BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 PID: 3508 Comm: syz-executor.4 Not tainted 4.14.227-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 add_chain_cache kernel/locking/lockdep.c:2303 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2415 [inline] validate_chain kernel/locking/lockdep.c:2435 [inline] __lock_acquire.cold+0x19a/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline] read_seqcount_begin include/linux/seqlock.h:164 [inline] ktime_get_with_offset+0xf3/0x320 kernel/time/timekeeping.c:803 ktime_get_real include/linux/timekeeping.h:185 [inline] __net_timestamp include/linux/skbuff.h:3500 [inline] netif_rx_internal+0x44f/0x800 net/core/dev.c:4030 loopback_xmit+0x23a/0x580 drivers/net/loopback.c:91 __netdev_start_xmit include/linux/netdevice.h:4051 [inline] netdev_start_xmit include/linux/netdevice.h:4060 [inline] xmit_one net/core/dev.c:3005 [inline] dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521 neigh_hh_output include/net/neighbour.h:490 [inline] neigh_output include/net/neighbour.h:498 [inline] ip_finish_output2+0x9db/0x1340 net/ipv4/ip_output.c:230 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cd/0x510 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:470 [inline] ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125 dccp_v4_send_response+0x2f1/0x540 net/dccp/ipv4.c:497 dccp_v4_conn_request+0xa26/0x1130 net/dccp/ipv4.c:636 dccp_v6_conn_request+0xe6b/0x1400 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x38f/0x15c0 net/dccp/input.c:612 dccp_v4_do_rcv+0xef/0x170 net/dccp/ipv4.c:685 dccp_v6_do_rcv+0x84b/0xa40 net/dccp/ipv6.c:579 sk_backlog_rcv include/net/sock.h:921 [inline] __sk_receive_skb+0x5b9/0x960 net/core/sock.c:511 dccp_v4_rcv+0xe75/0x17e0 net/dccp/ipv4.c:877 ip_local_deliver_finish+0x3f2/0xab0 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x167/0x460 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:476 [inline] ip_rcv_finish+0x6e3/0x19f0 net/ipv4/ip_input.c:396 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0x8a7/0xf10 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512 process_backlog+0x218/0x6f0 net/core/dev.c:5194 napi_poll net/core/dev.c:5596 [inline] net_rx_action+0x466/0xfd0 net/core/dev.c:5662 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1016 do_softirq.part.0+0x154/0x1b0 kernel/softirq.c:332 do_softirq kernel/softirq.c:324 [inline] __local_bh_enable_ip+0x12b/0x170 kernel/softirq.c:185 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline] ip_finish_output2+0xbfc/0x1340 net/ipv4/ip_output.c:232 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cd/0x510 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:470 [inline] ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125 ip_queue_xmit+0x7d3/0x1a80 net/ipv4/ip_output.c:505 dccp_transmit_skb+0x8d6/0x11e0 net/dccp/output.c:142 dccp_connect+0x2df/0x5f0 net/dccp/output.c:564 dccp_v4_connect+0xcfa/0x14e0 net/dccp/ipv4.c:126 __inet_stream_connect+0x6ad/0xb90 net/ipv4/af_inet.c:618 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:682 SYSC_connect net/socket.c:1655 [inline] SyS_connect+0x1f4/0x240 net/socket.c:1636 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x466459 RSP: 002b:00007f23086f8188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000010 RSI: 0000000020e5c000 RDI: 0000000000000004 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffea16f9dbf R14: 00007f23086f8300 R15: 0000000000022000 dccp_xmit_packet: Payload too large (65475) for featneg. dccp_xmit_packet: Payload too large (65475) for featneg. dccp_xmit_packet: Payload too large (65475) for featneg. dccp_xmit_packet: Payload too large (65475) for featneg. REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal REISERFS (device loop3): using ordered data mode sd 0:0:1:0: PR command failed: 134217730 sd 0:0:1:0: Sense Key : Illegal Request [current] reiserfs: using flush barriers sd 0:0:1:0: Add. Sense: Invalid command operation code REISERFS (device loop3): journal params: device loop3, size 15748, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) sd 0:0:1:0: PR command failed: 134217730 sd 0:0:1:0: Sense Key : Illegal Request [current] sd 0:0:1:0: Add. Sense: Invalid command operation code sd 0:0:1:0: PR command failed: 134217730 sd 0:0:1:0: Sense Key : Illegal Request [current] sd 0:0:1:0: Add. Sense: Invalid command operation code REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[1 2 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 15767. Fsck? REISERFS (device loop3): Remounting filesystem read-only REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal sd 0:0:1:0: PR command failed: 134217730 sd 0:0:1:0: Sense Key : Illegal Request [current] REISERFS (device loop3): using ordered data mode sd 0:0:1:0: Add. Sense: Invalid command operation code reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 15748, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) ip6_tables: ip6tables: counters copy to user failed while replacing table ip6_tables: ip6tables: counters copy to user failed while replacing table REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[1 2 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 15767. Fsck? REISERFS (device loop3): Remounting filesystem read-only REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 15748, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[1 2 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 15767. Fsck? REISERFS (device loop3): Remounting filesystem read-only REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 15748, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) ieee80211 phy6: hwaddr 02:00:00:00:06:00 registered REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[1 2 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 15767. Fsck? REISERFS (device loop3): Remounting filesystem read-only REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' ieee80211 phy7: hwaddr 02:00:00:00:07:00 registered netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. rtc_cmos 00:00: Alarms can be up to one day in the future ieee80211 phy8: hwaddr 02:00:00:00:08:00 registered netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. encrypted_key: insufficient parameters specified netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. encrypted_key: insufficient parameters specified ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' ieee80211 phy9: hwaddr 02:00:00:00:09:00 registered rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. rtc rtc0: __rtc_set_alarm: err=-22 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future kauditd_printk_skb: 2 callbacks suppressed audit: type=1804 audit(1617052501.133:368): pid=4351 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="file0" dev="sda1" ino=14898 res=1 rtc rtc0: __rtc_set_alarm: err=-22 audit: type=1804 audit(1617052501.333:369): pid=4364 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="file0" dev="sda1" ino=14882 res=1 audit: type=1804 audit(1617052501.483:370): pid=4372 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="file0" dev="sda1" ino=14819 res=1