possible deadlock in flush_workqueue

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 45f092f9 Linux 4.14.139
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=124e0c9c600000
kernel config: https://syzkaller.appspot.com/x/.config?x=56ab4cf14cc8892d
dashboard link: https://syzkaller.appspot.com/bug?extid=e3f421b94470bd51217c
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e3f421...@syzkaller.appspotmail.com

======================================================
WARNING: possible circular locking dependency detected
4.14.139 #35 Not tainted
------------------------------------------------------
syz-executor.1/16945 is trying to acquire lock:
("dio/%s"sb->s_id){+.+.}, at: [<ffffffff813c757a>]
flush_workqueue+0xda/0x1400 kernel/workqueue.c:2613

but task is already holding lock:
(&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1bf4>] inode_trylock
include/linux/fs.h:738 [inline]
(&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1bf4>]
ext4_file_write_iter+0x1f4/0xe90 fs/ext4/file.c:234

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env

-> #2 (&sb->s_type->i_mutex_key#9){+.+.}:
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
down_write+0x38/0x90 kernel/locking/rwsem.c:54
inode_lock include/linux/fs.h:718 [inline]
__generic_file_fsync+0xab/0x1a0 fs/libfs.c:981
ext4_sync_file+0x755/0x12d0 fs/ext4/fsync.c:120
vfs_fsync_range+0x10e/0x260 fs/sync.c:196
generic_write_sync include/linux/fs.h:2677 [inline]
dio_complete+0x397/0x860 fs/direct-io.c:330
dio_aio_complete_work+0x20/0x30 fs/direct-io.c:342
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #1 ((&dio->complete_work)){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
process_one_work+0x803/0x1600 kernel/workqueue.c:2090
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 ("dio/%s"sb->s_id){+.+.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
flush_workqueue+0x109/0x1400 kernel/workqueue.c:2616
drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2781
destroy_workqueue+0x21/0x620 kernel/workqueue.c:4088
sb_init_dio_done_wq+0x66/0x80 fs/direct-io.c:635
do_blockdev_direct_IO+0x3957/0x7fd0 fs/direct-io.c:1286
__blockdev_direct_IO+0xa1/0xca fs/direct-io.c:1422
ext4_direct_IO_write fs/ext4/inode.c:3703 [inline]
ext4_direct_IO+0x70d/0x1890 fs/ext4/inode.c:3833
generic_file_direct_write+0x1e7/0x430 mm/filemap.c:2949
__generic_file_write_iter+0x2bc/0x5b0 mm/filemap.c:3128
ext4_file_write_iter+0x2ac/0xe90 fs/ext4/file.c:268
call_write_iter include/linux/fs.h:1777 [inline]
aio_write+0x2c7/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x996/0x13f0 fs/aio.c:1709
SYSC_io_submit fs/aio.c:1734 [inline]
SyS_io_submit+0x28/0x30 fs/aio.c:1731
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

Chain exists of:
"dio/%s"sb->s_id --> (&dio->complete_work) --> &sb->s_type->i_mutex_key#9

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&sb->s_type->i_mutex_key#9);
lock((&dio->complete_work));
lock(&sb->s_type->i_mutex_key#9);
lock("dio/%s"sb->s_id);

*** DEADLOCK ***

2 locks held by syz-executor.1/16945:
#0: (sb_writers#4){.+.+}, at: [<ffffffff819eff46>] file_start_write
include/linux/fs.h:2707 [inline]
#0: (sb_writers#4){.+.+}, at: [<ffffffff819eff46>] aio_write+0x426/0x4f0
fs/aio.c:1552
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1bf4>]
inode_trylock include/linux/fs.h:738 [inline]
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1bf4>]
ext4_file_write_iter+0x1f4/0xe90 fs/ext4/file.c:234

stack backtrace:
CPU: 1 PID: 16945 Comm: syz-executor.1 Not tainted 4.14.139 #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
flush_workqueue+0x109/0x1400 kernel/workqueue.c:2616
drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2781
destroy_workqueue+0x21/0x620 kernel/workqueue.c:4088
sb_init_dio_done_wq+0x66/0x80 fs/direct-io.c:635
do_blockdev_direct_IO+0x3957/0x7fd0 fs/direct-io.c:1286
__blockdev_direct_IO+0xa1/0xca fs/direct-io.c:1422
ext4_direct_IO_write fs/ext4/inode.c:3703 [inline]
ext4_direct_IO+0x70d/0x1890 fs/ext4/inode.c:3833
generic_file_direct_write+0x1e7/0x430 mm/filemap.c:2949
__generic_file_write_iter+0x2bc/0x5b0 mm/filemap.c:3128
ext4_file_write_iter+0x2ac/0xe90 fs/ext4/file.c:268
call_write_iter include/linux/fs.h:1777 [inline]
aio_write+0x2c7/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x996/0x13f0 fs/aio.c:1709
SYSC_io_submit fs/aio.c:1734 [inline]
SyS_io_submit+0x28/0x30 fs/aio.c:1731
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007fe8cf0dec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
RDX: 0000000020000540 RSI: 0000000000000001 RDI: 00007fe8cf09d000
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8cf0df6d4
R13: 00000000004c0c19 R14: 00000000004d3c60 R15: 00000000ffffffff
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
audit: type=1400 audit(1566051071.409:201): avc: denied { map } for
pid=17381 comm="syz-executor.5"
path="/root/syzkaller-testdir946352427/syzkaller.X5g7ZI/461/file0/mem"
dev="devtmpfs" ino=13686
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1
x86/PAT: syz-executor.5:17385 freeing invalid memtype [mem
0x00001000-0x00001fff]
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
x86/PAT: syz-executor.5:17396 freeing invalid memtype [mem
0x00000000-0x00000fff]
audit: type=1804 audit(1566051071.409:202): pid=17386 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.4"
name="/root/syzkaller-testdir023436706/syzkaller.B84ngN/433/file0"
dev="sda1" ino=17621 res=1
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
audit: type=1804 audit(1566051071.569:203): pid=17400 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.4"
name="/root/syzkaller-testdir023436706/syzkaller.B84ngN/434/file0"
dev="sda1" ino=16993 res=1
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
audit: type=1804 audit(1566051071.579:204): pid=17401 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.1"
name="/root/syzkaller-testdir040255728/syzkaller.KnL5QP/442/file0"
dev="sda1" ino=16650 res=1
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
audit: type=1804 audit(1566051071.729:205): pid=17413 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.4"
name="/root/syzkaller-testdir023436706/syzkaller.B84ngN/435/file0"
dev="sda1" ino=17619 res=1
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
audit: type=1804 audit(1566051071.729:206): pid=17414 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.1"
name="/root/syzkaller-testdir040255728/syzkaller.KnL5QP/443/file0"
dev="sda1" ino=17620 res=1
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
audit: type=1804 audit(1566051071.889:207): pid=17426 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.4"
name="/root/syzkaller-testdir023436706/syzkaller.B84ngN/436/file0"
dev="sda1" ino=16646 res=1
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
audit: type=1804 audit(1566051071.929:208): pid=17427 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.1"
name="/root/syzkaller-testdir040255728/syzkaller.KnL5QP/444/file0"
dev="sda1" ino=17547 res=1
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
x86/PAT: syz-executor.0:17511 freeing invalid memtype [mem
0x00001000-0x00001fff]
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
x86/PAT: syz-executor.4:17508 freeing invalid memtype [mem
0x00000000-0x00000fff]
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
audit: type=1804 audit(1566051073.839:209): pid=17517 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.3"
name="/root/syzkaller-testdir186846869/syzkaller.af3rvK/444/file0"
dev="sda1" ino=16995 res=1
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
audit: type=1804 audit(1566051073.899:210): pid=17521 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="invalid_pcr" cause="open_writers" comm="syz-executor.2"
name="/root/syzkaller-testdir268802447/syzkaller.0tv7mM/456/file0"
dev="sda1" ino=17616 res=1
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
9pnet: p9_errstr2errno: server reported unknown error �
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
9pnet: p9_errstr2errno: server reported unknown error �
9pnet: p9_errstr2errno: server reported unknown error �
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a90920): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (ffff8880a49b4e60): kobject_uevent_env
kobject: 'loop1' (ffff8880a49b4e60): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (ffff8880a494cde0): kobject_uevent_env
kobject: 'loop0' (ffff8880a494cde0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a49e4620): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4ac49a0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (ffff8880a49e4620): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a90920): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a44f20): kobject_uevent_env


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: ddef1e8e Linux 4.14.151
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=123bd792e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a2b317f0c5f02ed3

dashboard link: https://syzkaller.appspot.com/bug?extid=e3f421b94470bd51217c
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163bd792e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1480b18ae00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e3f421...@syzkaller.appspotmail.com

IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
block nbd0: Receive control failed (result -22)
block nbd0: shutting down sockets
============================================
WARNING: possible recursive locking detected
4.14.151 #0 Not tainted
--------------------------------------------
kworker/u5:1/6981 is trying to acquire lock:
("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813c88ca>]

flush_workqueue+0xda/0x1400 kernel/workqueue.c:2613

but task is already holding lock:

("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] work_static
include/linux/workqueue.h:199 [inline]
("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] set_work_data
kernel/workqueue.c:619 [inline]
("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>]
set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>]
process_one_work+0x76e/0x1600 kernel/workqueue.c:2085

other info that might help us debug this:

Possible unsafe locking scenario:

CPU0

----
lock("knbd%d-recv"nbd->index);
lock("knbd%d-recv"nbd->index);

*** DEADLOCK ***

May be due to missing lock nesting notation

3 locks held by kworker/u5:1/6981:
#0: ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] work_static
include/linux/workqueue.h:199 [inline]
#0: ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>]
set_work_data kernel/workqueue.c:619 [inline]
#0: ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>]
set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>]
process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&args->work)){+.+.}, at: [<ffffffff813cf92b>]
process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&nbd->config_lock){+.+.}, at: [<ffffffff82d77ed9>]
refcount_dec_and_mutex_lock lib/refcount.c:312 [inline]
#2: (&nbd->config_lock){+.+.}, at: [<ffffffff82d77ed9>]
refcount_dec_and_mutex_lock+0x49/0x6c lib/refcount.c:307

stack backtrace:
CPU: 0 PID: 6981 Comm: kworker/u5:1 Not tainted 4.14.151 #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011

Workqueue: knbd0-recv recv_work

Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]

dump_stack+0x138/0x197 lib/dump_stack.c:53
print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
check_deadlock kernel/locking/lockdep.c:1843 [inline]
validate_chain kernel/locking/lockdep.c:2444 [inline]
__lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994

flush_workqueue+0x109/0x1400 kernel/workqueue.c:2616
drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2781
destroy_workqueue+0x21/0x620 kernel/workqueue.c:4088

nbd_config_put+0x43c/0x7a0 drivers/block/nbd.c:1124
recv_work+0x18d/0x1f0 drivers/block/nbd.c:724

process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

kobject: 'batman_adv' (ffff88808df04280): kobject_uevent_env
kobject: 'batman_adv' (ffff88808df04280): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (ffff88808df04280): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (ffff88808df04280): calling ktype release
kobject: (ffff88808df04280): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (ffff88809ad0ce50): kobject_cleanup, parent ffff8880a1295048
kobject: 'rx-0' (ffff88809ad0ce50): auto cleanup 'remove' event
kobject: 'rx-0' (ffff88809ad0ce50): kobject_uevent_env
kobject: 'rx-0' (ffff88809ad0ce50): fill_kobj_path: path
= '/devices/virtual/net/syz_tun/queues/rx-0'
kobject: 'rx-0' (ffff88809ad0ce50): auto cleanup kobject_del
kobject: 'rx-0' (ffff88809ad0ce50): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff8880917c5058): kobject_cleanup, parent ffff8880a1295048
kobject: 'tx-0' (ffff8880917c5058): auto cleanup 'remove' event
kobject: 'tx-0' (ffff8880917c5058): kobject_uevent_env
kobject: 'tx-0' (ffff8880917c5058): fill_kobj_path: path
= '/devices/virtual/net/syz_tun/queues/tx-0'
kobject: 'tx-0' (ffff8880917c5058): auto cleanup kobject_del
kobject: 'tx-0' (ffff8880917c5058): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a1295048): kobject_cleanup, parent
(null)
kobject: 'queues' (ffff8880a1295048): calling ktype release
kobject: 'queues' (ffff8880a1295048): kset_release
kobject: 'queues': free name
kobject: 'syz_tun' (ffff8880a9490a70): kobject_uevent_env
kobject: 'syz_tun' (ffff8880a9490a70): fill_kobj_path: path
= '/devices/virtual/net/syz_tun'
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready

[syzbot]

syzbot suspects this bug was fixed by commit:

commit 4df728651b8a99693c69962d8e5a5b9e5a3bbcc7
Author: Mike Christie <mchr...@redhat.com>
Date: Thu Oct 17 21:27:34 2019 +0000

nbd: verify socket is supported during setup

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=179f1db6e00000
start commit: ddef1e8e Linux 4.14.151
git tree: linux-4.14.y

kernel config: https://syzkaller.appspot.com/x/.config?x=a2b317f0c5f02ed3
dashboard link: https://syzkaller.appspot.com/bug?extid=e3f421b94470bd51217c

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163bd792e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1480b18ae00000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: nbd: verify socket is supported during setup

For information about bisection process see: https://goo.gl/tpsmEJ#bisection