[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts.
2021/11/30 08:01:09 fuzzer started
2021/11/30 08:01:09 connecting to host at 10.128.0.169:44631
2021/11/30 08:01:09 checking machine...
2021/11/30 08:01:09 checking revisions...
2021/11/30 08:01:09 testing simple program...
syzkaller login: [ 76.777193][ T6541] cgroup: Unknown subsys name 'net'
[ 76.783622][ T6541]
[ 76.785997][ T6541] =========================
[ 76.790589][ T6541] WARNING: held lock freed!
[ 76.795459][ T6541] 5.16.0-rc3-next-20211130-syzkaller #0 Not tainted
[ 76.802270][ T6541] -------------------------
[ 76.806878][ T6541] syz-executor/6541 is freeing memory ffff8880175af400-ffff8880175af5ff, with a lock still held there!
[ 76.817879][ T6541] ffff8880175af548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 76.827855][ T6541] 2 locks held by syz-executor/6541:
[ 76.833126][ T6541] #0: ffffffff8bbc50c8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 76.843651][ T6541] #1: ffff8880175af548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 76.853833][ T6541]
[ 76.853833][ T6541] stack backtrace:
[ 76.859805][ T6541] CPU: 0 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[ 76.869516][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 76.879565][ T6541] Call Trace:
[ 76.882834][ T6541]
[ 76.885752][ T6541] dump_stack_lvl+0xcd/0x134
[ 76.890346][ T6541] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 76.896461][ T6541] ? lockdep_hardirqs_on+0x79/0x100
[ 76.901686][ T6541] slab_free_freelist_hook+0x73/0x1c0
[ 76.907069][ T6541] ? kernfs_put.part.0+0x331/0x540
[ 76.912338][ T6541] kfree+0xe0/0x430
[ 76.916228][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 76.921332][ T6541] ? rwlock_bug.part.0+0x90/0x90
[ 76.926573][ T6541] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 76.933528][ T6541] kernfs_put.part.0+0x331/0x540
[ 76.938668][ T6541] kernfs_put+0x42/0x50
[ 76.942870][ T6541] __kernfs_remove+0x7a3/0xb20
[ 76.947762][ T6541] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 76.954185][ T6541] ? down_write+0xde/0x150
[ 76.959462][ T6541] ? down_write_killable_nested+0x180/0x180
[ 76.966066][ T6541] kernfs_destroy_root+0x89/0xb0
[ 76.971286][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 76.976890][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 76.982619][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 76.989435][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 76.994467][ T6541] vfs_get_tree+0x89/0x2f0
[ 76.999184][ T6541] path_mount+0x1320/0x1fa0
[ 77.004489][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 77.010018][ T6541] ? finish_automount+0xaf0/0xaf0
[ 77.015333][ T6541] ? putname+0xfe/0x140
[ 77.019508][ T6541] __x64_sys_mount+0x27f/0x300
[ 77.024738][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 77.029593][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 77.035843][ T6541] do_syscall_64+0x35/0xb0
[ 77.040397][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.046556][ T6541] RIP: 0033:0x7fd3fe0b501a
[ 77.050967][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 77.071390][ T6541] RSP: 002b:00007ffce64a6998 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 77.080181][ T6541] RAX: ffffffffffffffda RBX: 00007ffce64a6b28 RCX: 00007fd3fe0b501a
[ 77.088324][ T6541] RDX: 00007fd3fe117fe2 RSI: 00007fd3fe10e29a RDI: 00007fd3fe10cd71
[ 77.096336][ T6541] RBP: 00007fd3fe10e29a R08: 00007fd3fe10e3f7 R09: 0000000000000026
[ 77.104304][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce64a69a0
[ 77.112265][ T6541] R13: 00007ffce64a6b48 R14: 00007ffce64a6a70 R15: 00007fd3fe10e3f1
[ 77.120603][ T6541]
[ 77.124059][ T6541] ==================================================================
[ 77.134655][ T6541] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 77.141344][ T6541] Read of size 8 at addr ffff8880175af540 by task syz-executor/6541
[ 77.149599][ T6541]
[ 77.152006][ T6541] CPU: 1 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[ 77.162773][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.173633][ T6541] Call Trace:
[ 77.176911][ T6541]
[ 77.179838][ T6541] dump_stack_lvl+0xcd/0x134
[ 77.184440][ T6541] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 77.191552][ T6541] ? up_write+0x3ac/0x470
[ 77.196352][ T6541] ? up_write+0x3ac/0x470
[ 77.200759][ T6541] kasan_report.cold+0x83/0xdf
[ 77.205530][ T6541] ? up_write+0x3ac/0x470
[ 77.209849][ T6541] up_write+0x3ac/0x470
[ 77.214011][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 77.218940][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 77.224385][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 77.230713][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 77.235846][ T6541] vfs_get_tree+0x89/0x2f0
[ 77.240481][ T6541] path_mount+0x1320/0x1fa0
[ 77.244995][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 77.249934][ T6541] ? finish_automount+0xaf0/0xaf0
[ 77.255270][ T6541] ? putname+0xfe/0x140
[ 77.259530][ T6541] __x64_sys_mount+0x27f/0x300
[ 77.264383][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 77.268973][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 77.275171][ T6541] do_syscall_64+0x35/0xb0
[ 77.280054][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.286102][ T6541] RIP: 0033:0x7fd3fe0b501a
[ 77.290577][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 77.310370][ T6541] RSP: 002b:00007ffce64a6998 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 77.318788][ T6541] RAX: ffffffffffffffda RBX: 00007ffce64a6b28 RCX: 00007fd3fe0b501a
[ 77.326756][ T6541] RDX: 00007fd3fe117fe2 RSI: 00007fd3fe10e29a RDI: 00007fd3fe10cd71
[ 77.334714][ T6541] RBP: 00007fd3fe10e29a R08: 00007fd3fe10e3f7 R09: 0000000000000026
[ 77.343092][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce64a69a0
[ 77.351053][ T6541] R13: 00007ffce64a6b48 R14: 00007ffce64a6a70 R15: 00007fd3fe10e3f1
[ 77.359106][ T6541]
[ 77.362196][ T6541]
[ 77.364523][ T6541] Allocated by task 6541:
[ 77.368842][ T6541] kasan_save_stack+0x1e/0x50
[ 77.373520][ T6541] __kasan_kmalloc+0xa9/0xd0
[ 77.378096][ T6541] kernfs_create_root+0x4c/0x410
[ 77.383016][ T6541] cgroup_setup_root+0x243/0xad0
[ 77.387941][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 77.392871][ T6541] vfs_get_tree+0x89/0x2f0
[ 77.397342][ T6541] path_mount+0x1320/0x1fa0
[ 77.401947][ T6541] __x64_sys_mount+0x27f/0x300
[ 77.406736][ T6541] do_syscall_64+0x35/0xb0
[ 77.411141][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.417116][ T6541]
[ 77.419427][ T6541] Freed by task 6541:
[ 77.423402][ T6541] kasan_save_stack+0x1e/0x50
[ 77.428082][ T6541] kasan_set_track+0x21/0x30
[ 77.432655][ T6541] kasan_set_free_info+0x20/0x30
[ 77.437581][ T6541] __kasan_slab_free+0x103/0x170
[ 77.442501][ T6541] slab_free_freelist_hook+0x8b/0x1c0
[ 77.447868][ T6541] kfree+0xe0/0x430
[ 77.451659][ T6541] kernfs_put.part.0+0x331/0x540
[ 77.456623][ T6541] kernfs_put+0x42/0x50
[ 77.460883][ T6541] __kernfs_remove+0x7a3/0xb20
[ 77.465650][ T6541] kernfs_destroy_root+0x89/0xb0
[ 77.470986][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 77.476384][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 77.481320][ T6541] vfs_get_tree+0x89/0x2f0
[ 77.485725][ T6541] path_mount+0x1320/0x1fa0
[ 77.490228][ T6541] __x64_sys_mount+0x27f/0x300
[ 77.495003][ T6541] do_syscall_64+0x35/0xb0
[ 77.499697][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.505756][ T6541]
[ 77.508095][ T6541] The buggy address belongs to the object at ffff8880175af400
[ 77.508095][ T6541] which belongs to the cache kmalloc-512 of size 512
[ 77.522211][ T6541] The buggy address is located 320 bytes inside of
[ 77.522211][ T6541] 512-byte region [ffff8880175af400, ffff8880175af600)
[ 77.535576][ T6541] The buggy address belongs to the page:
[ 77.541545][ T6541] page:ffffea00005d6b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x175ac
[ 77.551678][ T6541] head:ffffea00005d6b00 order:2 compound_mapcount:0 compound_pincount:0
[ 77.559983][ T6541] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 77.567948][ T6541] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41c80
[ 77.576698][ T6541] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 77.585959][ T6541] page dumped because: kasan: bad access detected
[ 77.592529][ T6541] page_owner tracks the page as allocated
[ 77.598340][ T6541] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 3675893448, free_ts 3673464174
[ 77.617183][ T6541] get_page_from_freelist+0xa72/0x2f40
[ 77.622660][ T6541] __alloc_pages+0x1b2/0x500
[ 77.627234][ T6541] alloc_page_interleave+0x1e/0x200
[ 77.632513][ T6541] alloc_pages+0x29f/0x300
[ 77.636910][ T6541] new_slab+0x261/0x460
[ 77.641265][ T6541] ___slab_alloc+0x798/0xf30
[ 77.646084][ T6541] __slab_alloc.constprop.0+0x4d/0xa0
[ 77.651465][ T6541] kmem_cache_alloc_trace+0x289/0x2c0
[ 77.656854][ T6541] cryptomgr_notify+0x4ba/0xbe0
[ 77.662301][ T6541] notifier_call_chain+0xb5/0x200
[ 77.667325][ T6541] blocking_notifier_call_chain+0x67/0x90
[ 77.673246][ T6541] crypto_wait_for_test+0x49/0x110
[ 77.678356][ T6541] crypto_larval_wait+0x268/0x330
[ 77.683494][ T6541] crypto_alg_mod_lookup+0x299/0x4d0
[ 77.688892][ T6541] crypto_alloc_tfm_node+0xd9/0x260
[ 77.694174][ T6541] simd_skcipher_create_compat+0x2a/0x6f0
[ 77.700154][ T6541] page last free stack trace:
[ 77.704867][ T6541] free_pcp_prepare+0x414/0xb60
[ 77.709746][ T6541] free_unref_page+0x19/0x690
[ 77.714417][ T6541] __stack_depot_save+0x16d/0x4f0
[ 77.719697][ T6541] kasan_save_stack+0x38/0x50
[ 77.724570][ T6541] kasan_set_track+0x21/0x30
[ 77.729704][ T6541] kasan_set_free_info+0x20/0x30
[ 77.734958][ T6541] __kasan_slab_free+0x103/0x170
[ 77.740327][ T6541] slab_free_freelist_hook+0x8b/0x1c0
[ 77.745710][ T6541] kfree+0xe0/0x430
[ 77.749527][ T6541] security_cred_free+0xc3/0x130
[ 77.754467][ T6541] put_cred_rcu+0x122/0x520
[ 77.758995][ T6541] rcu_core+0x7b8/0x1520
[ 77.763281][ T6541] __do_softirq+0x29b/0x9c2
[ 77.767802][ T6541] __irq_exit_rcu+0x123/0x180
[ 77.772585][ T6541] irq_exit_rcu+0x5/0x20
[ 77.776830][ T6541] sysvec_apic_timer_interrupt+0x93/0xc0
[ 77.782465][ T6541]
[ 77.784780][ T6541] Memory state around the buggy address:
[ 77.790675][ T6541] ffff8880175af400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.798853][ T6541] ffff8880175af480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.807072][ T6541] >ffff8880175af500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.815122][ T6541] ^
[ 77.821659][ T6541] ffff8880175af580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.829709][ T6541] ffff8880175af600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.837763][ T6541] ==================================================================
[ 77.846645][ T6541] Kernel panic - not syncing: panic_on_warn set ...
[ 77.853239][ T6541] CPU: 1 PID: 6541 Comm: syz-executor Tainted: G B 5.16.0-rc3-next-20211130-syzkaller #0
[ 77.864369][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.874619][ T6541] Call Trace:
[ 77.877906][ T6541]
[ 77.880846][ T6541] dump_stack_lvl+0xcd/0x134
[ 77.885461][ T6541] panic+0x2b0/0x6dd
[ 77.889381][ T6541] ? __warn_printk+0xf3/0xf3
[ 77.894080][ T6541] ? preempt_schedule_common+0x59/0xc0
[ 77.899553][ T6541] ? up_write+0x3ac/0x470
[ 77.903884][ T6541] ? preempt_schedule_thunk+0x16/0x18
[ 77.909288][ T6541] ? trace_hardirqs_on+0x38/0x1c0
[ 77.914342][ T6541] ? trace_hardirqs_on+0x51/0x1c0
[ 77.919389][ T6541] ? up_write+0x3ac/0x470
[ 77.923728][ T6541] ? up_write+0x3ac/0x470
[ 77.928148][ T6541] end_report.cold+0x63/0x6f
[ 77.932946][ T6541] kasan_report.cold+0x71/0xdf
[ 77.937737][ T6541] ? up_write+0x3ac/0x470
[ 77.942092][ T6541] up_write+0x3ac/0x470
[ 77.946269][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 77.951253][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 77.956569][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 77.962829][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 77.967907][ T6541] vfs_get_tree+0x89/0x2f0
[ 77.972360][ T6541] path_mount+0x1320/0x1fa0
[ 77.976887][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 77.981758][ T6541] ? finish_automount+0xaf0/0xaf0
[ 77.986789][ T6541] ? putname+0xfe/0x140
[ 77.990953][ T6541] __x64_sys_mount+0x27f/0x300
[ 77.995719][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 78.000342][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 78.006238][ T6541] do_syscall_64+0x35/0xb0
[ 78.010656][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 78.016557][ T6541] RIP: 0033:0x7fd3fe0b501a
[ 78.021005][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 78.040904][ T6541] RSP: 002b:00007ffce64a6998 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 78.049434][ T6541] RAX: ffffffffffffffda RBX: 00007ffce64a6b28 RCX: 00007fd3fe0b501a
[ 78.057426][ T6541] RDX: 00007fd3fe117fe2 RSI: 00007fd3fe10e29a RDI: 00007fd3fe10cd71
[ 78.065488][ T6541] RBP: 00007fd3fe10e29a R08: 00007fd3fe10e3f7 R09: 0000000000000026
[ 78.073667][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce64a69a0
[ 78.082068][ T6541] R13: 00007ffce64a6b48 R14: 00007ffce64a6a70 R15: 00007fd3fe10e3f1
[ 78.090132][ T6541]
[ 78.093403][ T6541] Kernel Offset: disabled
[ 78.097828][ T6541] Rebooting in 86400 seconds..