[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
2021/12/02 07:08:02 fuzzer started
2021/12/02 07:08:03 connecting to host at 10.128.0.169:36235
2021/12/02 07:08:03 checking machine...
2021/12/02 07:08:03 checking revisions...
2021/12/02 07:08:03 testing simple program...
syzkaller login: [ 71.277394][ T6509] cgroup: Unknown subsys name 'net'
[ 71.284309][ T6509]
[ 71.286648][ T6509] =========================
[ 71.291234][ T6509] WARNING: held lock freed!
[ 71.295725][ T6509] 5.16.0-rc3-next-20211202-syzkaller #0 Not tainted
[ 71.302418][ T6509] -------------------------
[ 71.306952][ T6509] syz-executor/6509 is freeing memory ffff88801ab60000-ffff88801ab601ff, with a lock still held there!
[ 71.318193][ T6509] ffff88801ab60148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 71.328174][ T6509] 2 locks held by syz-executor/6509:
[ 71.334123][ T6509] #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 71.345271][ T6509] #1: ffff88801ab60148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 71.355462][ T6509]
[ 71.355462][ T6509] stack backtrace:
[ 71.361755][ T6509] CPU: 1 PID: 6509 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[ 71.371833][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 71.382157][ T6509] Call Trace:
[ 71.385453][ T6509]
[ 71.388382][ T6509] dump_stack_lvl+0xcd/0x134
[ 71.392970][ T6509] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 71.399049][ T6509] ? lockdep_hardirqs_on+0x79/0x100
[ 71.404642][ T6509] slab_free_freelist_hook+0x73/0x1c0
[ 71.410061][ T6509] ? kernfs_put.part.0+0x331/0x540
[ 71.415189][ T6509] kfree+0xe0/0x430
[ 71.419019][ T6509] ? kmem_cache_free+0xba/0x4a0
[ 71.423880][ T6509] ? rwlock_bug.part.0+0x90/0x90
[ 71.429101][ T6509] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 71.435433][ T6509] kernfs_put.part.0+0x331/0x540
[ 71.440411][ T6509] kernfs_put+0x42/0x50
[ 71.446071][ T6509] __kernfs_remove+0x7a3/0xb20
[ 71.451020][ T6509] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 71.457365][ T6509] ? down_write+0xde/0x150
[ 71.461875][ T6509] ? down_write_killable_nested+0x180/0x180
[ 71.467892][ T6509] kernfs_destroy_root+0x89/0xb0
[ 71.472839][ T6509] cgroup_setup_root+0x3a6/0xad0
[ 71.477782][ T6509] ? rebind_subsystems+0x10e0/0x10e0
[ 71.483323][ T6509] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 71.489660][ T6509] cgroup1_get_tree+0xd33/0x1390
[ 71.494895][ T6509] vfs_get_tree+0x89/0x2f0
[ 71.499447][ T6509] path_mount+0x1320/0x1fa0
[ 71.504066][ T6509] ? kmem_cache_free+0xba/0x4a0
[ 71.508923][ T6509] ? finish_automount+0xaf0/0xaf0
[ 71.514079][ T6509] ? putname+0xfe/0x140
[ 71.518730][ T6509] __x64_sys_mount+0x27f/0x300
[ 71.523498][ T6509] ? copy_mnt_ns+0xae0/0xae0
[ 71.528085][ T6509] ? syscall_enter_from_user_mode+0x21/0x70
[ 71.534042][ T6509] do_syscall_64+0x35/0xb0
[ 71.538463][ T6509] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.544442][ T6509] RIP: 0033:0x7f2396e4501a
[ 71.548857][ T6509] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 71.568466][ T6509] RSP: 002b:00007fff04060a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 71.576877][ T6509] RAX: ffffffffffffffda RBX: 00007fff04060bf8 RCX: 00007f2396e4501a
[ 71.584944][ T6509] RDX: 00007f2396ea7fe2 RSI: 00007f2396e9e29a RDI: 00007f2396e9cd71
[ 71.593443][ T6509] RBP: 00007f2396e9e29a R08: 00007f2396e9e3f7 R09: 0000000000000026
[ 71.601668][ T6509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff04060a70
[ 71.609943][ T6509] R13: 00007fff04060c18 R14: 00007fff04060b40 R15: 00007f2396e9e3f1
[ 71.617914][ T6509]
[ 71.625528][ T6509] ==================================================================
[ 71.633608][ T6509] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 71.640296][ T6509] Read of size 8 at addr ffff88801ab60140 by task syz-executor/6509
[ 71.648480][ T6509]
[ 71.650790][ T6509] CPU: 0 PID: 6509 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[ 71.660582][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 71.671271][ T6509] Call Trace:
[ 71.674539][ T6509]
[ 71.677463][ T6509] dump_stack_lvl+0xcd/0x134
[ 71.682052][ T6509] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 71.689277][ T6509] ? up_write+0x3ac/0x470
[ 71.693605][ T6509] ? up_write+0x3ac/0x470
[ 71.697931][ T6509] kasan_report.cold+0x83/0xdf
[ 71.702792][ T6509] ? up_write+0x3ac/0x470
[ 71.707118][ T6509] up_write+0x3ac/0x470
[ 71.711277][ T6509] cgroup_setup_root+0x3a6/0xad0
[ 71.716297][ T6509] ? rebind_subsystems+0x10e0/0x10e0
[ 71.721575][ T6509] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 71.728011][ T6509] cgroup1_get_tree+0xd33/0x1390
[ 71.733029][ T6509] vfs_get_tree+0x89/0x2f0
[ 71.737537][ T6509] path_mount+0x1320/0x1fa0
[ 71.742030][ T6509] ? kmem_cache_free+0xba/0x4a0
[ 71.746875][ T6509] ? finish_automount+0xaf0/0xaf0
[ 71.751903][ T6509] ? putname+0xfe/0x140
[ 71.756154][ T6509] __x64_sys_mount+0x27f/0x300
[ 71.760953][ T6509] ? copy_mnt_ns+0xae0/0xae0
[ 71.765538][ T6509] ? syscall_enter_from_user_mode+0x21/0x70
[ 71.771553][ T6509] do_syscall_64+0x35/0xb0
[ 71.776068][ T6509] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.781980][ T6509] RIP: 0033:0x7f2396e4501a
[ 71.786406][ T6509] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 71.806313][ T6509] RSP: 002b:00007fff04060a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 71.814896][ T6509] RAX: ffffffffffffffda RBX: 00007fff04060bf8 RCX: 00007f2396e4501a
[ 71.822870][ T6509] RDX: 00007f2396ea7fe2 RSI: 00007f2396e9e29a RDI: 00007f2396e9cd71
[ 71.831140][ T6509] RBP: 00007f2396e9e29a R08: 00007f2396e9e3f7 R09: 0000000000000026
[ 71.839111][ T6509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff04060a70
[ 71.847074][ T6509] R13: 00007fff04060c18 R14: 00007fff04060b40 R15: 00007f2396e9e3f1
[ 71.855056][ T6509]
[ 71.858071][ T6509]
[ 71.860394][ T6509] Allocated by task 6509:
[ 71.864802][ T6509] kasan_save_stack+0x1e/0x50
[ 71.869584][ T6509] __kasan_kmalloc+0xa9/0xd0
[ 71.874352][ T6509] kernfs_create_root+0x4c/0x410
[ 71.879466][ T6509] cgroup_setup_root+0x243/0xad0
[ 71.884596][ T6509] cgroup1_get_tree+0xd33/0x1390
[ 71.889618][ T6509] vfs_get_tree+0x89/0x2f0
[ 71.894041][ T6509] path_mount+0x1320/0x1fa0
[ 71.898537][ T6509] __x64_sys_mount+0x27f/0x300
[ 71.903311][ T6509] do_syscall_64+0x35/0xb0
[ 71.907806][ T6509] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.913702][ T6509]
[ 71.916012][ T6509] Freed by task 6509:
[ 71.920017][ T6509] kasan_save_stack+0x1e/0x50
[ 71.924782][ T6509] kasan_set_track+0x21/0x30
[ 71.929378][ T6509] kasan_set_free_info+0x20/0x30
[ 71.934855][ T6509] __kasan_slab_free+0x103/0x170
[ 71.939831][ T6509] slab_free_freelist_hook+0x8b/0x1c0
[ 71.945220][ T6509] kfree+0xe0/0x430
[ 71.949052][ T6509] kernfs_put.part.0+0x331/0x540
[ 71.954367][ T6509] kernfs_put+0x42/0x50
[ 71.958530][ T6509] __kernfs_remove+0x7a3/0xb20
[ 71.963285][ T6509] kernfs_destroy_root+0x89/0xb0
[ 71.968666][ T6509] cgroup_setup_root+0x3a6/0xad0
[ 71.973954][ T6509] cgroup1_get_tree+0xd33/0x1390
[ 71.978903][ T6509] vfs_get_tree+0x89/0x2f0
[ 71.983753][ T6509] path_mount+0x1320/0x1fa0
[ 71.988260][ T6509] __x64_sys_mount+0x27f/0x300
[ 71.993201][ T6509] do_syscall_64+0x35/0xb0
[ 71.997872][ T6509] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.004116][ T6509]
[ 72.006424][ T6509] Last potentially related work creation:
[ 72.012155][ T6509] kasan_save_stack+0x1e/0x50
[ 72.016846][ T6509] __kasan_record_aux_stack+0xfe/0x1b0
[ 72.022316][ T6509] call_rcu+0xb1/0x740
[ 72.026473][ T6509] percpu_ref_put_many.constprop.0+0x22b/0x260
[ 72.032789][ T6509] rcu_core+0x7b8/0x1520
[ 72.037057][ T6509] __do_softirq+0x29b/0x9c2
[ 72.041560][ T6509]
[ 72.043888][ T6509] The buggy address belongs to the object at ffff88801ab60000
[ 72.043888][ T6509] which belongs to the cache kmalloc-512 of size 512
[ 72.058022][ T6509] The buggy address is located 320 bytes inside of
[ 72.058022][ T6509] 512-byte region [ffff88801ab60000, ffff88801ab60200)
[ 72.071387][ T6509] The buggy address belongs to the page:
[ 72.077238][ T6509] page:ffffea00006ad800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ab60
[ 72.087954][ T6509] head:ffffea00006ad800 order:2 compound_mapcount:0 compound_pincount:0
[ 72.096359][ T6509] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.104437][ T6509] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c41c80
[ 72.113205][ T6509] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 72.121792][ T6509] page dumped because: kasan: bad access detected
[ 72.128196][ T6509] page_owner tracks the page as allocated
[ 72.134072][ T6509] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8, ts 8545958989, free_ts 0
[ 72.151963][ T6509] get_page_from_freelist+0xa72/0x2f40
[ 72.157414][ T6509] __alloc_pages+0x1b2/0x500
[ 72.162083][ T6509] alloc_pages+0x1a7/0x300
[ 72.166492][ T6509] new_slab+0x261/0x460
[ 72.170655][ T6509] ___slab_alloc+0x798/0xf30
[ 72.175321][ T6509] __slab_alloc.constprop.0+0x4d/0xa0
[ 72.180710][ T6509] kmem_cache_alloc_node_trace+0x116/0x310
[ 72.186522][ T6509] blkg_alloc+0x88/0x670
[ 72.190878][ T6509] blkcg_init_queue+0x24/0x780
[ 72.195633][ T6509] blk_alloc_queue+0x44c/0x620
[ 72.200585][ T6509] blk_mq_init_queue+0x38/0xd0
[ 72.205426][ T6509] scsi_alloc_sdev+0x814/0xd60
[ 72.210271][ T6509] scsi_probe_and_add_lun+0x200b/0x3590
[ 72.216436][ T6509] __scsi_scan_target+0x21f/0xdb0
[ 72.221833][ T6509] scsi_scan_channel+0x148/0x1e0
[ 72.226763][ T6509] scsi_scan_host_selected+0x2df/0x3b0
[ 72.232213][ T6509] page_owner free stack trace missing
[ 72.237572][ T6509]
[ 72.239886][ T6509] Memory state around the buggy address:
[ 72.245688][ T6509] ffff88801ab60000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.253751][ T6509] ffff88801ab60080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.261960][ T6509] >ffff88801ab60100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.270000][ T6509] ^
[ 72.276134][ T6509] ffff88801ab60180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.284180][ T6509] ffff88801ab60200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.292236][ T6509] ==================================================================
[ 72.303162][ T6509] Kernel panic - not syncing: panic_on_warn set ...
[ 72.309770][ T6509] CPU: 1 PID: 6509 Comm: syz-executor Tainted: G B 5.16.0-rc3-next-20211202-syzkaller #0
[ 72.321229][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 72.331460][ T6509] Call Trace:
[ 72.335170][ T6509]
[ 72.338194][ T6509] dump_stack_lvl+0xcd/0x134
[ 72.342878][ T6509] panic+0x2b0/0x6dd
[ 72.346771][ T6509] ? __warn_printk+0xf3/0xf3
[ 72.351537][ T6509] ? preempt_schedule_common+0x59/0xc0
[ 72.357188][ T6509] ? up_write+0x3ac/0x470
[ 72.361605][ T6509] ? preempt_schedule_thunk+0x16/0x18
[ 72.366975][ T6509] ? trace_hardirqs_on+0x38/0x1c0
[ 72.371984][ T6509] ? trace_hardirqs_on+0x51/0x1c0
[ 72.376999][ T6509] ? up_write+0x3ac/0x470
[ 72.381334][ T6509] ? up_write+0x3ac/0x470
[ 72.385705][ T6509] end_report.cold+0x63/0x6f
[ 72.390310][ T6509] kasan_report.cold+0x71/0xdf
[ 72.395167][ T6509] ? up_write+0x3ac/0x470
[ 72.399524][ T6509] up_write+0x3ac/0x470
[ 72.403681][ T6509] cgroup_setup_root+0x3a6/0xad0
[ 72.408612][ T6509] ? rebind_subsystems+0x10e0/0x10e0
[ 72.413910][ T6509] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 72.420241][ T6509] cgroup1_get_tree+0xd33/0x1390
[ 72.425284][ T6509] vfs_get_tree+0x89/0x2f0
[ 72.429706][ T6509] path_mount+0x1320/0x1fa0
[ 72.434330][ T6509] ? kmem_cache_free+0xba/0x4a0
[ 72.439193][ T6509] ? finish_automount+0xaf0/0xaf0
[ 72.444408][ T6509] ? putname+0xfe/0x140
[ 72.448860][ T6509] __x64_sys_mount+0x27f/0x300
[ 72.453834][ T6509] ? copy_mnt_ns+0xae0/0xae0
[ 72.458636][ T6509] ? syscall_enter_from_user_mode+0x21/0x70
[ 72.464844][ T6509] do_syscall_64+0x35/0xb0
[ 72.469270][ T6509] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.475248][ T6509] RIP: 0033:0x7f2396e4501a
[ 72.480263][ T6509] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 72.500054][ T6509] RSP: 002b:00007fff04060a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 72.508638][ T6509] RAX: ffffffffffffffda RBX: 00007fff04060bf8 RCX: 00007f2396e4501a
[ 72.516965][ T6509] RDX: 00007f2396ea7fe2 RSI: 00007f2396e9e29a RDI: 00007f2396e9cd71
[ 72.524948][ T6509] RBP: 00007f2396e9e29a R08: 00007f2396e9e3f7 R09: 0000000000000026
[ 72.533697][ T6509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff04060a70
[ 72.541750][ T6509] R13: 00007fff04060c18 R14: 00007fff04060b40 R15: 00007f2396e9e3f1
[ 72.549728][ T6509]
[ 72.552813][ T6509] Kernel Offset: disabled
[ 72.557219][ T6509] Rebooting in 86400 seconds..