audit: type=1804 audit(1678152301.781:6970): pid=11637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1184914244/syzkaller.mw3QcD/792/bus" dev="sda1" ino=14093 res=1 BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 PID: 11621 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 add_chain_cache kernel/locking/lockdep.c:2259 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2371 [inline] validate_chain kernel/locking/lockdep.c:2391 [inline] __lock_acquire.cold+0x420/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 rq_lock kernel/sched/sched.h:1826 [inline] __schedule+0x1f9/0x2040 kernel/sched/core.c:3455 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744 retint_kernel+0x1b/0x2d RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline] RIP: 0010:qlist_free_all+0x32/0x140 mm/kasan/quarantine.c:166 Code: 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 49 63 86 fc 00 00 00 4c 8b 23 <48> 29 c3 48 83 3d 93 10 59 08 00 0f 84 e6 00 00 00 9c 58 0f 1f 44 RSP: 0018:ffff8880405c7468 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffff8880a9d39200 RCX: ffffea0002a55087 RDX: 0000000000000000 RSI: ffffffff812b5eca RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000000000000 R12: ffff8880b4e0ae00 R13: ffff8880405c74a0 R14: ffff88813bff04c0 R15: 0000000000000286 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc mm/slab.c:3397 [inline] kmem_cache_alloc+0x110/0x370 mm/slab.c:3557 ptlock_alloc+0x1d/0x70 mm/memory.c:4969 ptlock_init include/linux/mm.h:1900 [inline] pgtable_page_ctor include/linux/mm.h:1934 [inline] pte_alloc_one+0x68/0x190 arch/x86/mm/pgtable.c:38 do_huge_pmd_anonymous_page+0x649/0x1e60 mm/huge_memory.c:701 create_huge_pmd mm/memory.c:4066 [inline] __handle_mm_fault+0x289c/0x41c0 mm/memory.c:4270 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 0f 1f 80 00 00 00 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 01 ca c3 66 2e 0f 1f 84 00 00 00 00 00 0f 01 cb 83 RSP: 0018:ffff8880405c7ba8 EFLAGS: 00050206 RAX: ffffed10136b0400 RBX: 0000000000001000 RCX: 0000000000000240 RDX: 0000000000001000 RSI: 0000000020c00000 RDI: ffff88809b581dc0 RBP: 0000000020bff240 R08: 0000000000000001 R09: ffffed10136b03ff R10: ffff88809b581fff R11: 0000000000000000 R12: ffff88809b581000 R13: 0000000020c00240 R14: 00007ffffffff000 R15: 0000000000000000 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:71 [inline] copyin+0xcd/0xf0 lib/iov_iter.c:146 copy_page_from_iter_iovec lib/iov_iter.c:290 [inline] copy_page_from_iter+0x3ac/0x7f0 lib/iov_iter.c:874 pipe_write+0x26f/0xf80 fs/pipe.c:458 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f2f167430f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2f14c94168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f2f16863050 RCX: 00007f2f167430f9 RDX: 00000000ffffff14 RSI: 0000000020000240 RDI: 000000000000000a RBP: 00007f2f1679eae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2b334b6f R14: 00007f2f14c94300 R15: 0000000000022000 REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. base_sock_release(000000002c4b3202) sk= (null) audit: type=1804 audit(1678152303.761:6971): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2612948061/syzkaller.ZlJ9yA/779/file1/bus" dev="loop0" ino=5 res=1 audit: type=1804 audit(1678152303.781:6972): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2612948061/syzkaller.ZlJ9yA/779/file1/bus" dev="loop0" ino=5 res=1 base_sock_release(00000000b7ff3abc) sk=00000000375f8920 bridge0: port 2(bridge_slave_1) entered disabled state REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. base_sock_release(000000008ad8cdeb) sk= (null) audit: type=1804 audit(1678152305.191:6973): pid=11780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2612948061/syzkaller.ZlJ9yA/780/file1/bus" dev="loop0" ino=5 res=1 audit: type=1804 audit(1678152305.221:6974): pid=11817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2612948061/syzkaller.ZlJ9yA/780/file1/bus" dev="loop0" ino=5 res=1 base_sock_release(000000007e2d7f09) sk=00000000bcd87cb4 audit: type=1804 audit(1678152305.221:6975): pid=11818 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2612948061/syzkaller.ZlJ9yA/780/file1/bus" dev="loop0" ino=5 res=1 audit: type=1804 audit(1678152305.341:6976): pid=11749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/771/bus" dev="sda1" ino=13920 res=1 audit: type=1804 audit(1678152305.711:6977): pid=11823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/771/bus" dev="sda1" ino=13920 res=1 audit: type=1804 audit(1678152305.741:6978): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/771/bus" dev="sda1" ino=13920 res=1 nla_parse: 314 callbacks suppressed netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. base_sock_release(000000006d290c06) sk= (null) netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1678152306.051:6979): pid=11835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/772/bus" dev="sda1" ino=14029 res=1 REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "cgroup.controllers" netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1678152306.251:6980): pid=11836 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/772/bus" dev="sda1" ino=14029 res=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. base_sock_release(000000006603d071) sk=000000000e975b91 audit: type=1804 audit(1678152306.331:6981): pid=11836 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir5158288/syzkaller.c9DAV0/772/bus" dev="sda1" ino=14029 res=1 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. XFS (loop5): unknown mount option [ÿî§<< G4š¶mRŸ±â½ÆuÆÌëê0º‰wÆ2ÝËàíù†¶Žæ]. audit: type=1804 audit(1678152307.111:6982): pid=11877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1458650825/syzkaller.XXAaPN/90/file0/bus" dev="loop5" ino=42 res=1 IPVS: ftp: loaded support on port[0] = 21 netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'. IPVS: ftp: loaded support on port[0] = 21 XFS (loop5): Unmounting Filesystem XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. XFS (loop5): unknown mount option [ÿî§<< G4š¶mRŸ±â½ÆuÆÌëê0º‰wÆ2ÝËàíù†¶Žæ]. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 XFS (loop5): Unmounting Filesystem FAT-fs (loop0): Unrecognized mount option "time_offset=0x«]00000000000004e0" or missing value XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount FAT-fs (loop0): Unrecognized mount option "time_offset=0x«]00000000000004e0" or missing value netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. XFS (loop5): Unmounting Filesystem netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. mac80211_hwsim hwsim3 : renamed from wlan1 XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount XFS (loop5): Unmounting Filesystem XFS (loop0): Unmounting Filesystem netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount XFS (loop0): Unmounting Filesystem XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Unmounting Filesystem EXT4-fs warning (device loop5): ext4_multi_mount_protect:287: Invalid MMP block in superblock EXT4-fs warning (device loop5): ext4_multi_mount_protect:287: Invalid MMP block in superblock XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount XFS (loop0): Unmounting Filesystem EXT4-fs warning (device loop5): ext4_multi_mount_protect:287: Invalid MMP block in superblock ---------------- Code disassembly (best guess): 0: 55 push %rbp 1: 53 push %rbx 2: 48 8b 1f mov (%rdi),%rbx 5: 48 85 db test %rbx,%rbx 8: 0f 84 08 01 00 00 je 0x116 e: 48 89 f5 mov %rsi,%rbp 11: 49 89 fd mov %rdi,%r13 14: 48 85 ed test %rbp,%rbp 17: 49 89 ee mov %rbp,%r14 1a: 0f 84 8b 00 00 00 je 0xab 20: 49 63 86 fc 00 00 00 movslq 0xfc(%r14),%rax 27: 4c 8b 23 mov (%rbx),%r12 * 2a: 48 29 c3 sub %rax,%rbx <-- trapping instruction 2d: 48 83 3d 93 10 59 08 cmpq $0x0,0x8591093(%rip) # 0x85910c8 34: 00 35: 0f 84 e6 00 00 00 je 0x121 3b: 9c pushfq 3c: 58 pop %rax 3d: 0f .byte 0xf 3e: 1f (bad) 3f: 44 rex.R