable media base_sock_release(00000000859089f5) sk=000000005deec973 Enabling of bearer rejected, failed to enable media base_sock_release(00000000e4bf3a43) sk=00000000ca2a59d8 Enabling of bearer rejected, failed to enable media Enabling of bearer rejected, failed to enable media base_sock_release(000000003cac481a) sk=000000009bdfbdaa base_sock_release(00000000f0b34364) sk=000000003d3226fd base_sock_release(00000000db38c54f) sk=00000000ec14bc91 base_sock_release(0000000019878a0d) sk=0000000077fa0cec base_sock_release(0000000023825586) sk=000000009346b02d Enabling of bearer rejected, failed to enable media audit: type=1804 audit(1678156271.920:1017): pid=12220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/492/bus" dev="sda1" ino=13988 res=1 base_sock_release(00000000bcb4c898) sk=00000000d1f72bed base_sock_release(000000006b4b0dcf) sk=000000002a4beefb base_sock_release(00000000527b0604) sk=00000000beae3413 base_sock_release(000000003bc992fe) sk=00000000d6d48c09 base_sock_release(00000000f2fbb851) sk=000000006374e369 base_sock_release(000000005d261114) sk=000000002baa4df2 base_sock_release(00000000499b291f) sk=0000000041cf7d7d base_sock_release(000000008458bcd0) sk=0000000012d9d628 BTRFS info (device loop4): enabling inode map caching BTRFS warning (device loop4): excessive commit interval 622039222 BTRFS info (device loop4): force zlib compression, level 3 base_sock_release(000000002cc70c02) sk=000000007de343b8 BTRFS info (device loop4): using free space tree base_sock_release(000000006966a93f) sk=0000000026183f16 BTRFS info (device loop4): has skinny extents base_sock_release(00000000e8a9ed90) sk=00000000703acb05 base_sock_release(00000000a4354084) sk=000000009467d70f base_sock_release(000000007982d1ad) sk=000000007994bc67 base_sock_release(00000000c0b0a96a) sk=00000000c6c4ee25 base_sock_release(00000000ae5f8abd) sk=000000001d4e2d74 base_sock_release(000000009648473d) sk=000000009951c95a base_sock_release(00000000dabb9d8f) sk=00000000a87d9df4 base_sock_release(000000006b9572b0) sk=00000000fffc45da base_sock_release(000000001617c630) sk=0000000045f9c66d base_sock_release(00000000e714cc04) sk=00000000d20592ea base_sock_release(00000000df39a3b7) sk=000000005ff4283b audit: type=1804 audit(1678156272.830:1018): pid=12228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3784469271/syzkaller.Pf0EBb/527/bus" dev="sda1" ino=13884 res=1 base_sock_release(000000006e8bcfc3) sk=00000000821a1f5e base_sock_release(00000000b41202ee) sk=00000000c585e93d base_sock_release(0000000085e8a75a) sk=000000009f7bca75 base_sock_release(0000000080b1059e) sk=0000000068ee1a07 base_sock_release(0000000088e53478) sk=000000002cd38a51 base_sock_release(0000000066dcd88c) sk=00000000d09d1344 base_sock_release(00000000e189cc21) sk=0000000046088c91 base_sock_release(00000000e89bed0d) sk=00000000e3956aef base_sock_release(000000007e85b3bb) sk=00000000258f8603 base_sock_release(0000000001399edf) sk=00000000f97f58a6 base_sock_release(00000000d5998a5c) sk=0000000009b769dd base_sock_release(00000000f9ae1247) sk=00000000f156ac7e base_sock_release(00000000231fb37c) sk=00000000ba95bbfd base_sock_release(00000000abb1943b) sk=000000000bf9117d base_sock_release(000000008818f51f) sk=00000000d894a6e1 base_sock_release(000000000defa439) sk=00000000f5325a5a base_sock_release(00000000f872352e) sk=000000006597ab4d base_sock_release(00000000eca337d3) sk=00000000467039ca base_sock_release(00000000f3a23789) sk=00000000a5c77262 base_sock_release(00000000d20ddfd9) sk=00000000fde85fa8 base_sock_release(00000000a202fe18) sk=00000000aa8a754c BTRFS info (device loop4): enabling inode map caching BTRFS warning (device loop4): excessive commit interval 622039222 BTRFS info (device loop4): force zlib compression, level 3 BTRFS info (device loop4): using free space tree BTRFS info (device loop4): has skinny extents audit: type=1804 audit(1678156273.910:1019): pid=12387 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4077979769/syzkaller.pRwTeH/41/bus/bus" dev="loop4" ino=263 res=1 netlink: 'syz-executor.5': attribute type 27 has an invalid length. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. device Y4`Ҙ left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 'syz-executor.5': attribute type 27 has an invalid length. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. audit: type=1804 audit(1678156276.621:1020): pid=12559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/505/bus" dev="sda1" ino=14401 res=1 audit: type=1804 audit(1678156276.711:1021): pid=12589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/505/bus" dev="sda1" ino=14401 res=1 audit: type=1804 audit(1678156276.801:1022): pid=12591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/506/bus" dev="sda1" ino=14401 res=1 audit: type=1804 audit(1678156276.851:1023): pid=12592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/506/bus" dev="sda1" ino=14401 res=1 audit: type=1804 audit(1678156276.961:1024): pid=12598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/507/bus" dev="sda1" ino=13937 res=1 audit: type=1804 audit(1678156277.051:1025): pid=12612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/507/bus" dev="sda1" ino=13937 res=1 audit: type=1804 audit(1678156277.071:1026): pid=12612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir4071032262/syzkaller.YpmxN6/507/bus" dev="sda1" ino=13937 res=1 netlink: 'syz-executor.1': attribute type 1 has an invalid length. bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode audit: type=1804 audit(1678156277.541:1027): pid=12705 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir266771817/syzkaller.PeSQGB/767/bus" dev="sda1" ino=14417 res=1 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state audit: type=1804 audit(1678156277.641:1028): pid=12712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir266771817/syzkaller.PeSQGB/767/bus" dev="sda1" ino=14417 res=1 netlink: 'syz-executor.1': attribute type 1 has an invalid length. audit: type=1804 audit(1678156278.041:1029): pid=12731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir266771817/syzkaller.PeSQGB/768/bus" dev="sda1" ino=14644 res=1 IPVS: ftp: loaded support on port[0] = 21 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 'syz-executor.1': attribute type 1 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. IPVS: ftp: loaded support on port[0] = 21 nla_parse: 27 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. Y4`Ҙ: renamed from lo IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. IPVS: ftp: loaded support on port[0] = 21 kauditd_printk_skb: 5 callbacks suppressed audit: type=1804 audit(1678156286.271:1035): pid=13201 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1877628418/syzkaller.Yj20b5/725/cgroup.controllers" dev="sda1" ino=15121 res=1 audit: type=1804 audit(1678156286.641:1036): pid=13233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1877628418/syzkaller.Yj20b5/726/cgroup.controllers" dev="sda1" ino=15127 res=1 audit: type=1804 audit(1678156286.981:1037): pid=13289 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1877628418/syzkaller.Yj20b5/727/cgroup.controllers" dev="sda1" ino=15108 res=1 ---------------- Code disassembly (best guess): 0: 08 00 or %al,(%rax) 2: 00 00 add %al,(%rax) 4: 00 00 add %al,(%rax) 6: 00 48 c1 add %cl,-0x3f(%rax) 9: e8 03 80 3c 10 callq 0x103c8011 e: 00 0f add %cl,(%rdi) 10: 85 b7 01 00 00 48 test %esi,0x48000001(%rdi) 16: 83 3d 09 2e a6 08 00 cmpl $0x0,0x8a62e09(%rip) # 0x8a62e26 1d: 0f 84 2a 01 00 00 je 0x14d 23: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: 48 83 c4 18 add $0x18,%rsp 33: 5b pop %rbx 34: 5d pop %rbp 35: 41 5c pop %r12 37: 41 5d pop %r13 39: 41 5e pop %r14 3b: 41 5f pop %r15 3d: c3 retq 3e: 65 gs 3f: 8b .byte 0x8b