Received: by 10.213.65.68 with SMTP id h4csp1776766imn;
        Sun, 1 Apr 2018 14:50:50 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49TRcyg4ZIypF80xHu1gsFyxeYsYKWzrrm3iln8lINMjV5zNE3ij1NsA4+W65Hf9D0BfOWZ
X-Received: by 2002:a17:902:7785:: with SMTP id o5-v6mr5730283pll.356.1522619450008;
        Sun, 01 Apr 2018 14:50:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522619449; cv=none;
        d=google.com; s=arc-20160816;
        b=EPAyYQs2Tz29bAC0E6lLu86PQIxjtz9Oaox+p0dhbofZZo+EwlL77tNCu1qZmMVSm3
         ahYzV7BVvyqczWeLi58RZ3BTjLDXv7J0a7K1JoLQWVlxZvncNZCFzvTbhCCn6pMWfwnd
         1O3tOxoPY6A3wO521BTdei5TATmLN7BJe/EksdV7Z+hq59gB8ibiiXsG5MfTPnF+DtrU
         gv2B/MXBLEB1eS+FnjqCNjGoDdPZ7xvyYipyEuE787eRiiAQPQbcF8FNlUpHiNbtlH2z
         cOO/EXe8wEq+kRhQBvTM7d//8YP1mRnJ/bBvhiv7+YQ/hDtTltK37oty51Mli+XS2h9Q
         SdOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=suNVlM9HVtKwTTGsj+yO/HLZXZzcces2r4wDhVc5Rtw=;
        b=d8PBSoC7P6Nc3mtMOjJZ0KnElUIo7hkTjV7LTs9vnvSmw1lC1VWFQTrxvPYlongRXo
         lgnCYGUgikkYyj0XOIKNiHXsbaoV1TlPx4n+4HPsRlVAhqFFGoINvxBlL2Ie1q6gRkJ3
         1WyOuJaiXuuSbruWHHC/S6A2ec1f2vhd8cq2OTDa/TnpxF2Qzy9j26EmbRlUr2AdMte1
         pWn3Nc00JKDJZvM+/uvThGd2JLcorg/eTkIyFqiTXJp+OpWAqKHYYxeK+PIV8JzJT6NQ
         oKiubShlBzK0yp3j6KCHozq5NH+xfs59sk7T6t2Xq5sKKnMEWfTIp5oCTqCauE4tclkD
         IEwA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QWmMrRWu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r8si8725780pgq.593.2018.04.01.14.50.24;
        Sun, 01 Apr 2018 14:50:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QWmMrRWu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753968AbeDAVse (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Sun, 1 Apr 2018 17:48:34 -0400
Received: from mail-pl0-f67.google.com ([209.85.160.67]:45738 "EHLO
        mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751046AbeDAVsc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 1 Apr 2018 17:48:32 -0400
Received: by mail-pl0-f67.google.com with SMTP id v18-v6so1051420ply.12;
        Sun, 01 Apr 2018 14:48:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=suNVlM9HVtKwTTGsj+yO/HLZXZzcces2r4wDhVc5Rtw=;
        b=QWmMrRWulFEMf/OG+rZNTzcZytjQPdV25Vpbru8tb4BnmUQGse/++6HEI1GF5fEffq
         0ZQlrzJFzuV1NhYV+9vZ08U8JdmebKmjBo78sGpficGvVBPfwnaGP80YHVw3eJ5VHjCq
         /6+P083u7epSjhZYOZg5TIRTMFimDFyek4yUDCcJWQW8vDVtI/VjAm8eXvi8UN/Hm86t
         tAWydi/6xJX6/rSO5XWX6BEecc9xanVnC+tc3DklJlK9MX72vRtIVf2rUHyzBrJfwW4o
         MZjyr5lxWJoTwakQdVih6rL2uC5AJvw6K76UhWPV6TuzeXguiMM+gW2vwile+UUmX0e3
         2asw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=suNVlM9HVtKwTTGsj+yO/HLZXZzcces2r4wDhVc5Rtw=;
        b=MW5DkD5fEFM2VojrqOWrIyag9boyta+6tWGXpfMWeYPilaXdyTA7XbBfCngABEmw3g
         +yroXF02svdo5Fx2rh7w0tNYkN+fkMXIQJDt0CVwiwFmmuzeBNNd3IcJRZXoIXQUHOAM
         b8hIHMLToHfVL7KeDCbSSj3S3lteuJDqnkckiQFKKtrWCxAQEcaSnBBueI1sGJenNFo3
         UdpFs07TJ0AKyo7EnH9wvkwCc80Fw64vh8aa2FDYtTYIeRBAEJA1iS05pXh7rmY0geuy
         wOpO0Xjkc0TvChvqa5IySwIPvw4wEQUWNmurAxdRyNGmh6sZtHJVFw/lqsIM23/Qdssp
         4zhw==
X-Gm-Message-State: AElRT7FOY334cIIFDnjGK1iqlSrdAq8J6j7XPRynE23gs9SYkyVZjMJ7
        277y7c2ZqFbJ5EMdQmkZVsd7RaT6
X-Received: by 2002:a17:902:128c:: with SMTP id g12-v6mr7318789pla.98.1522619311560;
        Sun, 01 Apr 2018 14:48:31 -0700 (PDT)
Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198])
        by smtp.gmail.com with ESMTPSA id s78sm27249500pfa.161.2018.04.01.14.48.30
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 01 Apr 2018 14:48:30 -0700 (PDT)
Date:   Sun, 1 Apr 2018 14:48:54 -0700
From:   Eric Biggers <ebiggers3@gmail.com>
To:     Al Viro <viro@ZenIV.linux.org.uk>
Cc:     syzbot <syzbot+f3bd89a5ab3266b10540@syzkaller.appspotmail.com>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        syzkaller-bugs@googlegroups.com, linux-nfs@vger.kernel.org
Subject: Re: BUG: corrupted list in __dentry_kill
Message-ID: <20180401214854.GB743@sol.localdomain>
References: <001a11447acaa9eec40568bd5438@google.com>
 <20180401033519.GZ30522@ZenIV.linux.org.uk>
 <20180401200531.GA30522@ZenIV.linux.org.uk>
 <20180401210508.GA743@sol.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180401210508.GA743@sol.localdomain>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[+Cc linux-nfs]

On Sun, Apr 01, 2018 at 02:05:08PM -0700, Eric Biggers wrote:
> On Sun, Apr 01, 2018 at 09:05:31PM +0100, Al Viro wrote:
> > On Sun, Apr 01, 2018 at 04:35:19AM +0100, Al Viro wrote:
> > > On Sat, Mar 31, 2018 at 04:01:02PM -0700, syzbot wrote:
> > > > Hello,
> > > > 
> > > > syzbot hit the following crash on bpf-next commit
> > > > 7828f20e3779e4e85e55371e0e43f5006a15fb41 (Sat Mar 31 00:17:57 2018 +0000)
> > > > Merge branch 'bpf-cgroup-bind-connect'
> > > > syzbot dashboard link:
> > > > https://syzkaller.appspot.com/bug?extid=f3bd89a5ab3266b10540
> > > > 
> > > > So far this crash happened 22 times on bpf-next, upstream.
> > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6290970458980352
> > > > syzkaller reproducer:
> > > > https://syzkaller.appspot.com/x/repro.syz?id=6577156880596992
> > > > Raw console output:
> > > > https://syzkaller.appspot.com/x/log.txt?id=5107570603720704
> > > > Kernel config:
> > > > https://syzkaller.appspot.com/x/.config?id=5909223872832634926
> > > > compiler: gcc (GCC) 7.1.1 20170620
> > > > 
> > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > Reported-by: syzbot+f3bd89a5ab3266b10540@syzkaller.appspotmail.com
> > > > It will help syzbot understand when the bug is fixed. See footer for
> > > > details.
> > > > If you forward the report, please keep this part and the footer.
> > > > 
> > > > RBP: 00007ffd1bbb3ae0 R08: 0000000020000200 R09: 0000000300000000
> > > > R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
> > > > R13: 0000000000000003 R14: 0000000000001380 R15: 00007ffd1bbb3378
> > > > list_del corruption. prev->next should be 00000000a8104008, but was
> > > > 00000000081c6144
> > > 
> > > Lovely...  I'll look into that tomorrow morning.
> > 
> > Can't reproduce - it reproducer had been running for several hours, with
> > that kernel and that config (gcc 6.3, not 7.1, though), no oopsen...
> > 
> > If somebody can reproduce that thing, I'd appreciate having it bisected
> > a bit...
> > 
> 
> Apparently the reproducer wants to inject a fault into a specific memory
> allocation, and something is causing the memory allocations to be different.  It
> works for me in ~10 seconds after applying the below patch to the C reproducer.
> (I also did 'echo 0 | tee /sys/kernel/debug/fail*/verbose' beforehand to quiet
> all the fault injection messages.)  I'm guessing the bug is in the error
> handling in "rpc_pipefs", but not sure exactly what yet.  The last messages in
> the kernel log before the BUG() were:
> 
> [   42.965515] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry blocklayout
> [   42.967234] net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe nfs/blocklayout (errno = -12)
> 

It's definitely an "rpc_pipefs" bug.  I've simplified the reproducer to the
following:

#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <unistd.h>

int main()
{
        int fd, i;
        char buf[16];

        mkdir("mnt", 0700);
        system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait");
        system("echo 0 | tee /sys/kernel/debug/fail*/verbose");
        fd = open("/proc/thread-self/fail-nth", O_WRONLY);
        for (i = 0; ; i++) {
                write(fd, buf, sprintf(buf, "%d", i));
                mount("foo", "mnt", "rpc_pipefs", 0, NULL);
                umount("mnt");
        }
}

On Linus' tree (10b84daddbec72), the symbolized log output is:

IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
audit: type=1325 audit(1522616460.334:4): table=filter family=3 entries=0
audit: type=1300 audit(1522616460.334:4): arch=c000003e syscall=55 success=yes exit=0 a0=3 a1=0 a2=60 a3=55f3b7fba528 items=0 ppid=3115 pid=3120 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=1 comm="syz_dentry_kill" exe="/root/syz_dentry_kill" subj=kernel key=(null)
audit: type=1327 audit(1522616460.334:4): proctitle="./syz_dentry_kill"
audit: type=1325 audit(1522616460.335:5): table=filter family=2 entries=0
audit: type=1300 audit(1522616460.335:5): arch=c000003e syscall=55 success=yes exit=0 a0=3 a1=0 a2=40 a3=55f3b7fbcd88 items=0 ppid=3115 pid=3120 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=1 comm="syz_dentry_kill" exe="/root/syz_dentry_kill" subj=kernel key=(null)
audit: type=1327 audit(1522616460.335:5): proctitle="./syz_dentry_kill"
audit: type=1325 audit(1522616460.335:6): table=nat family=2 entries=0
IPVS: ftp: loaded support on port[0] = 21
audit: type=1300 audit(1522616460.335:6): arch=c000003e syscall=55 success=yes exit=0 a0=3 a1=0 a2=40 a3=55f3b7fbd448 items=0 ppid=3115 pid=3120 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=1 comm="syz_dentry_kill" exe="/root/syz_dentry_kill" subj=kernel key=(null)
audit: type=1327 audit(1522616460.335:6): proctitle="./syz_dentry_kill"
audit: type=1325 audit(1522616460.336:7): table=mangle family=2 entries=0
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
random: crng init done
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12)
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12)
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12)
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12)
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12)
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory /
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX
net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd
net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry blocklayout
net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe nfs/blocklayout (errno = -12)
list_del corruption. prev->next should be 000000002c929de0, but was 0000000065421b2c
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] SMP KASAN
Modules linked in:
CPU: 2 PID: 5082 Comm: syz_dentry_kill Not tainted 4.16.0-rc6+ #79
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
RIP: 0010:__list_del_entry_valid+0xef/0x150 lib/rational.c:61
RSP: 0018:ffff88002851f7a0 EFLAGS: 00010282
RAX: 0000000000000054 RBX: ffff880025d11c80 RCX: 0000000000000000
RDX: 0000000000000054 RSI: 1ffff100050a3ea9 RDI: ffffed00050a3ee8
RBP: ffff88002851f7b8 R08: 1ffff100050a3e40 R09: 0000000000000000
R10: ffff88002851f778 R11: 0000000000000000 R12: ffff8800271c2de0
R13: 1ffff100050a3efd R14: ffff880025c1fc70 R15: dffffc0000000000
FS:  00007f87e8a72740(0000) GS:ffff880035900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffef7017aa0 CR3: 000000002e7b8000 CR4: 00000000003406e0
Call Trace:
 __dentry_kill+0x265/0x700 fs/dcache.c:1027
 dput.part.20+0x5a0/0x830
 dput+0x1f/0x30 fs/dcache.c:852
 rcu_read_lock include/linux/rcupdate.h:631 [inline]
 net_generic include/net/netns/generic.h:44 [inline]
 rpc_fill_super+0x628/0xae0 net/sunrpc/rpc_pipe.c:942
 dget include/linux/dcache.h:327 [inline]
 mount_ns+0xc6/0x190 fs/super.c:1045
 rpc_mount+0x9e/0xd0 net/sunrpc/rpc_pipe.c:1494
 mount_fs+0x6b/0x2d0 fs/super.c:1242
 vfs_kern_mount.part.26+0xc6/0x4a0
 do_mount+0xea4/0x2bb0 fs/namespace.c:2973
 copy_mount_string fs/namespace.c:2746 [inline]
 SYSC_mount fs/namespace.c:3048 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3035
 prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
 do_syscall_32_irqs_on arch/x86/entry/common.c:336 [inline]
 do_syscall_64+0x283/0x940 arch/x86/entry/common.c:344
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7f87e8173879
RSP: 002b:00007ffef7016c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f87e8173879
RDX: 00000000200002c0 RSI: 0000000020000140 RDI: 0000000020000300
RBP: 00007ffef7017aa0 R08: 0000000020000200 R09: 000055f3b7fba520
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000003 R14: 00007ffef7016c8c R15: 00007ffef7016c84
Code: 4c 89 e2 48 c7 c7 80 c0 75 87 e8 d5 7e 46 fe 0f 0b 48 c7 c7 e0 c0 75 87 e8 c7 7e 46 fe 0f 0b 48 c7 c7 40 c1 75 87 e8 b9 7e 46 fe <0f> 0b 48 c7 c7 a0 c1 75 87 e8 ab 7e 46 fe 0f 0b 48 89 df 48 89 
RIP: __list_del_entry_valid+0xef/0x150 lib/rational.c:61 RSP: ffff88002851f7a0
---[ end trace f9e62e977a549c37 ]---