kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'queues' (ffff88808ff34b48): kobject_uevent_env ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 4 kobject: 'queues' (ffff88808ff34b48): kobject_uevent_env: filter function caused the event to drop! ====================================================== WARNING: possible circular locking dependency detected 4.14.160-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.2/19270 is trying to acquire lock: (console_owner){-.-.}, at: [] console_trylock_spinning kernel/printk/printk.c:1658 [inline] (console_owner){-.-.}, at: [] vprintk_emit kernel/printk/printk.c:1922 [inline] (console_owner){-.-.}, at: [] vprintk_emit+0x2f1/0x600 kernel/printk/printk.c:1888 but task is already holding lock: (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x2b/0x4e0 drivers/tty/tty_port.c:572 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&(&port->lock)->rlock){-.-.}: lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:160 tty_port_tty_get+0x22/0x90 drivers/tty/tty_port.c:287 tty_port_default_wakeup+0x16/0x40 drivers/tty/tty_port.c:46 tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:389 uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:116 serial8250_tx_chars+0x40d/0xa10 drivers/tty/serial/8250/8250_port.c:1810 serial8250_handle_irq.part.0+0x206/0x250 drivers/tty/serial/8250/8250_port.c:1883 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1869 [inline] serial8250_default_handle_irq+0xa1/0x120 drivers/tty/serial/8250/8250_port.c:1899 serial8250_interrupt+0xe9/0x1a0 drivers/tty/serial/8250/8250_core.c:129 __handle_irq_event_percpu+0x125/0x7f0 kernel/irq/handle.c:147 handle_irq_event_percpu+0x65/0x130 kernel/irq/handle.c:187 handle_irq_event+0xa7/0x134 kernel/irq/handle.c:204 handle_edge_irq+0x22b/0x840 kernel/irq/chip.c:770 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x39/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x99/0x1d0 arch/x86/kernel/irq.c:230 ret_from_intr+0x0/0x1e arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x95/0xe0 kernel/locking/spinlock.c:192 spin_unlock_irqrestore include/linux/spinlock.h:372 [inline] uart_write+0x29a/0x4f0 drivers/tty/serial/serial_core.c:625 process_output_block drivers/tty/n_tty.c:595 [inline] n_tty_write+0x38b/0xf20 drivers/tty/n_tty.c:2333 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x3f6/0x700 drivers/tty/tty_io.c:1043 redirected_tty_write+0xa3/0xb0 drivers/tty/tty_io.c:1064 __vfs_write+0x105/0x6b0 fs/read_write.c:480 vfs_write+0x198/0x500 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xfd/0x230 fs/read_write.c:582 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #1 (&port_lock_key){-.-.}: lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:160 serial8250_console_write+0x709/0x930 drivers/tty/serial/8250/8250_port.c:3232 univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:597 call_console_drivers kernel/printk/printk.c:1725 [inline] console_unlock+0x9ba/0xed0 kernel/printk/printk.c:2397 vprintk_emit kernel/printk/printk.c:1923 [inline] vprintk_emit+0x1f9/0x600 kernel/printk/printk.c:1888 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 vprintk_func+0x5d/0x159 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 register_console+0x614/0x9e0 kernel/printk/printk.c:2716 univ8250_console_init+0x33/0x3f drivers/tty/serial/8250/8250_core.c:692 console_init+0x4d/0x5d kernel/printk/printk.c:2797 start_kernel+0x43c/0x6fd init/main.c:634 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:399 x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:380 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240 -> #0 (console_owner){-.-.}: check_prev_add kernel/locking/lockdep.c:1901 [inline] check_prevs_add kernel/locking/lockdep.c:2018 [inline] validate_chain kernel/locking/lockdep.c:2460 [inline] __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994 console_trylock_spinning kernel/printk/printk.c:1679 [inline] vprintk_emit kernel/printk/printk.c:1922 [inline] vprintk_emit+0x32e/0x600 kernel/printk/printk.c:1888 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 vprintk_func+0x5d/0x159 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 tty_port_close_start.part.0+0x491/0x4e0 drivers/tty/tty_port.c:574 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x41/0xc0 drivers/tty/tty_port.c:639 tpk_close+0x7a/0x8c drivers/char/ttyprintk.c:109 tty_release+0x373/0xd60 drivers/tty/tty_io.c:1670 __fput+0x275/0x7a0 fs/file_table.c:210 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x114/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &(&port->lock)->rlock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&port->lock)->rlock); lock(&port_lock_key); lock(&(&port->lock)->rlock); lock(console_owner); *** DEADLOCK *** 2 locks held by syz-executor.2/19270: #0: (&tty->legacy_mutex){+.+.}, at: [] tty_lock+0x68/0x80 drivers/tty/tty_mutex.c:19 #1: (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x2b/0x4e0 drivers/tty/tty_port.c:572 stack backtrace: CPU: 0 PID: 19270 Comm: syz-executor.2 Not tainted 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1901 [inline] check_prevs_add kernel/locking/lockdep.c:2018 [inline] validate_chain kernel/locking/lockdep.c:2460 [inline] __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994 console_trylock_spinning kernel/printk/printk.c:1679 [inline] vprintk_emit kernel/printk/printk.c:1922 [inline] vprintk_emit+0x32e/0x600 kernel/printk/printk.c:1888 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 vprintk_func+0x5d/0x159 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 tty_port_close_start.part.0+0x491/0x4e0 drivers/tty/tty_port.c:574 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x41/0xc0 drivers/tty/tty_port.c:639 tpk_close+0x7a/0x8c drivers/char/ttyprintk.c:109 tty_release+0x373/0xd60 drivers/tty/tty_io.c:1670 __fput+0x275/0x7a0 fs/file_table.c:210 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x114/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4144b1 RSP: 002b:00007ffee6eb3550 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004144b1 RDX: 0000000000000000 RSI: 0000000000000ab7 RDI: 0000000000000004 RBP: 0000000000000001 R08: 000000007b792ab7 R09: 000000007b792abb R10: 00007ffee6eb3630 R11: 0000000000000293 R12: 000000000075c9a0 R13: 000000000075c9a0 R14: 0000000000760aa0 R15: 000000000075bfd4 kobject: 'rx-0' (ffff888095a0c610): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (ffff888095a0c610): kobject_uevent_env kobject: 'rx-0' (ffff888095a0c610): fill_kobj_path: path = '/devices/virtual/net/veth31/queues/rx-0' kobject: 'tx-0' (ffff8880a524ea18): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (ffff8880a524ea18): kobject_uevent_env kobject: 'tx-0' (ffff8880a524ea18): fill_kobj_path: path = '/devices/virtual/net/veth31/queues/tx-0' kobject: 'batman_adv' (ffff88808e7ffa00): kobject_add_internal: parent: 'veth31', set: '' kobject: '0:46' (ffff88804ea04150): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:46' (ffff88804ea04150): kobject_uevent_env kobject: '0:46' (ffff88804ea04150): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 19294 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop5' (ffff8880a424f760): kobject_uevent_env kobject: 'loop5' (ffff8880a424f760): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' CPU: 0 PID: 19308 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 protocol 88fb is buggy, dev hsr_slave_0 kobject: '0:47' (ffff888096232ed0): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:47' (ffff888096232ed0): kobject_uevent_env kobject: '0:47' (ffff888096232ed0): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:47' (ffff888096232ed0): kobject_uevent_env FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 kobject: '0:47' (ffff888096232ed0): fill_kobj_path: path = '/devices/virtual/bdi/0:47' CPU: 0 PID: 19327 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 kobject: '0:47' (ffff888096232ed0): kobject_cleanup, parent (null) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 kobject: '0:47' (ffff888096232ed0): calling ktype release should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 kobject: '0:47': free name alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46' (ffff88804ea04150): kobject_uevent_env kobject: '0:46' (ffff88804ea04150): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: '0:46' (ffff88804ea04150): kobject_cleanup, parent (null) kobject: '0:46' (ffff88804ea04150): calling ktype release kobject: '0:46': free name kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop5' (ffff8880a424f760): kobject_uevent_env FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (ffff8880a424f760): fill_kobj_path: path = '/devices/virtual/block/loop5' CPU: 1 PID: 19345 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: '0:46' (ffff8880a1747450): kobject_add_internal: parent: 'bdi', set: 'devices' Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 kobject: '0:46' (ffff8880a1747450): kobject_uevent_env should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 kobject: '0:46' (ffff8880a1747450): fill_kobj_path: path = '/devices/virtual/bdi/0:46' protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env CPU: 1 PID: 19366 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 protocol 88fb is buggy, dev hsr_slave_0 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 19372 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:2891 [inline] prepare_alloc_pages mm/page_alloc.c:4124 [inline] __alloc_pages_nodemask+0x1d6/0x7a0 mm/page_alloc.c:4172 alloc_pages_vma+0xc9/0x4c0 mm/mempolicy.c:2077 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline] do_anonymous_page mm/memory.c:3133 [inline] handle_pte_fault mm/memory.c:3987 [inline] __handle_mm_fault+0x186c/0x33d0 mm/memory.c:4113 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150 faultin_page mm/gup.c:514 [inline] __get_user_pages+0x465/0x12e0 mm/gup.c:714 __get_user_pages_locked mm/gup.c:885 [inline] __get_user_pages_unlocked mm/gup.c:999 [inline] get_user_pages_unlocked+0x1f0/0x2f0 mm/gup.c:1024 kobject: '0:47' (ffff888054590110): kobject_add_internal: parent: 'bdi', set: 'devices' get_user_pages_fast+0x228/0x2d0 mm/gup.c:1883 kobject: '0:47' (ffff888054590110): kobject_uevent_env iov_iter_get_pages+0x20f/0xd10 lib/iov_iter.c:1081 kobject: '0:47' (ffff888054590110): fill_kobj_path: path = '/devices/virtual/bdi/0:47' af_alg_make_sg+0x85/0x400 crypto/af_alg.c:406 af_alg_get_rsgl+0x1d3/0x530 crypto/af_alg.c:1187 _skcipher_recvmsg crypto/algif_skcipher.c:88 [inline] skcipher_recvmsg+0x774/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 __sys_recvmsg+0xb6/0x140 net/socket.c:2266 SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:47' (ffff888054590110): kobject_uevent_env kobject: '0:47' (ffff888054590110): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: '0:47' (ffff888054590110): kobject_cleanup, parent (null) kobject: '0:47' (ffff888054590110): calling ktype release kobject: '0:47': free name kobject: '0:46' (ffff8880a1747450): kobject_uevent_env kobject: '0:46' (ffff8880a1747450): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: '0:46' (ffff8880a1747450): kobject_cleanup, parent (null) kobject: '0:46' (ffff8880a1747450): calling ktype release kobject: '0:46': free name kobject: 'loop5' (ffff8880a424f760): kobject_uevent_env kobject: 'loop5' (ffff8880a424f760): fill_kobj_path: path = '/devices/virtual/block/loop5' FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: '0:46' (ffff8880a8083150): kobject_add_internal: parent: 'bdi', set: 'devices' CPU: 0 PID: 19387 Comm: syz-executor.3 Not tainted 4.14.160-syzkaller #0 kobject: '0:46' (ffff8880a8083150): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_failslab+0xdb/0x130 mm/failslab.c:32 kobject: '0:46' (ffff8880a8083150): fill_kobj_path: path = '/devices/virtual/bdi/0:46' slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x2f0/0x7a0 mm/slab.c:3729 kmalloc include/linux/slab.h:493 [inline] sock_kmalloc net/core/sock.c:1979 [inline] sock_kmalloc+0x7f/0xc0 net/core/sock.c:1970 _skcipher_recvmsg crypto/algif_skcipher.c:110 [inline] skcipher_recvmsg+0x217/0xd30 crypto/algif_skcipher.c:172 sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 kobject: '0:47' (ffff888053966a90): kobject_add_internal: parent: 'bdi', set: 'devices' ___sys_recvmsg+0x21f/0x4d0 net/socket.c:2221 kobject: '0:47' (ffff888053966a90): kobject_uevent_env __sys_recvmsg+0xb6/0x140 net/socket.c:2266 kobject: '0:47' (ffff888053966a90): fill_kobj_path: path = '/devices/virtual/bdi/0:47' SYSC_recvmsg net/socket.c:2278 [inline] SyS_recvmsg+0x2d/0x50 net/socket.c:2273 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a919 RSP: 002b:00007f61b925fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00007f61b925fc90 RCX: 000000000045a919 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61b92606d4 R13: 00000000004c8fad R14: 00000000004e0a48 R15: 0000000000000005 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:47' (ffff888053966a90): kobject_uevent_env kobject: '0:47' (ffff888053966a90): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: 'loop5' (ffff8880a424f760): kobject_uevent_env kobject: 'loop5' (ffff8880a424f760): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: '0:47' (ffff888053966a90): kobject_cleanup, parent (null) kobject: '0:47' (ffff888053966a90): calling ktype release kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: '0:47': free name kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' IPVS: Unknown mcast interface: syzkaìler1 kobject: '0:46' (ffff8880a8083150): kobject_uevent_env kobject: '0:46' (ffff8880a8083150): fill_kobj_path: path = '/devices/virtual/bdi/0:46' net_ratelimit: 1 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: '0:46' (ffff8880a8083150): kobject_cleanup, parent (null) kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46' (ffff8880a8083150): calling ktype release jfs: Unrecognized mount option "euid>00000000000000000000" or missing value kobject: '0:46': free name kobject: '0:46' (ffff8880531bcd90): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: 'loop5' (ffff8880a424f760): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop5' (ffff8880a424f760): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46' (ffff8880531bcd90): kobject_uevent_env kobject: '0:46' (ffff8880531bcd90): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' jfs: Unrecognized mount option "euid>00000000000000000000" or missing value kobject: '0:46' (ffff8880531bcd90): kobject_uevent_env kobject: '0:46' (ffff8880531bcd90): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: '0:46' (ffff8880531bcd90): kobject_cleanup, parent (null) kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: '0:46' (ffff8880531bcd90): calling ktype release kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46': free name kobject: '0:46' (ffff888056210990): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:46' (ffff888056210990): kobject_uevent_env kobject: '0:46' (ffff888056210990): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:47' (ffff8880543751d0): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:47' (ffff8880543751d0): kobject_uevent_env kobject: '0:47' (ffff8880543751d0): fill_kobj_path: path = '/devices/virtual/bdi/0:47' protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: '0:47' (ffff8880543751d0): kobject_uevent_env kobject: '0:47' (ffff8880543751d0): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: '0:47' (ffff8880543751d0): kobject_cleanup, parent (null) kobject: '0:47' (ffff8880543751d0): calling ktype release kobject: '0:47': free name kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46' (ffff888056210990): kobject_uevent_env kobject: '0:46' (ffff888056210990): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: '0:46' (ffff888056210990): kobject_cleanup, parent (null) kobject: '0:46' (ffff888056210990): calling ktype release kobject: '0:46': free name kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: '0:46' (ffff8880a8152910): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: '0:46' (ffff8880a8152910): kobject_uevent_env kobject: '0:46' (ffff8880a8152910): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: '0:47' (ffff8880a0dab650): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:47' (ffff8880a0dab650): kobject_uevent_env kobject: '0:47' (ffff8880a0dab650): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: 'loop3' (ffff88809df40120): kobject_uevent_env kobject: 'loop3' (ffff88809df40120): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop4' (ffff8880a41f76e0): kobject_uevent_env kobject: 'loop4' (ffff8880a41f76e0): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: '0:47' (ffff8880a0dab650): kobject_uevent_env kobject: '0:47' (ffff8880a0dab650): fill_kobj_path: path = '/devices/virtual/bdi/0:47' kobject: '0:47' (ffff8880a0dab650): kobject_cleanup, parent (null) kobject: '0:47' (ffff8880a0dab650): calling ktype release kobject: '0:47': free name kobject: '0:46' (ffff8880a8152910): kobject_uevent_env kobject: '0:46' (ffff8880a8152910): fill_kobj_path: path = '/devices/virtual/bdi/0:46' kobject: '0:46' (ffff8880a8152910): kobject_cleanup, parent (null) kobject: '0:46' (ffff8880a8152910): calling ktype release kobject: '0:46': free name