RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ec9fd86d4
R13: 00000000004c0c01 R14: 00000000004d24e8 R15: 0000000000000005

================================================
WARNING: lock held when returning to user space!
4.20.0+ #7 Not tainted
------------------------------------------------
syz-executor5/26506 is leaving the kernel with locks still held!
1 lock held by syz-executor5/26506:
 #0: 0000000015f771e4 (crtc_ww_class_acquire){+.+.}, at: set_property_atomic+0xb4/0x330 drivers/gpu/drm/drm_mode_object.c:462
kobject: 'loop3' (000000008d5c0d0c): kobject_uevent_env
kobject: 'loop3' (000000008d5c0d0c): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop1' (000000004cf730cb): kobject_uevent_env
kobject: 'loop1' (000000004cf730cb): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop5' (0000000097cc0843): kobject_uevent_env
kobject: 'loop5' (0000000097cc0843): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop0' (00000000159f0058): kobject_uevent_env
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kobject: 'loop0' (00000000159f0058): fill_kobj_path: path = '/devices/virtual/block/loop0'
CPU: 0 PID: 26524 Comm: syz-executor5 Not tainted 4.20.0+ #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x15 lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1603
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3365 [inline]
 __do_kmalloc mm/slab.c:3707 [inline]
 __kmalloc+0x2dc/0x740 mm/slab.c:3718
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
 kmalloc_array include/linux/slab.h:668 [inline]
 kcalloc include/linux/slab.h:679 [inline]
 drm_atomic_state_init+0x176/0x3c0 drivers/gpu/drm/drm_atomic.c:86
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 drm_atomic_state_alloc drivers/gpu/drm/drm_atomic.c:123 [inline]
 drm_atomic_state_alloc+0xcf/0x120 drivers/gpu/drm/drm_atomic.c:113
 set_property_atomic+0xbc/0x330 drivers/gpu/drm/drm_mode_object.c:464
 drm_mode_obj_set_property_ioctl+0x43f/0x780 drivers/gpu/drm/drm_mode_object.c:522
 drm_connector_property_set_ioctl+0x1b5/0x2c0 drivers/gpu/drm/drm_connector.c:1841
 drm_ioctl_kernel+0x278/0x340 drivers/gpu/drm/drm_ioctl.c:758
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
 drm_ioctl+0x592/0xb50 drivers/gpu/drm/drm_ioctl.c:858
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x107b/0x17d0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457ec9
Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8ec9fd7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8ec9fd7c90 RCX: 0000000000457ec9
RDX: 0000000020000000 RSI: 000000004010aeab RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ec9fd86d4
R13: 00000000004c0c01 R14: 00000000004d24e8 R15: 0000000000000005
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 26553 Comm: syz-executor3 Not tainted 4.20.0+ #7
kobject: 'loop5' (0000000097cc0843): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x15 lib/fault-inject.c:149
kobject: 'loop5' (0000000097cc0843): fill_kobj_path: path = '/devices/virtual/block/loop5'
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1603
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3365 [inline]
 __do_kmalloc mm/slab.c:3707 [inline]
 __kmalloc+0x2dc/0x740 mm/slab.c:3718
 kmalloc include/linux/slab.h:550 [inline]
 sock_kmalloc net/core/sock.c:1992 [inline]
 sock_kmalloc+0x166/0x200 net/core/sock.c:1983
 af_alg_get_rsgl+0x15d/0x900 crypto/af_alg.c:1148
 _skcipher_recvmsg crypto/algif_skcipher.c:81 [inline]
 skcipher_recvmsg+0x336/0x1260 crypto/algif_skcipher.c:165
 sock_recvmsg_nosec net/socket.c:794 [inline]
 sock_recvmsg net/socket.c:801 [inline]
 sock_recvmsg+0xd0/0x110 net/socket.c:797
 ___sys_recvmsg+0x2a8/0x670 net/socket.c:2278
 do_recvmmsg+0x2f8/0xba0 net/socket.c:2391
 __sys_recvmmsg+0xe5/0x270 net/socket.c:2472
 __do_sys_recvmmsg net/socket.c:2493 [inline]
 __se_sys_recvmmsg net/socket.c:2486 [inline]
 __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2486
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457ec9
Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc5eb8eec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007fc5eb8eec90 RCX: 0000000000457ec9
RDX: 0000000000000001 RSI: 0000000020008a00 RDI: 0000000000000004
RBP: 000000000073bfa0 R08: 0000000020008bc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc5eb8ef6d4
R13: 00000000004c48e6 R14: 00000000004d7de0 R15: 0000000000000005
kobject: 'loop1' (000000004cf730cb): kobject_uevent_env
kobject: 'loop1' (000000004cf730cb): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop3' (000000008d5c0d0c): kobject_uevent_env
kobject: 'loop3' (000000008d5c0d0c): fill_kobj_path: path = '/devices/virtual/block/loop3'
net_ratelimit: 23 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop0' (00000000159f0058): kobject_uevent_env
kobject: 'loop0' (00000000159f0058): fill_kobj_path: path = '/devices/virtual/block/loop0'
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
CPU: 0 PID: 26563 Comm: syz-executor5 Not tainted 4.20.0+ #7
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x15 lib/fault-inject.c:149
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
 __should_failslab+0x121/0x190 mm/failslab.c:32
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 should_failslab+0x9/0x14 mm/slab_common.c:1603
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3365 [inline]
 __do_kmalloc mm/slab.c:3707 [inline]
 __kmalloc+0x2dc/0x740 mm/slab.c:3718
 kmalloc_array include/linux/slab.h:668 [inline]
 kcalloc include/linux/slab.h:679 [inline]
 drm_atomic_state_init+0x212/0x3c0 drivers/gpu/drm/drm_atomic.c:90
protocol 88fb is buggy, dev hsr_slave_0
 drm_atomic_state_alloc drivers/gpu/drm/drm_atomic.c:123 [inline]
 drm_atomic_state_alloc+0xcf/0x120 drivers/gpu/drm/drm_atomic.c:113
 set_property_atomic+0xbc/0x330 drivers/gpu/drm/drm_mode_object.c:464
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
 drm_mode_obj_set_property_ioctl+0x43f/0x780 drivers/gpu/drm/drm_mode_object.c:522
protocol 88fb is buggy, dev hsr_slave_1
 drm_connector_property_set_ioctl+0x1b5/0x2c0 drivers/gpu/drm/drm_connector.c:1841
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
 drm_ioctl_kernel+0x278/0x340 drivers/gpu/drm/drm_ioctl.c:758
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 drm_ioctl+0x592/0xb50 drivers/gpu/drm/drm_ioctl.c:858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x107b/0x17d0 fs/ioctl.c:696
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457ec9
Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8ec9fd7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8ec9fd7c90 RCX: 0000000000457ec9
RDX: 0000000020000000 RSI: 000000004010aeab RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ec9fd86d4
R13: 00000000004c0c01 R14: 00000000004d24e8 R15: 0000000000000005
kobject: 'loop5' (0000000097cc0843): kobject_uevent_env
kobject: 'loop5' (0000000097cc0843): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop1' (000000004cf730cb): kobject_uevent_env
kobject: 'loop1' (000000004cf730cb): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop1' (000000004cf730cb): kobject_uevent_env
kobject: 'loop1' (000000004cf730cb): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop3' (000000008d5c0d0c): kobject_uevent_env
kobject: 'loop3' (000000008d5c0d0c): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop0' (00000000159f0058): kobject_uevent_env
kobject: 'loop0' (00000000159f0058): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (0000000097cc0843): kobject_uevent_env
kobject: 'loop5' (0000000097cc0843): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop1' (000000004cf730cb): kobject_uevent_env
kobject: 'loop1' (000000004cf730cb): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop2' (000000009020e4e8): kobject_uevent_env
kobject: 'loop2' (000000009020e4e8): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (0000000097cc0843): kobject_uevent_env
kobject: 'loop5' (0000000097cc0843): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop3' (000000008d5c0d0c): kobject_uevent_env
kobject: 'loop3' (000000008d5c0d0c): fill_kobj_path: path = '/devices/virtual/block/loop3'
net_ratelimit: 16 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1