RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000007 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f89b09de6d4 R13: 00000000004c500d R14: 00000000004d9d38 R15: 0000000000000008 ====================================================== WARNING: possible circular locking dependency detected 4.19.85-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/14440 is trying to acquire lock: 00000000d7bd1197 (console_owner){-.-.}, at: console_trylock_spinning kernel/printk/printk.c:1662 [inline] 00000000d7bd1197 (console_owner){-.-.}, at: vprintk_emit+0x348/0x690 kernel/printk/printk.c:1926 but task is already holding lock: 0000000055d85710 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 drivers/tty/pty.c:119 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&(&port->lock)->rlock){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:152 tty_port_tty_get+0x22/0x80 drivers/tty/tty_port.c:288 tty_port_default_wakeup+0x16/0x40 drivers/tty/tty_port.c:47 tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:390 uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:103 serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1806 serial8250_handle_irq.part.0+0x261/0x2b0 drivers/tty/serial/8250/8250_port.c:1879 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1865 [inline] serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1895 serial8250_interrupt+0xfc/0x1e0 drivers/tty/serial/8250/8250_core.c:125 __handle_irq_event_percpu+0x144/0x8f0 kernel/irq/handle.c:149 handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189 handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206 handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:797 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x39/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x99/0x1d0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:556 default_idle_call+0x36/0x90 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x30c/0x4d0 kernel/sched/idle.c:263 cpu_startup_entry+0xc8/0xe0 kernel/sched/idle.c:369 rest_init+0x219/0x222 init/main.c:442 start_kernel+0x88c/0x8c5 init/main.c:738 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:490 x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:471 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 -> #1 (&port_lock_key){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:152 serial8250_console_write+0x7ca/0x9f0 drivers/tty/serial/8250/8250_port.c:3247 univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:590 call_console_drivers kernel/printk/printk.c:1729 [inline] console_unlock+0xbde/0x10b0 kernel/printk/printk.c:2410 vprintk_emit+0x238/0x690 kernel/printk/printk.c:1927 vprintk_default+0x28/0x30 kernel/printk/printk.c:1968 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398 printk+0xba/0xed kernel/printk/printk.c:2001 register_console+0x77f/0xb90 kernel/printk/printk.c:2725 univ8250_console_init+0x3e/0x4b drivers/tty/serial/8250/8250_core.c:685 console_init+0x4f7/0x761 kernel/printk/printk.c:2811 start_kernel+0x59c/0x8c5 init/main.c:661 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:490 x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:471 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 -> #0 (console_owner){-.-.}: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903 console_trylock_spinning kernel/printk/printk.c:1683 [inline] vprintk_emit+0x385/0x690 kernel/printk/printk.c:1926 vprintk_default+0x28/0x30 kernel/printk/printk.c:1968 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398 printk+0xba/0xed kernel/printk/printk.c:2001 fail_dump lib/fault-inject.c:44 [inline] should_fail+0x6f1/0x85c lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x71/0x750 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] tty_buffer_alloc drivers/tty/tty_buffer.c:170 [inline] __tty_buffer_request_room+0x1fb/0x5c0 drivers/tty/tty_buffer.c:268 tty_insert_flip_string_fixed_flag+0x93/0x1f0 drivers/tty/tty_buffer.c:313 tty_insert_flip_string include/linux/tty_flip.h:37 [inline] pty_write+0x133/0x200 drivers/tty/pty.c:121 tty_put_char+0x130/0x160 drivers/tty/tty_io.c:2888 __process_echoes+0x5d4/0xa40 drivers/tty/n_tty.c:727 flush_echoes drivers/tty/n_tty.c:827 [inline] __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0xc13/0x28e0 drivers/tty/n_tty.c:1740 n_tty_receive_buf+0x31/0x40 drivers/tty/n_tty.c:1769 tiocsti drivers/tty/tty_io.c:2194 [inline] tty_ioctl+0xe91/0x1510 drivers/tty/tty_io.c:2580 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &(&port->lock)->rlock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&port->lock)->rlock); lock(&port_lock_key); lock(&(&port->lock)->rlock); lock(console_owner); *** DEADLOCK *** 4 locks held by syz-executor.1/14440: #0: 00000000d9e44744 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000026265c35 (&o_tty->termios_rwsem/1){++++}, at: n_tty_receive_buf_common+0x8a/0x28e0 drivers/tty/n_tty.c:1703 #2: 000000007714e799 (&ldata->output_lock){+.+.}, at: flush_echoes drivers/tty/n_tty.c:825 [inline] #2: 000000007714e799 (&ldata->output_lock){+.+.}, at: __receive_buf drivers/tty/n_tty.c:1646 [inline] #2: 000000007714e799 (&ldata->output_lock){+.+.}, at: n_tty_receive_buf_common+0xbd6/0x28e0 drivers/tty/n_tty.c:1740 #3: 0000000055d85710 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 drivers/tty/pty.c:119 stack backtrace: CPU: 1 PID: 14440 Comm: syz-executor.1 Not tainted 4.19.85-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1861 [inline] check_prevs_add kernel/locking/lockdep.c:1974 [inline] validate_chain kernel/locking/lockdep.c:2415 [inline] __lock_acquire+0x2e19/0x49c0 kernel/locking/lockdep.c:3411 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903 console_trylock_spinning kernel/printk/printk.c:1683 [inline] vprintk_emit+0x385/0x690 kernel/printk/printk.c:1926 vprintk_default+0x28/0x30 kernel/printk/printk.c:1968 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398 printk+0xba/0xed kernel/printk/printk.c:2001 fail_dump lib/fault-inject.c:44 [inline] should_fail+0x6f1/0x85c lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x71/0x750 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] tty_buffer_alloc drivers/tty/tty_buffer.c:170 [inline] __tty_buffer_request_room+0x1fb/0x5c0 drivers/tty/tty_buffer.c:268 tty_insert_flip_string_fixed_flag+0x93/0x1f0 drivers/tty/tty_buffer.c:313 tty_insert_flip_string include/linux/tty_flip.h:37 [inline] pty_write+0x133/0x200 drivers/tty/pty.c:121 tty_put_char+0x130/0x160 drivers/tty/tty_io.c:2888 __process_echoes+0x5d4/0xa40 drivers/tty/n_tty.c:727 flush_echoes drivers/tty/n_tty.c:827 [inline] __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0xc13/0x28e0 drivers/tty/n_tty.c:1740 n_tty_receive_buf+0x31/0x40 drivers/tty/n_tty.c:1769 tiocsti drivers/tty/tty_io.c:2194 [inline] tty_ioctl+0xe91/0x1510 drivers/tty/tty_io.c:2580 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f89b09ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f89b09ddc90 RCX: 000000000045a639 RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000007 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f89b09de6d4 R13: 00000000004c500d R14: 00000000004d9d38 R15: 0000000000000008 kobject: 'nr0' (0000000032a82a49): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop2' (00000000dd268d82): kobject_uevent_env FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (00000000211a28bb): kobject_cleanup, parent (null) CPU: 1 PID: 14549 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x26c/0x710 mm/slab.c:3647 __alloc_skb+0xd5/0x5f0 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e5fc90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e606d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'loop5' (00000000211a28bb): calling ktype release kobject: 'loop5': free name kobject: 'nr0' (0000000032a82a49): kobject_uevent_env kobject: 'loop2' (00000000dd268d82): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'nr0' (0000000032a82a49): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'loop4' (00000000145b469f): kobject_uevent_env kobject: 'queues' (00000000eac0e2d0): kobject_add_internal: parent: 'nr0', set: '' kobject: 'loop4' (00000000145b469f): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'queues' (00000000eac0e2d0): kobject_uevent_env kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'queues' (00000000eac0e2d0): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'rx-0' (000000008d0ab72a): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'rx-0' (000000008d0ab72a): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (000000008d0ab72a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000e8f7ad79): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000e8f7ad79): kobject_uevent_env kobject: 'tx-0' (00000000e8f7ad79): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'batman_adv' (0000000000495a1f): kobject_add_internal: parent: 'nr0', set: '' kobject: 'batman_adv' (0000000000495a1f): kobject_uevent_env kobject: 'batman_adv' (0000000000495a1f): kobject_uevent_env: filter function caused the event to drop! kobject: 'batman_adv' (0000000000495a1f): kobject_cleanup, parent (null) kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'batman_adv' (0000000000495a1f): calling ktype release kobject: (0000000000495a1f): dynamic_kobj_release kobject: 'batman_adv': free name kobject: 'rx-0' (000000008d0ab72a): kobject_cleanup, parent 00000000eac0e2d0 kobject: 'rx-0' (000000008d0ab72a): auto cleanup 'remove' event kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'rx-0' (000000008d0ab72a): kobject_uevent_env kobject: 'rx-0' (000000008d0ab72a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (000000008d0ab72a): auto cleanup kobject_del kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'rx-0' (000000008d0ab72a): calling ktype release kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'rx-0': free name kobject: 'tx-0' (00000000e8f7ad79): kobject_cleanup, parent 00000000eac0e2d0 CPU: 1 PID: 14676 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'tx-0' (00000000e8f7ad79): auto cleanup 'remove' event Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'tx-0' (00000000e8f7ad79): kobject_uevent_env Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3703 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:137 __alloc_skb+0x10b/0x5f0 net/core/skbuff.c:205 kobject: 'tx-0' (00000000e8f7ad79): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 kobject: 'tx-0' (00000000e8f7ad79): auto cleanup kobject_del unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'tx-0' (00000000e8f7ad79): calling ktype release __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 kobject: 'tx-0': free name kobject: 'queues' (00000000eac0e2d0): kobject_cleanup, parent (null) __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 kobject: 'queues' (00000000eac0e2d0): calling ktype release Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 kobject: 'queues' (00000000eac0e2d0): kset_release R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'queues': free name kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'nr0' (0000000032a82a49): kobject_uevent_env FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'nr0' (0000000032a82a49): fill_kobj_path: path = '/devices/virtual/net/nr0' CPU: 1 PID: 14686 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'loop5' (000000001a364c25): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' Call Trace: kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x26c/0x710 mm/slab.c:3647 __alloc_skb+0xd5/0x5f0 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e5fc90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e606d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'syzkaller1' (000000001d829c4f): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (000000001d829c4f): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'syzkaller1' (000000001d829c4f): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'queues' (00000000d636b63d): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'queues' (00000000d636b63d): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'queues' (00000000d636b63d): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000007141e106): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000007141e106): kobject_uevent_env kobject: 'rx-0' (000000007141e106): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'tx-0' (000000001a2294b6): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000001a2294b6): kobject_uevent_env EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock kobject: 'tx-0' (000000001a2294b6): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock kobject: 'rx-0' (000000007141e106): kobject_cleanup, parent 00000000d636b63d kobject: 'rx-0' (000000007141e106): auto cleanup 'remove' event kobject: 'loop5' (00000000cf619307): kobject_add_internal: parent: 'ext4', set: '' kobject: 'rx-0' (000000007141e106): kobject_uevent_env EXT4-fs (loop5): orphan cleanup on readonly fs kobject: 'rx-0' (000000007141e106): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' EXT4-fs error (device loop5): ext4_orphan_get:1252: comm syz-executor.5: bad orphan inode 5 kobject: 'rx-0' (000000007141e106): auto cleanup kobject_del kobject: 'rx-0' (000000007141e106): calling ktype release EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue kobject: 'rx-0': free name kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (000000001a2294b6): kobject_cleanup, parent 00000000d636b63d kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (000000001a2294b6): auto cleanup 'remove' event kobject: 'tx-0' (000000001a2294b6): kobject_uevent_env kobject: 'tx-0' (000000001a2294b6): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (000000001a2294b6): auto cleanup kobject_del kobject: 'tx-0' (000000001a2294b6): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000d636b63d): kobject_cleanup, parent (null) kobject: 'queues' (00000000d636b63d): calling ktype release kobject: 'queues' (00000000d636b63d): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (000000001d829c4f): kobject_uevent_env kobject: 'syzkaller1' (000000001d829c4f): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'loop5' (00000000cf619307): kobject_cleanup, parent (null) kobject: 'syzkaller1' (00000000e7525751): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (00000000e7525751): kobject_uevent_env kobject: 'loop5' (00000000cf619307): calling ktype release kobject: 'syzkaller1' (00000000e7525751): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'loop5': free name kobject: 'queues' (00000000bd641ac6): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'queues' (00000000bd641ac6): kobject_uevent_env kobject: 'queues' (00000000bd641ac6): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000072c7c50c): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000072c7c50c): kobject_uevent_env kobject: 'rx-0' (0000000072c7c50c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000d1156567): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (00000000d1156567): kobject_uevent_env kobject: 'tx-0' (00000000d1156567): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'rx-0' (0000000072c7c50c): kobject_cleanup, parent 00000000bd641ac6 kobject: 'rx-0' (0000000072c7c50c): auto cleanup 'remove' event kobject: 'rx-0' (0000000072c7c50c): kobject_uevent_env kobject: 'rx-0' (0000000072c7c50c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'rx-0' (0000000072c7c50c): auto cleanup kobject_del kobject: 'rx-0' (0000000072c7c50c): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000d1156567): kobject_cleanup, parent 00000000bd641ac6 kobject: 'tx-0' (00000000d1156567): auto cleanup 'remove' event kobject: 'tx-0' (00000000d1156567): kobject_uevent_env kobject: 'tx-0' (00000000d1156567): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (00000000d1156567): auto cleanup kobject_del kobject: 'tx-0' (00000000d1156567): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000bd641ac6): kobject_cleanup, parent (null) kobject: 'queues' (00000000bd641ac6): calling ktype release kobject: 'queues' (00000000bd641ac6): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (00000000e7525751): kobject_uevent_env kobject: 'syzkaller1' (00000000e7525751): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'nr0' (0000000032a82a49): kobject_cleanup, parent (null) kobject: 'syzkaller1' (000000001d829c4f): kobject_cleanup, parent (null) kobject: 'nr0' (0000000032a82a49): calling ktype release kobject: 'syzkaller1' (000000001d829c4f): calling ktype release kobject: 'nr0': free name kobject: 'syzkaller1': free name kobject: 'syzkaller1' (00000000e7525751): kobject_cleanup, parent (null) kobject: 'syzkaller1' (00000000e7525751): calling ktype release kobject: 'syzkaller1': free name kobject: 'loop2' (00000000dd268d82): kobject_uevent_env kobject: 'loop2' (00000000dd268d82): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (000000001a364c25): kobject_uevent_env FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'nr0' (00000000025345f6): kobject_add_internal: parent: 'net', set: 'devices' CPU: 0 PID: 14711 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 kobject: 'nr0' (00000000025345f6): kobject_uevent_env kobject: 'nr0' (00000000025345f6): fill_kobj_path: path = '/devices/virtual/net/nr0' __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3703 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:137 __alloc_skb+0x10b/0x5f0 net/core/skbuff.c:205 kobject: 'queues' (000000009263fae3): kobject_add_internal: parent: 'nr0', set: '' alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 kobject: 'queues' (000000009263fae3): kobject_uevent_env unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 kobject: 'queues' (000000009263fae3): kobject_uevent_env: filter function caused the event to drop! sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'rx-0' (00000000b69bd0d1): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000b69bd0d1): kobject_uevent_env __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 kobject: 'rx-0' (00000000b69bd0d1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000afe2de36): kobject_add_internal: parent: 'queues', set: 'queues' __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 kobject: 'tx-0' (00000000afe2de36): kobject_uevent_env entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 kobject: 'tx-0' (00000000afe2de36): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'batman_adv' (00000000ca52ae1d): kobject_add_internal: parent: 'nr0', set: '' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (00000000145b469f): kobject_uevent_env kobject: 'loop4' (00000000145b469f): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'batman_adv' (00000000ca52ae1d): kobject_uevent_env kobject: 'batman_adv' (00000000ca52ae1d): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'batman_adv' (00000000ca52ae1d): kobject_cleanup, parent (null) FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'batman_adv' (00000000ca52ae1d): calling ktype release kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop0' (0000000093fd7806): kobject_uevent_env EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock CPU: 0 PID: 14826 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: (00000000ca52ae1d): dynamic_kobj_release Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x26c/0x710 mm/slab.c:3647 __alloc_skb+0xd5/0x5f0 net/core/skbuff.c:193 kobject: 'batman_adv': free name alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 kobject: 'loop5' (000000000b15bd66): kobject_add_internal: parent: 'ext4', set: '' unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 EXT4-fs (loop5): orphan cleanup on readonly fs sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 EXT4-fs error (device loop5): ext4_orphan_get:1252: comm syz-executor.5: bad orphan inode 5 EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'rx-0' (00000000b69bd0d1): kobject_cleanup, parent 000000009263fae3 kobject: 'rx-0' (00000000b69bd0d1): auto cleanup 'remove' event kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000b69bd0d1): kobject_uevent_env kobject: 'rx-0' (00000000b69bd0d1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000b69bd0d1): auto cleanup kobject_del kobject: 'rx-0' (00000000b69bd0d1): calling ktype release kobject: 'loop5' (000000000b15bd66): kobject_cleanup, parent (null) kobject: 'loop5' (000000000b15bd66): calling ktype release kobject: 'rx-0': free name kobject: 'loop5': free name kobject: 'tx-0' (00000000afe2de36): kobject_cleanup, parent 000000009263fae3 kobject: 'tx-0' (00000000afe2de36): auto cleanup 'remove' event kobject: 'tx-0' (00000000afe2de36): kobject_uevent_env kobject: 'tx-0' (00000000afe2de36): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000afe2de36): auto cleanup kobject_del kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (00000000afe2de36): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000009263fae3): kobject_cleanup, parent (null) kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'queues' (000000009263fae3): calling ktype release kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'queues' (000000009263fae3): kset_release kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'queues': free name kobject: 'nr0' (00000000025345f6): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'nr0' (00000000025345f6): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'syzkaller1' (000000006e478b98): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'syzkaller1' (000000006e478b98): kobject_uevent_env kobject: 'syzkaller1' (000000006e478b98): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'queues' (00000000f42b13d0): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'queues' (00000000f42b13d0): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'queues' (00000000f42b13d0): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000a0f876ab): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000a0f876ab): kobject_uevent_env kobject: 'rx-0' (00000000a0f876ab): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock kobject: 'tx-0' (00000000d5a6a7a4): kobject_add_internal: parent: 'queues', set: 'queues' EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock kobject: 'tx-0' (00000000d5a6a7a4): kobject_uevent_env EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock kobject: 'tx-0' (00000000d5a6a7a4): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'rx-0' (00000000a0f876ab): kobject_cleanup, parent 00000000f42b13d0 kobject: 'loop5' (0000000025f36e93): kobject_add_internal: parent: 'ext4', set: '' kobject: 'rx-0' (00000000a0f876ab): auto cleanup 'remove' event EXT4-fs (loop5): orphan cleanup on readonly fs kobject: 'rx-0' (00000000a0f876ab): kobject_uevent_env EXT4-fs error (device loop5): ext4_orphan_get:1252: comm syz-executor.5: bad orphan inode 5 kobject: 'rx-0' (00000000a0f876ab): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue kobject: 'rx-0' (00000000a0f876ab): auto cleanup kobject_del kobject: 'rx-0' (00000000a0f876ab): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000d5a6a7a4): kobject_cleanup, parent 00000000f42b13d0 kobject: 'tx-0' (00000000d5a6a7a4): auto cleanup 'remove' event kobject: 'tx-0' (00000000d5a6a7a4): kobject_uevent_env kobject: 'tx-0' (00000000d5a6a7a4): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (00000000d5a6a7a4): auto cleanup kobject_del kobject: 'tx-0' (00000000d5a6a7a4): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000f42b13d0): kobject_cleanup, parent (null) kobject: 'queues' (00000000f42b13d0): calling ktype release kobject: 'loop5' (0000000025f36e93): kobject_cleanup, parent (null) kobject: 'queues' (00000000f42b13d0): kset_release kobject: 'loop5' (0000000025f36e93): calling ktype release kobject: 'queues': free name kobject: 'loop5': free name kobject: 'syzkaller1' (000000006e478b98): kobject_uevent_env kobject: 'syzkaller1' (000000006e478b98): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'nr0' (00000000025345f6): kobject_cleanup, parent (null) kobject: 'syzkaller1' (00000000a0d58290): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (00000000025345f6): calling ktype release kobject: 'syzkaller1' (00000000a0d58290): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'syzkaller1' (00000000a0d58290): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'queues' (000000001cc86ae6): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'nr0': free name kobject: 'queues' (000000001cc86ae6): kobject_uevent_env kobject: 'queues' (000000001cc86ae6): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000f34a2b79): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000f34a2b79): kobject_uevent_env kobject: 'rx-0' (00000000f34a2b79): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'tx-0' (000000001b11b3f3): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000001b11b3f3): kobject_uevent_env kobject: 'tx-0' (000000001b11b3f3): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'rx-0' (00000000f34a2b79): kobject_cleanup, parent 000000001cc86ae6 kobject: 'rx-0' (00000000f34a2b79): auto cleanup 'remove' event kobject: 'rx-0' (00000000f34a2b79): kobject_uevent_env kobject: 'rx-0' (00000000f34a2b79): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'rx-0' (00000000f34a2b79): auto cleanup kobject_del kobject: 'rx-0' (00000000f34a2b79): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (000000001b11b3f3): kobject_cleanup, parent 000000001cc86ae6 kobject: 'tx-0' (000000001b11b3f3): auto cleanup 'remove' event kobject: 'tx-0' (000000001b11b3f3): kobject_uevent_env kobject: 'tx-0' (000000001b11b3f3): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (000000001b11b3f3): auto cleanup kobject_del kobject: 'tx-0' (000000001b11b3f3): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000001cc86ae6): kobject_cleanup, parent (null) kobject: 'queues' (000000001cc86ae6): calling ktype release kobject: 'queues' (000000001cc86ae6): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (00000000a0d58290): kobject_uevent_env kobject: 'syzkaller1' (00000000a0d58290): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'syzkaller1' (000000006e478b98): kobject_cleanup, parent (null) kobject: 'nr0' (000000000417a17f): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (000000006e478b98): calling ktype release kobject: 'nr0' (000000000417a17f): kobject_uevent_env kobject: 'syzkaller1': free name kobject: 'nr0' (000000000417a17f): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (00000000f5bd5d52): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (00000000f5bd5d52): kobject_uevent_env kobject: 'queues' (00000000f5bd5d52): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000e44af0ae): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000e44af0ae): kobject_uevent_env kobject: 'rx-0' (00000000e44af0ae): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (0000000079c411b1): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000079c411b1): kobject_uevent_env kobject: 'tx-0' (0000000079c411b1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'batman_adv' (0000000063f9066a): kobject_add_internal: parent: 'nr0', set: '' kobject: 'syzkaller1' (00000000a0d58290): kobject_cleanup, parent (null) kobject: 'syzkaller1' (00000000a0d58290): calling ktype release kobject: 'syzkaller1': free name kobject: 'batman_adv' (0000000063f9066a): kobject_uevent_env kobject: 'batman_adv' (0000000063f9066a): kobject_uevent_env: filter function caused the event to drop! kobject: 'batman_adv' (0000000063f9066a): kobject_cleanup, parent (null) kobject: 'batman_adv' (0000000063f9066a): calling ktype release kobject: (0000000063f9066a): dynamic_kobj_release kobject: 'batman_adv': free name kobject: 'rx-0' (00000000e44af0ae): kobject_cleanup, parent 00000000f5bd5d52 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'rx-0' (00000000e44af0ae): auto cleanup 'remove' event kobject: 'rx-0' (00000000e44af0ae): kobject_uevent_env kobject: 'rx-0' (00000000e44af0ae): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000e44af0ae): auto cleanup kobject_del FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000e44af0ae): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (0000000079c411b1): kobject_cleanup, parent 00000000f5bd5d52 CPU: 1 PID: 14970 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666 kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3703 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:137 __alloc_skb+0x10b/0x5f0 net/core/skbuff.c:205 kobject: 'loop4' (00000000145b469f): kobject_uevent_env alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 kobject: 'loop4' (00000000145b469f): fill_kobj_path: path = '/devices/virtual/block/loop4' unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'tx-0' (0000000079c411b1): auto cleanup 'remove' event __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 kobject: 'tx-0' (0000000079c411b1): kobject_uevent_env __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 kobject: 'tx-0' (0000000079c411b1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e5fc90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 kobject: 'tx-0' (0000000079c411b1): auto cleanup kobject_del R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e606d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (0000000079c411b1): calling ktype release kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0': free name kobject: 'queues' (00000000f5bd5d52): kobject_cleanup, parent (null) kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'queues' (00000000f5bd5d52): calling ktype release kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'queues' (00000000f5bd5d52): kset_release kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'queues': free name kobject: 'nr0' (000000000417a17f): kobject_uevent_env kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'nr0' (000000000417a17f): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'syzkaller1' (00000000578f4450): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (00000000578f4450): kobject_uevent_env kobject: 'syzkaller1' (00000000578f4450): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'queues' (00000000fe590a46): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'queues' (00000000fe590a46): kobject_uevent_env kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'queues' (00000000fe590a46): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000036764064): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000036764064): kobject_uevent_env kobject: 'rx-0' (0000000036764064): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'tx-0' (0000000032804bfc): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000032804bfc): kobject_uevent_env kobject: 'tx-0' (0000000032804bfc): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'nr0' (000000000417a17f): kobject_cleanup, parent (null) kobject: 'nr0' (000000000417a17f): calling ktype release kobject: 'nr0': free name kobject: 'rx-0' (0000000036764064): kobject_cleanup, parent 00000000fe590a46 kobject: 'rx-0' (0000000036764064): auto cleanup 'remove' event kobject: 'rx-0' (0000000036764064): kobject_uevent_env kobject: 'rx-0' (0000000036764064): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'rx-0' (0000000036764064): auto cleanup kobject_del kobject: 'rx-0' (0000000036764064): calling ktype release kobject: 'rx-0': free name FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'tx-0' (0000000032804bfc): kobject_cleanup, parent 00000000fe590a46 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (0000000032804bfc): auto cleanup 'remove' event CPU: 0 PID: 15090 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'tx-0' (0000000032804bfc): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: kobject: 'tx-0' (0000000032804bfc): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 kobject: 'tx-0' (0000000032804bfc): auto cleanup kobject_del slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x26c/0x710 mm/slab.c:3647 kobject: 'tx-0' (0000000032804bfc): calling ktype release __alloc_skb+0xd5/0x5f0 net/core/skbuff.c:193 kobject: 'tx-0': free name alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 kobject: 'queues' (00000000fe590a46): kobject_cleanup, parent (null) sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 kobject: 'queues' (00000000fe590a46): calling ktype release unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 kobject: 'queues' (00000000fe590a46): kset_release sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 kobject: 'queues': free name ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'syzkaller1' (00000000578f4450): kobject_uevent_env kobject: 'syzkaller1' (00000000578f4450): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'syzkaller1' (00000000578f4450): kobject_cleanup, parent (null) kobject: 'loop2' (00000000dd268d82): kobject_uevent_env kobject: 'loop2' (00000000dd268d82): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'syzkaller1' (00000000578f4450): calling ktype release kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'syzkaller1': free name kobject: 'syzkaller1' (0000000008980348): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (0000000008980348): kobject_uevent_env EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'syzkaller1' (0000000008980348): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock kobject: 'queues' (0000000034c6d249): kobject_add_internal: parent: 'syzkaller1', set: '' EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock kobject: 'queues' (0000000034c6d249): kobject_uevent_env kobject: 'queues' (0000000034c6d249): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (00000000aad13f2a): kobject_add_internal: parent: 'ext4', set: '' kobject: 'rx-0' (000000006cbb9310): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000006cbb9310): kobject_uevent_env EXT4-fs (loop5): orphan cleanup on readonly fs kobject: 'rx-0' (000000006cbb9310): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' EXT4-fs error (device loop5): ext4_orphan_get:1252: comm syz-executor.5: bad orphan inode 5 kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'tx-0' (00000000140548be): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue kobject: 'tx-0' (00000000140548be): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000140548be): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (000000006cbb9310): kobject_cleanup, parent 0000000034c6d249 kobject: 'rx-0' (000000006cbb9310): auto cleanup 'remove' event kobject: 'rx-0' (000000006cbb9310): kobject_uevent_env kobject: 'rx-0' (000000006cbb9310): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'loop5' (00000000aad13f2a): kobject_cleanup, parent (null) kobject: 'rx-0' (000000006cbb9310): auto cleanup kobject_del kobject: 'loop5' (00000000aad13f2a): calling ktype release kobject: 'rx-0' (000000006cbb9310): calling ktype release kobject: 'loop5': free name kobject: 'rx-0': free name kobject: 'tx-0' (00000000140548be): kobject_cleanup, parent 0000000034c6d249 kobject: 'tx-0' (00000000140548be): auto cleanup 'remove' event kobject: 'tx-0' (00000000140548be): kobject_uevent_env kobject: 'tx-0' (00000000140548be): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (00000000140548be): auto cleanup kobject_del kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000140548be): calling ktype release kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0': free name kobject: 'queues' (0000000034c6d249): kobject_cleanup, parent (null) kobject: 'queues' (0000000034c6d249): calling ktype release kobject: 'queues' (0000000034c6d249): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (0000000008980348): kobject_uevent_env kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'syzkaller1' (0000000008980348): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'nr0' (0000000015007aec): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (0000000015007aec): kobject_uevent_env kobject: 'nr0' (0000000015007aec): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (0000000008a6ed3c): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (0000000008a6ed3c): kobject_uevent_env kobject: 'queues' (0000000008a6ed3c): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000013b38b48): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000013b38b48): kobject_uevent_env kobject: 'rx-0' (0000000013b38b48): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000382230f8): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000382230f8): kobject_uevent_env kobject: 'tx-0' (00000000382230f8): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'batman_adv' (0000000070037e63): kobject_add_internal: parent: 'nr0', set: '' kobject: 'syzkaller1' (0000000008980348): kobject_cleanup, parent (null) kobject: 'batman_adv' (0000000070037e63): kobject_uevent_env kobject: 'syzkaller1' (0000000008980348): calling ktype release kobject: 'batman_adv' (0000000070037e63): kobject_uevent_env: filter function caused the event to drop! kobject: 'syzkaller1': free name kobject: 'batman_adv' (0000000070037e63): kobject_cleanup, parent (null) kobject: 'batman_adv' (0000000070037e63): calling ktype release kobject: (0000000070037e63): dynamic_kobj_release kobject: 'batman_adv': free name kobject: 'rx-0' (0000000013b38b48): kobject_cleanup, parent 0000000008a6ed3c SELinux: unrecognized netlink message: protocol=4 nlmsg_type=44 sclass=netlink_tcpdiag_socket pig=15328 comm=syz-executor.3 kobject: 'rx-0' (0000000013b38b48): auto cleanup 'remove' event kobject: 'loop5' (000000001a364c25): kobject_uevent_env FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (0000000013b38b48): kobject_uevent_env kobject: 'loop4' (00000000145b469f): kobject_uevent_env kobject: 'rx-0' (0000000013b38b48): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop4' (00000000145b469f): fill_kobj_path: path = '/devices/virtual/block/loop4' CPU: 1 PID: 15329 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'rx-0' (0000000013b38b48): auto cleanup kobject_del Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 kobject: 'rx-0' (0000000013b38b48): calling ktype release __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3703 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:137 __alloc_skb+0x10b/0x5f0 net/core/skbuff.c:205 kobject: 'rx-0': free name alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 kobject: 'tx-0' (00000000382230f8): kobject_cleanup, parent 0000000008a6ed3c unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'tx-0' (00000000382230f8): auto cleanup 'remove' event __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 kobject: 'tx-0' (00000000382230f8): kobject_uevent_env __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 kobject: 'tx-0' (00000000382230f8): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000382230f8): auto cleanup kobject_del kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (00000000382230f8): calling ktype release kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'tx-0': free name kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'queues' (0000000008a6ed3c): kobject_cleanup, parent (null) kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'queues' (0000000008a6ed3c): calling ktype release kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'queues' (0000000008a6ed3c): kset_release kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'queues': free name kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'nr0' (0000000015007aec): kobject_uevent_env EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock kobject: 'nr0' (0000000015007aec): fill_kobj_path: path = '/devices/virtual/net/nr0' EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock kobject: 'syzkaller1' (000000005a06c4ca): kobject_add_internal: parent: 'net', set: 'devices' EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock kobject: 'syzkaller1' (000000005a06c4ca): kobject_uevent_env kobject: 'loop5' (00000000a2e10c7e): kobject_add_internal: parent: 'ext4', set: '' kobject: 'syzkaller1' (000000005a06c4ca): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' EXT4-fs (loop5): orphan cleanup on readonly fs kobject: 'queues' (00000000485870b6): kobject_add_internal: parent: 'syzkaller1', set: '' EXT4-fs error (device loop5): ext4_orphan_get:1252: comm syz-executor.5: bad orphan inode 5 kobject: 'queues' (00000000485870b6): kobject_uevent_env EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue kobject: 'queues' (00000000485870b6): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'rx-0' (00000000c79beeaa): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000c79beeaa): kobject_uevent_env kobject: 'rx-0' (00000000c79beeaa): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'tx-0' (00000000a11e7287): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000a11e7287): kobject_uevent_env kobject: 'tx-0' (00000000a11e7287): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'nr0' (0000000015007aec): kobject_cleanup, parent (null) kobject: 'loop5' (00000000a2e10c7e): kobject_cleanup, parent (null) kobject: 'nr0' (0000000015007aec): calling ktype release kobject: 'loop5' (00000000a2e10c7e): calling ktype release kobject: 'nr0': free name kobject: 'loop5': free name kobject: 'rx-0' (00000000c79beeaa): kobject_cleanup, parent 00000000485870b6 kobject: 'rx-0' (00000000c79beeaa): auto cleanup 'remove' event kobject: 'rx-0' (00000000c79beeaa): kobject_uevent_env kobject: 'rx-0' (00000000c79beeaa): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'rx-0' (00000000c79beeaa): auto cleanup kobject_del kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000c79beeaa): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000a11e7287): kobject_cleanup, parent 00000000485870b6 kobject: 'tx-0' (00000000a11e7287): auto cleanup 'remove' event kobject: 'tx-0' (00000000a11e7287): kobject_uevent_env kobject: 'tx-0' (00000000a11e7287): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (00000000a11e7287): auto cleanup kobject_del kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'tx-0' (00000000a11e7287): calling ktype release kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0': free name kobject: 'queues' (00000000485870b6): kobject_cleanup, parent (null) kobject: 'queues' (00000000485870b6): calling ktype release kobject: 'queues' (00000000485870b6): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (000000005a06c4ca): kobject_uevent_env kobject: 'syzkaller1' (000000005a06c4ca): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'nr0' (00000000446e4a96): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (00000000446e4a96): kobject_uevent_env kobject: 'nr0' (00000000446e4a96): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (0000000039ef2b6e): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (0000000039ef2b6e): kobject_uevent_env kobject: 'queues' (0000000039ef2b6e): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000093a95af5): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000093a95af5): kobject_uevent_env kobject: 'rx-0' (0000000093a95af5): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000067c3457): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000067c3457): kobject_uevent_env kobject: 'tx-0' (00000000067c3457): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'batman_adv' (000000004589c6ef): kobject_add_internal: parent: 'nr0', set: '' kobject: 'batman_adv' (000000004589c6ef): kobject_uevent_env kobject: 'batman_adv' (000000004589c6ef): kobject_uevent_env: filter function caused the event to drop! kobject: 'batman_adv' (000000004589c6ef): kobject_cleanup, parent (null) kobject: 'batman_adv' (000000004589c6ef): calling ktype release kobject: (000000004589c6ef): dynamic_kobj_release kobject: 'batman_adv': free name kobject: 'rx-0' (0000000093a95af5): kobject_cleanup, parent 0000000039ef2b6e kobject: 'rx-0' (0000000093a95af5): auto cleanup 'remove' event kobject: 'rx-0' (0000000093a95af5): kobject_uevent_env kobject: 'rx-0' (0000000093a95af5): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (0000000093a95af5): auto cleanup kobject_del kobject: 'rx-0' (0000000093a95af5): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000067c3457): kobject_cleanup, parent 0000000039ef2b6e kobject: 'tx-0' (00000000067c3457): auto cleanup 'remove' event kobject: 'tx-0' (00000000067c3457): kobject_uevent_env kobject: 'tx-0' (00000000067c3457): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (00000000067c3457): auto cleanup kobject_del kobject: 'tx-0' (00000000067c3457): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (0000000039ef2b6e): kobject_cleanup, parent (null) kobject: 'queues' (0000000039ef2b6e): calling ktype release kobject: 'queues' (0000000039ef2b6e): kset_release kobject: 'queues': free name kobject: 'nr0' (00000000446e4a96): kobject_uevent_env kobject: 'nr0' (00000000446e4a96): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'syzkaller1' (000000005a06c4ca): kobject_cleanup, parent (null) kobject: 'syzkaller1' (000000005a06c4ca): calling ktype release kobject: 'syzkaller1': free name kobject: 'syzkaller1' (00000000e0d0909c): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'syzkaller1' (00000000e0d0909c): kobject_uevent_env kobject: 'syzkaller1' (00000000e0d0909c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'queues' (000000007bee94b1): kobject_add_internal: parent: 'syzkaller1', set: '' kobject: 'queues' (000000007bee94b1): kobject_uevent_env kobject: 'queues' (000000007bee94b1): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000074ffe57c): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000074ffe57c): kobject_uevent_env kobject: 'rx-0' (0000000074ffe57c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'tx-0' (00000000b6f38739): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000b6f38739): kobject_uevent_env kobject: 'tx-0' (00000000b6f38739): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'rx-0' (0000000074ffe57c): kobject_cleanup, parent 000000007bee94b1 kobject: 'rx-0' (0000000074ffe57c): auto cleanup 'remove' event kobject: 'rx-0' (0000000074ffe57c): kobject_uevent_env kobject: 'rx-0' (0000000074ffe57c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/rx-0' kobject: 'rx-0' (0000000074ffe57c): auto cleanup kobject_del kobject: 'rx-0' (0000000074ffe57c): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000b6f38739): kobject_cleanup, parent 000000007bee94b1 kobject: 'tx-0' (00000000b6f38739): auto cleanup 'remove' event kobject: 'tx-0' (00000000b6f38739): kobject_uevent_env kobject: 'tx-0' (00000000b6f38739): fill_kobj_path: path = '/devices/virtual/net/syzkaller1/queues/tx-0' kobject: 'tx-0' (00000000b6f38739): auto cleanup kobject_del kobject: 'tx-0' (00000000b6f38739): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000007bee94b1): kobject_cleanup, parent (null) kobject: 'queues' (000000007bee94b1): calling ktype release kobject: 'queues' (000000007bee94b1): kset_release kobject: 'queues': free name kobject: 'syzkaller1' (00000000e0d0909c): kobject_uevent_env kobject: 'syzkaller1' (00000000e0d0909c): fill_kobj_path: path = '/devices/virtual/net/syzkaller1' kobject: 'nr0' (00000000446e4a96): kobject_cleanup, parent (null) kobject: 'nr0' (00000000446e4a96): calling ktype release kobject: 'nr0': free name kobject: 'loop2' (00000000dd268d82): kobject_uevent_env kobject: 'syzkaller1' (00000000e0d0909c): kobject_cleanup, parent (null) FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop2' (00000000dd268d82): fill_kobj_path: path = '/devices/virtual/block/loop2' CPU: 0 PID: 15452 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'loop5' (000000001a364c25): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 kobject: 'nr0' (0000000058635729): kobject_add_internal: parent: 'net', set: 'devices' __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x26c/0x710 mm/slab.c:3647 kobject: 'syzkaller1' (00000000e0d0909c): calling ktype release __alloc_skb+0xd5/0x5f0 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 kobject: 'syzkaller1': free name sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 kobject: 'nr0' (0000000058635729): kobject_uevent_env unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 kobject: 'nr0' (0000000058635729): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (000000005d52acd3): kobject_add_internal: parent: 'nr0', set: '' __sys_sendmmsg+0x1bf/0x4e0 net/socket.c:2210 kobject: 'queues' (000000005d52acd3): kobject_uevent_env kobject: 'queues' (000000005d52acd3): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000e3cbbed6): kobject_add_internal: parent: 'queues', set: 'queues' __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2236 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 kobject: 'rx-0' (00000000e3cbbed6): kobject_uevent_env entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 kobject: 'rx-0' (00000000e3cbbed6): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' RSP: 002b:00007fb497e80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fb497e80c90 RCX: 000000000045a639 RDX: 0324fad809d5a9cf RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb497e816d4 R13: 00000000004c83c8 R14: 00000000004de808 R15: 0000000000000005 kobject: 'tx-0' (000000006278e29c): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (000000006278e29c): kobject_uevent_env kobject: 'loop3' (00000000e32ab0fe): kobject_uevent_env kobject: 'loop3' (00000000e32ab0fe): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'tx-0' (000000006278e29c): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'loop5' (000000001a364c25): kobject_uevent_env kobject: 'loop5' (000000001a364c25): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'batman_adv' (00000000fcd6c249): kobject_add_internal: parent: 'nr0', set: '' kobject: 'loop4' (00000000145b469f): kobject_uevent_env kobject: 'batman_adv' (00000000fcd6c249): kobject_uevent_env kobject: 'loop4' (00000000145b469f): fill_kobj_path: path = '/devices/virtual/block/loop4' EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop0' (0000000093fd7806): kobject_uevent_env kobject: 'batman_adv' (00000000fcd6c249): kobject_uevent_env: filter function caused the event to drop! EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock CPU: 1 PID: 15575 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0 kobject: 'loop0' (0000000093fd7806): fill_kobj_path: path = '/devices/virtual/block/loop0' Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3703 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:137 __alloc_skb+0x10b/0x5f0 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:995 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5303 EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock sock_alloc_send_pskb+0x72d/0x8a0 net/core/sock.c:2085 unix_dgram_sendmsg+0x3de/0x11f0 net/unix/af_unix.c:1687 unix_seqpacket_sendmsg+0x11e/0x1b2 net/unix/af_unix.c:2068 kobject: 'batman_adv' (00000000fcd6c249): kobject_cleanup, parent (null) sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115