INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. syzkaller login: [ 45.086167] IPVS: ftp: loaded support on port[0] = 21 executing program [ 45.112778] IPVS: ftp: loaded support on port[0] = 21 [ 45.130824] FAULT_INJECTION: forcing a failure. [ 45.130824] name failslab, interval 1, probability 0, space 0, times 1 [ 45.140229] IPVS: ftp: loaded support on port[0] = 21 [ 45.146782] CPU: 1 PID: 4463 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 executing program [ 45.159295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.168629] Call Trace: [ 45.171196] dump_stack+0x194/0x24d [ 45.174801] ? arch_local_irq_restore+0x53/0x53 [ 45.179489] should_fail+0x8c0/0xa40 [ 45.183180] ? __free_insn_slot+0x5c0/0x5c0 [ 45.188005] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 45.191151] FAULT_INJECTION: forcing a failure. [ 45.191151] name failslab, interval 1, probability 0, space 0, times 1 [ 45.193096] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.193104] ? __lock_acquire+0x664/0x3e00 [ 45.193110] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.193124] ? find_held_lock+0x35/0x1d0 [ 45.222906] ? __lock_is_held+0xb6/0x140 [ 45.226957] ? check_same_owner+0x320/0x320 [ 45.231253] ? __d_lookup+0x4f4/0x830 [ 45.235034] ? rcu_note_context_switch+0x710/0x710 [ 45.239950] should_failslab+0xec/0x120 [ 45.243902] kmem_cache_alloc+0x47/0x760 [ 45.247961] __d_alloc+0xc1/0xbd0 [ 45.251391] ? shrink_dcache_for_umount+0x290/0x290 [ 45.256382] ? d_alloc_parallel+0x1b40/0x1b40 [ 45.260857] ? lock_release+0xa40/0xa40 [ 45.264809] ? mark_held_locks+0xaf/0x100 [ 45.268929] ? d_lookup+0x133/0x2e0 [ 45.272533] ? d_lookup+0x1d5/0x2e0 [ 45.276485] d_alloc+0x8e/0x340 [ 45.279739] ? __d_alloc+0xbd0/0xbd0 [ 45.283432] ? full_name_hash+0x9b/0xe0 [ 45.287398] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 45.292657] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 45.296875] rpc_populate.constprop.15+0xa3/0x340 [ 45.301698] rpc_fill_super+0x379/0xae0 [ 45.305648] ? cap_capable+0x1b5/0x230 [ 45.309507] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.314670] ? security_capable+0x8e/0xc0 [ 45.318790] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.323950] ? ns_capable_common+0xcf/0x160 [ 45.328247] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.333408] mount_ns+0xc4/0x190 [ 45.336752] rpc_mount+0x9e/0xd0 [ 45.340092] mount_fs+0x66/0x2d0 [ 45.343434] vfs_kern_mount.part.26+0xc6/0x4a0 [ 45.347989] ? may_umount+0xa0/0xa0 [ 45.351591] ? _raw_read_unlock+0x22/0x30 [ 45.355713] ? __get_fs_type+0x8a/0xc0 [ 45.359577] do_mount+0xea4/0x2bb0 [ 45.363087] ? __might_fault+0x110/0x1d0 [ 45.367127] ? copy_mount_string+0x40/0x40 [ 45.371337] ? check_same_owner+0x320/0x320 [ 45.375634] ? __check_object_size+0x8b/0x530 [ 45.380111] ? __might_sleep+0x95/0x190 [ 45.384072] ? kasan_check_write+0x14/0x20 [ 45.388285] ? _copy_from_user+0x99/0x110 [ 45.392422] ? memdup_user+0x5e/0x90 [ 45.396194] ? copy_mount_options+0x1f7/0x2e0 [ 45.400666] SyS_mount+0xab/0x120 [ 45.404092] ? copy_mnt_ns+0xb30/0xb30 [ 45.407955] do_syscall_64+0x281/0x940 [ 45.411817] ? __do_page_fault+0xc90/0xc90 [ 45.416022] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.420499] ? finish_task_switch+0x1c1/0x7e0 [ 45.424991] ? syscall_return_slowpath+0x550/0x550 [ 45.429992] ? syscall_return_slowpath+0x2ac/0x550 [ 45.434997] ? prepare_exit_to_usermode+0x350/0x350 [ 45.440512] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 45.445888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.450731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.455897] RIP: 0033:0x448159 [ 45.459062] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 45.466753] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 45.474026] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 45.481279] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 45.488531] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 45.495862] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 45.503137] CPU: 0 PID: 4466 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 45.506136] IPVS: ftp: loaded support on port[0] = 21 [ 45.510498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.510502] Call Trace: [ 45.510520] dump_stack+0x194/0x24d [ 45.510530] ? arch_local_irq_restore+0x53/0x53 [ 45.536013] should_fail+0x8c0/0xa40 [ 45.539503] IPVS: ftp: loaded support on port[0] = 21 [ 45.539706] ? __free_insn_slot+0x5c0/0x5c0 [ 45.549198] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 45.554283] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.559451] ? __lock_acquire+0x664/0x3e00 [ 45.563617] FAULT_INJECTION: forcing a failure. [ 45.563617] name failslab, interval 1, probability 0, space 0, times 0 [ 45.563663] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.580030] ? find_held_lock+0x35/0x1d0 [ 45.584073] ? __lock_is_held+0xb6/0x140 [ 45.588120] ? check_same_owner+0x320/0x320 [ 45.592413] ? __d_lookup+0x4f4/0x830 [ 45.596189] ? rcu_note_context_switch+0x710/0x710 [ 45.601100] should_failslab+0xec/0x120 [ 45.605049] kmem_cache_alloc+0x47/0x760 [ 45.609107] __d_alloc+0xc1/0xbd0 [ 45.612540] ? shrink_dcache_for_umount+0x290/0x290 [ 45.617535] ? d_alloc_parallel+0x1b40/0x1b40 [ 45.622012] ? lock_release+0xa40/0xa40 [ 45.625965] ? mark_held_locks+0xaf/0x100 [ 45.630086] ? d_lookup+0x133/0x2e0 [ 45.633695] ? d_lookup+0x1d5/0x2e0 [ 45.637302] d_alloc+0x8e/0x340 [ 45.640564] ? __d_alloc+0xbd0/0xbd0 [ 45.644256] ? full_name_hash+0x9b/0xe0 [ 45.648224] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 45.653495] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 45.657715] rpc_populate.constprop.15+0xa3/0x340 [ 45.662540] rpc_fill_super+0x379/0xae0 [ 45.666494] ? cap_capable+0x1b5/0x230 [ 45.670363] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.675537] ? security_capable+0x8e/0xc0 [ 45.679747] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.684911] ? ns_capable_common+0xcf/0x160 [ 45.689215] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 45.694377] mount_ns+0xc4/0x190 [ 45.697719] rpc_mount+0x9e/0xd0 [ 45.701062] mount_fs+0x66/0x2d0 [ 45.704408] vfs_kern_mount.part.26+0xc6/0x4a0 [ 45.708967] ? may_umount+0xa0/0xa0 [ 45.712574] ? _raw_read_unlock+0x22/0x30 [ 45.716697] ? __get_fs_type+0x8a/0xc0 [ 45.720738] do_mount+0xea4/0x2bb0 [ 45.724252] ? __might_fault+0x110/0x1d0 [ 45.728294] ? copy_mount_string+0x40/0x40 [ 45.732510] ? check_same_owner+0x320/0x320 [ 45.736807] ? __check_object_size+0x8b/0x530 [ 45.741524] ? __might_sleep+0x95/0x190 [ 45.745481] ? kasan_check_write+0x14/0x20 [ 45.749691] ? _copy_from_user+0x99/0x110 [ 45.753821] ? memdup_user+0x5e/0x90 [ 45.757768] ? copy_mount_options+0x1f7/0x2e0 [ 45.762239] SyS_mount+0xab/0x120 [ 45.765667] ? copy_mnt_ns+0xb30/0xb30 [ 45.769539] do_syscall_64+0x281/0x940 [ 45.773398] ? __do_page_fault+0xc90/0xc90 [ 45.777604] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.782072] ? finish_task_switch+0x1c1/0x7e0 [ 45.786543] ? syscall_return_slowpath+0x550/0x550 [ 45.791445] ? syscall_return_slowpath+0x2ac/0x550 [ 45.796345] ? prepare_exit_to_usermode+0x350/0x350 [ 45.801338] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 45.806680] ? trace_hardirqs_off_thunk+0x1a/0x1c executing program executing program [ 45.811499] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.816662] RIP: 0033:0x448159 [ 45.819826] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 45.827511] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 45.834753] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 45.841997] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 45.849246] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 45.856485] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 45.863749] CPU: 1 PID: 4468 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 45.869700] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 45.871128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.871132] Call Trace: [ 45.871149] dump_stack+0x194/0x24d [ 45.871159] ? arch_local_irq_restore+0x53/0x53 [ 45.871181] should_fail+0x8c0/0xa40 [ 45.879629] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 45.887916] ? __free_insn_slot+0x5c0/0x5c0 [ 45.887926] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 45.887939] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.887947] ? __lock_acquire+0x664/0x3e00 [ 45.887952] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 45.887963] ? find_held_lock+0x35/0x1d0 [ 45.887975] ? __lock_is_held+0xb6/0x140 [ 45.915201] IPVS: ftp: loaded support on port[0] = 21 [ 45.919196] ? check_same_owner+0x320/0x320 [ 45.919205] ? __d_lookup+0x4f4/0x830 [ 45.919216] ? rcu_note_context_switch+0x710/0x710 [ 45.959988] should_failslab+0xec/0x120 executing program [ 45.963941] kmem_cache_alloc+0x47/0x760 [ 45.967990] __d_alloc+0xc1/0xbd0 [ 45.971435] ? shrink_dcache_for_umount+0x290/0x290 [ 45.971913] FAULT_INJECTION: forcing a failure. [ 45.971913] name failslab, interval 1, probability 0, space 0, times 0 [ 45.976444] ? d_alloc_parallel+0x1b40/0x1b40 [ 45.976458] ? lock_release+0xa40/0xa40 [ 45.976469] ? mark_held_locks+0xaf/0x100 [ 45.976475] ? d_lookup+0x133/0x2e0 [ 45.976486] ? d_lookup+0x1d5/0x2e0 [ 45.976500] d_alloc+0x8e/0x340 [ 46.010650] ? __d_alloc+0xbd0/0xbd0 [ 46.014335] ? full_name_hash+0x9b/0xe0 [ 46.018310] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 46.023564] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 46.027782] rpc_populate.constprop.15+0xa3/0x340 [ 46.032605] rpc_fill_super+0x379/0xae0 [ 46.036558] ? cap_capable+0x1b5/0x230 [ 46.040419] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.045589] ? security_capable+0x8e/0xc0 [ 46.049717] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.054883] ? ns_capable_common+0xcf/0x160 [ 46.059181] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.064350] mount_ns+0xc4/0x190 [ 46.067695] rpc_mount+0x9e/0xd0 [ 46.071037] mount_fs+0x66/0x2d0 [ 46.074380] vfs_kern_mount.part.26+0xc6/0x4a0 [ 46.078935] ? may_umount+0xa0/0xa0 [ 46.082537] ? _raw_read_unlock+0x22/0x30 [ 46.086663] ? __get_fs_type+0x8a/0xc0 [ 46.090710] do_mount+0xea4/0x2bb0 [ 46.094224] ? __might_fault+0x110/0x1d0 [ 46.098265] ? copy_mount_string+0x40/0x40 [ 46.102475] ? check_same_owner+0x320/0x320 [ 46.106771] ? __check_object_size+0x8b/0x530 [ 46.111246] ? __might_sleep+0x95/0x190 [ 46.115201] ? kasan_check_write+0x14/0x20 [ 46.119408] ? _copy_from_user+0x99/0x110 [ 46.123532] ? memdup_user+0x5e/0x90 [ 46.127221] ? copy_mount_options+0x1f7/0x2e0 [ 46.132128] SyS_mount+0xab/0x120 [ 46.135552] ? copy_mnt_ns+0xb30/0xb30 [ 46.139431] do_syscall_64+0x281/0x940 [ 46.143293] ? __do_page_fault+0xc90/0xc90 [ 46.147512] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.151991] ? finish_task_switch+0x1c1/0x7e0 [ 46.156460] ? syscall_return_slowpath+0x550/0x550 [ 46.161360] ? syscall_return_slowpath+0x2ac/0x550 [ 46.166263] ? prepare_exit_to_usermode+0x350/0x350 [ 46.171259] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 46.176615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.181439] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.186785] RIP: 0033:0x448159 [ 46.190395] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.198101] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 46.205349] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 46.212680] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 46.219928] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 46.227435] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 46.234709] CPU: 0 PID: 4474 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 46.242088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.243570] IPVS: ftp: loaded support on port[0] = 21 [ 46.251437] Call Trace: [ 46.251459] dump_stack+0x194/0x24d [ 46.251468] ? arch_local_irq_restore+0x53/0x53 [ 46.251481] ? find_held_lock+0x35/0x1d0 [ 46.251498] should_fail+0x8c0/0xa40 [ 46.275337] ? __list_lru_init+0x352/0x750 [ 46.279563] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 46.284645] ? trace_hardirqs_off+0x10/0x10 [ 46.289044] ? find_next_zero_bit+0xe3/0x110 [ 46.293717] ? trace_hardirqs_off+0x10/0x10 [ 46.294089] FAULT_INJECTION: forcing a failure. [ 46.294089] name failslab, interval 1, probability 0, space 0, times 0 [ 46.298026] ? find_held_lock+0x35/0x1d0 [ 46.298039] ? __lock_is_held+0xb6/0x140 [ 46.298063] ? check_same_owner+0x320/0x320 [ 46.322497] ? lock_downgrade+0x980/0x980 [ 46.326630] ? rcu_note_context_switch+0x710/0x710 [ 46.331544] ? find_held_lock+0x35/0x1d0 [ 46.335590] should_failslab+0xec/0x120 [ 46.339561] __kmalloc+0x63/0x760 [ 46.343001] ? lock_downgrade+0x980/0x980 [ 46.347134] ? register_shrinker+0x10e/0x2d0 [ 46.351522] ? trace_event_raw_event_module_request+0x320/0x320 [ 46.357558] register_shrinker+0x10e/0x2d0 [ 46.361770] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 46.367546] ? memcpy+0x45/0x50 [ 46.370807] sget_userns+0xbbf/0xe40 [ 46.374492] ? set_anon_super+0x20/0x20 [ 46.378448] ? put_filp+0x90/0x90 [ 46.381875] ? destroy_unused_super.part.6+0xd0/0xd0 [ 46.386964] ? path_lookupat+0x238/0xba0 [ 46.391002] ? mnt_free_id.isra.21+0x50/0x50 [ 46.395390] ? trace_hardirqs_off+0x10/0x10 [ 46.399687] ? putname+0xee/0x130 [ 46.403118] ? cap_capable+0x1b5/0x230 [ 46.406984] ? security_capable+0x8e/0xc0 [ 46.411122] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.416298] ? ns_capable_common+0xcf/0x160 [ 46.420596] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.425769] mount_ns+0x6d/0x190 [ 46.429114] rpc_mount+0x9e/0xd0 [ 46.432463] mount_fs+0x66/0x2d0 [ 46.435808] vfs_kern_mount.part.26+0xc6/0x4a0 [ 46.440365] ? may_umount+0xa0/0xa0 [ 46.443978] ? _raw_read_unlock+0x22/0x30 [ 46.448104] ? __get_fs_type+0x8a/0xc0 [ 46.451973] do_mount+0xea4/0x2bb0 [ 46.455491] ? __might_fault+0x110/0x1d0 [ 46.459534] ? copy_mount_string+0x40/0x40 [ 46.463746] ? check_same_owner+0x320/0x320 [ 46.468130] ? __check_object_size+0x8b/0x530 [ 46.472610] ? __might_sleep+0x95/0x190 [ 46.476562] ? kasan_check_write+0x14/0x20 [ 46.480782] ? _copy_from_user+0x99/0x110 [ 46.484907] ? memdup_user+0x5e/0x90 [ 46.488595] ? copy_mount_options+0x1f7/0x2e0 [ 46.493069] SyS_mount+0xab/0x120 [ 46.496496] ? copy_mnt_ns+0xb30/0xb30 [ 46.500360] do_syscall_64+0x281/0x940 [ 46.504224] ? __do_page_fault+0xc90/0xc90 [ 46.508430] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.512897] ? finish_task_switch+0x1c1/0x7e0 [ 46.517367] ? syscall_return_slowpath+0x550/0x550 [ 46.522271] ? syscall_return_slowpath+0x2ac/0x550 [ 46.527172] ? prepare_exit_to_usermode+0x350/0x350 [ 46.532161] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 46.537508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.542336] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.547499] RIP: 0033:0x448159 [ 46.550664] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.558347] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 executing program executing program executing program [ 46.565610] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 46.572854] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 46.580097] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 46.587341] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 46.594617] CPU: 1 PID: 4479 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 46.601979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.602194] IPVS: ftp: loaded support on port[0] = 21 [ 46.611320] Call Trace: executing program [ 46.611340] dump_stack+0x194/0x24d [ 46.611350] ? arch_local_irq_restore+0x53/0x53 [ 46.611362] ? find_held_lock+0x35/0x1d0 [ 46.611383] should_fail+0x8c0/0xa40 [ 46.635092] ? __list_lru_init+0x352/0x750 [ 46.639313] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 46.644401] ? trace_hardirqs_off+0x10/0x10 [ 46.647232] FAULT_INJECTION: forcing a failure. [ 46.647232] name failslab, interval 1, probability 0, space 0, times 0 [ 46.648699] ? find_next_zero_bit+0xe3/0x110 [ 46.648709] ? trace_hardirqs_off+0x10/0x10 [ 46.648720] ? find_held_lock+0x35/0x1d0 [ 46.648732] ? __lock_is_held+0xb6/0x140 [ 46.676677] ? check_same_owner+0x320/0x320 [ 46.680972] ? lock_downgrade+0x980/0x980 [ 46.685106] ? rcu_note_context_switch+0x710/0x710 [ 46.690009] ? find_held_lock+0x35/0x1d0 [ 46.694057] should_failslab+0xec/0x120 [ 46.698017] __kmalloc+0x63/0x760 [ 46.701457] ? lock_downgrade+0x980/0x980 [ 46.705597] ? register_shrinker+0x10e/0x2d0 [ 46.709982] ? trace_event_raw_event_module_request+0x320/0x320 [ 46.716040] register_shrinker+0x10e/0x2d0 [ 46.720250] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 46.726040] ? memcpy+0x45/0x50 [ 46.729301] sget_userns+0xbbf/0xe40 [ 46.732988] ? set_anon_super+0x20/0x20 [ 46.736955] ? put_filp+0x90/0x90 [ 46.740386] ? destroy_unused_super.part.6+0xd0/0xd0 [ 46.745466] ? path_lookupat+0x238/0xba0 [ 46.749503] ? mnt_free_id.isra.21+0x50/0x50 [ 46.753892] ? trace_hardirqs_off+0x10/0x10 [ 46.758190] ? putname+0xee/0x130 [ 46.761629] ? cap_capable+0x1b5/0x230 [ 46.765508] ? security_capable+0x8e/0xc0 [ 46.769632] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.774793] ? ns_capable_common+0xcf/0x160 [ 46.779090] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 46.784247] mount_ns+0x6d/0x190 [ 46.788077] rpc_mount+0x9e/0xd0 [ 46.791422] mount_fs+0x66/0x2d0 [ 46.794768] vfs_kern_mount.part.26+0xc6/0x4a0 [ 46.799325] ? may_umount+0xa0/0xa0 [ 46.802924] ? _raw_read_unlock+0x22/0x30 [ 46.807043] ? __get_fs_type+0x8a/0xc0 [ 46.810907] do_mount+0xea4/0x2bb0 [ 46.814420] ? __might_fault+0x110/0x1d0 [ 46.818458] ? copy_mount_string+0x40/0x40 [ 46.822668] ? check_same_owner+0x320/0x320 [ 46.826964] ? __check_object_size+0x8b/0x530 [ 46.831439] ? __might_sleep+0x95/0x190 [ 46.835392] ? kasan_check_write+0x14/0x20 [ 46.839603] ? _copy_from_user+0x99/0x110 [ 46.843737] ? memdup_user+0x5e/0x90 [ 46.847426] ? copy_mount_options+0x1f7/0x2e0 [ 46.851904] SyS_mount+0xab/0x120 [ 46.855334] ? copy_mnt_ns+0xb30/0xb30 [ 46.859205] do_syscall_64+0x281/0x940 [ 46.863073] ? __do_page_fault+0xc90/0xc90 [ 46.867290] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.871761] ? finish_task_switch+0x1c1/0x7e0 [ 46.876231] ? syscall_return_slowpath+0x550/0x550 [ 46.881132] ? syscall_return_slowpath+0x2ac/0x550 [ 46.886035] ? prepare_exit_to_usermode+0x350/0x350 [ 46.891023] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 46.896423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.901291] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.906466] RIP: 0033:0x448159 [ 46.909638] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.917329] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 46.924580] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 46.931832] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 46.939083] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 46.946344] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 46.953629] CPU: 0 PID: 4484 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 46.961003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.970355] Call Trace: [ 46.972123] FAULT_INJECTION: forcing a failure. [ 46.972123] name failslab, interval 1, probability 0, space 0, times 0 [ 46.972947] dump_stack+0x194/0x24d [ 46.972962] ? arch_local_irq_restore+0x53/0x53 [ 46.992394] ? find_held_lock+0x35/0x1d0 [ 46.996454] should_fail+0x8c0/0xa40 [ 47.000155] ? __list_lru_init+0x352/0x750 [ 47.004379] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 47.009466] ? trace_hardirqs_off+0x10/0x10 [ 47.013780] ? find_next_zero_bit+0xe3/0x110 [ 47.018177] ? trace_hardirqs_off+0x10/0x10 [ 47.022495] ? find_held_lock+0x35/0x1d0 [ 47.026546] ? __lock_is_held+0xb6/0x140 [ 47.030610] ? check_same_owner+0x320/0x320 [ 47.034912] ? lock_downgrade+0x980/0x980 [ 47.039059] ? rcu_note_context_switch+0x710/0x710 [ 47.043971] ? find_held_lock+0x35/0x1d0 [ 47.048029] should_failslab+0xec/0x120 [ 47.052248] __kmalloc+0x63/0x760 [ 47.055685] ? lock_downgrade+0x980/0x980 [ 47.059824] ? register_shrinker+0x10e/0x2d0 [ 47.064215] ? trace_event_raw_event_module_request+0x320/0x320 [ 47.070265] register_shrinker+0x10e/0x2d0 [ 47.074485] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 47.080269] ? memcpy+0x45/0x50 [ 47.083542] sget_userns+0xbbf/0xe40 [ 47.087242] ? set_anon_super+0x20/0x20 [ 47.091206] ? put_filp+0x90/0x90 [ 47.094644] ? destroy_unused_super.part.6+0xd0/0xd0 [ 47.099731] ? path_lookupat+0x238/0xba0 [ 47.103779] ? mnt_free_id.isra.21+0x50/0x50 [ 47.108177] ? trace_hardirqs_off+0x10/0x10 [ 47.112485] ? putname+0xee/0x130 [ 47.115929] ? cap_capable+0x1b5/0x230 [ 47.119810] ? security_capable+0x8e/0xc0 [ 47.123949] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.129120] ? ns_capable_common+0xcf/0x160 [ 47.133430] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.138600] mount_ns+0x6d/0x190 [ 47.141957] rpc_mount+0x9e/0xd0 [ 47.145313] mount_fs+0x66/0x2d0 [ 47.148668] vfs_kern_mount.part.26+0xc6/0x4a0 [ 47.153248] ? may_umount+0xa0/0xa0 [ 47.156859] ? _raw_read_unlock+0x22/0x30 [ 47.160990] ? __get_fs_type+0x8a/0xc0 [ 47.164871] do_mount+0xea4/0x2bb0 [ 47.168395] ? __might_fault+0x110/0x1d0 [ 47.172451] ? copy_mount_string+0x40/0x40 [ 47.176670] ? check_same_owner+0x320/0x320 [ 47.180972] ? __check_object_size+0x8b/0x530 [ 47.185464] ? __might_sleep+0x95/0x190 [ 47.189435] ? kasan_check_write+0x14/0x20 [ 47.193655] ? _copy_from_user+0x99/0x110 [ 47.197794] ? memdup_user+0x5e/0x90 [ 47.201493] ? copy_mount_options+0x1f7/0x2e0 [ 47.205984] SyS_mount+0xab/0x120 [ 47.209424] ? copy_mnt_ns+0xb30/0xb30 [ 47.213300] do_syscall_64+0x281/0x940 [ 47.217192] ? __do_page_fault+0xc90/0xc90 [ 47.221411] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.225894] ? finish_task_switch+0x1c1/0x7e0 [ 47.230378] ? syscall_return_slowpath+0x550/0x550 [ 47.235294] ? syscall_return_slowpath+0x2ac/0x550 [ 47.240210] ? prepare_exit_to_usermode+0x350/0x350 [ 47.245212] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 47.250570] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.255410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.260582] RIP: 0033:0x448159 [ 47.263753] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 executing program [ 47.271445] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 47.278785] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 47.286103] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 47.293361] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 47.300613] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 47.307896] CPU: 1 PID: 4486 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 executing program executing program [ 47.315261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.324613] Call Trace: [ 47.327239] dump_stack+0x194/0x24d [ 47.330909] ? arch_local_irq_restore+0x53/0x53 [ 47.335085] FAULT_INJECTION: forcing a failure. [ 47.335085] name failslab, interval 1, probability 0, space 0, times 0 [ 47.335586] ? find_held_lock+0x35/0x1d0 [ 47.335607] should_fail+0x8c0/0xa40 [ 47.354498] ? __list_lru_init+0x352/0x750 [ 47.358723] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 47.363809] ? trace_hardirqs_off+0x10/0x10 [ 47.368116] ? find_next_zero_bit+0xe3/0x110 [ 47.372513] ? trace_hardirqs_off+0x10/0x10 [ 47.376826] ? find_held_lock+0x35/0x1d0 [ 47.380881] ? __lock_is_held+0xb6/0x140 [ 47.384947] ? check_same_owner+0x320/0x320 [ 47.389246] ? lock_downgrade+0x980/0x980 [ 47.393382] ? rcu_note_context_switch+0x710/0x710 [ 47.398296] ? find_held_lock+0x35/0x1d0 [ 47.402349] should_failslab+0xec/0x120 [ 47.406332] __kmalloc+0x63/0x760 [ 47.409766] ? lock_downgrade+0x980/0x980 [ 47.413906] ? register_shrinker+0x10e/0x2d0 [ 47.418304] ? trace_event_raw_event_module_request+0x320/0x320 [ 47.424350] register_shrinker+0x10e/0x2d0 [ 47.428572] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 47.434353] ? memcpy+0x45/0x50 [ 47.437627] sget_userns+0xbbf/0xe40 [ 47.441321] ? set_anon_super+0x20/0x20 [ 47.445285] ? put_filp+0x90/0x90 [ 47.448723] ? destroy_unused_super.part.6+0xd0/0xd0 [ 47.453812] ? path_lookupat+0x238/0xba0 [ 47.457863] ? mnt_free_id.isra.21+0x50/0x50 [ 47.462261] ? trace_hardirqs_off+0x10/0x10 [ 47.466568] ? putname+0xee/0x130 [ 47.470009] ? cap_capable+0x1b5/0x230 [ 47.473889] ? security_capable+0x8e/0xc0 [ 47.478027] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.483197] ? ns_capable_common+0xcf/0x160 [ 47.487506] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.492678] mount_ns+0x6d/0x190 [ 47.496038] rpc_mount+0x9e/0xd0 [ 47.499392] mount_fs+0x66/0x2d0 [ 47.502749] vfs_kern_mount.part.26+0xc6/0x4a0 [ 47.507320] ? may_umount+0xa0/0xa0 [ 47.510932] ? _raw_read_unlock+0x22/0x30 [ 47.515588] ? __get_fs_type+0x8a/0xc0 [ 47.519468] do_mount+0xea4/0x2bb0 [ 47.522986] ? __might_fault+0x110/0x1d0 [ 47.527043] ? copy_mount_string+0x40/0x40 [ 47.531259] ? check_same_owner+0x320/0x320 [ 47.535563] ? __check_object_size+0x8b/0x530 [ 47.540050] ? __might_sleep+0x95/0x190 [ 47.544017] ? kasan_check_write+0x14/0x20 [ 47.548244] ? _copy_from_user+0x99/0x110 [ 47.552553] ? memdup_user+0x5e/0x90 [ 47.556249] ? copy_mount_options+0x1f7/0x2e0 [ 47.560741] SyS_mount+0xab/0x120 [ 47.564182] ? copy_mnt_ns+0xb30/0xb30 [ 47.568059] do_syscall_64+0x281/0x940 [ 47.571933] ? __do_page_fault+0xc90/0xc90 [ 47.576147] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.580623] ? finish_task_switch+0x1c1/0x7e0 [ 47.586085] ? syscall_return_slowpath+0x550/0x550 [ 47.591021] ? syscall_return_slowpath+0x2ac/0x550 [ 47.595957] ? prepare_exit_to_usermode+0x350/0x350 [ 47.600958] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 47.606310] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.611144] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.616314] RIP: 0033:0x448159 executing program [ 47.619485] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.627175] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 47.634427] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 47.641678] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 47.648932] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 47.656186] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 47.663470] CPU: 0 PID: 4489 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 47.670834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.678214] FAULT_INJECTION: forcing a failure. [ 47.678214] name failslab, interval 1, probability 0, space 0, times 0 [ 47.680174] Call Trace: [ 47.680190] dump_stack+0x194/0x24d [ 47.680204] ? arch_local_irq_restore+0x53/0x53 [ 47.680218] ? trace_hardirqs_off+0x10/0x10 [ 47.706491] ? register_shrinker+0x10e/0x2d0 [ 47.710880] ? sget_userns+0xbbf/0xe40 [ 47.714746] ? mount_ns+0x6d/0x190 [ 47.718283] should_fail+0x8c0/0xa40 [ 47.721978] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 47.727155] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 47.732239] ? find_held_lock+0x35/0x1d0 [ 47.736294] ? register_shrinker+0x230/0x2d0 [ 47.740692] ? find_held_lock+0x35/0x1d0 [ 47.744743] ? __lock_is_held+0xb6/0x140 [ 47.748805] ? check_same_owner+0x320/0x320 [ 47.753872] ? trace_hardirqs_off+0x10/0x10 [ 47.758183] ? rcu_note_context_switch+0x710/0x710 [ 47.763094] ? register_shrinker+0x10e/0x2d0 [ 47.767496] should_failslab+0xec/0x120 [ 47.771453] kmem_cache_alloc+0x47/0x760 [ 47.775493] ? find_held_lock+0x35/0x1d0 [ 47.779549] ? rpc_i_callback+0x30/0x30 [ 47.783509] rpc_alloc_inode+0x1a/0x20 [ 47.787378] alloc_inode+0x65/0x180 [ 47.790987] new_inode_pseudo+0x69/0x190 [ 47.795032] ? prune_icache_sb+0x1a0/0x1a0 [ 47.799254] ? __lock_is_held+0xb6/0x140 [ 47.803302] new_inode+0x1c/0x40 [ 47.806649] rpc_get_inode+0x20/0x1e0 [ 47.810435] rpc_fill_super+0x327/0xae0 [ 47.814395] ? cap_capable+0x1b5/0x230 [ 47.818264] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.823445] ? security_capable+0x8e/0xc0 [ 47.827582] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.832752] ? ns_capable_common+0xcf/0x160 [ 47.837060] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 47.842316] mount_ns+0xc4/0x190 [ 47.845670] rpc_mount+0x9e/0xd0 [ 47.849024] mount_fs+0x66/0x2d0 [ 47.852381] vfs_kern_mount.part.26+0xc6/0x4a0 [ 47.856948] ? may_umount+0xa0/0xa0 [ 47.860556] ? _raw_read_unlock+0x22/0x30 [ 47.864686] ? __get_fs_type+0x8a/0xc0 [ 47.868565] do_mount+0xea4/0x2bb0 [ 47.872086] ? __might_fault+0x110/0x1d0 [ 47.876141] ? copy_mount_string+0x40/0x40 [ 47.880359] ? check_same_owner+0x320/0x320 [ 47.884662] ? __check_object_size+0x8b/0x530 [ 47.889149] ? __might_sleep+0x95/0x190 [ 47.893115] ? kasan_check_write+0x14/0x20 [ 47.897336] ? _copy_from_user+0x99/0x110 [ 47.901478] ? memdup_user+0x5e/0x90 [ 47.905174] ? copy_mount_options+0x1f7/0x2e0 [ 47.909661] SyS_mount+0xab/0x120 [ 47.913269] ? copy_mnt_ns+0xb30/0xb30 [ 47.917141] do_syscall_64+0x281/0x940 [ 47.921009] ? __do_page_fault+0xc90/0xc90 [ 47.925226] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.929702] ? finish_task_switch+0x1c1/0x7e0 [ 47.934184] ? syscall_return_slowpath+0x550/0x550 [ 47.939124] ? syscall_return_slowpath+0x2ac/0x550 [ 47.944038] ? prepare_exit_to_usermode+0x350/0x350 [ 47.949040] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 47.954394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.959229] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.964401] RIP: 0033:0x448159 [ 47.967572] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.975264] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 47.982517] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 47.989768] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 47.997037] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 48.004302] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 48.011583] CPU: 1 PID: 4492 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 48.014912] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 48.018948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.018953] Call Trace: [ 48.018968] dump_stack+0x194/0x24d [ 48.018983] ? arch_local_irq_restore+0x53/0x53 [ 48.018994] ? trace_hardirqs_off+0x10/0x10 [ 48.019003] ? register_shrinker+0x10e/0x2d0 [ 48.019011] ? sget_userns+0xbbf/0xe40 [ 48.019018] ? mount_ns+0x6d/0x190 [ 48.019039] should_fail+0x8c0/0xa40 [ 48.019047] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 48.019059] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 48.033547] FAULT_INJECTION: forcing a failure. [ 48.033547] name failslab, interval 1, probability 0, space 0, times 0 [ 48.035753] ? find_held_lock+0x35/0x1d0 [ 48.035778] ? register_shrinker+0x230/0x2d0 [ 48.035795] ? find_held_lock+0x35/0x1d0 [ 48.035813] ? __lock_is_held+0xb6/0x140 [ 48.104443] ? check_same_owner+0x320/0x320 [ 48.108750] ? trace_hardirqs_off+0x10/0x10 [ 48.113062] ? rcu_note_context_switch+0x710/0x710 [ 48.117973] ? register_shrinker+0x10e/0x2d0 [ 48.122378] should_failslab+0xec/0x120 [ 48.126337] kmem_cache_alloc+0x47/0x760 [ 48.130384] ? find_held_lock+0x35/0x1d0 [ 48.134437] ? rpc_i_callback+0x30/0x30 [ 48.138403] rpc_alloc_inode+0x1a/0x20 [ 48.142276] alloc_inode+0x65/0x180 [ 48.145886] new_inode_pseudo+0x69/0x190 [ 48.149937] ? prune_icache_sb+0x1a0/0x1a0 [ 48.154192] ? __lock_is_held+0xb6/0x140 [ 48.158242] new_inode+0x1c/0x40 [ 48.161597] rpc_get_inode+0x20/0x1e0 [ 48.165382] rpc_fill_super+0x327/0xae0 [ 48.169345] ? cap_capable+0x1b5/0x230 [ 48.173219] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.178399] ? security_capable+0x8e/0xc0 [ 48.182537] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.187708] ? ns_capable_common+0xcf/0x160 [ 48.192024] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.197198] mount_ns+0xc4/0x190 [ 48.200556] rpc_mount+0x9e/0xd0 [ 48.203909] mount_fs+0x66/0x2d0 [ 48.207266] vfs_kern_mount.part.26+0xc6/0x4a0 [ 48.211854] ? may_umount+0xa0/0xa0 [ 48.215465] ? _raw_read_unlock+0x22/0x30 [ 48.219595] ? __get_fs_type+0x8a/0xc0 [ 48.223480] do_mount+0xea4/0x2bb0 [ 48.227003] ? __might_fault+0x110/0x1d0 [ 48.231060] ? copy_mount_string+0x40/0x40 [ 48.235277] ? check_same_owner+0x320/0x320 [ 48.239581] ? __check_object_size+0x8b/0x530 [ 48.244070] ? __might_sleep+0x95/0x190 [ 48.248040] ? kasan_check_write+0x14/0x20 [ 48.252256] ? _copy_from_user+0x99/0x110 [ 48.256395] ? memdup_user+0x5e/0x90 [ 48.260093] ? copy_mount_options+0x1f7/0x2e0 [ 48.264580] SyS_mount+0xab/0x120 [ 48.268027] ? copy_mnt_ns+0xb30/0xb30 [ 48.271902] do_syscall_64+0x281/0x940 [ 48.275770] ? __do_page_fault+0xc90/0xc90 [ 48.279985] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.284466] ? finish_task_switch+0x1c1/0x7e0 [ 48.288947] ? syscall_return_slowpath+0x550/0x550 [ 48.293864] ? syscall_return_slowpath+0x2ac/0x550 [ 48.298777] ? prepare_exit_to_usermode+0x350/0x350 [ 48.303777] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 48.309133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.313967] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.319137] RIP: 0033:0x448159 [ 48.322310] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.329998] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 48.337250] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 48.344500] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 48.351924] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 48.359176] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 48.366546] CPU: 0 PID: 4490 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 48.373902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.383248] Call Trace: [ 48.385824] dump_stack+0x194/0x24d [ 48.389430] ? arch_local_irq_restore+0x53/0x53 [ 48.394074] ? trace_hardirqs_off+0x10/0x10 [ 48.398391] ? register_shrinker+0x10e/0x2d0 [ 48.402774] ? sget_userns+0xbbf/0xe40 [ 48.406633] ? mount_ns+0x6d/0x190 [ 48.410156] should_fail+0x8c0/0xa40 [ 48.413846] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 48.419032] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 48.424116] ? find_held_lock+0x35/0x1d0 [ 48.428169] ? register_shrinker+0x230/0x2d0 [ 48.432556] ? find_held_lock+0x35/0x1d0 [ 48.436595] ? __lock_is_held+0xb6/0x140 [ 48.440644] ? check_same_owner+0x320/0x320 [ 48.444947] ? trace_hardirqs_off+0x10/0x10 [ 48.449253] ? rcu_note_context_switch+0x710/0x710 [ 48.454162] ? register_shrinker+0x10e/0x2d0 [ 48.458552] should_failslab+0xec/0x120 [ 48.462502] kmem_cache_alloc+0x47/0x760 [ 48.466544] ? find_held_lock+0x35/0x1d0 [ 48.470594] ? rpc_i_callback+0x30/0x30 [ 48.474544] rpc_alloc_inode+0x1a/0x20 [ 48.478406] alloc_inode+0x65/0x180 [ 48.482007] new_inode_pseudo+0x69/0x190 [ 48.486058] ? prune_icache_sb+0x1a0/0x1a0 [ 48.490273] ? __lock_is_held+0xb6/0x140 [ 48.494327] new_inode+0x1c/0x40 [ 48.497685] rpc_get_inode+0x20/0x1e0 [ 48.501461] rpc_fill_super+0x327/0xae0 [ 48.505423] ? cap_capable+0x1b5/0x230 [ 48.509285] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.514456] ? security_capable+0x8e/0xc0 [ 48.518591] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.523780] ? ns_capable_common+0xcf/0x160 [ 48.528080] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 48.533255] mount_ns+0xc4/0x190 [ 48.536601] rpc_mount+0x9e/0xd0 [ 48.539944] mount_fs+0x66/0x2d0 [ 48.543290] vfs_kern_mount.part.26+0xc6/0x4a0 [ 48.547848] ? may_umount+0xa0/0xa0 [ 48.551449] ? _raw_read_unlock+0x22/0x30 [ 48.555576] ? __get_fs_type+0x8a/0xc0 [ 48.559453] do_mount+0xea4/0x2bb0 [ 48.562966] ? __might_fault+0x110/0x1d0 [ 48.567026] ? copy_mount_string+0x40/0x40 [ 48.571241] ? check_same_owner+0x320/0x320 [ 48.575536] ? __check_object_size+0x8b/0x530 [ 48.580019] ? __might_sleep+0x95/0x190 [ 48.583993] ? kasan_check_write+0x14/0x20 [ 48.588211] ? _copy_from_user+0x99/0x110 [ 48.592340] ? memdup_user+0x5e/0x90 [ 48.596036] ? copy_mount_options+0x1f7/0x2e0 [ 48.600517] SyS_mount+0xab/0x120 [ 48.603951] ? copy_mnt_ns+0xb30/0xb30 [ 48.607813] do_syscall_64+0x281/0x940 [ 48.611683] ? __do_page_fault+0xc90/0xc90 [ 48.615902] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.620376] ? finish_task_switch+0x1c1/0x7e0 [ 48.624845] ? syscall_return_slowpath+0x550/0x550 [ 48.629750] ? syscall_return_slowpath+0x2ac/0x550 [ 48.634662] ? prepare_exit_to_usermode+0x350/0x350 [ 48.639654] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 48.645009] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.649838] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.655003] RIP: 0033:0x448159 [ 48.658176] RSP: 002b:00007f59918fbd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.665865] RAX: ffffffffffffffda RBX: 00000000006e49e4 RCX: 0000000000448159 [ 48.673195] RDX: 0000000020000480 RSI: 0000000020000180 RDI: 0000000020000100 [ 48.680450] RBP: 00000000006e49e0 R08: 0000000000000000 R09: 0000000000003333 [ 48.687703] R10: 0000000000200000 R11: 0000000000000246 R12: 00007f59918fbd80 [ 48.694947] R13: 0030656c69662f2e R14: 0000000000000005 R15: 2f30656c69662f2e [ 48.708325] ------------[ cut here ]------------ [ 48.708504] ------------[ cut here ]------------ [ 48.713128] refcount_t: increment on 0; use-after-free. [ 48.717878] refcount_t: underflow; use-after-free. [ 48.717989] WARNING: CPU: 0 PID: 4450 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0 [ 48.723361] WARNING: CPU: 1 PID: 4460 at lib/refcount.c:153 refcount_inc+0x47/0x50 [ 48.728161] Kernel panic - not syncing: panic_on_warn set ... [ 48.728161] [ 48.736790] Modules linked in: [ 48.744483] CPU: 0 PID: 4450 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 48.751813] CPU: 1 PID: 4460 Comm: syzkaller428798 Not tainted 4.16.0-rc6+ #40 [ 48.754974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.762302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.769631] Call Trace: [ 48.778963] RIP: 0010:refcount_inc+0x47/0x50 [ 48.788303] dump_stack+0x194/0x24d [ 48.790850] RSP: 0018:ffff8801b534f860 EFLAGS: 00010286 [ 48.795236] ? arch_local_irq_restore+0x53/0x53 [ 48.804165] ? vsnprintf+0x1ed/0x1900 [ 48.808969] RAX: dffffc0000000008 RBX: ffff8801b1b8c184 RCX: ffffffff815ba4be [ 48.812748] panic+0x1e4/0x41c [ 48.819983] RDX: 0000000000000000 RSI: 1ffff10036a69ebc RDI: 1ffff10036a69e91 [ 48.823149] ? refcount_error_report+0x214/0x214 [ 48.830389] RBP: ffff8801b534f868 R08: 0000000000000000 R09: 0000000000000000 [ 48.835129] ? show_regs_print_info+0x18/0x18 [ 48.842365] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b534faf8 [ 48.842372] R13: ffff8801b04db513 R14: ffff8801b1b8c180 R15: ffff8801b04db501 [ 48.847120] ? __warn+0x1c1/0x200 [ 48.854372] FS: 00000000008e6880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 48.861624] ? refcount_sub_and_test+0x167/0x1b0 [ 48.865482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.873683] __warn+0x1dc/0x200 [ 48.878409] CR2: 00000000006ea510 CR3: 00000001b106f005 CR4: 00000000001606e0 [ 48.884268] ? refcount_sub_and_test+0x167/0x1b0 [ 48.887512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.894761] report_bug+0x1f4/0x2b0 [ 48.899483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.906740] fixup_bug.part.11+0x37/0x80 [ 48.910330] Call Trace: [ 48.917581] do_error_trap+0x2d7/0x3e0 [ 48.921700] sk_alloc+0x3f9/0x1440 [ 48.924258] ? vprintk_default+0x28/0x30 [ 48.928122] ? sock_def_error_report+0x5e0/0x5e0 [ 48.931628] ? math_error+0x400/0x400 [ 48.935654] ? __raw_spin_lock_init+0x2d/0x100 [ 48.935669] ? trace_hardirqs_off+0x10/0x10 [ 48.940398] ? printk+0xaa/0xca [ 48.944173] ? do_raw_write_unlock+0x290/0x290 [ 48.948727] ? show_regs_print_info+0x18/0x18 [ 48.953022] ? trace_hardirqs_off+0x10/0x10 [ 48.956280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.960826] ? __raw_spin_lock_init+0x1c/0x100 [ 48.965299] do_invalid_op+0x1b/0x20 [ 48.969588] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 48.974402] invalid_op+0x1b/0x40 [ 48.978962] ? find_held_lock+0x35/0x1d0 [ 48.982642] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 48.987642] ? inet_create+0x3fc/0xf50 [ 48.991050] RSP: 0018:ffff8801b0e87728 EFLAGS: 00010286 [ 48.995092] ? lock_downgrade+0x980/0x980 [ 49.000421] RAX: dffffc0000000008 RBX: 0000000000000000 RCX: ffffffff815ba4be [ 49.004286] ? lock_release+0xa40/0xa40 [ 49.009608] RDX: 0000000000000000 RSI: 1ffff100361d0e95 RDI: 0000000000000293 [ 49.009614] RBP: ffff8801b0e877b8 R08: 0000000000000000 R09: 0000000000000000 [ 49.013737] ? lock_downgrade+0x980/0x980 [ 49.020979] R10: ffff8801b0e87850 R11: 0000000000000000 R12: 1ffff100361d0ee6 [ 49.024950] inet_create+0x47c/0xf50 [ 49.032165] R13: 00000000ffffffff R14: 0000000000000001 R15: ffff8801b0816204 [ 49.032186] ? vprintk_func+0x5e/0xc0 [ 49.039436] ? ipip_gro_receive+0xf0/0xf0 [ 49.043555] ? refcount_sub_and_test+0x167/0x1b0 [ 49.051145] ? __lock_is_held+0xb6/0x140 [ 49.054831] ? refcount_inc+0x50/0x50 [ 49.062095] __sock_create+0x4d4/0x850 [ 49.065851] ? task_active_pid_ns+0xd0/0xd0 [ 49.069975] ? kernel_sock_ip_overhead+0x4c0/0x4c0 [ 49.074695] ? trace_hardirqs_off+0x10/0x10 [ 49.078735] ? user_path_create+0x40/0x40 [ 49.082497] ? tcp_fastopen_active_disable_ofo_check+0x532/0x870 [ 49.086367] SyS_socket+0xeb/0x1d0 [ 49.090655] refcount_dec_and_test+0x1a/0x20 [ 49.095557] ? move_addr_to_kernel+0x60/0x60 [ 49.099846] __sk_destruct+0x560/0x920 [ 49.103968] ? do_syscall_64+0xb7/0x940 [ 49.110083] ? sk_wait_data+0x610/0x610 [ 49.113681] ? move_addr_to_kernel+0x60/0x60 [ 49.122844] ? lock_downgrade+0x980/0x980 [ 49.127213] do_syscall_64+0x281/0x940 [ 49.131073] ? lock_release+0xa40/0xa40 [ 49.135014] ? __do_page_fault+0xc90/0xc90 [ 49.138963] ? __lock_is_held+0xb6/0x140 [ 49.143341] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.147478] ? netlink_has_listeners+0x2a0/0x430 [ 49.151320] ? syscall_return_slowpath+0x550/0x550 [ 49.155263] ? refcount_sub_and_test+0x115/0x1b0 [ 49.159467] ? syscall_return_slowpath+0x2ac/0x550 [ 49.163497] ? netlink_insert+0x350/0x350 [ 49.168223] ? prepare_exit_to_usermode+0x350/0x350 [ 49.172948] ? refcount_inc+0x50/0x50 [ 49.177849] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 49.182572] ? refcount_inc+0x50/0x50 [ 49.187479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.191593] sk_destruct+0x47/0x80 [ 49.196583] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.200343] __sk_free+0xf1/0x2b0 [ 49.205758] RIP: 0033:0x44ac67 [ 49.209533] sk_free+0x2a/0x40 [ 49.214338] RSP: 002b:00007ffcd4f45588 EFLAGS: 00000202 [ 49.217850] tcp_close+0x967/0x1190 [ 49.223000] ORIG_RAX: 0000000000000029 [ 49.223006] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044ac67 [ 49.226439] ? tcp_check_oom+0x500/0x500 [ 49.229592] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 49.232764] ? ip_mc_drop_socket+0x1ce/0x230 [ 49.238085] RBP: 00007ffcd4f456b0 R08: 0000000000000000 R09: 0000000000000001 [ 49.238091] R10: 0000000000000006 R11: 0000000000000202 R12: 0000000000000002 [ 49.241695] inet_release+0xed/0x1c0 [ 49.245629] R13: 0000000000000002 R14: 000000000000b38f R15: 00007ffcd4f456d8 [ 49.252878] sock_release+0x8d/0x1e0 [ 49.256922] Code: [ 49.264171] ? sock_alloc_file+0x560/0x560 [ 49.268541] be [ 49.275787] sock_close+0x16/0x20 [ 49.283023] fe [ 49.286714] __fput+0x327/0x7e0 [ 49.293949] 5b [ 49.297650] ? fput+0x140/0x140 [ 49.299756] 5d [ 49.303967] ? _raw_spin_unlock_irq+0x27/0x70 [ 49.305824] c3 [ 49.309259] ____fput+0x15/0x20 [ 49.311108] e8 [ 49.314360] task_work_run+0x199/0x270 [ 49.316212] 5a [ 49.319467] ? task_work_cancel+0x210/0x210 [ 49.321315] 3c [ 49.325785] ? __close_fd+0x222/0x360 [ 49.327641] be [ 49.330898] ? exit_to_usermode_loop+0x8c/0x2f0 [ 49.332748] fe [ 49.336619] exit_to_usermode_loop+0x275/0x2f0 [ 49.338467] 80 [ 49.342765] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 49.344616] 3d [ 49.348395] ? do_syscall_64+0xb7/0x940 [ 49.350246] 91 [ 49.354903] do_syscall_64+0x6ec/0x940 [ 49.356750] f5 [ 49.361306] ? __do_page_fault+0xc90/0xc90 [ 49.363161] 84 [ 49.368672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.370525] 05 [ 49.374477] ? syscall_return_slowpath+0x550/0x550 [ 49.376331] 00 75 ea e8 4c 3c be [ 49.380210] ? syscall_return_slowpath+0x2ac/0x550 [ 49.382062] fe [ 49.386272] ? prepare_exit_to_usermode+0x350/0x350 [ 49.388124] 48 [ 49.392856] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 49.394711] c7 [ 49.399620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.403033] c7 [ 49.407948] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.409798] 80 [ 49.414786] RIP: 0033:0x406fe0 [ 49.416904] 78 [ 49.422236] RSP: 002b:00007ffcd4f45588 EFLAGS: 00000246 [ 49.424094] e5 [ 49.428907] ORIG_RAX: 0000000000000003 [ 49.430766] 86 [ 49.435924] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000406fe0 [ 49.437780] c6 [ 49.440943] RDX: 00000000000000e0 RSI: 00007ffcd4f45e70 RDI: 0000000000000003 [ 49.442800] 05 [ 49.448133] RBP: 00007ffcd4f456b0 R08: 00007ffcd4f455b0 R09: 0000000000000001 [ 49.450095] 7c [ 49.454037] R10: 00007ffcd4f456b0 R11: 0000000000000246 R12: 00000000006de4c0 [ 49.454043] R13: 00000000006dde40 R14: 0000000000001380 R15: 00007ffcd4f456d8 [ 49.455903] f5 84 05 01 e8 f9 47 8e fe <0f> 0b eb ce 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 [ 49.507501] ---[ end trace 04af8119701e2164 ]--- [ 49.512729] Dumping ftrace buffer: [ 49.516408] (ftrace buffer empty) [ 49.520101] Kernel Offset: disabled [ 49.523703] Rebooting in 86400 seconds..