Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts.
2021/11/29 15:17:27 fuzzer started
2021/11/29 15:17:27 connecting to host at 10.128.0.169:45543
2021/11/29 15:17:27 checking machine...
2021/11/29 15:17:27 checking revisions...
2021/11/29 15:17:27 testing simple program...
[   73.854192][ T6541] cgroup: Unknown subsys name 'net'
[   73.860448][ T6541] 
[   73.862786][ T6541] =========================
[   73.867286][ T6541] WARNING: held lock freed!
[   73.871814][ T6541] 5.16.0-rc2-next-20211129-syzkaller #0 Not tainted
[   73.878468][ T6541] -------------------------
[   73.882943][ T6541] syz-executor/6541 is freeing memory ffff888023414400-ffff8880234145ff, with a lock still held there!
[   73.893939][ T6541] ffff888023414548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   73.903664][ T6541] 2 locks held by syz-executor/6541:
[   73.908924][ T6541]  #0: ffffffff8bbc5d08 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   73.919450][ T6541]  #1: ffff888023414548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   73.929611][ T6541] 
[   73.929611][ T6541] stack backtrace:
[   73.935482][ T6541] CPU: 0 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0
[   73.945180][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.955220][ T6541] Call Trace:
[   73.958493][ T6541]  <TASK>
[   73.961668][ T6541]  dump_stack_lvl+0xcd/0x134
[   73.966254][ T6541]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   73.972243][ T6541]  ? lockdep_hardirqs_on+0x79/0x100
[   73.977433][ T6541]  slab_free_freelist_hook+0x73/0x1c0
[   73.982880][ T6541]  ? kernfs_put.part.0+0x331/0x540
[   73.987995][ T6541]  kfree+0xe0/0x430
[   73.991789][ T6541]  ? kmem_cache_free+0xba/0x4a0
[   73.996636][ T6541]  ? rwlock_bug.part.0+0x90/0x90
[   74.001670][ T6541]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   74.007904][ T6541]  kernfs_put.part.0+0x331/0x540
[   74.012843][ T6541]  kernfs_put+0x42/0x50
[   74.016999][ T6541]  __kernfs_remove+0x7a3/0xb20
[   74.021932][ T6541]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   74.027926][ T6541]  ? down_write+0xde/0x150
[   74.032422][ T6541]  ? down_write_killable_nested+0x180/0x180
[   74.038317][ T6541]  kernfs_destroy_root+0x89/0xb0
[   74.043248][ T6541]  cgroup_setup_root+0x3a6/0xad0
[   74.048176][ T6541]  ? rebind_subsystems+0x10e0/0x10e0
[   74.053486][ T6541]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   74.059719][ T6541]  cgroup1_get_tree+0xd33/0x1390
[   74.064650][ T6541]  vfs_get_tree+0x89/0x2f0
[   74.069060][ T6541]  path_mount+0x1320/0x1fa0
[   74.073562][ T6541]  ? kmem_cache_free+0xba/0x4a0
[   74.078399][ T6541]  ? finish_automount+0xaf0/0xaf0
[   74.083433][ T6541]  ? putname+0xfe/0x140
[   74.087582][ T6541]  __x64_sys_mount+0x27f/0x300
[   74.092341][ T6541]  ? copy_mnt_ns+0xae0/0xae0
[   74.097001][ T6541]  ? syscall_enter_from_user_mode+0x21/0x70
[   74.102884][ T6541]  do_syscall_64+0x35/0xb0
[   74.107293][ T6541]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.113186][ T6541] RIP: 0033:0x7f7d2b0d001a
[   74.117583][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   74.137188][ T6541] RSP: 002b:00007ffcf9d74398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.145591][ T6541] RAX: ffffffffffffffda RBX: 00007ffcf9d74528 RCX: 00007f7d2b0d001a
[   74.153563][ T6541] RDX: 00007f7d2b132fe2 RSI: 00007f7d2b12929a RDI: 00007f7d2b127d71
[   74.161517][ T6541] RBP: 00007f7d2b12929a R08: 00007f7d2b1293f7 R09: 0000000000000026
[   74.169474][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf9d743a0
[   74.177524][ T6541] R13: 00007ffcf9d74548 R14: 00007ffcf9d74470 R15: 00007f7d2b1293f1
[   74.185485][ T6541]  </TASK>
[   74.188639][ T6541] ==================================================================
[   74.196703][ T6541] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   74.203387][ T6541] Read of size 8 at addr ffff888023414540 by task syz-executor/6541
[   74.211352][ T6541] 
[   74.213664][ T6541] CPU: 1 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0
[   74.223386][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.233530][ T6541] Call Trace:
[   74.236800][ T6541]  <TASK>
[   74.239722][ T6541]  dump_stack_lvl+0xcd/0x134
[   74.244312][ T6541]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   74.251348][ T6541]  ? up_write+0x3ac/0x470
[   74.255683][ T6541]  ? up_write+0x3ac/0x470
[   74.260003][ T6541]  kasan_report.cold+0x83/0xdf
[   74.264767][ T6541]  ? up_write+0x3ac/0x470
[   74.269178][ T6541]  up_write+0x3ac/0x470
[   74.273331][ T6541]  cgroup_setup_root+0x3a6/0xad0
[   74.278356][ T6541]  ? rebind_subsystems+0x10e0/0x10e0
[   74.283643][ T6541]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   74.289886][ T6541]  cgroup1_get_tree+0xd33/0x1390
[   74.295094][ T6541]  vfs_get_tree+0x89/0x2f0
[   74.299522][ T6541]  path_mount+0x1320/0x1fa0
[   74.304026][ T6541]  ? kmem_cache_free+0xba/0x4a0
[   74.308877][ T6541]  ? finish_automount+0xaf0/0xaf0
[   74.313898][ T6541]  ? putname+0xfe/0x140
[   74.318060][ T6541]  __x64_sys_mount+0x27f/0x300
[   74.322841][ T6541]  ? copy_mnt_ns+0xae0/0xae0
[   74.327434][ T6541]  ? syscall_enter_from_user_mode+0x21/0x70
[   74.333341][ T6541]  do_syscall_64+0x35/0xb0
[   74.337762][ T6541]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.343654][ T6541] RIP: 0033:0x7f7d2b0d001a
[   74.348064][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   74.367669][ T6541] RSP: 002b:00007ffcf9d74398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.376336][ T6541] RAX: ffffffffffffffda RBX: 00007ffcf9d74528 RCX: 00007f7d2b0d001a
[   74.384298][ T6541] RDX: 00007f7d2b132fe2 RSI: 00007f7d2b12929a RDI: 00007f7d2b127d71
[   74.392264][ T6541] RBP: 00007f7d2b12929a R08: 00007f7d2b1293f7 R09: 0000000000000026
[   74.400236][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf9d743a0
[   74.408201][ T6541] R13: 00007ffcf9d74548 R14: 00007ffcf9d74470 R15: 00007f7d2b1293f1
[   74.416185][ T6541]  </TASK>
[   74.419190][ T6541] 
[   74.421500][ T6541] Allocated by task 6541:
[   74.425815][ T6541]  kasan_save_stack+0x1e/0x50
[   74.430498][ T6541]  __kasan_kmalloc+0xa9/0xd0
[   74.435089][ T6541]  kernfs_create_root+0x4c/0x410
[   74.440035][ T6541]  cgroup_setup_root+0x243/0xad0
[   74.444987][ T6541]  cgroup1_get_tree+0xd33/0x1390
[   74.449941][ T6541]  vfs_get_tree+0x89/0x2f0
[   74.454361][ T6541]  path_mount+0x1320/0x1fa0
[   74.458865][ T6541]  __x64_sys_mount+0x27f/0x300
[   74.463980][ T6541]  do_syscall_64+0x35/0xb0
[   74.468406][ T6541]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.474307][ T6541] 
[   74.476713][ T6541] Freed by task 6541:
[   74.480685][ T6541]  kasan_save_stack+0x1e/0x50
[   74.485370][ T6541]  kasan_set_track+0x21/0x30
[   74.489971][ T6541]  kasan_set_free_info+0x20/0x30
[   74.494910][ T6541]  __kasan_slab_free+0x103/0x170
[   74.499879][ T6541]  slab_free_freelist_hook+0x8b/0x1c0
[   74.505253][ T6541]  kfree+0xe0/0x430
[   74.509072][ T6541]  kernfs_put.part.0+0x331/0x540
[   74.514004][ T6541]  kernfs_put+0x42/0x50
[   74.518155][ T6541]  __kernfs_remove+0x7a3/0xb20
[   74.522922][ T6541]  kernfs_destroy_root+0x89/0xb0
[   74.527865][ T6541]  cgroup_setup_root+0x3a6/0xad0
[   74.532817][ T6541]  cgroup1_get_tree+0xd33/0x1390
[   74.537761][ T6541]  vfs_get_tree+0x89/0x2f0
[   74.542173][ T6541]  path_mount+0x1320/0x1fa0
[   74.546670][ T6541]  __x64_sys_mount+0x27f/0x300
[   74.551437][ T6541]  do_syscall_64+0x35/0xb0
[   74.555849][ T6541]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.561735][ T6541] 
[   74.564041][ T6541] The buggy address belongs to the object at ffff888023414400
[   74.564041][ T6541]  which belongs to the cache kmalloc-512 of size 512
[   74.578083][ T6541] The buggy address is located 320 bytes inside of
[   74.578083][ T6541]  512-byte region [ffff888023414400, ffff888023414600)
[   74.591348][ T6541] The buggy address belongs to the page:
[   74.597053][ T6541] page:ffffea00008d0500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23414
[   74.607195][ T6541] head:ffffea00008d0500 order:2 compound_mapcount:0 compound_pincount:0
[   74.615507][ T6541] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   74.623833][ T6541] raw: 00fff00000010200 ffffea0000638500 dead000000000002 ffff888010c41c80
[   74.632403][ T6541] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   74.641061][ T6541] page dumped because: kasan: bad access detected
[   74.647545][ T6541] page_owner tracks the page as allocated
[   74.653240][ T6541] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 13746981952, free_ts 0
[   74.671206][ T6541]  get_page_from_freelist+0xa72/0x2f40
[   74.676662][ T6541]  __alloc_pages+0x1b2/0x500
[   74.681255][ T6541]  alloc_page_interleave+0x1e/0x200
[   74.686475][ T6541]  alloc_pages+0x29f/0x300
[   74.690884][ T6541]  new_slab+0x261/0x460
[   74.695034][ T6541]  ___slab_alloc+0x798/0xf30
[   74.699617][ T6541]  __slab_alloc.constprop.0+0x4d/0xa0
[   74.704986][ T6541]  __kmalloc_node_track_caller+0x2cb/0x360
[   74.710787][ T6541]  __alloc_skb+0xde/0x340
[   74.715115][ T6541]  mpls_netconf_notify_devconf+0x4a/0x110
[   74.720830][ T6541]  mpls_dev_sysctl_register+0x1fe/0x2d0
[   74.726373][ T6541]  mpls_dev_notify+0x211/0x890
[   74.731134][ T6541]  call_netdevice_register_net_notifiers+0xdd/0x2b0
[   74.737810][ T6541]  register_netdevice_notifier+0xf5/0x260
[   74.743523][ T6541]  mpls_init+0x3a/0x13b
[   74.747669][ T6541]  do_one_initcall+0x103/0x650
[   74.752441][ T6541] page_owner free stack trace missing
[   74.757788][ T6541] 
[   74.760091][ T6541] Memory state around the buggy address:
[   74.765702][ T6541]  ffff888023414400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.773751][ T6541]  ffff888023414480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.781802][ T6541] >ffff888023414500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.789845][ T6541]                                            ^
[   74.795982][ T6541]  ffff888023414580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.804031][ T6541]  ffff888023414600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.812073][ T6541] ==================================================================
[   74.821115][ T6541] Kernel panic - not syncing: panic_on_warn set ...
[   74.827709][ T6541] CPU: 0 PID: 6541 Comm: syz-executor Tainted: G    B             5.16.0-rc2-next-20211129-syzkaller #0
[   74.838829][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.848894][ T6541] Call Trace:
[   74.852186][ T6541]  <TASK>
[   74.855116][ T6541]  dump_stack_lvl+0xcd/0x134
[   74.859715][ T6541]  panic+0x2b0/0x6dd
[   74.863708][ T6541]  ? __warn_printk+0xf3/0xf3
[   74.868306][ T6541]  ? preempt_schedule_common+0x59/0xc0
[   74.873764][ T6541]  ? up_write+0x3ac/0x470
[   74.878086][ T6541]  ? preempt_schedule_thunk+0x16/0x18
[   74.883483][ T6541]  ? trace_hardirqs_on+0x38/0x1c0
[   74.888503][ T6541]  ? trace_hardirqs_on+0x51/0x1c0
[   74.893529][ T6541]  ? up_write+0x3ac/0x470
[   74.897850][ T6541]  ? up_write+0x3ac/0x470
[   74.902269][ T6541]  end_report.cold+0x63/0x6f
[   74.906858][ T6541]  kasan_report.cold+0x71/0xdf
[   74.911646][ T6541]  ? up_write+0x3ac/0x470
[   74.915992][ T6541]  up_write+0x3ac/0x470
[   74.920143][ T6541]  cgroup_setup_root+0x3a6/0xad0
[   74.925091][ T6541]  ? rebind_subsystems+0x10e0/0x10e0
[   74.930376][ T6541]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   74.936706][ T6541]  cgroup1_get_tree+0xd33/0x1390
[   74.941643][ T6541]  vfs_get_tree+0x89/0x2f0
[   74.946056][ T6541]  path_mount+0x1320/0x1fa0
[   74.950558][ T6541]  ? kmem_cache_free+0xba/0x4a0
[   74.955409][ T6541]  ? finish_automount+0xaf0/0xaf0
[   74.960443][ T6541]  ? putname+0xfe/0x140
[   74.964604][ T6541]  __x64_sys_mount+0x27f/0x300
[   74.969384][ T6541]  ? copy_mnt_ns+0xae0/0xae0
[   74.973983][ T6541]  ? syscall_enter_from_user_mode+0x21/0x70
[   74.979881][ T6541]  do_syscall_64+0x35/0xb0
[   74.984307][ T6541]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.990210][ T6541] RIP: 0033:0x7f7d2b0d001a
[   74.994620][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   75.014317][ T6541] RSP: 002b:00007ffcf9d74398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.022732][ T6541] RAX: ffffffffffffffda RBX: 00007ffcf9d74528 RCX: 00007f7d2b0d001a
[   75.030696][ T6541] RDX: 00007f7d2b132fe2 RSI: 00007f7d2b12929a RDI: 00007f7d2b127d71
[   75.038660][ T6541] RBP: 00007f7d2b12929a R08: 00007f7d2b1293f7 R09: 0000000000000026
[   75.046631][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf9d743a0
[   75.054590][ T6541] R13: 00007ffcf9d74548 R14: 00007ffcf9d74470 R15: 00007f7d2b1293f1
[   75.062562][ T6541]  </TASK>
[   75.065839][ T6541] Kernel Offset: disabled
[   75.070206][ T6541] Rebooting in 86400 seconds..