BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 PID: 29981 Comm: syz-executor.4 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 add_chain_cache kernel/locking/lockdep.c:2303 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2415 [inline] validate_chain kernel/locking/lockdep.c:2435 [inline] __lock_acquire.cold+0x19a/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160 debug_object_activate+0x10f/0x490 lib/debugobjects.c:434 debug_hrtimer_activate kernel/time/hrtimer.c:401 [inline] debug_activate kernel/time/hrtimer.c:447 [inline] enqueue_hrtimer+0x22/0x3b0 kernel/time/hrtimer.c:844 hrtimer_start_range_ns+0x4a0/0x10b0 kernel/time/hrtimer.c:970 hrtimer_start include/linux/hrtimer.h:377 [inline] perf_swevent_start_hrtimer kernel/events/core.c:8779 [inline] perf_swevent_start_hrtimer kernel/events/core.c:8762 [inline] cpu_clock_event_start+0x100/0x160 kernel/events/core.c:8837 cpu_clock_event_add+0x37/0x40 kernel/events/core.c:8849 event_sched_in+0x498/0xdb0 kernel/events/core.c:2134 group_sched_in+0xfb/0x400 kernel/events/core.c:2174 ctx_flexible_sched_in kernel/events/core.c:3199 [inline] ctx_sched_in+0x1303/0x1860 kernel/events/core.c:3245 perf_event_sched_in+0x69/0xa0 kernel/events/core.c:2332 perf_event_context_sched_in kernel/events/core.c:3285 [inline] __perf_event_task_sched_in+0x5a3/0x8c0 kernel/events/core.c:3324 perf_event_task_sched_in include/linux/perf_event.h:1087 [inline] finish_task_switch+0x3c9/0x610 kernel/sched/core.c:2664 context_switch kernel/sched/core.c:2811 [inline] __schedule+0x893/0x1de0 kernel/sched/core.c:3384 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:3508 ___preempt_schedule+0x16/0x18 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock+0x3b/0x40 kernel/locking/spinlock.c:184 spin_unlock include/linux/spinlock.h:357 [inline] __set_page_dirty_buffers+0x120/0x240 fs/buffer.c:690 set_page_dirty+0x148/0x2a0 mm/page-writeback.c:2586 filemap_page_mkwrite+0x225/0x2d0 mm/filemap.c:2627 do_page_mkwrite+0xd4/0x2e0 mm/memory.c:2464 wp_page_shared mm/memory.c:2768 [inline] do_wp_page+0x7e2/0x1db0 mm/memory.c:2868 handle_pte_fault mm/memory.c:4098 [inline] __handle_mm_fault+0x234f/0x4620 mm/memory.c:4206 handle_mm_fault+0x455/0x9c0 mm/memory.c:4243 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 RSP: 0018:ffff888227657bc8 EFLAGS: 00010206 RAX: ffffed1011a42c00 RBX: 0000000000001000 RCX: 0000000000000200 RDX: 0000000000001000 RSI: ffff88808d215e00 RDI: 000000002002b000 RBP: 000000002002a200 R08: 0000000000000000 R09: ffffed1011a42bff R10: ffff88808d215fff R11: 0000000000000000 R12: ffff88808d215000 R13: 00007ffffffff000 R14: 000000002002b200 R15: ffff888227657d40 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline] copyout+0x99/0xc0 lib/iov_iter.c:137 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline] copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723 pipe_read+0x26b/0x850 fs/pipe.c:299 call_read_iter include/linux/fs.h:1772 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 vfs_read+0x139/0x340 fs/read_write.c:447 SYSC_read fs/read_write.c:574 [inline] SyS_read+0xf2/0x210 fs/read_write.c:567 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665d9 RSP: 002b:00007f9c5cfba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000050c7e3e3 RSI: 0000000020000200 RDI: 0000000000000008 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffc95739c1f R14: 00007f9c5cfba300 R15: 0000000000022000 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. bridge0: port 3(ip6gretap0) entered blocking state audit: type=1804 audit(1621433709.258:649): pid=30118 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="bus" dev="sda1" ino=14050 res=1 bridge0: port 3(ip6gretap0) entered disabled state device ip6gretap0 entered promiscuous mode bridge0: port 3(ip6gretap0) entered blocking state bridge0: port 3(ip6gretap0) entered forwarding state device ip6gretap0 left promiscuous mode bridge0: port 3(ip6gretap0) entered disabled state netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. bridge0: port 3(ip6gretap0) entered blocking state bridge0: port 3(ip6gretap0) entered disabled state device ip6gretap0 entered promiscuous mode bridge0: port 3(ip6gretap0) entered blocking state bridge0: port 3(ip6gretap0) entered forwarding state IPVS: ftp: loaded support on port[0] = 21 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. IPv6: ADDRCONF(NETDEV_UP): vlan2: link is not ready netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1621433710.058:650): pid=30130 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="bus" dev="sda1" ino=14050 res=1 audit: type=1804 audit(1621433710.078:651): pid=30181 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="bus" dev="sda1" ino=14050 res=1 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1621433710.398:652): pid=30214 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir255173023/syzkaller.dLVHn2/36/cgroup.controllers" dev="sda1" ino=14061 res=1 audit: type=1804 audit(1621433710.818:653): pid=30246 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="bus" dev="sda1" ino=14073 res=1 audit: type=1804 audit(1621433711.118:654): pid=30255 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="bus" dev="sda1" ino=14073 res=1 audit: type=1800 audit(1621433711.878:655): pid=30278 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14341 res=0 audit: type=1800 audit(1621433711.948:656): pid=30280 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14341 res=0 audit: type=1804 audit(1621433711.958:657): pid=30239 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="bus" dev="sda1" ino=14073 res=1 audit: type=1804 audit(1621433711.958:658): pid=30239 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="bus" dev="sda1" ino=14073 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. usb usb9: usbfs: process 30432 (syz-executor.0) did not claim interface 0 before use hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected Unknown ioctl 35084 Unknown ioctl 35084 print_req_error: I/O error, dev loop4, sector 0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue usb usb9: usbfs: process 30514 (syz-executor.0) did not claim interface 0 before use usb usb9: usbfs: process 30521 (syz-executor.0) did not claim interface 0 before use usb usb9: usbfs: process 30536 (syz-executor.0) did not claim interface 0 before use EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue usb usb9: usbfs: process 30572 (syz-executor.0) did not claim interface 0 before use EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue Bluetooth: hci4 command 0x0406 tx timeout usb usb9: usbfs: process 30953 (syz-executor.0) did not claim interface 0 before use usb usb9: usbfs: process 30970 (syz-executor.0) did not claim interface 0 before use usb usb9: usbfs: process 30970 (syz-executor.0) did not claim interface 0 before use