Warning: Permanently added '10.128.1.148' (ECDSA) to the list of known hosts. 2021/11/29 08:03:04 fuzzer started 2021/11/29 08:03:04 connecting to host at 10.128.0.169:42017 2021/11/29 08:03:04 checking machine... 2021/11/29 08:03:04 checking revisions... 2021/11/29 08:03:04 testing simple program... [ 76.495235][ T6515] cgroup: Unknown subsys name 'net' [ 76.501720][ T6515] [ 76.504049][ T6515] ========================= [ 76.508718][ T6515] WARNING: held lock freed! [ 76.514242][ T6515] 5.16.0-rc2-next-20211129-syzkaller #0 Not tainted [ 76.521098][ T6515] ------------------------- [ 76.526804][ T6515] syz-executor/6515 is freeing memory ffff888018ed8000-ffff888018ed81ff, with a lock still held there! [ 76.538503][ T6515] ffff888018ed8148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0 [ 76.548330][ T6515] 2 locks held by syz-executor/6515: [ 76.553703][ T6515] #0: ffffffff8bbc5d08 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900 [ 76.564568][ T6515] #1: ffff888018ed8148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0 [ 76.574946][ T6515] [ 76.574946][ T6515] stack backtrace: [ 76.580823][ T6515] CPU: 0 PID: 6515 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0 [ 76.590528][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.600580][ T6515] Call Trace: [ 76.603878][ T6515] [ 76.606822][ T6515] dump_stack_lvl+0xcd/0x134 [ 76.611414][ T6515] debug_check_no_locks_freed.cold+0x9d/0xa9 [ 76.617850][ T6515] ? lockdep_hardirqs_on+0x79/0x100 [ 76.623042][ T6515] slab_free_freelist_hook+0x73/0x1c0 [ 76.628411][ T6515] ? kernfs_put.part.0+0x331/0x540 [ 76.633703][ T6515] kfree+0xe0/0x430 [ 76.637513][ T6515] ? kmem_cache_free+0xba/0x4a0 [ 76.642357][ T6515] ? rwlock_bug.part.0+0x90/0x90 [ 76.647530][ T6515] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.653775][ T6515] kernfs_put.part.0+0x331/0x540 [ 76.658717][ T6515] kernfs_put+0x42/0x50 [ 76.663008][ T6515] __kernfs_remove+0x7a3/0xb20 [ 76.667814][ T6515] ? kernfs_next_descendant_post+0x2f0/0x2f0 [ 76.674114][ T6515] ? down_write+0xde/0x150 [ 76.678750][ T6515] ? down_write_killable_nested+0x180/0x180 [ 76.684766][ T6515] kernfs_destroy_root+0x89/0xb0 [ 76.689737][ T6515] cgroup_setup_root+0x3a6/0xad0 [ 76.694692][ T6515] ? rebind_subsystems+0x10e0/0x10e0 [ 76.699974][ T6515] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.706210][ T6515] cgroup1_get_tree+0xd33/0x1390 [ 76.711145][ T6515] vfs_get_tree+0x89/0x2f0 [ 76.715591][ T6515] path_mount+0x1320/0x1fa0 [ 76.720165][ T6515] ? kmem_cache_free+0xba/0x4a0 [ 76.725024][ T6515] ? finish_automount+0xaf0/0xaf0 [ 76.730052][ T6515] ? putname+0xfe/0x140 [ 76.734296][ T6515] __x64_sys_mount+0x27f/0x300 [ 76.739331][ T6515] ? copy_mnt_ns+0xae0/0xae0 [ 76.744136][ T6515] ? syscall_enter_from_user_mode+0x21/0x70 [ 76.750212][ T6515] do_syscall_64+0x35/0xb0 [ 76.754635][ T6515] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.760737][ T6515] RIP: 0033:0x7fbe69a3c01a [ 76.765264][ T6515] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 76.785132][ T6515] RSP: 002b:00007ffd7e21bf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.793806][ T6515] RAX: ffffffffffffffda RBX: 00007ffd7e21c0b8 RCX: 00007fbe69a3c01a [ 76.801781][ T6515] RDX: 00007fbe69a9efd6 RSI: 00007fbe69a9529a RDI: 00007fbe69a93d71 [ 76.809839][ T6515] RBP: 00007fbe69a9529a R08: 00007fbe69a953f7 R09: 0000000000000026 [ 76.817809][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7e21bf30 [ 76.825835][ T6515] R13: 00007ffd7e21c0d8 R14: 00007ffd7e21c000 R15: 00007fbe69a953f1 [ 76.834002][ T6515] [ 76.838618][ T6515] ================================================================== [ 76.846774][ T6515] BUG: KASAN: use-after-free in up_write+0x3ac/0x470 [ 76.853467][ T6515] Read of size 8 at addr ffff888018ed8140 by task syz-executor/6515 [ 76.861444][ T6515] [ 76.863750][ T6515] CPU: 0 PID: 6515 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0 [ 76.873519][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.883914][ T6515] Call Trace: [ 76.887184][ T6515] [ 76.890104][ T6515] dump_stack_lvl+0xcd/0x134 [ 76.894780][ T6515] print_address_description.constprop.0.cold+0xa5/0x3ed [ 76.901808][ T6515] ? up_write+0x3ac/0x470 [ 76.906132][ T6515] ? up_write+0x3ac/0x470 [ 76.910553][ T6515] kasan_report.cold+0x83/0xdf [ 76.915470][ T6515] ? up_write+0x3ac/0x470 [ 76.919802][ T6515] up_write+0x3ac/0x470 [ 76.923998][ T6515] cgroup_setup_root+0x3a6/0xad0 [ 76.929143][ T6515] ? rebind_subsystems+0x10e0/0x10e0 [ 76.934422][ T6515] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.940653][ T6515] cgroup1_get_tree+0xd33/0x1390 [ 76.945591][ T6515] vfs_get_tree+0x89/0x2f0 [ 76.950007][ T6515] path_mount+0x1320/0x1fa0 [ 76.954497][ T6515] ? kmem_cache_free+0xba/0x4a0 [ 76.959334][ T6515] ? finish_automount+0xaf0/0xaf0 [ 76.964476][ T6515] ? putname+0xfe/0x140 [ 76.969153][ T6515] __x64_sys_mount+0x27f/0x300 [ 76.973989][ T6515] ? copy_mnt_ns+0xae0/0xae0 [ 76.978585][ T6515] ? syscall_enter_from_user_mode+0x21/0x70 [ 76.984485][ T6515] do_syscall_64+0x35/0xb0 [ 76.988900][ T6515] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.994889][ T6515] RIP: 0033:0x7fbe69a3c01a [ 76.999289][ T6515] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 77.018887][ T6515] RSP: 002b:00007ffd7e21bf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.027339][ T6515] RAX: ffffffffffffffda RBX: 00007ffd7e21c0b8 RCX: 00007fbe69a3c01a [ 77.035433][ T6515] RDX: 00007fbe69a9efd6 RSI: 00007fbe69a9529a RDI: 00007fbe69a93d71 [ 77.043512][ T6515] RBP: 00007fbe69a9529a R08: 00007fbe69a953f7 R09: 0000000000000026 [ 77.051728][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7e21bf30 [ 77.060465][ T6515] R13: 00007ffd7e21c0d8 R14: 00007ffd7e21c000 R15: 00007fbe69a953f1 [ 77.068708][ T6515] [ 77.071724][ T6515] [ 77.074035][ T6515] Allocated by task 6515: [ 77.078352][ T6515] kasan_save_stack+0x1e/0x50 [ 77.083030][ T6515] __kasan_kmalloc+0xa9/0xd0 [ 77.087739][ T6515] kernfs_create_root+0x4c/0x410 [ 77.092782][ T6515] cgroup_setup_root+0x243/0xad0 [ 77.097922][ T6515] cgroup1_get_tree+0xd33/0x1390 [ 77.102871][ T6515] vfs_get_tree+0x89/0x2f0 [ 77.107398][ T6515] path_mount+0x1320/0x1fa0 [ 77.111926][ T6515] __x64_sys_mount+0x27f/0x300 [ 77.116697][ T6515] do_syscall_64+0x35/0xb0 [ 77.121115][ T6515] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.127866][ T6515] [ 77.130173][ T6515] Freed by task 6515: [ 77.134131][ T6515] kasan_save_stack+0x1e/0x50 [ 77.138978][ T6515] kasan_set_track+0x21/0x30 [ 77.143585][ T6515] kasan_set_free_info+0x20/0x30 [ 77.148706][ T6515] __kasan_slab_free+0x103/0x170 [ 77.153642][ T6515] slab_free_freelist_hook+0x8b/0x1c0 [ 77.159011][ T6515] kfree+0xe0/0x430 [ 77.162923][ T6515] kernfs_put.part.0+0x331/0x540 [ 77.167969][ T6515] kernfs_put+0x42/0x50 [ 77.172210][ T6515] __kernfs_remove+0x7a3/0xb20 [ 77.176963][ T6515] kernfs_destroy_root+0x89/0xb0 [ 77.181894][ T6515] cgroup_setup_root+0x3a6/0xad0 [ 77.186998][ T6515] cgroup1_get_tree+0xd33/0x1390 [ 77.191922][ T6515] vfs_get_tree+0x89/0x2f0 [ 77.196336][ T6515] path_mount+0x1320/0x1fa0 [ 77.200838][ T6515] __x64_sys_mount+0x27f/0x300 [ 77.205888][ T6515] do_syscall_64+0x35/0xb0 [ 77.210325][ T6515] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.216410][ T6515] [ 77.218892][ T6515] The buggy address belongs to the object at ffff888018ed8000 [ 77.218892][ T6515] which belongs to the cache kmalloc-512 of size 512 [ 77.233188][ T6515] The buggy address is located 320 bytes inside of [ 77.233188][ T6515] 512-byte region [ffff888018ed8000, ffff888018ed8200) [ 77.246923][ T6515] The buggy address belongs to the page: [ 77.252532][ T6515] page:ffffea000063b600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18ed8 [ 77.262757][ T6515] head:ffffea000063b600 order:2 compound_mapcount:0 compound_pincount:0 [ 77.271068][ T6515] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 77.279059][ T6515] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41c80 [ 77.287628][ T6515] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 77.296300][ T6515] page dumped because: kasan: bad access detected [ 77.302792][ T6515] page_owner tracks the page as allocated [ 77.308683][ T6515] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 543, ts 7986705136, free_ts 0 [ 77.327052][ T6515] get_page_from_freelist+0xa72/0x2f40 [ 77.332771][ T6515] __alloc_pages+0x1b2/0x500 [ 77.337535][ T6515] alloc_pages+0x1a7/0x300 [ 77.341947][ T6515] new_slab+0x261/0x460 [ 77.346271][ T6515] ___slab_alloc+0x798/0xf30 [ 77.351106][ T6515] __slab_alloc.constprop.0+0x4d/0xa0 [ 77.356616][ T6515] kmem_cache_alloc_trace+0x289/0x2c0 [ 77.362071][ T6515] alloc_bprm+0x51/0x8f0 [ 77.366320][ T6515] kernel_execve+0x55/0x460 [ 77.370809][ T6515] call_usermodehelper_exec_async+0x2e3/0x580 [ 77.376885][ T6515] ret_from_fork+0x1f/0x30 [ 77.381295][ T6515] page_owner free stack trace missing [ 77.386636][ T6515] [ 77.388936][ T6515] Memory state around the buggy address: [ 77.395496][ T6515] ffff888018ed8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.403570][ T6515] ffff888018ed8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.411716][ T6515] >ffff888018ed8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.420122][ T6515] ^ [ 77.426538][ T6515] ffff888018ed8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.434705][ T6515] ffff888018ed8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.442879][ T6515] ================================================================== [ 77.452606][ T6515] Kernel panic - not syncing: panic_on_warn set ... [ 77.459299][ T6515] CPU: 0 PID: 6515 Comm: syz-executor Tainted: G B 5.16.0-rc2-next-20211129-syzkaller #0 [ 77.470415][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.480592][ T6515] Call Trace: [ 77.483863][ T6515] [ 77.486895][ T6515] dump_stack_lvl+0xcd/0x134 [ 77.491854][ T6515] panic+0x2b0/0x6dd [ 77.495755][ T6515] ? __warn_printk+0xf3/0xf3 [ 77.500342][ T6515] ? preempt_schedule_common+0x59/0xc0 [ 77.505806][ T6515] ? up_write+0x3ac/0x470 [ 77.510133][ T6515] ? preempt_schedule_thunk+0x16/0x18 [ 77.515518][ T6515] ? trace_hardirqs_on+0x38/0x1c0 [ 77.520541][ T6515] ? trace_hardirqs_on+0x51/0x1c0 [ 77.525911][ T6515] ? up_write+0x3ac/0x470 [ 77.530269][ T6515] ? up_write+0x3ac/0x470 [ 77.534608][ T6515] end_report.cold+0x63/0x6f [ 77.539223][ T6515] kasan_report.cold+0x71/0xdf [ 77.544162][ T6515] ? up_write+0x3ac/0x470 [ 77.548485][ T6515] up_write+0x3ac/0x470 [ 77.552726][ T6515] cgroup_setup_root+0x3a6/0xad0 [ 77.557669][ T6515] ? rebind_subsystems+0x10e0/0x10e0 [ 77.562955][ T6515] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 77.569202][ T6515] cgroup1_get_tree+0xd33/0x1390 [ 77.574157][ T6515] vfs_get_tree+0x89/0x2f0 [ 77.578574][ T6515] path_mount+0x1320/0x1fa0 [ 77.583443][ T6515] ? kmem_cache_free+0xba/0x4a0 [ 77.588482][ T6515] ? finish_automount+0xaf0/0xaf0 [ 77.594204][ T6515] ? putname+0xfe/0x140 [ 77.598389][ T6515] __x64_sys_mount+0x27f/0x300 [ 77.603607][ T6515] ? copy_mnt_ns+0xae0/0xae0 [ 77.608197][ T6515] ? syscall_enter_from_user_mode+0x21/0x70 [ 77.615235][ T6515] do_syscall_64+0x35/0xb0 [ 77.619668][ T6515] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.625574][ T6515] RIP: 0033:0x7fbe69a3c01a [ 77.630154][ T6515] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 77.650025][ T6515] RSP: 002b:00007ffd7e21bf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.658535][ T6515] RAX: ffffffffffffffda RBX: 00007ffd7e21c0b8 RCX: 00007fbe69a3c01a [ 77.666505][ T6515] RDX: 00007fbe69a9efd6 RSI: 00007fbe69a9529a RDI: 00007fbe69a93d71 [ 77.674645][ T6515] RBP: 00007fbe69a9529a R08: 00007fbe69a953f7 R09: 0000000000000026 [ 77.682620][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7e21bf30 [ 77.690686][ T6515] R13: 00007ffd7e21c0d8 R14: 00007ffd7e21c000 R15: 00007fbe69a953f1 [ 77.699093][ T6515] [ 77.702341][ T6515] Kernel Offset: disabled [ 77.706653][ T6515] Rebooting in 86400 seconds..