         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts.
2021/12/03 12:02:03 fuzzer started
2021/12/03 12:02:03 connecting to host at 10.128.0.169:37075
2021/12/03 12:02:03 checking machine...
2021/12/03 12:02:03 checking revisions...
2021/12/03 12:02:03 testing simple program...
syzkaller login: [   71.247108][ T6550] cgroup: Unknown subsys name 'net'
[   71.253277][ T6550] 
[   71.255694][ T6550] =========================
[   71.260271][ T6550] WARNING: held lock freed!
[   71.264982][ T6550] 5.16.0-rc3-next-20211203-syzkaller #0 Not tainted
[   71.271750][ T6550] -------------------------
[   71.276241][ T6550] syz-executor/6550 is freeing memory ffff88801e611400-ffff88801e6115ff, with a lock still held there!
[   71.287377][ T6550] ffff88801e611548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   71.297300][ T6550] 2 locks held by syz-executor/6550:
[   71.302570][ T6550]  #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   71.313085][ T6550]  #1: ffff88801e611548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   71.323247][ T6550] 
[   71.323247][ T6550] stack backtrace:
[   71.329269][ T6550] CPU: 0 PID: 6550 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   71.339077][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.349129][ T6550] Call Trace:
[   71.352412][ T6550]  <TASK>
[   71.355336][ T6550]  dump_stack_lvl+0xcd/0x134
[   71.359941][ T6550]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   71.365929][ T6550]  ? lockdep_hardirqs_on+0x79/0x100
[   71.371217][ T6550]  slab_free_freelist_hook+0x73/0x1c0
[   71.376597][ T6550]  ? kernfs_put.part.0+0x331/0x540
[   71.381812][ T6550]  kfree+0xd0/0x4b0
[   71.385609][ T6550]  ? kmem_cache_free+0xdd/0x580
[   71.390547][ T6550]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   71.396802][ T6550]  kernfs_put.part.0+0x331/0x540
[   71.401913][ T6550]  kernfs_put+0x42/0x50
[   71.406059][ T6550]  __kernfs_remove+0x7a3/0xb20
[   71.410817][ T6550]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   71.416883][ T6550]  ? down_write+0xde/0x150
[   71.421311][ T6550]  ? down_write_killable_nested+0x180/0x180
[   71.427203][ T6550]  kernfs_destroy_root+0x89/0xb0
[   71.432134][ T6550]  cgroup_setup_root+0x3a6/0xad0
[   71.437066][ T6550]  ? rebind_subsystems+0x10e0/0x10e0
[   71.442375][ T6550]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.448628][ T6550]  cgroup1_get_tree+0xd33/0x1390
[   71.453598][ T6550]  vfs_get_tree+0x89/0x2f0
[   71.458100][ T6550]  path_mount+0x1320/0x1fa0
[   71.462773][ T6550]  ? kmem_cache_free+0xdd/0x580
[   71.467619][ T6550]  ? finish_automount+0xaf0/0xaf0
[   71.472816][ T6550]  ? putname+0xfe/0x140
[   71.477005][ T6550]  __x64_sys_mount+0x27f/0x300
[   71.481761][ T6550]  ? copy_mnt_ns+0xae0/0xae0
[   71.486454][ T6550]  ? syscall_enter_from_user_mode+0x21/0x70
[   71.492535][ T6550]  do_syscall_64+0x35/0xb0
[   71.497099][ T6550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.503010][ T6550] RIP: 0033:0x7f015311b04a
[   71.507430][ T6550] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   71.527437][ T6550] RSP: 002b:00007ffcf2a8b318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   71.536027][ T6550] RAX: ffffffffffffffda RBX: 00007ffcf2a8b4a8 RCX: 00007f015311b04a
[   71.544096][ T6550] RDX: 00007f015317e012 RSI: 00007f01531742cc RDI: 00007f0153172d71
[   71.552147][ T6550] RBP: 00007f01531742cc R08: 00007f0153174429 R09: 0000000000000026
[   71.560107][ T6550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf2a8b320
[   71.568070][ T6550] R13: 00007ffcf2a8b4c8 R14: 00007ffcf2a8b3f0 R15: 00007f0153174423
[   71.576219][ T6550]  </TASK>
[   71.580638][ T6550] ==================================================================
[   71.588702][ T6550] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   71.595485][ T6550] Read of size 8 at addr ffff88801e611540 by task syz-executor/6550
[   71.603532][ T6550] 
[   71.605839][ T6550] CPU: 0 PID: 6550 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   71.615531][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.625652][ T6550] Call Trace:
[   71.628910][ T6550]  <TASK>
[   71.631831][ T6550]  dump_stack_lvl+0xcd/0x134
[   71.636418][ T6550]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   71.643428][ T6550]  ? up_write+0x3ac/0x470
[   71.647745][ T6550]  ? up_write+0x3ac/0x470
[   71.652055][ T6550]  kasan_report.cold+0x83/0xdf
[   71.656810][ T6550]  ? up_write+0x3ac/0x470
[   71.661129][ T6550]  up_write+0x3ac/0x470
[   71.665277][ T6550]  cgroup_setup_root+0x3a6/0xad0
[   71.670356][ T6550]  ? rebind_subsystems+0x10e0/0x10e0
[   71.675726][ T6550]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.681968][ T6550]  cgroup1_get_tree+0xd33/0x1390
[   71.686985][ T6550]  vfs_get_tree+0x89/0x2f0
[   71.691413][ T6550]  path_mount+0x1320/0x1fa0
[   71.695921][ T6550]  ? kmem_cache_free+0xdd/0x580
[   71.700768][ T6550]  ? finish_automount+0xaf0/0xaf0
[   71.705792][ T6550]  ? putname+0xfe/0x140
[   71.709942][ T6550]  __x64_sys_mount+0x27f/0x300
[   71.714689][ T6550]  ? copy_mnt_ns+0xae0/0xae0
[   71.719266][ T6550]  ? syscall_enter_from_user_mode+0x21/0x70
[   71.725153][ T6550]  do_syscall_64+0x35/0xb0
[   71.729554][ T6550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.735426][ T6550] RIP: 0033:0x7f015311b04a
[   71.739819][ T6550] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   71.759494][ T6550] RSP: 002b:00007ffcf2a8b318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   71.767888][ T6550] RAX: ffffffffffffffda RBX: 00007ffcf2a8b4a8 RCX: 00007f015311b04a
[   71.775846][ T6550] RDX: 00007f015317e012 RSI: 00007f01531742cc RDI: 00007f0153172d71
[   71.783891][ T6550] RBP: 00007f01531742cc R08: 00007f0153174429 R09: 0000000000000026
[   71.791851][ T6550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf2a8b320
[   71.799810][ T6550] R13: 00007ffcf2a8b4c8 R14: 00007ffcf2a8b3f0 R15: 00007f0153174423
[   71.807785][ T6550]  </TASK>
[   71.810801][ T6550] 
[   71.813103][ T6550] Allocated by task 6550:
[   71.817406][ T6550]  kasan_save_stack+0x1e/0x40
[   71.822084][ T6550]  __kasan_kmalloc+0xa9/0xd0
[   71.826757][ T6550]  kernfs_create_root+0x4c/0x410
[   71.831723][ T6550]  cgroup_setup_root+0x243/0xad0
[   71.836671][ T6550]  cgroup1_get_tree+0xd33/0x1390
[   71.841619][ T6550]  vfs_get_tree+0x89/0x2f0
[   71.846027][ T6550]  path_mount+0x1320/0x1fa0
[   71.850519][ T6550]  __x64_sys_mount+0x27f/0x300
[   71.855292][ T6550]  do_syscall_64+0x35/0xb0
[   71.859717][ T6550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.865605][ T6550] 
[   71.867928][ T6550] Freed by task 6550:
[   71.871885][ T6550]  kasan_save_stack+0x1e/0x40
[   71.876548][ T6550]  kasan_set_track+0x21/0x30
[   71.881123][ T6550]  kasan_set_free_info+0x20/0x30
[   71.886041][ T6550]  ____kasan_slab_free+0x166/0x1a0
[   71.891146][ T6550]  slab_free_freelist_hook+0x8b/0x1c0
[   71.896511][ T6550]  kfree+0xd0/0x4b0
[   71.900301][ T6550]  kernfs_put.part.0+0x331/0x540
[   71.905224][ T6550]  kernfs_put+0x42/0x50
[   71.909368][ T6550]  __kernfs_remove+0x7a3/0xb20
[   71.914117][ T6550]  kernfs_destroy_root+0x89/0xb0
[   71.919140][ T6550]  cgroup_setup_root+0x3a6/0xad0
[   71.924074][ T6550]  cgroup1_get_tree+0xd33/0x1390
[   71.929001][ T6550]  vfs_get_tree+0x89/0x2f0
[   71.933494][ T6550]  path_mount+0x1320/0x1fa0
[   71.938091][ T6550]  __x64_sys_mount+0x27f/0x300
[   71.942837][ T6550]  do_syscall_64+0x35/0xb0
[   71.947234][ T6550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.953123][ T6550] 
[   71.955427][ T6550] The buggy address belongs to the object at ffff88801e611400
[   71.955427][ T6550]  which belongs to the cache kmalloc-512 of size 512
[   71.969471][ T6550] The buggy address is located 320 bytes inside of
[   71.969471][ T6550]  512-byte region [ffff88801e611400, ffff88801e611600)
[   71.982726][ T6550] The buggy address belongs to the page:
[   71.988348][ T6550] page:ffffea0000798400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e610
[   71.998514][ T6550] head:ffffea0000798400 order:2 compound_mapcount:0 compound_pincount:0
[   72.006842][ T6550] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   72.014968][ T6550] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c41c80
[   72.023628][ T6550] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   72.032399][ T6550] page dumped because: kasan: bad access detected
[   72.038807][ T6550] page_owner tracks the page as allocated
[   72.044507][ T6550] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1944, ts 11967646014, free_ts 0
[   72.062818][ T6550]  get_page_from_freelist+0xa72/0x2f40
[   72.068263][ T6550]  __alloc_pages+0x1b2/0x500
[   72.072835][ T6550]  alloc_pages+0x1aa/0x310
[   72.077255][ T6550]  new_slab+0x28d/0x3a0
[   72.081489][ T6550]  ___slab_alloc+0x6be/0xd60
[   72.086070][ T6550]  __slab_alloc.constprop.0+0x4d/0xa0
[   72.091424][ T6550]  kmem_cache_alloc_trace+0x289/0x2c0
[   72.096876][ T6550]  alloc_bprm+0x51/0x8f0
[   72.101098][ T6550]  kernel_execve+0x55/0x460
[   72.105582][ T6550]  call_usermodehelper_exec_async+0x2e3/0x580
[   72.111640][ T6550]  ret_from_fork+0x1f/0x30
[   72.116037][ T6550] page_owner free stack trace missing
[   72.121508][ T6550] 
[   72.123833][ T6550] Memory state around the buggy address:
[   72.129456][ T6550]  ffff88801e611400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.137502][ T6550]  ffff88801e611480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.145630][ T6550] >ffff88801e611500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.153775][ T6550]                                            ^
[   72.159925][ T6550]  ffff88801e611580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.168157][ T6550]  ffff88801e611600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.176462][ T6550] ==================================================================
[   72.186433][ T6550] Kernel panic - not syncing: panic_on_warn set ...
[   72.193112][ T6550] CPU: 0 PID: 6550 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211203-syzkaller #0
[   72.204405][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.214450][ T6550] Call Trace:
[   72.217732][ T6550]  <TASK>
[   72.220657][ T6550]  dump_stack_lvl+0xcd/0x134
[   72.225249][ T6550]  panic+0x2b0/0x6dd
[   72.229138][ T6550]  ? __warn_printk+0xf3/0xf3
[   72.233722][ T6550]  ? preempt_schedule_common+0x59/0xc0
[   72.239173][ T6550]  ? up_write+0x3ac/0x470
[   72.243578][ T6550]  ? preempt_schedule_thunk+0x16/0x18
[   72.248944][ T6550]  ? trace_hardirqs_on+0x38/0x1c0
[   72.253956][ T6550]  ? trace_hardirqs_on+0x51/0x1c0
[   72.259055][ T6550]  ? up_write+0x3ac/0x470
[   72.263389][ T6550]  ? up_write+0x3ac/0x470
[   72.267796][ T6550]  end_report.cold+0x63/0x6f
[   72.272384][ T6550]  kasan_report.cold+0x71/0xdf
[   72.277140][ T6550]  ? up_write+0x3ac/0x470
[   72.281456][ T6550]  up_write+0x3ac/0x470
[   72.285600][ T6550]  cgroup_setup_root+0x3a6/0xad0
[   72.290529][ T6550]  ? rebind_subsystems+0x10e0/0x10e0
[   72.295808][ T6550]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   72.302043][ T6550]  cgroup1_get_tree+0xd33/0x1390
[   72.306977][ T6550]  vfs_get_tree+0x89/0x2f0
[   72.311385][ T6550]  path_mount+0x1320/0x1fa0
[   72.315894][ T6550]  ? kmem_cache_free+0xdd/0x580
[   72.320753][ T6550]  ? finish_automount+0xaf0/0xaf0
[   72.325778][ T6550]  ? putname+0xfe/0x140
[   72.330035][ T6550]  __x64_sys_mount+0x27f/0x300
[   72.334795][ T6550]  ? copy_mnt_ns+0xae0/0xae0
[   72.339496][ T6550]  ? syscall_enter_from_user_mode+0x21/0x70
[   72.345402][ T6550]  do_syscall_64+0x35/0xb0
[   72.349833][ T6550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   72.355721][ T6550] RIP: 0033:0x7f015311b04a
[   72.360130][ T6550] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   72.379916][ T6550] RSP: 002b:00007ffcf2a8b318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   72.388840][ T6550] RAX: ffffffffffffffda RBX: 00007ffcf2a8b4a8 RCX: 00007f015311b04a
[   72.396802][ T6550] RDX: 00007f015317e012 RSI: 00007f01531742cc RDI: 00007f0153172d71
[   72.404767][ T6550] RBP: 00007f01531742cc R08: 00007f0153174429 R09: 0000000000000026
[   72.412743][ T6550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf2a8b320
[   72.420721][ T6550] R13: 00007ffcf2a8b4c8 R14: 00007ffcf2a8b3f0 R15: 00007f0153174423
[   72.428777][ T6550]  </TASK>
[   72.432074][ T6550] Kernel Offset: disabled
[   72.436385][ T6550] Rebooting in 86400 seconds..