INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. syzkaller login: [ 24.585961] IPVS: ftp: loaded support on port[0] = 21 executing program [ 24.613884] IPVS: ftp: loaded support on port[0] = 21 [ 24.639844] FAULT_INJECTION: forcing a failure. [ 24.639844] name failslab, interval 1, probability 0, space 0, times 1 [ 24.649042] IPVS: ftp: loaded support on port[0] = 21 [ 24.651182] CPU: 0 PID: 4500 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 24.663690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.673034] Call Trace: [ 24.675625] dump_stack+0x194/0x24d [ 24.679249] ? arch_local_irq_restore+0x53/0x53 [ 24.683919] should_fail+0x8c0/0xa40 executing program [ 24.687635] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 24.692647] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 24.697752] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.697838] FAULT_INJECTION: forcing a failure. [ 24.697838] name failslab, interval 1, probability 0, space 0, times 1 [ 24.702933] ? __lock_acquire+0x664/0x3e00 [ 24.702941] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.702952] ? find_held_lock+0x35/0x1d0 [ 24.702964] ? __lock_is_held+0xb6/0x140 [ 24.702980] ? check_same_owner+0x320/0x320 [ 24.702988] ? __d_lookup+0x4f4/0x830 executing program [ 24.702997] ? rcu_note_context_switch+0x710/0x710 [ 24.703008] should_failslab+0xec/0x120 [ 24.703017] kmem_cache_alloc+0x47/0x760 [ 24.703027] __d_alloc+0xc1/0xbd0 [ 24.703034] ? shrink_dcache_for_umount+0x290/0x290 [ 24.703041] ? d_alloc_parallel+0x1b40/0x1b40 [ 24.703047] ? lock_release+0xa40/0xa40 [ 24.703055] ? mark_held_locks+0xaf/0x100 [ 24.703060] ? d_lookup+0x133/0x2e0 [ 24.703068] ? d_lookup+0x1d5/0x2e0 [ 24.703075] d_alloc+0x8e/0x340 [ 24.703081] ? __d_alloc+0xbd0/0xbd0 [ 24.703088] ? full_name_hash+0x9b/0xe0 [ 24.703101] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 24.703107] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 24.703118] rpc_populate.constprop.15+0xa3/0x340 [ 24.703127] rpc_fill_super+0x379/0xae0 [ 24.703137] ? cap_capable+0x1b5/0x230 [ 24.703144] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.703151] ? security_capable+0x8e/0xc0 [ 24.703158] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.703167] ? ns_capable_common+0xcf/0x160 [ 24.703174] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.703180] mount_ns+0xc4/0x190 [ 24.703188] rpc_mount+0x9e/0xd0 [ 24.703196] mount_fs+0x66/0x2d0 [ 24.703206] vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.703213] ? may_umount+0xa0/0xa0 [ 24.703223] ? _raw_read_unlock+0x22/0x30 [ 24.703232] ? __get_fs_type+0x8a/0xc0 [ 24.703242] do_mount+0xea4/0x2bb0 [ 24.703251] ? __might_fault+0x110/0x1d0 [ 24.703259] ? copy_mount_string+0x40/0x40 [ 24.703265] ? check_same_owner+0x320/0x320 [ 24.703274] ? __check_object_size+0x8b/0x530 [ 24.703286] ? __might_sleep+0x95/0x190 [ 24.703299] ? kasan_check_write+0x14/0x20 [ 24.703309] ? _copy_from_user+0x99/0x110 [ 24.703320] ? memdup_user+0x5e/0x90 [ 24.703325] ? copy_mount_options+0x1f7/0x2e0 [ 24.703333] SyS_mount+0xab/0x120 [ 24.703339] ? copy_mnt_ns+0xb30/0xb30 [ 24.703349] do_syscall_64+0x281/0x940 [ 24.703358] ? vmalloc_sync_all+0x30/0x30 [ 24.703365] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.703374] ? syscall_return_slowpath+0x550/0x550 [ 24.703381] ? syscall_return_slowpath+0x2ac/0x550 [ 24.703389] ? prepare_exit_to_usermode+0x350/0x350 [ 24.703398] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 24.703407] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.703419] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.703425] RIP: 0033:0x442cf9 [ 24.703430] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 24.703439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 24.703444] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 24.703448] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 24.703453] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff [ 24.703457] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 24.707082] IPVS: ftp: loaded support on port[0] = 21 [ 24.714844] CPU: 1 PID: 4501 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 24.759988] FAULT_INJECTION: forcing a failure. [ 24.759988] name failslab, interval 1, probability 0, space 0, times 0 [ 24.761688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.761693] Call Trace: [ 24.761711] dump_stack+0x194/0x24d [ 24.761722] ? arch_local_irq_restore+0x53/0x53 [ 25.046359] should_fail+0x8c0/0xa40 [ 25.050059] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 25.055058] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 25.060147] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.065321] ? __lock_acquire+0x664/0x3e00 [ 25.069537] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.074710] ? find_held_lock+0x35/0x1d0 [ 25.078759] ? __lock_is_held+0xb6/0x140 [ 25.082809] ? check_same_owner+0x320/0x320 [ 25.087116] ? __d_lookup+0x4f4/0x830 [ 25.090901] ? rcu_note_context_switch+0x710/0x710 [ 25.095818] should_failslab+0xec/0x120 [ 25.099776] kmem_cache_alloc+0x47/0x760 [ 25.103825] __d_alloc+0xc1/0xbd0 [ 25.107260] ? shrink_dcache_for_umount+0x290/0x290 [ 25.112257] ? d_alloc_parallel+0x1b40/0x1b40 [ 25.116737] ? lock_release+0xa40/0xa40 [ 25.120694] ? mark_held_locks+0xaf/0x100 [ 25.124823] ? d_lookup+0x133/0x2e0 [ 25.128436] ? d_lookup+0x1d5/0x2e0 [ 25.132046] d_alloc+0x8e/0x340 [ 25.135310] ? __d_alloc+0xbd0/0xbd0 [ 25.139008] ? full_name_hash+0x9b/0xe0 [ 25.142975] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 25.148233] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 25.152456] rpc_populate.constprop.15+0xa3/0x340 [ 25.157287] rpc_fill_super+0x379/0xae0 [ 25.161244] ? cap_capable+0x1b5/0x230 [ 25.165111] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.170283] ? security_capable+0x8e/0xc0 [ 25.174416] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.179588] ? ns_capable_common+0xcf/0x160 [ 25.183893] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.189066] mount_ns+0xc4/0x190 [ 25.192418] rpc_mount+0x9e/0xd0 [ 25.195767] mount_fs+0x66/0x2d0 [ 25.199117] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.203684] ? may_umount+0xa0/0xa0 [ 25.207295] ? _raw_read_unlock+0x22/0x30 [ 25.211427] ? __get_fs_type+0x8a/0xc0 [ 25.215298] do_mount+0xea4/0x2bb0 [ 25.218822] ? __might_fault+0x110/0x1d0 [ 25.222869] ? copy_mount_string+0x40/0x40 [ 25.227084] ? check_same_owner+0x320/0x320 [ 25.231391] ? __check_object_size+0x8b/0x530 [ 25.235873] ? __might_sleep+0x95/0x190 [ 25.239834] ? kasan_check_write+0x14/0x20 [ 25.244052] ? _copy_from_user+0x99/0x110 [ 25.248188] ? memdup_user+0x5e/0x90 [ 25.251884] ? copy_mount_options+0x1f7/0x2e0 [ 25.256363] SyS_mount+0xab/0x120 [ 25.259800] ? copy_mnt_ns+0xb30/0xb30 [ 25.263671] do_syscall_64+0x281/0x940 [ 25.267539] ? vmalloc_sync_all+0x30/0x30 [ 25.271671] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.276411] ? syscall_return_slowpath+0x550/0x550 [ 25.281335] ? syscall_return_slowpath+0x2ac/0x550 [ 25.286250] ? prepare_exit_to_usermode+0x350/0x350 [ 25.291248] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.296597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.301424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.306594] RIP: 0033:0x442cf9 [ 25.309763] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.317453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 25.324703] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 25.331957] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 25.339208] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff [ 25.346459] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 25.353726] CPU: 0 PID: 4502 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 25.357886] IPVS: ftp: loaded support on port[0] = 21 [ 25.361083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.361088] Call Trace: [ 25.361104] dump_stack+0x194/0x24d [ 25.361115] ? arch_local_irq_restore+0x53/0x53 [ 25.361126] ? finish_task_switch+0x1c1/0x7e0 [ 25.361135] ? finish_task_switch+0x182/0x7e0 [ 25.395438] should_fail+0x8c0/0xa40 [ 25.399154] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 25.404266] ? __sched_text_start+0x8/0x8 [ 25.406505] IPVS: ftp: loaded support on port[0] = 21 [ 25.408405] ? find_held_lock+0x35/0x1d0 [ 25.408417] ? __lock_is_held+0xb6/0x140 [ 25.408435] ? check_same_owner+0x320/0x320 [ 25.408443] ? __d_lookup+0x4f4/0x830 [ 25.408452] ? lockdep_init_map+0x9/0x10 [ 25.433938] should_failslab+0xec/0x120 [ 25.437916] kmem_cache_alloc+0x47/0x760 [ 25.441978] __d_alloc+0xc1/0xbd0 [ 25.445427] ? shrink_dcache_for_umount+0x290/0x290 [ 25.450436] ? d_alloc_parallel+0x1b40/0x1b40 [ 25.454927] ? lock_release+0xa40/0xa40 [ 25.458899] ? mark_held_locks+0xaf/0x100 [ 25.459951] FAULT_INJECTION: forcing a failure. [ 25.459951] name failslab, interval 1, probability 0, space 0, times 0 [ 25.463041] ? d_lookup+0x133/0x2e0 [ 25.463053] ? d_lookup+0x1d5/0x2e0 [ 25.463064] d_alloc+0x8e/0x340 [ 25.463073] ? __d_alloc+0xbd0/0xbd0 [ 25.463082] ? full_name_hash+0x9b/0xe0 [ 25.463099] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 25.463111] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 25.501882] rpc_populate.constprop.15+0xa3/0x340 [ 25.506712] rpc_fill_super+0x379/0xae0 [ 25.510675] ? cap_capable+0x1b5/0x230 [ 25.514542] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.519713] ? security_capable+0x8e/0xc0 [ 25.523844] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.529024] ? ns_capable_common+0xcf/0x160 [ 25.533332] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.538504] mount_ns+0xc4/0x190 [ 25.541855] rpc_mount+0x9e/0xd0 [ 25.545202] mount_fs+0x66/0x2d0 [ 25.548551] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.553114] ? may_umount+0xa0/0xa0 [ 25.557158] ? _raw_read_unlock+0x22/0x30 [ 25.561294] ? __get_fs_type+0x8a/0xc0 [ 25.565164] do_mount+0xea4/0x2bb0 [ 25.568688] ? __might_fault+0x110/0x1d0 [ 25.572731] ? copy_mount_string+0x40/0x40 [ 25.576950] ? check_same_owner+0x320/0x320 [ 25.581254] ? __check_object_size+0x8b/0x530 [ 25.585733] ? __might_sleep+0x95/0x190 [ 25.589695] ? kasan_check_write+0x14/0x20 [ 25.593911] ? _copy_from_user+0x99/0x110 [ 25.598045] ? memdup_user+0x5e/0x90 [ 25.601742] ? copy_mount_options+0x1f7/0x2e0 [ 25.606218] SyS_mount+0xab/0x120 [ 25.609651] ? copy_mnt_ns+0xb30/0xb30 [ 25.613524] do_syscall_64+0x281/0x940 [ 25.617394] ? vmalloc_sync_all+0x30/0x30 [ 25.621523] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 25.627042] ? syscall_return_slowpath+0x550/0x550 [ 25.631953] ? syscall_return_slowpath+0x2ac/0x550 [ 25.636872] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.642220] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.647050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.652219] RIP: 0033:0x442cf9 [ 25.655392] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.663083] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 25.670333] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 25.677583] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 25.684832] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff executing program executing program [ 25.692093] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 25.699366] CPU: 1 PID: 4504 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 25.703743] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 25.706733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.706737] Call Trace: [ 25.706751] dump_stack+0x194/0x24d [ 25.706758] ? arch_local_irq_restore+0x53/0x53 [ 25.706767] ? find_held_lock+0x35/0x1d0 [ 25.706777] should_fail+0x8c0/0xa40 [ 25.721176] FAULT_INJECTION: forcing a failure. [ 25.721176] name failslab, interval 1, probability 0, space 0, times 0 [ 25.723472] ? __list_lru_init+0x352/0x750 [ 25.723483] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 25.723491] ? trace_hardirqs_off+0x10/0x10 [ 25.723504] ? find_next_zero_bit+0xe3/0x110 [ 25.771232] ? trace_hardirqs_off+0x10/0x10 [ 25.775528] ? find_held_lock+0x35/0x1d0 [ 25.779566] ? __lock_is_held+0xb6/0x140 [ 25.783607] ? check_same_owner+0x320/0x320 [ 25.787900] ? lock_downgrade+0x980/0x980 [ 25.792026] ? rcu_note_context_switch+0x710/0x710 [ 25.796928] ? find_held_lock+0x35/0x1d0 [ 25.800984] should_failslab+0xec/0x120 [ 25.804930] __kmalloc+0x63/0x760 [ 25.808356] ? lock_downgrade+0x980/0x980 [ 25.812476] ? register_shrinker+0x10e/0x2d0 [ 25.816855] ? trace_event_raw_event_module_request+0x320/0x320 [ 25.822889] register_shrinker+0x10e/0x2d0 [ 25.827099] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 25.832871] ? memcpy+0x45/0x50 [ 25.836129] sget_userns+0xbbf/0xe40 [ 25.839825] ? set_anon_super+0x20/0x20 [ 25.843785] ? put_filp+0x90/0x90 [ 25.847221] ? destroy_unused_super.part.6+0xd0/0xd0 [ 25.852296] ? path_lookupat+0x238/0xba0 [ 25.856336] ? mnt_free_id.isra.21+0x50/0x50 [ 25.860723] ? trace_hardirqs_off+0x10/0x10 [ 25.865016] ? putname+0xee/0x130 [ 25.868443] ? cap_capable+0x1b5/0x230 [ 25.872307] ? security_capable+0x8e/0xc0 [ 25.876431] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.881605] ? ns_capable_common+0xcf/0x160 [ 25.885904] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.891067] mount_ns+0x6d/0x190 [ 25.894408] rpc_mount+0x9e/0xd0 [ 25.897745] mount_fs+0x66/0x2d0 [ 25.901086] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.905639] ? may_umount+0xa0/0xa0 [ 25.909240] ? _raw_read_unlock+0x22/0x30 [ 25.913361] ? __get_fs_type+0x8a/0xc0 [ 25.917223] do_mount+0xea4/0x2bb0 [ 25.920734] ? __might_fault+0x110/0x1d0 [ 25.924769] ? copy_mount_string+0x40/0x40 [ 25.928979] ? check_same_owner+0x320/0x320 [ 25.933295] ? __check_object_size+0x8b/0x530 [ 25.937766] ? __might_sleep+0x95/0x190 [ 25.941713] ? kasan_check_write+0x14/0x20 [ 25.945920] ? _copy_from_user+0x99/0x110 [ 25.950041] ? memdup_user+0x5e/0x90 [ 25.953729] ? copy_mount_options+0x1f7/0x2e0 [ 25.958196] SyS_mount+0xab/0x120 [ 25.961618] ? copy_mnt_ns+0xb30/0xb30 [ 25.965478] do_syscall_64+0x281/0x940 [ 25.969336] ? vmalloc_sync_all+0x30/0x30 [ 25.973453] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.978189] ? syscall_return_slowpath+0x550/0x550 [ 25.983108] ? syscall_return_slowpath+0x2ac/0x550 [ 25.988013] ? prepare_exit_to_usermode+0x350/0x350 [ 25.993002] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.998338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.003161] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.008325] RIP: 0033:0x442cf9 [ 26.011485] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.019174] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 26.026418] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 26.033660] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 26.040919] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff [ 26.048248] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 26.055500] CPU: 0 PID: 4503 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 26.055793] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 26.062868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.062871] Call Trace: [ 26.062885] dump_stack+0x194/0x24d [ 26.062892] ? arch_local_irq_restore+0x53/0x53 [ 26.062899] ? find_held_lock+0x35/0x1d0 [ 26.062908] should_fail+0x8c0/0xa40 [ 26.062913] ? __list_lru_init+0x352/0x750 [ 26.062921] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 26.073170] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 26.079595] ? trace_hardirqs_off+0x10/0x10 [ 26.079603] ? find_next_zero_bit+0xe3/0x110 [ 26.079609] ? trace_hardirqs_off+0x10/0x10 [ 26.079615] ? find_held_lock+0x35/0x1d0 [ 26.079621] ? __lock_is_held+0xb6/0x140 [ 26.079631] ? check_same_owner+0x320/0x320 [ 26.079638] ? lock_downgrade+0x980/0x980 [ 26.144149] ? rcu_note_context_switch+0x710/0x710 [ 26.149064] ? find_held_lock+0x35/0x1d0 [ 26.153101] should_failslab+0xec/0x120 [ 26.157047] __kmalloc+0x63/0x760 [ 26.160471] ? lock_downgrade+0x980/0x980 [ 26.164590] ? register_shrinker+0x10e/0x2d0 [ 26.168970] ? trace_event_raw_event_module_request+0x320/0x320 [ 26.175000] register_shrinker+0x10e/0x2d0 [ 26.179204] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 26.184980] ? memcpy+0x45/0x50 [ 26.188234] sget_userns+0xbbf/0xe40 [ 26.191915] ? set_anon_super+0x20/0x20 [ 26.195860] ? put_filp+0x90/0x90 [ 26.199283] ? destroy_unused_super.part.6+0xd0/0xd0 [ 26.204357] ? mnt_free_id.isra.21+0x50/0x50 [ 26.208738] ? trace_hardirqs_off+0x10/0x10 [ 26.213030] ? putname+0xee/0x130 [ 26.216457] ? cap_capable+0x1b5/0x230 [ 26.220315] ? security_capable+0x8e/0xc0 [ 26.224436] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.229596] ? ns_capable_common+0xcf/0x160 [ 26.233889] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.239049] mount_ns+0x6d/0x190 [ 26.242386] rpc_mount+0x9e/0xd0 [ 26.245726] mount_fs+0x66/0x2d0 [ 26.249069] vfs_kern_mount.part.26+0xc6/0x4a0 [ 26.253619] ? may_umount+0xa0/0xa0 [ 26.257218] ? _raw_read_unlock+0x22/0x30 [ 26.261334] ? __get_fs_type+0x8a/0xc0 [ 26.265193] do_mount+0xea4/0x2bb0 [ 26.268703] ? __might_fault+0x110/0x1d0 [ 26.272739] ? copy_mount_string+0x40/0x40 [ 26.276945] ? check_same_owner+0x320/0x320 [ 26.281236] ? __check_object_size+0x8b/0x530 [ 26.285710] ? __might_sleep+0x95/0x190 [ 26.289661] ? kasan_check_write+0x14/0x20 [ 26.293868] ? _copy_from_user+0x99/0x110 [ 26.297990] ? memdup_user+0x5e/0x90 [ 26.301674] ? copy_mount_options+0x1f7/0x2e0 [ 26.306142] SyS_mount+0xab/0x120 [ 26.309565] ? copy_mnt_ns+0xb30/0xb30 [ 26.313426] do_syscall_64+0x281/0x940 [ 26.317285] ? vmalloc_sync_all+0x30/0x30 [ 26.321402] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.326126] ? syscall_return_slowpath+0x550/0x550 [ 26.331025] ? syscall_return_slowpath+0x2ac/0x550 [ 26.335932] ? prepare_exit_to_usermode+0x350/0x350 [ 26.340917] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.346250] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.351087] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.356252] RIP: 0033:0x442cf9 [ 26.359413] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.367111] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 26.374353] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 26.381592] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 26.388836] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff executing program [ 26.396095] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 26.410049] IPVS: ftp: loaded support on port[0] = 21 [ 26.417700] ------------[ cut here ]------------ [ 26.419061] FAULT_INJECTION: forcing a failure. [ 26.419061] name failslab, interval 1, probability 0, space 0, times 0 [ 26.422469] refcount_t: increment on 0; use-after-free. [ 26.422562] WARNING: CPU: 1 PID: 4499 at lib/refcount.c:153 refcount_inc+0x47/0x50 [ 26.433673] CPU: 0 PID: 4506 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 26.438993] Kernel panic - not syncing: panic_on_warn set ... [ 26.438993] [ 26.446676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.446682] Call Trace: [ 26.473348] dump_stack+0x194/0x24d [ 26.476950] ? arch_local_irq_restore+0x53/0x53 [ 26.481599] ? __lock_acquire+0x664/0x3e00 [ 26.485810] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.490992] should_fail+0x8c0/0xa40 [ 26.494679] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 26.499756] ? get_mem_cgroup_from_mm+0x47c/0x710 [ 26.504570] ? lock_downgrade+0x980/0x980 [ 26.508694] ? trace_hardirqs_off+0x10/0x10 [ 26.512985] ? __lock_is_held+0xb6/0x140 [ 26.517018] ? find_held_lock+0x35/0x1d0 [ 26.521065] ? rcu_read_unlock+0x16/0x70 [ 26.525107] ? lock_downgrade+0x980/0x980 [ 26.529236] should_failslab+0xec/0x120 [ 26.533186] kmem_cache_alloc_trace+0x4b/0x740 [ 26.537746] memcg_kmem_get_cache+0x4d3/0x890 [ 26.542220] ? mem_cgroup_handle_over_high+0x130/0x130 [ 26.547470] ? check_same_owner+0x320/0x320 [ 26.551762] ? rcu_note_context_switch+0x710/0x710 [ 26.556661] ? register_shrinker+0x10e/0x2d0 [ 26.561043] kmem_cache_alloc+0x186/0x760 [ 26.565164] ? find_held_lock+0x35/0x1d0 [ 26.569198] ? rpc_i_callback+0x30/0x30 [ 26.573142] rpc_alloc_inode+0x1a/0x20 [ 26.576997] alloc_inode+0x65/0x180 [ 26.580591] new_inode_pseudo+0x69/0x190 [ 26.584619] ? prune_icache_sb+0x1a0/0x1a0 [ 26.588834] ? __lock_is_held+0xb6/0x140 [ 26.592867] new_inode+0x1c/0x40 [ 26.596201] rpc_get_inode+0x20/0x1e0 [ 26.599970] rpc_fill_super+0x327/0xae0 [ 26.603920] ? cap_capable+0x1b5/0x230 [ 26.607775] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.612933] ? security_capable+0x8e/0xc0 [ 26.617051] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.622212] ? ns_capable_common+0xcf/0x160 [ 26.626503] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.631666] mount_ns+0xc4/0x190 [ 26.635006] rpc_mount+0x9e/0xd0 [ 26.638340] mount_fs+0x66/0x2d0 [ 26.641686] vfs_kern_mount.part.26+0xc6/0x4a0 [ 26.646237] ? may_umount+0xa0/0xa0 [ 26.649835] ? _raw_read_unlock+0x22/0x30 [ 26.653954] ? __get_fs_type+0x8a/0xc0 [ 26.657822] do_mount+0xea4/0x2bb0 [ 26.661330] ? __might_fault+0x110/0x1d0 [ 26.665372] ? copy_mount_string+0x40/0x40 [ 26.669593] ? check_same_owner+0x320/0x320 [ 26.673886] ? __check_object_size+0x8b/0x530 [ 26.678350] ? __might_sleep+0x95/0x190 [ 26.682298] ? kasan_check_write+0x14/0x20 [ 26.686505] ? _copy_from_user+0x99/0x110 [ 26.690626] ? memdup_user+0x5e/0x90 [ 26.694310] ? copy_mount_options+0x1f7/0x2e0 [ 26.698781] SyS_mount+0xab/0x120 [ 26.702209] ? copy_mnt_ns+0xb30/0xb30 [ 26.706075] do_syscall_64+0x281/0x940 [ 26.709943] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 26.715470] ? syscall_return_slowpath+0x550/0x550 [ 26.720377] ? syscall_return_slowpath+0x2ac/0x550 [ 26.725286] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.730631] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.735455] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.740620] RIP: 0033:0x442cf9 [ 26.743787] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.751473] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 26.759479] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 26.766729] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 26.773985] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff [ 26.781234] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 26.788496] CPU: 1 PID: 4499 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 executing program [ 26.795861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.805206] Call Trace: [ 26.807786] dump_stack+0x194/0x24d [ 26.811407] ? arch_local_irq_restore+0x53/0x53 [ 26.816068] ? vsnprintf+0x1ed/0x1900 [ 26.819862] panic+0x1e4/0x41c [ 26.823048] ? refcount_error_report+0x214/0x214 [ 26.827794] ? show_regs_print_info+0x18/0x18 [ 26.828891] IPVS: ftp: loaded support on port[0] = 21 [ 26.832276] ? __warn+0x1c1/0x200 [ 26.832288] ? refcount_inc+0x47/0x50 [ 26.832295] __warn+0x1dc/0x200 [ 26.847939] ? refcount_inc+0x47/0x50 [ 26.850820] FAULT_INJECTION: forcing a failure. [ 26.850820] name failslab, interval 1, probability 0, space 0, times 0 [ 26.851726] report_bug+0x1f4/0x2b0 [ 26.851741] fixup_bug.part.10+0x37/0x80 [ 26.851750] do_error_trap+0x2d7/0x3e0 [ 26.851760] ? vprintk_default+0x28/0x30 [ 26.851772] ? math_error+0x400/0x400 [ 26.882230] ? printk+0xaa/0xca [ 26.885490] ? show_regs_print_info+0x18/0x18 [ 26.889970] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.894798] do_invalid_op+0x1b/0x20 [ 26.898492] invalid_op+0x1b/0x40 [ 26.901928] RIP: 0010:refcount_inc+0x47/0x50 [ 26.906315] RSP: 0018:ffff8801add17860 EFLAGS: 00010286 [ 26.911661] RAX: dffffc0000000008 RBX: ffff8801aea28144 RCX: ffffffff815b421e [ 26.919167] RDX: 0000000000000000 RSI: 1ffff10035ba2ebc RDI: 0000000000000293 [ 26.926414] RBP: ffff8801add17868 R08: 0000000000000000 R09: 0000000000000000 [ 26.933660] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801add17af8 [ 26.940911] R13: ffff8801b45cca93 R14: ffff8801aea28140 R15: ffff8801b45ccb01 [ 26.948171] ? vprintk_func+0x5e/0xc0 [ 26.951960] sk_alloc+0x3f9/0x1440 [ 26.955484] ? sock_def_error_report+0x5e0/0x5e0 [ 26.960218] ? __raw_spin_lock_init+0x2d/0x100 [ 26.964871] ? trace_hardirqs_off+0x10/0x10 [ 26.969171] ? do_raw_write_unlock+0x290/0x290 [ 26.973736] ? trace_hardirqs_off+0x10/0x10 [ 26.978038] ? __raw_spin_lock_init+0x1c/0x100 [ 26.982601] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.987597] ? find_held_lock+0x35/0x1d0 [ 26.991642] ? inet_create+0x3fc/0xf50 [ 26.995508] ? lock_downgrade+0x980/0x980 [ 26.999637] ? lock_release+0xa40/0xa40 [ 27.003593] ? lock_downgrade+0x980/0x980 [ 27.007728] inet_create+0x47c/0xf50 [ 27.011429] ? ipip_gro_receive+0xf0/0xf0 [ 27.015560] ? __lock_is_held+0xb6/0x140 [ 27.019607] __sock_create+0x4d4/0x850 [ 27.023477] ? kernel_sock_ip_overhead+0x4c0/0x4c0 [ 27.028392] ? user_path_create+0x40/0x40 [ 27.032525] SyS_socket+0xeb/0x1d0 [ 27.036046] ? move_addr_to_kernel+0x60/0x60 [ 27.040446] ? do_syscall_64+0xb7/0x940 [ 27.044401] ? move_addr_to_kernel+0x60/0x60 [ 27.048793] do_syscall_64+0x281/0x940 [ 27.052660] ? vmalloc_sync_all+0x30/0x30 [ 27.056786] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.061520] ? syscall_return_slowpath+0x550/0x550 [ 27.066438] ? syscall_return_slowpath+0x2ac/0x550 [ 27.071349] ? prepare_exit_to_usermode+0x350/0x350 [ 27.076347] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.081702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.086530] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.091700] RIP: 0033:0x445777 [ 27.094871] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 27.102562] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445777 [ 27.109813] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 27.117061] RBP: 00007ffe2ed47460 R08: 0000000000000000 R09: 0000000000000001 [ 27.124310] R10: 000000000000000a R11: 0000000000000206 R12: 0000000000000002 [ 27.131562] R13: 0000000000000002 R14: 000000000000636e R15: 00007ffe2ed47488 [ 27.138823] CPU: 0 PID: 4509 Comm: syzkaller824624 Not tainted 4.16.0-rc6+ #42 [ 27.146169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.155494] Call Trace: [ 27.158055] dump_stack+0x194/0x24d [ 27.161657] ? arch_local_irq_restore+0x53/0x53 [ 27.166301] ? find_held_lock+0x35/0x1d0 [ 27.170338] should_fail+0x8c0/0xa40 [ 27.174029] ? __list_lru_init+0x352/0x750 [ 27.178240] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 27.183314] ? trace_hardirqs_off+0x10/0x10 [ 27.187608] ? find_next_zero_bit+0xe3/0x110 [ 27.191992] ? trace_hardirqs_off+0x10/0x10 [ 27.196288] ? find_held_lock+0x35/0x1d0 [ 27.200326] ? __lock_is_held+0xb6/0x140 [ 27.204365] ? check_same_owner+0x320/0x320 [ 27.208659] ? lock_downgrade+0x980/0x980 [ 27.212782] ? rcu_note_context_switch+0x710/0x710 [ 27.217684] ? find_held_lock+0x35/0x1d0 [ 27.221719] should_failslab+0xec/0x120 [ 27.225668] __kmalloc+0x63/0x760 [ 27.229102] ? lock_downgrade+0x980/0x980 [ 27.233226] ? register_shrinker+0x10e/0x2d0 [ 27.237609] ? trace_event_raw_event_module_request+0x320/0x320 [ 27.243643] register_shrinker+0x10e/0x2d0 [ 27.247851] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 27.253620] ? memcpy+0x45/0x50 [ 27.256876] sget_userns+0xbbf/0xe40 [ 27.260562] ? set_anon_super+0x20/0x20 [ 27.264511] ? put_filp+0x90/0x90 [ 27.267941] ? destroy_unused_super.part.6+0xd0/0xd0 [ 27.273016] ? path_lookupat+0x238/0xba0 [ 27.277052] ? mnt_free_id.isra.21+0x50/0x50 [ 27.281435] ? trace_hardirqs_off+0x10/0x10 [ 27.285733] ? putname+0xee/0x130 [ 27.289165] ? cap_capable+0x1b5/0x230 [ 27.293031] ? security_capable+0x8e/0xc0 [ 27.297157] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.302321] ? ns_capable_common+0xcf/0x160 [ 27.306616] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.311778] mount_ns+0x6d/0x190 [ 27.315121] rpc_mount+0x9e/0xd0 [ 27.318464] mount_fs+0x66/0x2d0 [ 27.321808] vfs_kern_mount.part.26+0xc6/0x4a0 [ 27.326365] ? may_umount+0xa0/0xa0 [ 27.329967] ? _raw_read_unlock+0x22/0x30 [ 27.334102] ? __get_fs_type+0x8a/0xc0 [ 27.337968] do_mount+0xea4/0x2bb0 [ 27.341482] ? __might_fault+0x110/0x1d0 [ 27.345520] ? copy_mount_string+0x40/0x40 [ 27.349728] ? check_same_owner+0x320/0x320 [ 27.354026] ? __check_object_size+0x8b/0x530 [ 27.358498] ? __might_sleep+0x95/0x190 [ 27.362450] ? kasan_check_write+0x14/0x20 [ 27.366658] ? _copy_from_user+0x99/0x110 [ 27.370958] ? memdup_user+0x5e/0x90 [ 27.374646] ? copy_mount_options+0x1f7/0x2e0 [ 27.379120] SyS_mount+0xab/0x120 [ 27.382545] ? copy_mnt_ns+0xb30/0xb30 [ 27.386410] do_syscall_64+0x281/0x940 [ 27.390273] ? vmalloc_sync_all+0x30/0x30 [ 27.394399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.399131] ? syscall_return_slowpath+0x550/0x550 [ 27.404034] ? syscall_return_slowpath+0x2ac/0x550 [ 27.408938] ? prepare_exit_to_usermode+0x350/0x350 [ 27.413936] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.419274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.424096] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.429258] RIP: 0033:0x442cf9 [ 27.432420] RSP: 002b:00007ffe2ed47348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 27.440100] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cf9 [ 27.447343] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 27.454589] RBP: 00007ffe2ed47bf0 R08: 0000000000000000 R09: 0000000000000000 [ 27.461834] R10: 0000000000200000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.469077] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffe2ed47488 [ 27.476750] Dumping ftrace buffer: [ 27.480414] (ftrace buffer empty) [ 27.484096] Kernel Offset: disabled [ 27.487698] Rebooting in 86400 seconds..