attempt to access beyond end of device loop3: rw=1, want=127, limit=15 attempt to access beyond end of device loop3: rw=1, want=128, limit=15 ====================================================== WARNING: possible circular locking dependency detected 4.14.289-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:3/95 is trying to acquire lock: (sk_lock-AF_INET){+.+.}, at: [] do_strp_work net/strparser/strparser.c:415 [inline] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 net/strparser/strparser.c:434 but task is already holding lock: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 ((&strp->work)){+.+.}: flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (sk_lock-AF_INET){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&strp->work)); lock(sk_lock-AF_INET); lock((&strp->work)); lock(sk_lock-AF_INET); *** DEADLOCK *** 2 locks held by kworker/u4:3/95: #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 stack backtrace: CPU: 1 PID: 95 Comm: kworker/u4:3 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Workqueue: kstrp strp_work Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 block nbd4: Receive control failed (result -32) block nbd4: Receive control failed (result -32) block nbd4: shutting down sockets block nbd4: Receive control failed (result -32) block nbd4: Receive control failed (result -32) block nbd4: shutting down sockets block nbd4: Receive control failed (result -32) block nbd4: Receive control failed (result -32) block nbd4: shutting down sockets block nbd1: Receive control failed (result -32) block nbd1: Receive control failed (result -32) block nbd1: shutting down sockets netlink: 200 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 200 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 200 bytes leftover after parsing attributes in process `syz-executor.1'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 12221 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: netlink: 200 bytes leftover after parsing attributes in process `syz-executor.1'. __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x2c1/0x400 mm/slab.c:3729 kmalloc include/linux/slab.h:493 [inline] kzalloc include/linux/slab.h:661 [inline] __alloc_workqueue_key+0x10e/0x1080 kernel/workqueue.c:4010 netlink: 200 bytes leftover after parsing attributes in process `syz-executor.1'. nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12306 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x29a/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] alloc_workqueue_attrs kernel/workqueue.c:3179 [inline] __alloc_workqueue_key+0x159/0x1080 kernel/workqueue.c:4015 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 EXT4-fs (loop1): VFS: Can't find ext4 filesystem kauditd_printk_skb: 1 callbacks suppressed audit: type=1804 audit(1658688308.221:92): pid=12315 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir165113599/syzkaller.mAKb10/73/file0" dev="sda1" ino=14075 res=1 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets EXT4-fs (loop1): VFS: Can't find ext4 filesystem audit: type=1804 audit(1658688308.331:93): pid=12323 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir165113599/syzkaller.mAKb10/74/file0" dev="sda1" ino=14108 res=1 EXT4-fs (loop1): VFS: Can't find ext4 filesystem FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 audit: type=1804 audit(1658688308.491:94): pid=12341 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir165113599/syzkaller.mAKb10/75/file0" dev="sda1" ino=14106 res=1 CPU: 0 PID: 12336 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x2c1/0x400 mm/slab.c:3729 kmalloc include/linux/slab.h:493 [inline] kzalloc include/linux/slab.h:661 [inline] apply_wqattrs_prepare+0xab/0x980 kernel/workqueue.c:3697 apply_workqueue_attrs_locked+0x9d/0x120 kernel/workqueue.c:3810 apply_workqueue_attrs kernel/workqueue.c:3843 [inline] alloc_and_link_pwqs kernel/workqueue.c:3965 [inline] __alloc_workqueue_key+0x88f/0x1080 kernel/workqueue.c:4040 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12366 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x29a/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] alloc_workqueue_attrs kernel/workqueue.c:3179 [inline] apply_wqattrs_prepare+0xdf/0x980 kernel/workqueue.c:3700 apply_workqueue_attrs_locked+0x9d/0x120 kernel/workqueue.c:3810 apply_workqueue_attrs kernel/workqueue.c:3843 [inline] alloc_and_link_pwqs kernel/workqueue.c:3965 [inline] __alloc_workqueue_key+0x88f/0x1080 kernel/workqueue.c:4040 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12377 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x29a/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] alloc_workqueue_attrs kernel/workqueue.c:3179 [inline] apply_wqattrs_prepare+0x16c/0x980 kernel/workqueue.c:3701 apply_workqueue_attrs_locked+0x9d/0x120 kernel/workqueue.c:3810 apply_workqueue_attrs kernel/workqueue.c:3843 [inline] alloc_and_link_pwqs kernel/workqueue.c:3965 [inline] __alloc_workqueue_key+0x88f/0x1080 kernel/workqueue.c:4040 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12416 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3297 [inline] kmem_cache_alloc_node+0x263/0x410 mm/slab.c:3640 alloc_unbound_pwq+0x464/0xb80 kernel/workqueue.c:3581 apply_wqattrs_prepare+0x359/0x980 kernel/workqueue.c:3727 apply_workqueue_attrs_locked+0x9d/0x120 kernel/workqueue.c:3810 apply_workqueue_attrs kernel/workqueue.c:3843 [inline] alloc_and_link_pwqs kernel/workqueue.c:3965 [inline] __alloc_workqueue_key+0x88f/0x1080 kernel/workqueue.c:4040 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. bond1 (uninitialized): Released all slaves FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12440 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3297 [inline] kmem_cache_alloc_node_trace+0x25a/0x400 mm/slab.c:3659 kmalloc_node include/linux/slab.h:526 [inline] kzalloc_node include/linux/slab.h:672 [inline] alloc_worker kernel/workqueue.c:1676 [inline] __alloc_workqueue_key+0xaaf/0x1080 kernel/workqueue.c:4050 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12471 Comm: syz-executor.4 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x29a/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] __kthread_create_on_node+0xbe/0x3a0 kernel/kthread.c:277 kthread_create_on_node+0xa8/0xd0 kernel/kthread.c:365 __alloc_workqueue_key+0xc06/0x1080 kernel/workqueue.c:4055 nbd_start_device+0x168/0xca0 drivers/block/nbd.c:1193 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline] __nbd_ioctl drivers/block/nbd.c:1334 [inline] nbd_ioctl+0x3c4/0xac0 drivers/block/nbd.c:1374 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f06ad5c7209 RSP: 002b:00007f06abf3c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06ad6d9f60 RCX: 00007f06ad5c7209 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 RBP: 00007f06abf3c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd75c4072f R14: 00007f06abf3c300 R15: 0000000000022000 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. bond1 (uninitialized): Released all slaves unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 block nbd4: Could not allocate knbd recv work queue. block nbd4: shutting down sockets netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. Restarting kernel threads ... done. bond1 (uninitialized): Released all slaves Restarting kernel threads ... done. block nbd4: shutting down sockets Restarting kernel threads ... done. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 Restarting kernel threads ... done. Restarting kernel threads ... done. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 Restarting kernel threads ... done. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 block nbd4: Device being setup by another task block nbd4: shutting down sockets audit: type=1800 audit(1658688312.781:95): pid=12615 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14124 res=0 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1658688312.791:96): pid=12615 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2924776093/syzkaller.pYTf5c/69/file0" dev="sda1" ino=14124 res=1 audit: type=1804 audit(1658688312.791:97): pid=12615 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir2924776093/syzkaller.pYTf5c/69/file0" dev="sda1" ino=14124 res=1 EXT4-fs (loop1): VFS: Can't find ext4 filesystem netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop1): VFS: Can't find ext4 filesystem netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. print_req_error: I/O error, dev loop1, sector 0 buffer_io_error: 14 callbacks suppressed Buffer I/O error on dev loop1, logical block 0, async page read block nbd4: Device being setup by another task print_req_error: I/O error, dev loop1, sector 4 Buffer I/O error on dev loop1, logical block 2, async page read print_req_error: I/O error, dev loop1, sector 6 Buffer I/O error on dev loop1, logical block 3, async page read block nbd4: shutting down sockets netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop1): VFS: Can't find ext4 filesystem netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1658688314.021:98): pid=12765 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14141 res=0 audit: type=1804 audit(1658688314.021:99): pid=12760 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2924776093/syzkaller.pYTf5c/70/file0" dev="sda1" ino=14141 res=1 EXT4-fs (loop1): VFS: Can't find ext4 filesystem netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.