Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
2021/12/02 07:08:02 fuzzer started
2021/12/02 07:08:02 connecting to host at 10.128.0.169:34125
2021/12/02 07:08:02 checking machine...
2021/12/02 07:08:02 checking revisions...
2021/12/02 07:08:02 testing simple program...
syzkaller login: [   72.929279][ T6532] cgroup: Unknown subsys name 'net'
[   72.936911][ T6532] 
[   72.939250][ T6532] =========================
[   72.944198][ T6532] WARNING: held lock freed!
[   72.948875][ T6532] 5.16.0-rc3-next-20211202-syzkaller #0 Not tainted
[   72.955465][ T6532] -------------------------
[   72.959944][ T6532] syz-executor/6532 is freeing memory ffff888018b99000-ffff888018b991ff, with a lock still held there!
[   72.971030][ T6532] ffff888018b99148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   72.980844][ T6532] 2 locks held by syz-executor/6532:
[   72.986138][ T6532]  #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   72.996679][ T6532]  #1: ffff888018b99148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   73.007027][ T6532] 
[   73.007027][ T6532] stack backtrace:
[   73.012988][ T6532] CPU: 0 PID: 6532 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[   73.022810][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.033382][ T6532] Call Trace:
[   73.036658][ T6532]  <TASK>
[   73.039927][ T6532]  dump_stack_lvl+0xcd/0x134
[   73.044611][ T6532]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   73.050587][ T6532]  ? lockdep_hardirqs_on+0x79/0x100
[   73.056053][ T6532]  slab_free_freelist_hook+0x73/0x1c0
[   73.061593][ T6532]  ? kernfs_put.part.0+0x331/0x540
[   73.066790][ T6532]  kfree+0xe0/0x430
[   73.070676][ T6532]  ? kmem_cache_free+0xba/0x4a0
[   73.075691][ T6532]  ? rwlock_bug.part.0+0x90/0x90
[   73.080821][ T6532]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   73.087183][ T6532]  kernfs_put.part.0+0x331/0x540
[   73.092310][ T6532]  kernfs_put+0x42/0x50
[   73.096665][ T6532]  __kernfs_remove+0x7a3/0xb20
[   73.101788][ T6532]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   73.107852][ T6532]  ? down_write+0xde/0x150
[   73.112349][ T6532]  ? down_write_killable_nested+0x180/0x180
[   73.118326][ T6532]  kernfs_destroy_root+0x89/0xb0
[   73.123433][ T6532]  cgroup_setup_root+0x3a6/0xad0
[   73.128431][ T6532]  ? rebind_subsystems+0x10e0/0x10e0
[   73.133713][ T6532]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   73.139949][ T6532]  cgroup1_get_tree+0xd33/0x1390
[   73.144928][ T6532]  vfs_get_tree+0x89/0x2f0
[   73.149352][ T6532]  path_mount+0x1320/0x1fa0
[   73.153956][ T6532]  ? kmem_cache_free+0xba/0x4a0
[   73.158973][ T6532]  ? finish_automount+0xaf0/0xaf0
[   73.163990][ T6532]  ? putname+0xfe/0x140
[   73.168140][ T6532]  __x64_sys_mount+0x27f/0x300
[   73.172910][ T6532]  ? copy_mnt_ns+0xae0/0xae0
[   73.177501][ T6532]  ? syscall_enter_from_user_mode+0x21/0x70
[   73.183516][ T6532]  do_syscall_64+0x35/0xb0
[   73.188116][ T6532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.194196][ T6532] RIP: 0033:0x7f884fe2201a
[   73.198781][ T6532] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   73.219393][ T6532] RSP: 002b:00007ffcbc8f72b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   73.227813][ T6532] RAX: ffffffffffffffda RBX: 00007ffcbc8f7448 RCX: 00007f884fe2201a
[   73.235864][ T6532] RDX: 00007f884fe84fe2 RSI: 00007f884fe7b29a RDI: 00007f884fe79d71
[   73.243925][ T6532] RBP: 00007f884fe7b29a R08: 00007f884fe7b3f7 R09: 0000000000000026
[   73.251982][ T6532] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcbc8f72c0
[   73.260042][ T6532] R13: 00007ffcbc8f7468 R14: 00007ffcbc8f7390 R15: 00007f884fe7b3f1
[   73.268007][ T6532]  </TASK>
[   73.272070][ T6532] ==================================================================
[   73.272080][ T6532] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   73.272109][ T6532] Read of size 8 at addr ffff888018b99140 by task syz-executor/6532
[   73.272130][ T6532] 
[   73.272137][ T6532] CPU: 0 PID: 6532 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[   73.272159][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.272171][ T6532] Call Trace:
[   73.272178][ T6532]  <TASK>
[   73.272185][ T6532]  dump_stack_lvl+0xcd/0x134
[   73.272215][ T6532]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   73.272245][ T6532]  ? up_write+0x3ac/0x470
[   73.272264][ T6532]  ? up_write+0x3ac/0x470
[   73.272285][ T6532]  kasan_report.cold+0x83/0xdf
[   73.272309][ T6532]  ? up_write+0x3ac/0x470
[   73.272330][ T6532]  up_write+0x3ac/0x470
[   73.272353][ T6532]  cgroup_setup_root+0x3a6/0xad0
[   73.272382][ T6532]  ? rebind_subsystems+0x10e0/0x10e0
[   73.272412][ T6532]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   73.272442][ T6532]  cgroup1_get_tree+0xd33/0x1390
[   73.272470][ T6532]  vfs_get_tree+0x89/0x2f0
[   73.272498][ T6532]  path_mount+0x1320/0x1fa0
[   73.272525][ T6532]  ? kmem_cache_free+0xba/0x4a0
[   73.272554][ T6532]  ? finish_automount+0xaf0/0xaf0
[   73.272581][ T6532]  ? putname+0xfe/0x140
[   73.272608][ T6532]  __x64_sys_mount+0x27f/0x300
[   73.272633][ T6532]  ? copy_mnt_ns+0xae0/0xae0
[   73.272666][ T6532]  ? syscall_enter_from_user_mode+0x21/0x70
[   73.272699][ T6532]  do_syscall_64+0x35/0xb0
[   73.272723][ T6532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.272748][ T6532] RIP: 0033:0x7f884fe2201a
[   73.272767][ T6532] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   73.272788][ T6532] RSP: 002b:00007ffcbc8f72b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   73.272810][ T6532] RAX: ffffffffffffffda RBX: 00007ffcbc8f7448 RCX: 00007f884fe2201a
[   73.272826][ T6532] RDX: 00007f884fe84fe2 RSI: 00007f884fe7b29a RDI: 00007f884fe79d71
[   73.272842][ T6532] RBP: 00007f884fe7b29a R08: 00007f884fe7b3f7 R09: 0000000000000026
[   73.272856][ T6532] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcbc8f72c0
[   73.272870][ T6532] R13: 00007ffcbc8f7468 R14: 00007ffcbc8f7390 R15: 00007f884fe7b3f1
[   73.272892][ T6532]  </TASK>
[   73.272899][ T6532] 
[   73.272902][ T6532] Allocated by task 6532:
[   73.272912][ T6532]  kasan_save_stack+0x1e/0x50
[   73.272937][ T6532]  __kasan_kmalloc+0xa9/0xd0
[   73.272961][ T6532]  kernfs_create_root+0x4c/0x410
[   73.272985][ T6532]  cgroup_setup_root+0x243/0xad0
[   73.273011][ T6532]  cgroup1_get_tree+0xd33/0x1390
[   73.273032][ T6532]  vfs_get_tree+0x89/0x2f0
[   73.273055][ T6532]  path_mount+0x1320/0x1fa0
[   73.273077][ T6532]  __x64_sys_mount+0x27f/0x300
[   73.273100][ T6532]  do_syscall_64+0x35/0xb0
[   73.273121][ T6532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.273142][ T6532] 
[   73.273145][ T6532] Freed by task 6532:
[   73.273154][ T6532]  kasan_save_stack+0x1e/0x50
[   73.273177][ T6532]  kasan_set_track+0x21/0x30
[   73.273201][ T6532]  kasan_set_free_info+0x20/0x30
[   73.273220][ T6532]  __kasan_slab_free+0x103/0x170
[   73.273244][ T6532]  slab_free_freelist_hook+0x8b/0x1c0
[   73.273268][ T6532]  kfree+0xe0/0x430
[   73.273288][ T6532]  kernfs_put.part.0+0x331/0x540
[   73.273311][ T6532]  kernfs_put+0x42/0x50
[   73.273332][ T6532]  __kernfs_remove+0x7a3/0xb20
[   73.273354][ T6532]  kernfs_destroy_root+0x89/0xb0
[   73.273377][ T6532]  cgroup_setup_root+0x3a6/0xad0
[   73.273402][ T6532]  cgroup1_get_tree+0xd33/0x1390
[   73.273423][ T6532]  vfs_get_tree+0x89/0x2f0
[   73.273445][ T6532]  path_mount+0x1320/0x1fa0
[   73.273463][ T6532]  __x64_sys_mount+0x27f/0x300
[   73.273487][ T6532]  do_syscall_64+0x35/0xb0
[   73.273508][ T6532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.273530][ T6532] 
[   73.273533][ T6532] The buggy address belongs to the object at ffff888018b99000
[   73.273533][ T6532]  which belongs to the cache kmalloc-512 of size 512
[   73.273549][ T6532] The buggy address is located 320 bytes inside of
[   73.273549][ T6532]  512-byte region [ffff888018b99000, ffff888018b99200)
[   73.273568][ T6532] The buggy address belongs to the page:
[   73.273573][ T6532] page:ffffea000062e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18b98
[   73.273593][ T6532] head:ffffea000062e600 order:2 compound_mapcount:0 compound_pincount:0
[   73.273609][ T6532] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   73.273641][ T6532] raw: 00fff00000010200 ffffea00008a5c00 dead000000000002 ffff888010c41c80
[   73.273667][ T6532] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   73.273678][ T6532] page dumped because: kasan: bad access detected
[   73.273687][ T6532] page_owner tracks the page as allocated
[   73.273693][ T6532] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 369, ts 7834406459, free_ts 0
[   73.273726][ T6532]  get_page_from_freelist+0xa72/0x2f40
[   73.273748][ T6532]  __alloc_pages+0x1b2/0x500
[   73.273767][ T6532]  alloc_pages+0x1a7/0x300
[   73.273807][ T6532]  new_slab+0x261/0x460
[   73.273828][ T6532]  ___slab_alloc+0x798/0xf30
[   73.273850][ T6532]  __slab_alloc.constprop.0+0x4d/0xa0
[   73.273874][ T6532]  kmem_cache_alloc_trace+0x289/0x2c0
[   73.273899][ T6532]  alloc_bprm+0x51/0x8f0
[   73.273918][ T6532]  kernel_execve+0x55/0x460
[   73.273938][ T6532]  call_usermodehelper_exec_async+0x2e3/0x580
[   73.273965][ T6532]  ret_from_fork+0x1f/0x30
[   73.273987][ T6532] page_owner free stack trace missing
[   73.273992][ T6532] 
[   73.273995][ T6532] Memory state around the buggy address:
[   73.274003][ T6532]  ffff888018b99000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.274015][ T6532]  ffff888018b99080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.274042][ T6532] >ffff888018b99100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.274051][ T6532]                                            ^
[   73.274059][ T6532]  ffff888018b99180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.274072][ T6532]  ffff888018b99200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   73.274081][ T6532] ==================================================================
[   73.274140][ T6532] Kernel panic - not syncing: panic_on_warn set ...
[   73.274151][ T6532] CPU: 0 PID: 6532 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211202-syzkaller #0
[   73.274178][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.274188][ T6532] Call Trace:
[   73.274194][ T6532]  <TASK>
[   73.274202][ T6532]  dump_stack_lvl+0xcd/0x134
[   73.274228][ T6532]  panic+0x2b0/0x6dd
[   73.274249][ T6532]  ? __warn_printk+0xf3/0xf3
[   73.274272][ T6532]  ? preempt_schedule_common+0x59/0xc0
[   73.274295][ T6532]  ? up_write+0x3ac/0x470
[   73.274313][ T6532]  ? preempt_schedule_thunk+0x16/0x18
[   73.274338][ T6532]  ? trace_hardirqs_on+0x38/0x1c0
[   73.274357][ T6532]  ? trace_hardirqs_on+0x51/0x1c0
[   73.274379][ T6532]  ? up_write+0x3ac/0x470
[   73.274399][ T6532]  ? up_write+0x3ac/0x470
[   73.274419][ T6532]  end_report.cold+0x63/0x6f
[   73.274442][ T6532]  kasan_report.cold+0x71/0xdf
[   73.274465][ T6532]  ? up_write+0x3ac/0x470
[   73.274487][ T6532]  up_write+0x3ac/0x470
[   73.274509][ T6532]  cgroup_setup_root+0x3a6/0xad0
[   73.274537][ T6532]  ? rebind_subsystems+0x10e0/0x10e0
[   73.274566][ T6532]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   73.274598][ T6532]  cgroup1_get_tree+0xd33/0x1390
[   73.274624][ T6532]  vfs_get_tree+0x89/0x2f0
[   73.274742][ T6532]  path_mount+0x1320/0x1fa0
[   73.274778][ T6532]  ? kmem_cache_free+0xba/0x4a0
[   73.274805][ T6532]  ? finish_automount+0xaf0/0xaf0
[   73.274828][ T6532]  ? putname+0xfe/0x140
[   73.274851][ T6532]  __x64_sys_mount+0x27f/0x300
[   73.274876][ T6532]  ? copy_mnt_ns+0xae0/0xae0
[   73.274900][ T6532]  ? syscall_enter_from_user_mode+0x21/0x70
[   73.274930][ T6532]  do_syscall_64+0x35/0xb0
[   73.274952][ T6532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.274976][ T6532] RIP: 0033:0x7f884fe2201a
[   73.274998][ T6532] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   73.275023][ T6532] RSP: 002b:00007ffcbc8f72b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   73.275129][ T6532] RAX: ffffffffffffffda RBX: 00007ffcbc8f7448 RCX: 00007f884fe2201a
[   73.275143][ T6532] RDX: 00007f884fe84fe2 RSI: 00007f884fe7b29a RDI: 00007f884fe79d71
[   73.275157][ T6532] RBP: 00007f884fe7b29a R08: 00007f884fe7b3f7 R09: 0000000000000026
[   73.275172][ T6532] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcbc8f72c0
[   73.275186][ T6532] R13: 00007ffcbc8f7468 R14: 00007ffcbc8f7390 R15: 00007f884fe7b3f1
[   73.275207][ T6532]  </TASK>
[   73.275517][ T6532] Kernel Offset: disabled
[   74.137714][ T6532] Rebooting in 86400 seconds..