INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. syzkaller login: [ 23.472644] IPVS: ftp: loaded support on port[0] = 21 executing program [ 23.500203] IPVS: ftp: loaded support on port[0] = 21 [ 23.521626] FAULT_INJECTION: forcing a failure. [ 23.521626] name failslab, interval 1, probability 0, space 0, times 1 [ 23.532932] CPU: 0 PID: 4444 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 23.536223] IPVS: ftp: loaded support on port[0] = 21 [ 23.540271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.540278] Call Trace: [ 23.540291] dump_stack+0x194/0x24d [ 23.540301] ? arch_local_irq_restore+0x53/0x53 [ 23.565629] should_fail+0x8c0/0xa40 executing program [ 23.569334] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 23.574344] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 23.579444] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.584631] ? __lock_acquire+0x664/0x3e00 [ 23.588859] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.593516] FAULT_INJECTION: forcing a failure. [ 23.593516] name failslab, interval 1, probability 0, space 0, times 1 [ 23.594036] ? find_held_lock+0x35/0x1d0 [ 23.594048] ? __lock_is_held+0xb6/0x140 [ 23.594065] ? check_same_owner+0x320/0x320 [ 23.594073] ? __d_lookup+0x4f4/0x830 [ 23.594083] ? rcu_note_context_switch+0x710/0x710 [ 23.594092] should_failslab+0xec/0x120 [ 23.594100] kmem_cache_alloc+0x47/0x760 [ 23.594110] __d_alloc+0xc1/0xbd0 [ 23.594117] ? shrink_dcache_for_umount+0x290/0x290 [ 23.594123] ? d_alloc_parallel+0x1b40/0x1b40 [ 23.594130] ? lock_release+0xa40/0xa40 [ 23.594138] ? mark_held_locks+0xaf/0x100 [ 23.594143] ? d_lookup+0x133/0x2e0 [ 23.594151] ? d_lookup+0x1d5/0x2e0 [ 23.594158] d_alloc+0x8e/0x340 [ 23.594164] ? __d_alloc+0xbd0/0xbd0 [ 23.594170] ? full_name_hash+0x9b/0xe0 [ 23.594181] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 23.594187] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 23.594200] rpc_populate.constprop.15+0xa3/0x340 [ 23.594212] rpc_fill_super+0x379/0xae0 [ 23.594223] ? cap_capable+0x1b5/0x230 [ 23.594231] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 23.594242] ? security_capable+0x8e/0xc0 [ 23.594251] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 23.594261] ? ns_capable_common+0xcf/0x160 [ 23.594271] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 23.594278] mount_ns+0xc4/0x190 [ 23.594287] rpc_mount+0x9e/0xd0 [ 23.594296] mount_fs+0x66/0x2d0 [ 23.594306] vfs_kern_mount.part.26+0xc6/0x4a0 [ 23.594314] ? may_umount+0xa0/0xa0 [ 23.594324] ? _raw_read_unlock+0x22/0x30 [ 23.594332] ? __get_fs_type+0x8a/0xc0 [ 23.594343] do_mount+0xea4/0x2bb0 [ 23.594355] ? copy_mount_string+0x40/0x40 [ 23.594363] ? rcu_pm_notify+0xc0/0xc0 [ 23.594375] ? copy_mount_options+0x5f/0x2e0 [ 23.594381] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.594387] ? kmem_cache_alloc_trace+0x459/0x740 [ 23.594395] ? kasan_check_write+0x14/0x20 [ 23.594405] ? copy_mount_options+0x1f7/0x2e0 [ 23.594413] SyS_mount+0xab/0x120 [ 23.594419] ? copy_mnt_ns+0xb30/0xb30 [ 23.594429] do_syscall_64+0x281/0x940 [ 23.594436] ? vmalloc_sync_all+0x30/0x30 [ 23.594447] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.800202] ? syscall_return_slowpath+0x550/0x550 [ 23.805114] ? syscall_return_slowpath+0x2ac/0x550 [ 23.810025] ? prepare_exit_to_usermode+0x350/0x350 [ 23.815024] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 23.820371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.825199] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 23.830366] RIP: 0033:0x442759 [ 23.833536] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 23.841228] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 23.848475] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 23.855723] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 23.862971] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff executing program [ 23.870219] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 23.877489] CPU: 1 PID: 4446 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 23.884837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.885637] IPVS: ftp: loaded support on port[0] = 21 [ 23.894171] Call Trace: [ 23.894185] dump_stack+0x194/0x24d [ 23.894197] ? arch_local_irq_restore+0x53/0x53 [ 23.901421] FAULT_INJECTION: forcing a failure. [ 23.901421] name failslab, interval 1, probability 0, space 0, times 0 [ 23.901929] should_fail+0x8c0/0xa40 [ 23.925002] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 23.930000] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 23.935093] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.940266] ? __lock_acquire+0x664/0x3e00 [ 23.944483] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.949658] ? find_held_lock+0x35/0x1d0 [ 23.953700] ? __lock_is_held+0xb6/0x140 [ 23.957746] ? check_same_owner+0x320/0x320 [ 23.962045] ? __d_lookup+0x4f4/0x830 [ 23.965826] ? rcu_note_context_switch+0x710/0x710 [ 23.970742] should_failslab+0xec/0x120 [ 23.974696] kmem_cache_alloc+0x47/0x760 [ 23.978744] __d_alloc+0xc1/0xbd0 [ 23.982179] ? shrink_dcache_for_umount+0x290/0x290 [ 23.987174] ? d_alloc_parallel+0x1b40/0x1b40 [ 23.991651] ? lock_release+0xa40/0xa40 [ 23.995607] ? mark_held_locks+0xaf/0x100 [ 23.999737] ? d_lookup+0x133/0x2e0 [ 24.003348] ? d_lookup+0x1d5/0x2e0 [ 24.006955] d_alloc+0x8e/0x340 [ 24.010212] ? __d_alloc+0xbd0/0xbd0 [ 24.013906] ? full_name_hash+0x9b/0xe0 [ 24.017867] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 24.023121] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 24.027343] rpc_populate.constprop.15+0xa3/0x340 [ 24.032168] rpc_fill_super+0x379/0xae0 [ 24.036126] ? cap_capable+0x1b5/0x230 [ 24.039994] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.045165] ? security_capable+0x8e/0xc0 [ 24.049294] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.054466] ? ns_capable_common+0xcf/0x160 [ 24.058767] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.063938] mount_ns+0xc4/0x190 [ 24.067288] rpc_mount+0x9e/0xd0 [ 24.070638] mount_fs+0x66/0x2d0 [ 24.073987] vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.078547] ? may_umount+0xa0/0xa0 [ 24.082157] ? _raw_read_unlock+0x22/0x30 [ 24.086283] ? __get_fs_type+0x8a/0xc0 [ 24.090154] do_mount+0xea4/0x2bb0 [ 24.093677] ? copy_mount_string+0x40/0x40 [ 24.097889] ? rcu_pm_notify+0xc0/0xc0 [ 24.101759] ? copy_mount_options+0x5f/0x2e0 [ 24.106144] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.111141] ? kmem_cache_alloc_trace+0x459/0x740 [ 24.115968] ? kasan_check_write+0x14/0x20 [ 24.120183] ? copy_mount_options+0x1f7/0x2e0 [ 24.124662] SyS_mount+0xab/0x120 [ 24.128098] ? copy_mnt_ns+0xb30/0xb30 [ 24.131967] do_syscall_64+0x281/0x940 [ 24.135833] ? vmalloc_sync_all+0x30/0x30 [ 24.139959] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.144698] ? syscall_return_slowpath+0x550/0x550 [ 24.149606] ? syscall_return_slowpath+0x2ac/0x550 [ 24.154516] ? prepare_exit_to_usermode+0x350/0x350 [ 24.159511] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 24.164856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.169681] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.174848] RIP: 0033:0x442759 [ 24.178017] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 24.185705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 24.192951] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 24.200198] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 24.207445] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 24.214696] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 24.221958] CPU: 0 PID: 4445 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 24.222576] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 24.229303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.229307] Call Trace: [ 24.229320] dump_stack+0x194/0x24d [ 24.229329] ? arch_local_irq_restore+0x53/0x53 [ 24.229343] should_fail+0x8c0/0xa40 [ 24.229352] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 24.229361] ? fault_create_debugfs_attr+0x1f0/0x1f0 executing program [ 24.229372] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.229380] ? __lock_acquire+0x664/0x3e00 [ 24.229387] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.229396] ? find_held_lock+0x35/0x1d0 [ 24.229404] ? __lock_is_held+0xb6/0x140 [ 24.229423] ? check_same_owner+0x320/0x320 [ 24.239147] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 24.246143] ? __d_lookup+0x4f4/0x830 [ 24.246156] ? rcu_note_context_switch+0x710/0x710 [ 24.246170] should_failslab+0xec/0x120 [ 24.246179] kmem_cache_alloc+0x47/0x760 [ 24.246192] __d_alloc+0xc1/0xbd0 [ 24.246201] ? shrink_dcache_for_umount+0x290/0x290 [ 24.291680] FAULT_INJECTION: forcing a failure. [ 24.291680] name failslab, interval 1, probability 0, space 0, times 0 [ 24.293393] ? d_alloc_parallel+0x1b40/0x1b40 [ 24.293403] ? lock_release+0xa40/0xa40 [ 24.293419] ? mark_held_locks+0xaf/0x100 [ 24.293425] ? d_lookup+0x133/0x2e0 [ 24.293436] ? d_lookup+0x1d5/0x2e0 [ 24.293445] d_alloc+0x8e/0x340 [ 24.293452] ? __d_alloc+0xbd0/0xbd0 [ 24.293460] ? full_name_hash+0x9b/0xe0 [ 24.293475] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 24.293485] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 24.381375] rpc_populate.constprop.15+0xa3/0x340 [ 24.386204] rpc_fill_super+0x379/0xae0 [ 24.390159] ? cap_capable+0x1b5/0x230 [ 24.394425] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.399600] ? security_capable+0x8e/0xc0 [ 24.403728] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.408896] ? ns_capable_common+0xcf/0x160 [ 24.413202] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.418369] mount_ns+0xc4/0x190 [ 24.421715] rpc_mount+0x9e/0xd0 [ 24.425061] mount_fs+0x66/0x2d0 [ 24.428410] vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.432974] ? may_umount+0xa0/0xa0 [ 24.436582] ? _raw_read_unlock+0x22/0x30 [ 24.440708] ? __get_fs_type+0x8a/0xc0 [ 24.444577] do_mount+0xea4/0x2bb0 [ 24.448102] ? copy_mount_string+0x40/0x40 [ 24.452319] ? rcu_pm_notify+0xc0/0xc0 [ 24.456191] ? copy_mount_options+0x5f/0x2e0 [ 24.460582] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.465580] ? kmem_cache_alloc_trace+0x459/0x740 [ 24.470405] ? kasan_check_write+0x14/0x20 [ 24.474622] ? copy_mount_options+0x1f7/0x2e0 [ 24.479098] SyS_mount+0xab/0x120 [ 24.482528] ? copy_mnt_ns+0xb30/0xb30 [ 24.486398] do_syscall_64+0x281/0x940 [ 24.490263] ? vmalloc_sync_all+0x30/0x30 [ 24.494392] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 24.499912] ? syscall_return_slowpath+0x550/0x550 [ 24.504824] ? syscall_return_slowpath+0x2ac/0x550 [ 24.509738] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 24.515086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.519912] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.525079] RIP: 0033:0x442759 [ 24.528250] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 24.535937] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 24.543196] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 24.550444] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 24.557691] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 24.564939] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 24.572202] CPU: 1 PID: 4447 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 24.578912] IPVS: ftp: loaded support on port[0] = 21 [ 24.579547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.579550] Call Trace: [ 24.579562] dump_stack+0x194/0x24d [ 24.579572] ? arch_local_irq_restore+0x53/0x53 [ 24.579589] should_fail+0x8c0/0xa40 [ 24.608591] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 24.613684] ? __lock_is_held+0xb6/0x140 [ 24.617736] ? mark_held_locks+0xaf/0x100 [ 24.621872] ? __raw_spin_lock_init+0x1c/0x100 executing program [ 24.626445] ? find_held_lock+0x35/0x1d0 [ 24.630502] ? __lock_is_held+0xb6/0x140 [ 24.634562] ? check_same_owner+0x320/0x320 [ 24.636971] FAULT_INJECTION: forcing a failure. [ 24.636971] name failslab, interval 1, probability 0, space 0, times 0 [ 24.638870] ? d_alloc+0x269/0x340 [ 24.638886] ? rcu_note_context_switch+0x710/0x710 [ 24.638894] ? lock_release+0xa40/0xa40 [ 24.638907] should_failslab+0xec/0x120 [ 24.638916] kmem_cache_alloc+0x47/0x760 [ 24.638924] ? d_drop+0x51/0x60 [ 24.638937] ? rpc_i_callback+0x30/0x30 [ 24.638945] rpc_alloc_inode+0x1a/0x20 [ 24.681542] alloc_inode+0x65/0x180 [ 24.685149] new_inode_pseudo+0x69/0x190 [ 24.689188] ? prune_icache_sb+0x1a0/0x1a0 [ 24.693404] ? do_raw_spin_trylock+0x190/0x190 [ 24.697962] ? d_add+0xa70/0xa70 [ 24.701315] new_inode+0x1c/0x40 [ 24.704660] rpc_get_inode+0x20/0x1e0 [ 24.708445] __rpc_create_common+0x5d/0x1d0 [ 24.712747] rpc_populate.constprop.15+0x1ad/0x340 [ 24.717659] rpc_fill_super+0x379/0xae0 [ 24.721617] ? cap_capable+0x1b5/0x230 [ 24.725483] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.730655] ? security_capable+0x8e/0xc0 [ 24.734782] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.739954] ? ns_capable_common+0xcf/0x160 [ 24.744256] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 24.749428] mount_ns+0xc4/0x190 [ 24.752773] rpc_mount+0x9e/0xd0 [ 24.756119] mount_fs+0x66/0x2d0 [ 24.759467] vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.764031] ? may_umount+0xa0/0xa0 [ 24.767637] ? _raw_read_unlock+0x22/0x30 [ 24.771767] ? __get_fs_type+0x8a/0xc0 [ 24.775636] do_mount+0xea4/0x2bb0 [ 24.779158] ? copy_mount_string+0x40/0x40 [ 24.783376] ? rcu_pm_notify+0xc0/0xc0 [ 24.787246] ? copy_mount_options+0x5f/0x2e0 [ 24.791633] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.796627] ? kmem_cache_alloc_trace+0x459/0x740 [ 24.801452] ? kasan_check_write+0x14/0x20 [ 24.805666] ? _copy_from_user+0x99/0x110 [ 24.809796] ? copy_mount_options+0x1f7/0x2e0 [ 24.814273] SyS_mount+0xab/0x120 [ 24.817707] ? copy_mnt_ns+0xb30/0xb30 [ 24.821574] do_syscall_64+0x281/0x940 [ 24.825442] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 24.830960] ? syscall_return_slowpath+0x550/0x550 [ 24.835877] ? syscall_return_slowpath+0x2ac/0x550 [ 24.840788] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 24.846135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.850960] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.856126] RIP: 0033:0x442759 [ 24.859293] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 24.866979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 24.874229] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 24.881479] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 24.888727] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 24.895974] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 24.903236] CPU: 0 PID: 4448 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 24.903315] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry statd executing program [ 24.910579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.910583] Call Trace: [ 24.910594] dump_stack+0x194/0x24d [ 24.910604] ? arch_local_irq_restore+0x53/0x53 [ 24.910613] ? __save_stack_trace+0x7e/0xd0 [ 24.924646] IPVS: ftp: loaded support on port[0] = 21 [ 24.928844] should_fail+0x8c0/0xa40 [ 24.928854] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 24.928864] ? kasan_kmalloc+0xad/0xe0 [ 24.961775] ? kmem_cache_alloc_trace+0x136/0x740 [ 24.966613] ? __memcg_init_list_lru_node+0x169/0x270 [ 24.967925] FAULT_INJECTION: forcing a failure. [ 24.967925] name failslab, interval 1, probability 0, space 0, times 0 [ 24.971784] ? __list_lru_init+0x544/0x750 [ 24.971792] ? sget_userns+0x6b1/0xe40 [ 24.971802] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.971809] ? do_mount+0xea4/0x2bb0 [ 24.971815] ? SyS_mount+0xab/0x120 [ 24.971825] ? do_syscall_64+0x281/0x940 [ 24.971834] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.971846] ? find_held_lock+0x35/0x1d0 [ 25.016475] ? __lock_is_held+0xb6/0x140 [ 25.020525] ? check_same_owner+0x320/0x320 [ 25.024833] ? rcu_note_context_switch+0x710/0x710 [ 25.029743] should_failslab+0xec/0x120 [ 25.033697] kmem_cache_alloc_trace+0x4b/0x740 [ 25.038257] ? __kmalloc_node+0x33/0x70 [ 25.042208] ? __kmalloc_node+0x33/0x70 [ 25.046164] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.051165] __memcg_init_list_lru_node+0x169/0x270 [ 25.056165] ? list_lru_add+0x7c0/0x7c0 [ 25.060120] ? __kmalloc_node+0x47/0x70 [ 25.064075] __list_lru_init+0x544/0x750 [ 25.068118] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 25.073982] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.078979] ? lockdep_init_map+0x9/0x10 [ 25.083024] sget_userns+0x6b1/0xe40 [ 25.086721] ? set_anon_super+0x20/0x20 [ 25.090678] ? put_filp+0x90/0x90 [ 25.094112] ? destroy_unused_super.part.6+0xd0/0xd0 [ 25.099201] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 25.104202] ? trace_hardirqs_off+0x10/0x10 [ 25.108508] ? putname+0xee/0x130 [ 25.111946] ? cap_capable+0x1b5/0x230 [ 25.115820] ? security_capable+0x8e/0xc0 [ 25.119953] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.125123] ? ns_capable_common+0xcf/0x160 [ 25.129425] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.134593] mount_ns+0x6d/0x190 [ 25.137943] rpc_mount+0x9e/0xd0 [ 25.141292] mount_fs+0x66/0x2d0 [ 25.144643] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.149208] ? may_umount+0xa0/0xa0 [ 25.152813] ? _raw_read_unlock+0x22/0x30 [ 25.156940] ? __get_fs_type+0x8a/0xc0 [ 25.160810] do_mount+0xea4/0x2bb0 [ 25.164337] ? copy_mount_string+0x40/0x40 [ 25.168549] ? rcu_pm_notify+0xc0/0xc0 [ 25.172419] ? copy_mount_options+0x5f/0x2e0 [ 25.176805] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.181803] ? kmem_cache_alloc_trace+0x459/0x740 [ 25.186625] ? kasan_check_write+0x14/0x20 [ 25.190843] ? copy_mount_options+0x1f7/0x2e0 [ 25.195321] SyS_mount+0xab/0x120 [ 25.198757] ? copy_mnt_ns+0xb30/0xb30 [ 25.202628] do_syscall_64+0x281/0x940 [ 25.206495] ? vmalloc_sync_all+0x30/0x30 [ 25.210622] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.215356] ? syscall_return_slowpath+0x550/0x550 [ 25.220264] ? syscall_return_slowpath+0x2ac/0x550 [ 25.225171] ? prepare_exit_to_usermode+0x350/0x350 [ 25.230167] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.235514] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.240342] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.245509] RIP: 0033:0x442759 [ 25.248678] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.256363] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 25.263611] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 25.270858] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 25.278109] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 25.285360] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 25.292622] CPU: 1 PID: 4449 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 25.298523] IPVS: ftp: loaded support on port[0] = 21 [ 25.299965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.299968] Call Trace: [ 25.299980] dump_stack+0x194/0x24d [ 25.299990] ? arch_local_irq_restore+0x53/0x53 [ 25.299997] ? __save_stack_trace+0x7e/0xd0 executing program [ 25.300011] should_fail+0x8c0/0xa40 [ 25.332871] IPVS: ftp: loaded support on port[0] = 21 [ 25.333308] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 25.333319] ? kasan_kmalloc+0xad/0xe0 [ 25.347434] ? kmem_cache_alloc_trace+0x136/0x740 [ 25.352280] ? __memcg_init_list_lru_node+0x169/0x270 [ 25.354885] FAULT_INJECTION: forcing a failure. [ 25.354885] name failslab, interval 1, probability 0, space 0, times 0 [ 25.357451] ? __list_lru_init+0x544/0x750 [ 25.357460] ? sget_userns+0x6b1/0xe40 [ 25.357470] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.357477] ? do_mount+0xea4/0x2bb0 [ 25.357483] ? SyS_mount+0xab/0x120 [ 25.357496] ? do_syscall_64+0x281/0x940 [ 25.392750] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.398095] ? find_held_lock+0x35/0x1d0 [ 25.402142] ? __lock_is_held+0xb6/0x140 [ 25.406187] ? check_same_owner+0x320/0x320 [ 25.410491] ? rcu_note_context_switch+0x710/0x710 [ 25.415402] should_failslab+0xec/0x120 [ 25.419358] kmem_cache_alloc_trace+0x4b/0x740 [ 25.423918] ? __kmalloc_node+0x33/0x70 [ 25.427871] ? __kmalloc_node+0x33/0x70 [ 25.431825] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.436826] __memcg_init_list_lru_node+0x169/0x270 [ 25.441828] ? list_lru_add+0x7c0/0x7c0 [ 25.445780] ? __kmalloc_node+0x47/0x70 [ 25.449744] __list_lru_init+0x544/0x750 [ 25.453785] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 25.459654] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.464654] ? lockdep_init_map+0x9/0x10 [ 25.468696] sget_userns+0x6b1/0xe40 [ 25.472386] ? set_anon_super+0x20/0x20 [ 25.476340] ? put_filp+0x90/0x90 [ 25.479772] ? destroy_unused_super.part.6+0xd0/0xd0 [ 25.484859] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 25.489857] ? trace_hardirqs_off+0x10/0x10 [ 25.494158] ? putname+0xee/0x130 [ 25.497596] ? cap_capable+0x1b5/0x230 [ 25.501465] ? security_capable+0x8e/0xc0 [ 25.505595] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.510763] ? ns_capable_common+0xcf/0x160 [ 25.515069] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.520238] mount_ns+0x6d/0x190 [ 25.523587] rpc_mount+0x9e/0xd0 [ 25.526933] mount_fs+0x66/0x2d0 [ 25.530281] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.534842] ? may_umount+0xa0/0xa0 [ 25.538447] ? _raw_read_unlock+0x22/0x30 [ 25.542573] ? __get_fs_type+0x8a/0xc0 [ 25.546442] do_mount+0xea4/0x2bb0 [ 25.549968] ? copy_mount_string+0x40/0x40 [ 25.554182] ? rcu_pm_notify+0xc0/0xc0 [ 25.558051] ? copy_mount_options+0x5f/0x2e0 [ 25.562445] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.567442] ? kmem_cache_alloc_trace+0x459/0x740 [ 25.572263] ? kasan_check_write+0x14/0x20 [ 25.576483] ? copy_mount_options+0x1f7/0x2e0 [ 25.580962] SyS_mount+0xab/0x120 [ 25.584393] ? copy_mnt_ns+0xb30/0xb30 [ 25.588263] do_syscall_64+0x281/0x940 [ 25.592127] ? vmalloc_sync_all+0x30/0x30 [ 25.596255] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 25.601772] ? syscall_return_slowpath+0x550/0x550 [ 25.606682] ? syscall_return_slowpath+0x2ac/0x550 [ 25.611593] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.616937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.621760] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.626926] RIP: 0033:0x442759 [ 25.630093] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.637782] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 25.645035] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 25.652284] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 25.659531] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 25.666782] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 25.674046] CPU: 0 PID: 4450 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 25.676680] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 25.681388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.681391] Call Trace: [ 25.681402] dump_stack+0x194/0x24d [ 25.681412] ? arch_local_irq_restore+0x53/0x53 [ 25.681420] ? __save_stack_trace+0x7e/0xd0 [ 25.681433] should_fail+0x8c0/0xa40 [ 25.681442] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 25.692131] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / executing program [ 25.698108] ? kasan_kmalloc+0xad/0xe0 [ 25.698116] ? kmem_cache_alloc_trace+0x136/0x740 [ 25.698124] ? __memcg_init_list_lru_node+0x169/0x270 [ 25.698131] ? __list_lru_init+0x544/0x750 [ 25.698138] ? sget_userns+0x6b1/0xe40 [ 25.698147] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.737560] FAULT_INJECTION: forcing a failure. [ 25.737560] name failslab, interval 1, probability 0, space 0, times 0 [ 25.738050] ? do_mount+0xea4/0x2bb0 [ 25.738057] ? SyS_mount+0xab/0x120 [ 25.738066] ? do_syscall_64+0x281/0x940 [ 25.738075] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.738088] ? find_held_lock+0x35/0x1d0 [ 25.738099] ? __lock_is_held+0xb6/0x140 [ 25.738114] ? check_same_owner+0x320/0x320 [ 25.738124] ? rcu_note_context_switch+0x710/0x710 [ 25.738136] should_failslab+0xec/0x120 [ 25.805089] kmem_cache_alloc_trace+0x4b/0x740 [ 25.809649] ? __kmalloc_node+0x33/0x70 [ 25.813600] ? __kmalloc_node+0x33/0x70 [ 25.817557] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.822557] __memcg_init_list_lru_node+0x169/0x270 [ 25.827555] ? list_lru_add+0x7c0/0x7c0 [ 25.831511] ? __kmalloc_node+0x47/0x70 [ 25.835465] __list_lru_init+0x544/0x750 [ 25.839506] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 25.845368] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.850365] ? lockdep_init_map+0x9/0x10 [ 25.854410] sget_userns+0x6b1/0xe40 [ 25.858103] ? set_anon_super+0x20/0x20 [ 25.862056] ? put_filp+0x90/0x90 [ 25.865489] ? destroy_unused_super.part.6+0xd0/0xd0 [ 25.870572] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 25.875572] ? trace_hardirqs_off+0x10/0x10 [ 25.879873] ? putname+0xee/0x130 [ 25.883307] ? cap_capable+0x1b5/0x230 [ 25.887176] ? security_capable+0x8e/0xc0 [ 25.891306] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.896477] ? ns_capable_common+0xcf/0x160 [ 25.900778] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 25.905944] mount_ns+0x6d/0x190 [ 25.909294] rpc_mount+0x9e/0xd0 [ 25.912638] mount_fs+0x66/0x2d0 [ 25.915986] vfs_kern_mount.part.26+0xc6/0x4a0 [ 25.920547] ? may_umount+0xa0/0xa0 [ 25.924157] ? _raw_read_unlock+0x22/0x30 [ 25.928292] ? __get_fs_type+0x8a/0xc0 [ 25.932161] do_mount+0xea4/0x2bb0 [ 25.935684] ? copy_mount_string+0x40/0x40 [ 25.939899] ? rcu_pm_notify+0xc0/0xc0 [ 25.943772] ? copy_mount_options+0x5f/0x2e0 [ 25.948156] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.953151] ? kmem_cache_alloc_trace+0x459/0x740 [ 25.957973] ? kasan_check_write+0x14/0x20 [ 25.962193] ? copy_mount_options+0x1f7/0x2e0 [ 25.966669] SyS_mount+0xab/0x120 [ 25.970102] ? copy_mnt_ns+0xb30/0xb30 [ 25.973975] do_syscall_64+0x281/0x940 [ 25.977838] ? vmalloc_sync_all+0x30/0x30 [ 25.981965] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.986704] ? syscall_return_slowpath+0x550/0x550 [ 25.991611] ? syscall_return_slowpath+0x2ac/0x550 [ 25.996520] ? prepare_exit_to_usermode+0x350/0x350 [ 26.001518] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.006865] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.011694] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.016863] RIP: 0033:0x442759 [ 26.020031] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.027717] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 26.034964] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 26.042211] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 [ 26.049460] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 26.056707] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 26.063968] CPU: 1 PID: 4451 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 26.071318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.080653] Call Trace: [ 26.083216] dump_stack+0x194/0x24d [ 26.086820] ? arch_local_irq_restore+0x53/0x53 [ 26.091465] ? trace_hardirqs_off+0x10/0x10 [ 26.095760] ? register_shrinker+0x10e/0x2d0 [ 26.100140] ? sget_userns+0xbbf/0xe40 [ 26.103996] ? mount_ns+0x6d/0x190 [ 26.107516] should_fail+0x8c0/0xa40 [ 26.111200] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.116359] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 26.121433] ? find_held_lock+0x35/0x1d0 [ 26.125474] ? register_shrinker+0x230/0x2d0 [ 26.129854] ? find_held_lock+0x35/0x1d0 [ 26.133887] ? __lock_is_held+0xb6/0x140 [ 26.137923] ? check_same_owner+0x320/0x320 [ 26.142211] ? trace_hardirqs_off+0x10/0x10 [ 26.146505] ? rcu_note_context_switch+0x710/0x710 [ 26.151404] ? register_shrinker+0x10e/0x2d0 [ 26.155785] should_failslab+0xec/0x120 [ 26.159729] kmem_cache_alloc+0x47/0x760 [ 26.163766] ? find_held_lock+0x35/0x1d0 [ 26.167798] ? rpc_i_callback+0x30/0x30 [ 26.171744] rpc_alloc_inode+0x1a/0x20 [ 26.175602] alloc_inode+0x65/0x180 [ 26.179207] new_inode_pseudo+0x69/0x190 [ 26.183242] ? prune_icache_sb+0x1a0/0x1a0 [ 26.187450] ? __lock_is_held+0xb6/0x140 [ 26.191481] new_inode+0x1c/0x40 [ 26.194816] rpc_get_inode+0x20/0x1e0 [ 26.198586] rpc_fill_super+0x327/0xae0 [ 26.202532] ? cap_capable+0x1b5/0x230 [ 26.206391] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.211551] ? security_capable+0x8e/0xc0 [ 26.215669] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.220833] ? ns_capable_common+0xcf/0x160 [ 26.225125] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.230286] mount_ns+0xc4/0x190 [ 26.233623] rpc_mount+0x9e/0xd0 [ 26.237325] mount_fs+0x66/0x2d0 [ 26.240667] vfs_kern_mount.part.26+0xc6/0x4a0 [ 26.245220] ? may_umount+0xa0/0xa0 [ 26.248820] ? _raw_read_unlock+0x22/0x30 [ 26.252938] ? __get_fs_type+0x8a/0xc0 [ 26.256799] do_mount+0xea4/0x2bb0 [ 26.260312] ? copy_mount_string+0x40/0x40 [ 26.264518] ? rcu_pm_notify+0xc0/0xc0 [ 26.268377] ? copy_mount_options+0x5f/0x2e0 [ 26.272757] ? rcu_read_lock_sched_held+0x108/0x120 [ 26.277747] ? kmem_cache_alloc_trace+0x459/0x740 [ 26.282559] ? kasan_check_write+0x14/0x20 [ 26.286764] ? _copy_from_user+0x99/0x110 [ 26.290885] ? copy_mount_options+0x1f7/0x2e0 [ 26.295352] SyS_mount+0xab/0x120 [ 26.298777] ? copy_mnt_ns+0xb30/0xb30 [ 26.302634] do_syscall_64+0x281/0x940 [ 26.306493] ? vmalloc_sync_all+0x30/0x30 [ 26.310611] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.315335] ? syscall_return_slowpath+0x550/0x550 [ 26.320240] ? syscall_return_slowpath+0x2ac/0x550 [ 26.325148] ? prepare_exit_to_usermode+0x350/0x350 [ 26.330140] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.335477] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.340301] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.345473] RIP: 0033:0x442759 [ 26.348631] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.356309] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 26.363548] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 26.370789] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000000000000 executing program executing program executing program [ 26.378031] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 26.385270] R13: 0000000000000003 R14: 0000000000000000 R15: 00007fff3b87f548 [ 26.407656] FAULT_INJECTION: forcing a failure. [ 26.407656] name failslab, interval 1, probability 0, space 0, times 0 [ 26.418734] FAULT_INJECTION: forcing a failure. [ 26.418734] name failslab, interval 1, probability 0, space 0, times 0 [ 26.418977] CPU: 1 PID: 4454 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 26.437336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.446667] Call Trace: [ 26.449238] dump_stack+0x194/0x24d [ 26.452846] ? arch_local_irq_restore+0x53/0x53 [ 26.457496] ? find_held_lock+0x35/0x1d0 [ 26.461538] should_fail+0x8c0/0xa40 [ 26.465230] ? __list_lru_init+0x352/0x750 [ 26.469446] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 26.474528] ? trace_hardirqs_off+0x10/0x10 [ 26.478827] ? find_next_zero_bit+0xe3/0x110 [ 26.483214] ? trace_hardirqs_off+0x10/0x10 [ 26.487516] ? find_held_lock+0x35/0x1d0 [ 26.491557] ? __lock_is_held+0xb6/0x140 [ 26.495601] ? check_same_owner+0x320/0x320 [ 26.499899] ? lock_downgrade+0x980/0x980 [ 26.504031] ? rcu_note_context_switch+0x710/0x710 [ 26.508939] ? find_held_lock+0x35/0x1d0 [ 26.512981] should_failslab+0xec/0x120 [ 26.516935] __kmalloc+0x63/0x760 [ 26.520370] ? lock_downgrade+0x980/0x980 [ 26.524500] ? register_shrinker+0x10e/0x2d0 [ 26.528887] ? trace_event_raw_event_module_request+0x320/0x320 [ 26.534929] register_shrinker+0x10e/0x2d0 [ 26.539143] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 26.544920] ? memcpy+0x45/0x50 [ 26.548186] sget_userns+0xbbf/0xe40 [ 26.551880] ? set_anon_super+0x20/0x20 [ 26.555835] ? put_filp+0x90/0x90 [ 26.559272] ? destroy_unused_super.part.6+0xd0/0xd0 [ 26.564355] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 26.569352] ? trace_hardirqs_off+0x10/0x10 [ 26.573655] ? putname+0xee/0x130 [ 26.577092] ? cap_capable+0x1b5/0x230 [ 26.580964] ? security_capable+0x8e/0xc0 [ 26.585096] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.590268] ? ns_capable_common+0xcf/0x160 [ 26.594572] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.599742] mount_ns+0x6d/0x190 [ 26.603092] rpc_mount+0x9e/0xd0 [ 26.606440] mount_fs+0x66/0x2d0 [ 26.609789] vfs_kern_mount.part.26+0xc6/0x4a0 [ 26.614347] ? may_umount+0xa0/0xa0 [ 26.617955] ? _raw_read_unlock+0x22/0x30 [ 26.622086] ? __get_fs_type+0x8a/0xc0 [ 26.625958] do_mount+0xea4/0x2bb0 [ 26.629481] ? copy_mount_string+0x40/0x40 [ 26.633693] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.638693] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.643433] ? retint_kernel+0x10/0x10 [ 26.647302] ? copy_mount_options+0x18b/0x2e0 [ 26.651776] ? copy_mount_options+0x191/0x2e0 [ 26.656247] ? copy_mount_options+0x1f7/0x2e0 [ 26.661079] SyS_mount+0xab/0x120 [ 26.664509] ? copy_mnt_ns+0xb30/0xb30 [ 26.668377] do_syscall_64+0x281/0x940 [ 26.672244] ? vmalloc_sync_all+0x30/0x30 [ 26.676374] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.681114] ? syscall_return_slowpath+0x550/0x550 [ 26.686024] ? syscall_return_slowpath+0x2ac/0x550 [ 26.690938] ? prepare_exit_to_usermode+0x350/0x350 [ 26.695937] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.701283] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.706111] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.711282] RIP: 0033:0x442759 [ 26.714452] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 26.722141] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 executing program [ 26.729388] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 26.736635] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 [ 26.743881] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 26.751129] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 26.758389] CPU: 0 PID: 4453 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 26.765737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.766404] FAULT_INJECTION: forcing a failure. [ 26.766404] name failslab, interval 1, probability 0, space 0, times 0 [ 26.775067] Call Trace: [ 26.775080] dump_stack+0x194/0x24d [ 26.775091] ? arch_local_irq_restore+0x53/0x53 [ 26.775105] ? find_held_lock+0x35/0x1d0 [ 26.801082] should_fail+0x8c0/0xa40 [ 26.804775] ? __list_lru_init+0x352/0x750 [ 26.808993] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 26.814077] ? trace_hardirqs_off+0x10/0x10 [ 26.818380] ? find_next_zero_bit+0xe3/0x110 [ 26.822770] ? trace_hardirqs_off+0x10/0x10 [ 26.827073] ? find_held_lock+0x35/0x1d0 [ 26.831116] ? __lock_is_held+0xb6/0x140 [ 26.835166] ? check_same_owner+0x320/0x320 [ 26.839469] ? lock_downgrade+0x980/0x980 [ 26.843597] ? rcu_note_context_switch+0x710/0x710 [ 26.848503] ? find_held_lock+0x35/0x1d0 [ 26.852547] should_failslab+0xec/0x120 [ 26.856500] __kmalloc+0x63/0x760 [ 26.859931] ? lock_downgrade+0x980/0x980 [ 26.864059] ? register_shrinker+0x10e/0x2d0 [ 26.868447] ? trace_event_raw_event_module_request+0x320/0x320 [ 26.874484] register_shrinker+0x10e/0x2d0 [ 26.878698] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 26.884475] ? memcpy+0x45/0x50 [ 26.887737] sget_userns+0xbbf/0xe40 [ 26.891429] ? set_anon_super+0x20/0x20 [ 26.895382] ? put_filp+0x90/0x90 [ 26.898818] ? destroy_unused_super.part.6+0xd0/0xd0 [ 26.903902] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 26.908898] ? trace_hardirqs_off+0x10/0x10 [ 26.913199] ? putname+0xee/0x130 [ 26.916634] ? cap_capable+0x1b5/0x230 [ 26.920501] ? security_capable+0x8e/0xc0 [ 26.924630] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.929797] ? ns_capable_common+0xcf/0x160 [ 26.934102] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 26.939270] mount_ns+0x6d/0x190 [ 26.942620] rpc_mount+0x9e/0xd0 [ 26.945968] mount_fs+0x66/0x2d0 [ 26.949317] vfs_kern_mount.part.26+0xc6/0x4a0 [ 26.953878] ? may_umount+0xa0/0xa0 [ 26.957483] ? _raw_read_unlock+0x22/0x30 [ 26.961618] ? __get_fs_type+0x8a/0xc0 [ 26.965487] do_mount+0xea4/0x2bb0 [ 26.969008] ? copy_mount_string+0x40/0x40 [ 26.973225] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.978223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.982962] ? retint_kernel+0x10/0x10 [ 26.986833] ? copy_mount_options+0x18b/0x2e0 [ 26.991309] ? copy_mount_options+0x191/0x2e0 [ 26.995782] ? copy_mount_options+0x1f7/0x2e0 [ 27.000258] SyS_mount+0xab/0x120 [ 27.003693] ? copy_mnt_ns+0xb30/0xb30 [ 27.007559] do_syscall_64+0x281/0x940 [ 27.011422] ? vmalloc_sync_all+0x30/0x30 [ 27.015547] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.020284] ? syscall_return_slowpath+0x550/0x550 [ 27.025190] ? syscall_return_slowpath+0x2ac/0x550 [ 27.030097] ? prepare_exit_to_usermode+0x350/0x350 [ 27.035096] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.040440] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.045268] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.050436] RIP: 0033:0x442759 [ 27.053603] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 27.061289] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 27.068540] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 27.075785] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 executing program [ 27.083038] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.090287] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 27.097550] CPU: 1 PID: 4455 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 27.104896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.106160] FAULT_INJECTION: forcing a failure. [ 27.106160] name failslab, interval 1, probability 0, space 0, times 0 [ 27.114227] Call Trace: [ 27.114240] dump_stack+0x194/0x24d [ 27.114250] ? arch_local_irq_restore+0x53/0x53 [ 27.114260] ? find_held_lock+0x35/0x1d0 [ 27.114272] should_fail+0x8c0/0xa40 [ 27.143929] ? __list_lru_init+0x352/0x750 [ 27.148147] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 27.153232] ? trace_hardirqs_off+0x10/0x10 [ 27.157533] ? find_next_zero_bit+0xe3/0x110 [ 27.161922] ? trace_hardirqs_off+0x10/0x10 [ 27.166229] ? find_held_lock+0x35/0x1d0 [ 27.170271] ? __lock_is_held+0xb6/0x140 [ 27.174320] ? check_same_owner+0x320/0x320 [ 27.178622] ? lock_downgrade+0x980/0x980 [ 27.182752] ? rcu_note_context_switch+0x710/0x710 [ 27.187663] ? find_held_lock+0x35/0x1d0 [ 27.191705] should_failslab+0xec/0x120 [ 27.195665] __kmalloc+0x63/0x760 [ 27.199100] ? lock_downgrade+0x980/0x980 [ 27.203231] ? register_shrinker+0x10e/0x2d0 [ 27.207620] ? trace_event_raw_event_module_request+0x320/0x320 [ 27.213661] register_shrinker+0x10e/0x2d0 [ 27.217877] ? __bpf_trace_mm_vmscan_wakeup_kswapd+0x40/0x40 [ 27.223663] ? memcpy+0x45/0x50 [ 27.226928] sget_userns+0xbbf/0xe40 [ 27.230619] ? set_anon_super+0x20/0x20 [ 27.234577] ? put_filp+0x90/0x90 [ 27.238013] ? destroy_unused_super.part.6+0xd0/0xd0 [ 27.243097] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 27.248095] ? trace_hardirqs_off+0x10/0x10 [ 27.252397] ? putname+0xee/0x130 [ 27.255831] ? cap_capable+0x1b5/0x230 [ 27.259700] ? security_capable+0x8e/0xc0 [ 27.263830] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.269002] ? ns_capable_common+0xcf/0x160 [ 27.273305] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.278472] mount_ns+0x6d/0x190 [ 27.281818] rpc_mount+0x9e/0xd0 [ 27.285170] mount_fs+0x66/0x2d0 [ 27.288519] vfs_kern_mount.part.26+0xc6/0x4a0 [ 27.293079] ? may_umount+0xa0/0xa0 [ 27.296686] ? _raw_read_unlock+0x22/0x30 [ 27.300814] ? __get_fs_type+0x8a/0xc0 [ 27.304682] do_mount+0xea4/0x2bb0 [ 27.308206] ? copy_mount_string+0x40/0x40 [ 27.312422] ? rcu_pm_notify+0xc0/0xc0 [ 27.316304] ? copy_mount_options+0x5f/0x2e0 [ 27.320691] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.325688] ? kmem_cache_alloc_trace+0x459/0x740 [ 27.330516] ? kasan_check_write+0x14/0x20 [ 27.334732] ? _copy_from_user+0x99/0x110 [ 27.338867] ? copy_mount_options+0x1f7/0x2e0 [ 27.343342] SyS_mount+0xab/0x120 [ 27.346777] ? copy_mnt_ns+0xb30/0xb30 [ 27.350651] do_syscall_64+0x281/0x940 [ 27.354515] ? vmalloc_sync_all+0x30/0x30 [ 27.358647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.363384] ? syscall_return_slowpath+0x550/0x550 [ 27.368292] ? syscall_return_slowpath+0x2ac/0x550 [ 27.373205] ? prepare_exit_to_usermode+0x350/0x350 [ 27.378203] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.383547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.388374] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.393545] RIP: 0033:0x442759 [ 27.396714] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 27.404401] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 27.411651] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 27.418903] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 [ 27.426153] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.433400] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 27.440664] CPU: 0 PID: 4456 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 27.448013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.457351] Call Trace: [ 27.459919] dump_stack+0x194/0x24d [ 27.463523] ? arch_local_irq_restore+0x53/0x53 [ 27.468167] ? __save_stack_trace+0x7e/0xd0 [ 27.472466] should_fail+0x8c0/0xa40 [ 27.476157] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 27.481231] ? kasan_kmalloc+0xad/0xe0 [ 27.485090] ? kmem_cache_alloc_trace+0x136/0x740 [ 27.489903] ? __memcg_init_list_lru_node+0x169/0x270 [ 27.495066] ? __list_lru_init+0x544/0x750 [ 27.499269] ? sget_userns+0x6b1/0xe40 [ 27.503130] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 27.507855] ? do_mount+0xea4/0x2bb0 [ 27.511541] ? SyS_mount+0xab/0x120 [ 27.515141] ? do_syscall_64+0x281/0x940 [ 27.519177] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.524515] ? find_held_lock+0x35/0x1d0 [ 27.528548] ? __lock_is_held+0xb6/0x140 [ 27.532584] ? check_same_owner+0x320/0x320 [ 27.536880] ? rcu_note_context_switch+0x710/0x710 [ 27.541781] should_failslab+0xec/0x120 [ 27.545726] kmem_cache_alloc_trace+0x4b/0x740 [ 27.550282] ? __kmalloc_node+0x33/0x70 [ 27.554227] ? __kmalloc_node+0x33/0x70 [ 27.558173] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.563161] __memcg_init_list_lru_node+0x169/0x270 [ 27.568150] ? list_lru_add+0x7c0/0x7c0 [ 27.572094] ? __kmalloc_node+0x47/0x70 [ 27.576057] __list_lru_init+0x544/0x750 [ 27.580096] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 27.585957] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.590945] ? lockdep_init_map+0x9/0x10 [ 27.594976] sget_userns+0x6b1/0xe40 [ 27.598662] ? set_anon_super+0x20/0x20 [ 27.602607] ? put_filp+0x90/0x90 [ 27.606039] ? destroy_unused_super.part.6+0xd0/0xd0 [ 27.611130] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 27.616126] ? trace_hardirqs_off+0x10/0x10 [ 27.620430] ? putname+0xee/0x130 [ 27.623866] ? cap_capable+0x1b5/0x230 [ 27.627735] ? security_capable+0x8e/0xc0 [ 27.631856] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.637028] ? ns_capable_common+0xcf/0x160 [ 27.641329] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 27.646487] mount_ns+0x6d/0x190 [ 27.649826] rpc_mount+0x9e/0xd0 [ 27.653163] mount_fs+0x66/0x2d0 [ 27.656502] vfs_kern_mount.part.26+0xc6/0x4a0 [ 27.661056] ? may_umount+0xa0/0xa0 [ 27.664654] ? _raw_read_unlock+0x22/0x30 [ 27.668770] ? __get_fs_type+0x8a/0xc0 [ 27.672630] do_mount+0xea4/0x2bb0 [ 27.676144] ? copy_mount_string+0x40/0x40 [ 27.680353] ? rcu_pm_notify+0xc0/0xc0 [ 27.684215] ? copy_mount_options+0x5f/0x2e0 [ 27.688592] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.693580] ? kmem_cache_alloc_trace+0x459/0x740 [ 27.698395] ? kasan_check_write+0x14/0x20 [ 27.702603] ? copy_mount_options+0x1f7/0x2e0 [ 27.707074] SyS_mount+0xab/0x120 [ 27.710500] ? copy_mnt_ns+0xb30/0xb30 [ 27.714361] do_syscall_64+0x281/0x940 [ 27.718218] ? vmalloc_sync_all+0x30/0x30 [ 27.722338] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.727067] ? syscall_return_slowpath+0x550/0x550 [ 27.731965] ? syscall_return_slowpath+0x2ac/0x550 [ 27.736867] ? prepare_exit_to_usermode+0x350/0x350 [ 27.741856] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.747193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.752014] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.757183] RIP: 0033:0x442759 [ 27.760343] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 27.768028] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 27.775271] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 27.782516] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 executing program executing program [ 27.789761] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.797006] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 27.811498] FAULT_INJECTION: forcing a failure. [ 27.811498] name failslab, interval 1, probability 0, space 0, times 0 [ 27.822741] CPU: 0 PID: 4457 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 27.824349] FAULT_INJECTION: forcing a failure. [ 27.824349] name failslab, interval 1, probability 0, space 0, times 0 [ 27.830080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.830084] Call Trace: [ 27.830107] dump_stack+0x194/0x24d [ 27.830117] ? arch_local_irq_restore+0x53/0x53 [ 27.830127] ? __save_stack_trace+0x7e/0xd0 [ 27.865698] should_fail+0x8c0/0xa40 [ 27.869390] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 27.874474] ? kasan_kmalloc+0xad/0xe0 [ 27.878339] ? kmem_cache_alloc_trace+0x136/0x740 [ 27.883163] ? __memcg_init_list_lru_node+0x169/0x270 [ 27.888332] ? __list_lru_init+0x544/0x750 [ 27.892546] ? sget_userns+0x6b1/0xe40 [ 27.896414] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 27.901146] ? do_mount+0xea4/0x2bb0 [ 27.904836] ? SyS_mount+0xab/0x120 [ 27.908877] ? do_syscall_64+0x281/0x940 [ 27.912921] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.918268] ? find_held_lock+0x35/0x1d0 [ 27.922310] ? __lock_is_held+0xb6/0x140 [ 27.926358] ? check_same_owner+0x320/0x320 [ 27.930666] ? rcu_note_context_switch+0x710/0x710 [ 27.935575] should_failslab+0xec/0x120 [ 27.939530] kmem_cache_alloc_trace+0x4b/0x740 [ 27.944093] ? __kmalloc_node+0x33/0x70 [ 27.948047] ? __kmalloc_node+0x33/0x70 [ 27.952003] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.957004] __memcg_init_list_lru_node+0x169/0x270 [ 27.962004] ? list_lru_add+0x7c0/0x7c0 [ 27.965961] ? __kmalloc_node+0x47/0x70 [ 27.969922] __list_lru_init+0x544/0x750 [ 27.973966] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 27.979829] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.984827] ? lockdep_init_map+0x9/0x10 [ 27.988869] sget_userns+0x6b1/0xe40 [ 27.992562] ? set_anon_super+0x20/0x20 [ 27.996515] ? put_filp+0x90/0x90 [ 27.999953] ? destroy_unused_super.part.6+0xd0/0xd0 [ 28.005040] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 28.010036] ? trace_hardirqs_off+0x10/0x10 [ 28.014339] ? putname+0xee/0x130 [ 28.017777] ? cap_capable+0x1b5/0x230 [ 28.021648] ? security_capable+0x8e/0xc0 [ 28.025777] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.030944] ? ns_capable_common+0xcf/0x160 [ 28.035250] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.040416] mount_ns+0x6d/0x190 [ 28.043764] rpc_mount+0x9e/0xd0 [ 28.047111] mount_fs+0x66/0x2d0 [ 28.050459] vfs_kern_mount.part.26+0xc6/0x4a0 [ 28.055023] ? may_umount+0xa0/0xa0 [ 28.058630] ? _raw_read_unlock+0x22/0x30 [ 28.062755] ? __get_fs_type+0x8a/0xc0 [ 28.066624] do_mount+0xea4/0x2bb0 [ 28.070151] ? copy_mount_string+0x40/0x40 [ 28.074364] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.079359] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.084100] ? retint_kernel+0x10/0x10 [ 28.087972] ? copy_mount_options+0x18b/0x2e0 [ 28.092446] ? __sanitizer_cov_trace_pc+0xa/0x50 [ 28.097181] ? copy_mount_options+0x1f7/0x2e0 [ 28.101655] SyS_mount+0xab/0x120 [ 28.105086] ? copy_mnt_ns+0xb30/0xb30 [ 28.108955] do_syscall_64+0x281/0x940 [ 28.112824] ? vmalloc_sync_all+0x30/0x30 [ 28.116949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.121687] ? syscall_return_slowpath+0x550/0x550 [ 28.126596] ? syscall_return_slowpath+0x2ac/0x550 [ 28.131506] ? prepare_exit_to_usermode+0x350/0x350 [ 28.136505] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 28.141852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.146680] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.151850] RIP: 0033:0x442759 [ 28.155022] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 28.162709] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 28.169957] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 28.177212] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 [ 28.184469] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.191715] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 28.198977] CPU: 1 PID: 4459 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 28.201564] FAULT_INJECTION: forcing a failure. [ 28.201564] name failslab, interval 1, probability 0, space 0, times 0 [ 28.206321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.206325] Call Trace: [ 28.206336] dump_stack+0x194/0x24d [ 28.206349] ? arch_local_irq_restore+0x53/0x53 [ 28.237996] ? __save_stack_trace+0x7e/0xd0 [ 28.242303] should_fail+0x8c0/0xa40 [ 28.245999] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 28.251084] ? kasan_kmalloc+0xad/0xe0 [ 28.254951] ? kmem_cache_alloc_trace+0x136/0x740 [ 28.259772] ? __memcg_init_list_lru_node+0x169/0x270 [ 28.264940] ? __list_lru_init+0x544/0x750 [ 28.269155] ? sget_userns+0x6b1/0xe40 [ 28.273025] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 28.277757] ? do_mount+0xea4/0x2bb0 [ 28.281446] ? SyS_mount+0xab/0x120 [ 28.285052] ? do_syscall_64+0x281/0x940 [ 28.289095] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.294442] ? find_held_lock+0x35/0x1d0 [ 28.298484] ? __lock_is_held+0xb6/0x140 [ 28.302532] ? check_same_owner+0x320/0x320 [ 28.306838] ? rcu_note_context_switch+0x710/0x710 [ 28.311748] should_failslab+0xec/0x120 [ 28.315701] kmem_cache_alloc_trace+0x4b/0x740 [ 28.320271] __memcg_init_list_lru_node+0x169/0x270 [ 28.325269] ? list_lru_add+0x7c0/0x7c0 [ 28.329225] ? __kmalloc_node+0x47/0x70 [ 28.333184] __list_lru_init+0x544/0x750 [ 28.337227] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 28.343093] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.348093] ? lockdep_init_map+0x9/0x10 [ 28.352135] sget_userns+0x6b1/0xe40 [ 28.355828] ? set_anon_super+0x20/0x20 [ 28.359781] ? put_filp+0x90/0x90 [ 28.363216] ? destroy_unused_super.part.6+0xd0/0xd0 [ 28.368305] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 28.373300] ? trace_hardirqs_off+0x10/0x10 [ 28.377601] ? putname+0xee/0x130 [ 28.381037] ? cap_capable+0x1b5/0x230 [ 28.384909] ? security_capable+0x8e/0xc0 [ 28.389039] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.394218] ? ns_capable_common+0xcf/0x160 [ 28.398525] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.403694] mount_ns+0x6d/0x190 [ 28.407043] rpc_mount+0x9e/0xd0 [ 28.410388] mount_fs+0x66/0x2d0 [ 28.413735] vfs_kern_mount.part.26+0xc6/0x4a0 [ 28.418295] ? may_umount+0xa0/0xa0 [ 28.421905] ? _raw_read_unlock+0x22/0x30 [ 28.426035] ? __get_fs_type+0x8a/0xc0 [ 28.429905] do_mount+0xea4/0x2bb0 [ 28.433430] ? copy_mount_string+0x40/0x40 [ 28.437643] ? rcu_pm_notify+0xc0/0xc0 [ 28.441516] ? copy_mount_options+0x5f/0x2e0 [ 28.445904] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.450897] ? kmem_cache_alloc_trace+0x459/0x740 [ 28.455723] ? kasan_check_write+0x14/0x20 [ 28.459943] ? copy_mount_options+0x1f7/0x2e0 [ 28.464419] SyS_mount+0xab/0x120 [ 28.467851] ? copy_mnt_ns+0xb30/0xb30 [ 28.471717] do_syscall_64+0x281/0x940 [ 28.475584] ? vmalloc_sync_all+0x30/0x30 [ 28.479710] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.484444] ? syscall_return_slowpath+0x550/0x550 [ 28.489354] ? syscall_return_slowpath+0x2ac/0x550 [ 28.494265] ? prepare_exit_to_usermode+0x350/0x350 [ 28.499263] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 28.504612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.509440] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.514609] RIP: 0033:0x442759 [ 28.517781] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 28.525469] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 28.532717] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 28.539963] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 [ 28.547212] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.554463] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 28.561727] CPU: 0 PID: 4458 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 28.569078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.578412] Call Trace: [ 28.580972] dump_stack+0x194/0x24d [ 28.584577] ? arch_local_irq_restore+0x53/0x53 [ 28.589218] ? __save_stack_trace+0x7e/0xd0 [ 28.593513] should_fail+0x8c0/0xa40 [ 28.597199] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 28.602306] ? kasan_kmalloc+0xad/0xe0 [ 28.606164] ? kmem_cache_alloc_trace+0x136/0x740 [ 28.610981] ? __memcg_init_list_lru_node+0x169/0x270 [ 28.616142] ? __list_lru_init+0x544/0x750 [ 28.620344] ? sget_userns+0x6b1/0xe40 [ 28.624203] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 28.628926] ? do_mount+0xea4/0x2bb0 [ 28.632610] ? SyS_mount+0xab/0x120 [ 28.636207] ? do_syscall_64+0x281/0x940 [ 28.640240] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.645578] ? find_held_lock+0x35/0x1d0 [ 28.649612] ? __lock_is_held+0xb6/0x140 [ 28.653649] ? check_same_owner+0x320/0x320 [ 28.657943] ? rcu_note_context_switch+0x710/0x710 [ 28.662845] should_failslab+0xec/0x120 [ 28.666791] kmem_cache_alloc_trace+0x4b/0x740 [ 28.671348] __memcg_init_list_lru_node+0x169/0x270 [ 28.676337] ? list_lru_add+0x7c0/0x7c0 [ 28.680280] ? __kmalloc_node+0x47/0x70 [ 28.684233] __list_lru_init+0x544/0x750 [ 28.688276] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 28.694131] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.699121] ? lockdep_init_map+0x9/0x10 [ 28.703161] sget_userns+0x6b1/0xe40 [ 28.706849] ? set_anon_super+0x20/0x20 [ 28.710793] ? put_filp+0x90/0x90 [ 28.714217] ? destroy_unused_super.part.6+0xd0/0xd0 [ 28.719292] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 28.724279] ? trace_hardirqs_off+0x10/0x10 [ 28.728571] ? putname+0xee/0x130 [ 28.731997] ? cap_capable+0x1b5/0x230 [ 28.735866] ? security_capable+0x8e/0xc0 [ 28.739988] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.745153] ? ns_capable_common+0xcf/0x160 [ 28.749445] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 28.754603] mount_ns+0x6d/0x190 [ 28.757941] rpc_mount+0x9e/0xd0 [ 28.761278] mount_fs+0x66/0x2d0 [ 28.764616] vfs_kern_mount.part.26+0xc6/0x4a0 [ 28.769170] ? may_umount+0xa0/0xa0 [ 28.772772] ? _raw_read_unlock+0x22/0x30 [ 28.776891] ? __get_fs_type+0x8a/0xc0 [ 28.780749] do_mount+0xea4/0x2bb0 [ 28.784261] ? copy_mount_string+0x40/0x40 [ 28.788465] ? rcu_pm_notify+0xc0/0xc0 [ 28.792324] ? copy_mount_options+0x5f/0x2e0 [ 28.796709] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.801702] ? kmem_cache_alloc_trace+0x459/0x740 [ 28.806517] ? kasan_check_write+0x14/0x20 [ 28.810722] ? copy_mount_options+0x1f7/0x2e0 [ 28.815190] SyS_mount+0xab/0x120 [ 28.818614] ? copy_mnt_ns+0xb30/0xb30 [ 28.822472] do_syscall_64+0x281/0x940 [ 28.826330] ? vmalloc_sync_all+0x30/0x30 [ 28.830448] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.835185] ? syscall_return_slowpath+0x550/0x550 [ 28.840105] ? syscall_return_slowpath+0x2ac/0x550 [ 28.845034] ? prepare_exit_to_usermode+0x350/0x350 [ 28.850034] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 28.855387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.860207] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.865364] RIP: 0033:0x442759 [ 28.868525] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 28.876206] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442759 [ 28.883445] RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300 [ 28.890686] RBP: 00007fff3b87fcb0 R08: 0000000020000200 R09: 0000000300000000 [ 28.897928] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.905170] R13: 0000000000000003 R14: 0000000000001380 R15: 00007fff3b87f548 [ 28.920220] ------------[ cut here ]------------ [ 28.925029] refcount_t: increment on 0; use-after-free. [ 28.925406] ------------[ cut here ]------------ [ 28.930518] WARNING: CPU: 0 PID: 4439 at lib/refcount.c:153 refcount_inc+0x47/0x50 [ 28.935155] refcount_t: underflow; use-after-free. [ 28.942902] Kernel panic - not syncing: panic_on_warn set ... [ 28.942902] [ 28.942911] CPU: 0 PID: 4439 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 28.942915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.942919] Call Trace: [ 28.942928] dump_stack+0x194/0x24d [ 28.942937] ? arch_local_irq_restore+0x53/0x53 [ 28.947951] WARNING: CPU: 1 PID: 4441 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0 [ 28.955166] ? vsnprintf+0x1ed/0x1900 [ 28.962486] Modules linked in: [ 28.971816] panic+0x1e4/0x41c [ 28.974366] CPU: 1 PID: 4441 Comm: syzkaller848704 Not tainted 4.16.0-rc6+ #43 [ 28.977961] ? refcount_error_report+0x214/0x214 [ 28.982591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.982600] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 28.991229] ? show_regs_print_info+0x18/0x18 [ 28.994991] RSP: 0018:ffff8801b52d7728 EFLAGS: 00010286 [ 28.998160] ? __warn+0x1c1/0x200 [ 29.001312] RAX: dffffc0000000008 RBX: 0000000000000000 RCX: ffffffff815b423e [ 29.001319] RDX: 0000000000000000 RSI: 1ffff10036a5ae95 RDI: 1ffff10036a5ae6a [ 29.008646] ? refcount_inc+0x47/0x50 [ 29.013363] RBP: ffff8801b52d77b8 R08: 0000000000000000 R09: 0000000000000001 [ 29.013369] R10: ffff8801b52d7850 R11: 0000000000000000 R12: 1ffff10036a5aee6 [ 29.022692] __warn+0x1dc/0x200 [ 29.028018] R13: 00000000ffffffff R14: 0000000000000001 R15: ffff8801ada18144 [ 29.032481] ? refcount_inc+0x47/0x50 [ 29.037813] FS: 0000000001a59880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 29.041233] report_bug+0x1f4/0x2b0 [ 29.048470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.055715] fixup_bug.part.10+0x37/0x80 [ 29.059476] CR2: 00007fff3b880000 CR3: 00000001adaaf004 CR4: 00000000001606e0 [ 29.059487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.066725] do_error_trap+0x2d7/0x3e0 [ 29.073958] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.073962] Call Trace: [ 29.077215] ? vprintk_default+0x28/0x30 [ 29.084454] ? refcount_inc+0x50/0x50 [ 29.088221] ? math_error+0x400/0x400 [ 29.096414] ? task_active_pid_ns+0xd0/0xd0 [ 29.100008] ? printk+0xaa/0xca [ 29.105860] ? trace_hardirqs_off+0x10/0x10 [ 29.109886] ? show_regs_print_info+0x18/0x18 [ 29.117130] ? tcp_fastopen_active_disable_ofo_check+0x532/0x870 [ 29.124375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.128224] refcount_dec_and_test+0x1a/0x20 [ 29.135467] do_invalid_op+0x1b/0x20 [ 29.138021] __sk_destruct+0x560/0x920 [ 29.142049] invalid_op+0x1b/0x40 [ 29.145816] ? sk_wait_data+0x610/0x610 [ 29.149581] RIP: 0010:refcount_inc+0x47/0x50 [ 29.153872] ? lock_downgrade+0x980/0x980 [ 29.157113] RSP: 0018:ffff8801add3f860 EFLAGS: 00010286 [ 29.161411] ? lock_release+0xa40/0xa40 [ 29.165871] RAX: dffffc0000000008 RBX: ffff8801add320c4 RCX: ffffffff815b423e [ 29.171983] ? __lock_is_held+0xb6/0x140 [ 29.172000] ? netlink_has_listeners+0x2a0/0x430 [ 29.176797] RDX: 0000000000000000 RSI: 1ffff10035ba7ebc RDI: 1ffff10035ba7e91 [ 29.176802] RBP: ffff8801add3f868 R08: 0000000000000000 R09: 0000000000000000 [ 29.181180] ? refcount_sub_and_test+0x115/0x1b0 [ 29.184858] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801add3faf8 [ 29.184864] R13: ffff8801d911aa93 R14: ffff8801add320c0 R15: ffff8801d911ab01 [ 29.188721] ? netlink_insert+0x350/0x350 [ 29.192145] ? vprintk_func+0x5e/0xc0 [ 29.196082] ? refcount_inc+0x50/0x50 [ 29.200460] sk_alloc+0x3f9/0x1440 [ 29.204575] ? refcount_inc+0x50/0x50 [ 29.209905] ? sock_def_error_report+0x5e0/0x5e0 [ 29.213846] sk_destruct+0x47/0x80 [ 29.221088] ? __raw_spin_lock_init+0x2d/0x100 [ 29.225115] __sk_free+0xf1/0x2b0 [ 29.229837] ? trace_hardirqs_off+0x10/0x10 [ 29.237087] sk_free+0x2a/0x40 [ 29.244328] ? do_raw_write_unlock+0x290/0x290 [ 29.249053] tcp_close+0x967/0x1190 [ 29.256289] ? trace_hardirqs_off+0x10/0x10 [ 29.263533] ? tcp_check_oom+0x500/0x500 [ 29.267649] ? __raw_spin_lock_init+0x1c/0x100 [ 29.271417] ? ip_mc_drop_socket+0x1ce/0x230 [ 29.275182] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.278689] inet_release+0xed/0x1c0 [ 29.282455] ? find_held_lock+0x35/0x1d0 [ 29.287181] sock_release+0x8d/0x1e0 [ 29.290689] ? inet_create+0x3fc/0xf50 [ 29.295236] ? sock_alloc_file+0x560/0x560 [ 29.298655] ? lock_downgrade+0x980/0x980 [ 29.302945] sock_close+0x16/0x20 [ 29.306108] ? lock_release+0xa40/0xa40 [ 29.310660] __fput+0x327/0x7e0 [ 29.314253] ? lock_downgrade+0x980/0x980 [ 29.318542] ? fput+0x140/0x140 [ 29.322578] inet_create+0x47c/0xf50 [ 29.327126] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.331502] ? ipip_gro_receive+0xf0/0xf0 [ 29.336486] ____fput+0x15/0x20 [ 29.340167] ? __lock_is_held+0xb6/0x140 [ 29.344197] task_work_run+0x199/0x270 [ 29.347881] __sock_create+0x4d4/0x850 [ 29.351732] ? task_work_cancel+0x210/0x210 [ 29.355934] ? kernel_sock_ip_overhead+0x4c0/0x4c0 [ 29.360049] ? __close_fd+0x222/0x360 [ 29.363471] ? user_path_create+0x40/0x40 [ 29.367410] ? exit_to_usermode_loop+0x8c/0x2f0 [ 29.370659] SyS_socket+0xeb/0x1d0 [ 29.374777] exit_to_usermode_loop+0x275/0x2f0 [ 29.378024] ? fillonedir+0x250/0x250 [ 29.381705] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 29.386167] ? move_addr_to_kernel+0x60/0x60 [ 29.390280] ? getname_flags+0x256/0x580 [ 29.393527] ? getname_flags+0x256/0x580 [ 29.397553] ? do_syscall_64+0xb7/0x940 [ 29.401405] ? do_syscall_64+0xb7/0x940 [ 29.405260] do_syscall_64+0x6ec/0x940 [ 29.409548] ? move_addr_to_kernel+0x60/0x60 [ 29.414445] ? vmalloc_sync_all+0x30/0x30 [ 29.418212] do_syscall_64+0x281/0x940 [ 29.422325] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.426964] ? vmalloc_sync_all+0x30/0x30 [ 29.430473] ? syscall_return_slowpath+0x550/0x550 [ 29.435020] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.438787] ? syscall_return_slowpath+0x2ac/0x550 [ 29.444289] ? syscall_return_slowpath+0x550/0x550 [ 29.448664] ? prepare_exit_to_usermode+0x350/0x350 [ 29.452692] ? syscall_return_slowpath+0x2ac/0x550 [ 29.456721] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.460662] ? prepare_exit_to_usermode+0x350/0x350 [ 29.464604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.468458] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.472836] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.476953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.480803] RIP: 0033:0x402480 [ 29.485529] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.489640] RSP: 002b:00007fff3b87f408 EFLAGS: 00000246 [ 29.494534] RIP: 0033:0x4451d7 [ 29.499253] ORIG_RAX: 0000000000000003 [ 29.504146] RSP: 002b:00007fff3b87f408 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 29.509050] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000402480 [ 29.514031] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004451d7 [ 29.518926] RDX: 00000000000000e0 RSI: 00007fff3b87fce0 RDI: 0000000000000003 [ 29.524255] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 29.524260] RBP: 00007fff3b87f520 R08: 0000000000000000 R09: 0000000000000001 [ 29.529244] RBP: 00007fff3b87f520 R08: 00007fff3b87f42c R09: 0000000000000001 [ 29.529250] R10: 00007fff3b87f520 R11: 0000000000000246 R12: 00000000006cf4c0 [ 29.534056] R10: 000000000000000a R11: 0000000000000206 R12: 0000000000000003 [ 29.534061] R13: 0000000000000003 R14: 0000000000006724 R15: 00007fff3b87f548 [ 29.539388] R13: 00000000006cee40 R14: 0000000000001380 R15: 00007fff3b87f548 [ 29.539400] Code: 5e 41 5f 5d c3 e8 9a 26 5e fe 80 3d fb 42 d6 05 00 75 1a e8 8c 26 5e fe 48 c7 c7 a0 a7 75 87 c6 05 e6 42 d6 05 01 e8 d9 33 2e fe <0f> 0b 31 db eb a3 e8 6e 26 5e fe 83 fb ff 0f 85 63 ff ff ff 31 [ 29.669298] ---[ end trace c7b69e3df19fd10a ]--- [ 29.674413] Dumping ftrace buffer: [ 29.678069] (ftrace buffer empty) [ 29.681749] Kernel Offset: disabled [ 29.685347] Rebooting in 86400 seconds..