
Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.77' (ECDSA) to the list of known hosts.
2021/11/30 11:12:48 fuzzer started
2021/11/30 11:12:48 connecting to host at 10.128.0.169:45229
2021/11/30 11:12:48 checking machine...
2021/11/30 11:12:48 checking revisions...
2021/11/30 11:12:48 testing simple program...
syzkaller login: [   75.597858][ T6559] cgroup: Unknown subsys name 'net'
[   75.604330][ T6559] 
[   75.606672][ T6559] =========================
[   75.611153][ T6559] WARNING: held lock freed!
[   75.615679][ T6559] 5.16.0-rc3-next-20211130-syzkaller #0 Not tainted
[   75.622253][ T6559] -------------------------
[   75.626732][ T6559] syz-executor/6559 is freeing memory ffff888021439800-ffff8880214399ff, with a lock still held there!
[   75.637866][ T6559] ffff888021439948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   75.647601][ T6559] 2 locks held by syz-executor/6559:
[   75.652871][ T6559]  #0: ffffffff8bbc50c8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   75.663399][ T6559]  #1: ffff888021439948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   75.673665][ T6559] 
[   75.673665][ T6559] stack backtrace:
[   75.679538][ T6559] CPU: 1 PID: 6559 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[   75.689239][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.699280][ T6559] Call Trace:
[   75.702559][ T6559]  <TASK>
[   75.705483][ T6559]  dump_stack_lvl+0xcd/0x134
[   75.710066][ T6559]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   75.716044][ T6559]  ? lockdep_hardirqs_on+0x79/0x100
[   75.721680][ T6559]  slab_free_freelist_hook+0x73/0x1c0
[   75.727179][ T6559]  ? kernfs_put.part.0+0x331/0x540
[   75.732281][ T6559]  kfree+0xe0/0x430
[   75.736170][ T6559]  ? kmem_cache_free+0xba/0x4a0
[   75.741374][ T6559]  ? rwlock_bug.part.0+0x90/0x90
[   75.746302][ T6559]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   75.752548][ T6559]  kernfs_put.part.0+0x331/0x540
[   75.757639][ T6559]  kernfs_put+0x42/0x50
[   75.761805][ T6559]  __kernfs_remove+0x7a3/0xb20
[   75.766818][ T6559]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   75.772798][ T6559]  ? down_write+0xde/0x150
[   75.777215][ T6559]  ? down_write_killable_nested+0x180/0x180
[   75.783104][ T6559]  kernfs_destroy_root+0x89/0xb0
[   75.788049][ T6559]  cgroup_setup_root+0x3a6/0xad0
[   75.793117][ T6559]  ? rebind_subsystems+0x10e0/0x10e0
[   75.798405][ T6559]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   75.804642][ T6559]  cgroup1_get_tree+0xd33/0x1390
[   75.809675][ T6559]  vfs_get_tree+0x89/0x2f0
[   75.814166][ T6559]  path_mount+0x1320/0x1fa0
[   75.818671][ T6559]  ? kmem_cache_free+0xba/0x4a0
[   75.823531][ T6559]  ? finish_automount+0xaf0/0xaf0
[   75.828708][ T6559]  ? putname+0xfe/0x140
[   75.832857][ T6559]  __x64_sys_mount+0x27f/0x300
[   75.837764][ T6559]  ? copy_mnt_ns+0xae0/0xae0
[   75.842352][ T6559]  ? syscall_enter_from_user_mode+0x21/0x70
[   75.848254][ T6559]  do_syscall_64+0x35/0xb0
[   75.852664][ T6559]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   75.858604][ T6559] RIP: 0033:0x7fc72651201a
[   75.863127][ T6559] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   75.882722][ T6559] RSP: 002b:00007ffc67733148 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.891231][ T6559] RAX: ffffffffffffffda RBX: 00007ffc677332d8 RCX: 00007fc72651201a
[   75.899207][ T6559] RDX: 00007fc726574fe2 RSI: 00007fc72656b29a RDI: 00007fc726569d71
[   75.907167][ T6559] RBP: 00007fc72656b29a R08: 00007fc72656b3f7 R09: 0000000000000026
[   75.915126][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc67733150
[   75.923100][ T6559] R13: 00007ffc677332f8 R14: 00007ffc67733220 R15: 00007fc72656b3f1
[   75.931073][ T6559]  </TASK>
[   75.935660][ T6559] ==================================================================
[   75.943742][ T6559] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   75.950430][ T6559] Read of size 8 at addr ffff888021439940 by task syz-executor/6559
[   75.958425][ T6559] 
[   75.960736][ T6559] CPU: 0 PID: 6559 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[   75.970432][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.980468][ T6559] Call Trace:
[   75.983728][ T6559]  <TASK>
[   75.986639][ T6559]  dump_stack_lvl+0xcd/0x134
[   75.991220][ T6559]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   75.998227][ T6559]  ? up_write+0x3ac/0x470
[   76.002536][ T6559]  ? up_write+0x3ac/0x470
[   76.006847][ T6559]  kasan_report.cold+0x83/0xdf
[   76.011597][ T6559]  ? up_write+0x3ac/0x470
[   76.015923][ T6559]  up_write+0x3ac/0x470
[   76.020061][ T6559]  cgroup_setup_root+0x3a6/0xad0
[   76.025000][ T6559]  ? rebind_subsystems+0x10e0/0x10e0
[   76.030266][ T6559]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   76.036491][ T6559]  cgroup1_get_tree+0xd33/0x1390
[   76.041411][ T6559]  vfs_get_tree+0x89/0x2f0
[   76.045807][ T6559]  path_mount+0x1320/0x1fa0
[   76.050294][ T6559]  ? kmem_cache_free+0xba/0x4a0
[   76.055132][ T6559]  ? finish_automount+0xaf0/0xaf0
[   76.060140][ T6559]  ? putname+0xfe/0x140
[   76.064281][ T6559]  __x64_sys_mount+0x27f/0x300
[   76.069033][ T6559]  ? copy_mnt_ns+0xae0/0xae0
[   76.073618][ T6559]  ? syscall_enter_from_user_mode+0x21/0x70
[   76.079508][ T6559]  do_syscall_64+0x35/0xb0
[   76.083922][ T6559]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   76.089798][ T6559] RIP: 0033:0x7fc72651201a
[   76.094196][ T6559] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   76.113867][ T6559] RSP: 002b:00007ffc67733148 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.122268][ T6559] RAX: ffffffffffffffda RBX: 00007ffc677332d8 RCX: 00007fc72651201a
[   76.130304][ T6559] RDX: 00007fc726574fe2 RSI: 00007fc72656b29a RDI: 00007fc726569d71
[   76.138270][ T6559] RBP: 00007fc72656b29a R08: 00007fc72656b3f7 R09: 0000000000000026
[   76.146410][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc67733150
[   76.154466][ T6559] R13: 00007ffc677332f8 R14: 00007ffc67733220 R15: 00007fc72656b3f1
[   76.162431][ T6559]  </TASK>
[   76.165438][ T6559] 
[   76.167743][ T6559] Allocated by task 6559:
[   76.172065][ T6559]  kasan_save_stack+0x1e/0x50
[   76.176731][ T6559]  __kasan_kmalloc+0xa9/0xd0
[   76.181413][ T6559]  kernfs_create_root+0x4c/0x410
[   76.186343][ T6559]  cgroup_setup_root+0x243/0xad0
[   76.191307][ T6559]  cgroup1_get_tree+0xd33/0x1390
[   76.196237][ T6559]  vfs_get_tree+0x89/0x2f0
[   76.200643][ T6559]  path_mount+0x1320/0x1fa0
[   76.205178][ T6559]  __x64_sys_mount+0x27f/0x300
[   76.209927][ T6559]  do_syscall_64+0x35/0xb0
[   76.214341][ T6559]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   76.220320][ T6559] 
[   76.222624][ T6559] Freed by task 6559:
[   76.226663][ T6559]  kasan_save_stack+0x1e/0x50
[   76.231391][ T6559]  kasan_set_track+0x21/0x30
[   76.235974][ T6559]  kasan_set_free_info+0x20/0x30
[   76.240889][ T6559]  __kasan_slab_free+0x103/0x170
[   76.245807][ T6559]  slab_free_freelist_hook+0x8b/0x1c0
[   76.251162][ T6559]  kfree+0xe0/0x430
[   76.254964][ T6559]  kernfs_put.part.0+0x331/0x540
[   76.259882][ T6559]  kernfs_put+0x42/0x50
[   76.264025][ T6559]  __kernfs_remove+0x7a3/0xb20
[   76.268859][ T6559]  kernfs_destroy_root+0x89/0xb0
[   76.273791][ T6559]  cgroup_setup_root+0x3a6/0xad0
[   76.278723][ T6559]  cgroup1_get_tree+0xd33/0x1390
[   76.283663][ T6559]  vfs_get_tree+0x89/0x2f0
[   76.288087][ T6559]  path_mount+0x1320/0x1fa0
[   76.292723][ T6559]  __x64_sys_mount+0x27f/0x300
[   76.297486][ T6559]  do_syscall_64+0x35/0xb0
[   76.301895][ T6559]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   76.307779][ T6559] 
[   76.310084][ T6559] The buggy address belongs to the object at ffff888021439800
[   76.310084][ T6559]  which belongs to the cache kmalloc-512 of size 512
[   76.324215][ T6559] The buggy address is located 320 bytes inside of
[   76.324215][ T6559]  512-byte region [ffff888021439800, ffff888021439a00)
[   76.337469][ T6559] The buggy address belongs to the page:
[   76.343164][ T6559] page:ffffea0000850e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21438
[   76.353292][ T6559] head:ffffea0000850e00 order:2 compound_mapcount:0 compound_pincount:0
[   76.361683][ T6559] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   76.369646][ T6559] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41c80
[   76.378207][ T6559] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   76.386769][ T6559] page dumped because: kasan: bad access detected
[   76.393191][ T6559] page_owner tracks the page as allocated
[   76.398986][ T6559] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2352, ts 14231687289, free_ts 0
[   76.417562][ T6559]  get_page_from_freelist+0xa72/0x2f40
[   76.423023][ T6559]  __alloc_pages+0x1b2/0x500
[   76.427613][ T6559]  alloc_pages+0x1a7/0x300
[   76.432025][ T6559]  new_slab+0x261/0x460
[   76.436345][ T6559]  ___slab_alloc+0x798/0xf30
[   76.441008][ T6559]  __slab_alloc.constprop.0+0x4d/0xa0
[   76.446378][ T6559]  kmem_cache_alloc_trace+0x289/0x2c0
[   76.451745][ T6559]  alloc_bprm+0x51/0x8f0
[   76.456068][ T6559]  kernel_execve+0x55/0x460
[   76.460551][ T6559]  call_usermodehelper_exec_async+0x2e3/0x580
[   76.466602][ T6559]  ret_from_fork+0x1f/0x30
[   76.471000][ T6559] page_owner free stack trace missing
[   76.476362][ T6559] 
[   76.478672][ T6559] Memory state around the buggy address:
[   76.484349][ T6559]  ffff888021439800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.492415][ T6559]  ffff888021439880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.500472][ T6559] >ffff888021439900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.508526][ T6559]                                            ^
[   76.514668][ T6559]  ffff888021439980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.522713][ T6559]  ffff888021439a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.530882][ T6559] ==================================================================
[   76.546847][ T6559] Kernel panic - not syncing: panic_on_warn set ...
[   76.553454][ T6559] CPU: 0 PID: 6559 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211130-syzkaller #0
[   76.564571][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.574630][ T6559] Call Trace:
[   76.577922][ T6559]  <TASK>
[   76.581043][ T6559]  dump_stack_lvl+0xcd/0x134
[   76.585627][ T6559]  panic+0x2b0/0x6dd
[   76.589520][ T6559]  ? __warn_printk+0xf3/0xf3
[   76.594111][ T6559]  ? preempt_schedule_common+0x59/0xc0
[   76.599698][ T6559]  ? up_write+0x3ac/0x470
[   76.604017][ T6559]  ? preempt_schedule_thunk+0x16/0x18
[   76.609384][ T6559]  ? trace_hardirqs_on+0x38/0x1c0
[   76.614411][ T6559]  ? trace_hardirqs_on+0x51/0x1c0
[   76.619429][ T6559]  ? up_write+0x3ac/0x470
[   76.623833][ T6559]  ? up_write+0x3ac/0x470
[   76.628254][ T6559]  end_report.cold+0x63/0x6f
[   76.632842][ T6559]  kasan_report.cold+0x71/0xdf
[   76.637604][ T6559]  ? up_write+0x3ac/0x470
[   76.641917][ T6559]  up_write+0x3ac/0x470
[   76.646054][ T6559]  cgroup_setup_root+0x3a6/0xad0
[   76.650989][ T6559]  ? rebind_subsystems+0x10e0/0x10e0
[   76.656282][ T6559]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   76.662528][ T6559]  cgroup1_get_tree+0xd33/0x1390
[   76.667469][ T6559]  vfs_get_tree+0x89/0x2f0
[   76.671886][ T6559]  path_mount+0x1320/0x1fa0
[   76.676393][ T6559]  ? kmem_cache_free+0xba/0x4a0
[   76.681334][ T6559]  ? finish_automount+0xaf0/0xaf0
[   76.686362][ T6559]  ? putname+0xfe/0x140
[   76.690562][ T6559]  __x64_sys_mount+0x27f/0x300
[   76.695329][ T6559]  ? copy_mnt_ns+0xae0/0xae0
[   76.699920][ T6559]  ? syscall_enter_from_user_mode+0x21/0x70
[   76.705819][ T6559]  do_syscall_64+0x35/0xb0
[   76.710246][ T6559]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   76.716143][ T6559] RIP: 0033:0x7fc72651201a
[   76.720560][ T6559] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   76.740368][ T6559] RSP: 002b:00007ffc67733148 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.748785][ T6559] RAX: ffffffffffffffda RBX: 00007ffc677332d8 RCX: 00007fc72651201a
[   76.756754][ T6559] RDX: 00007fc726574fe2 RSI: 00007fc72656b29a RDI: 00007fc726569d71
[   76.764716][ T6559] RBP: 00007fc72656b29a R08: 00007fc72656b3f7 R09: 0000000000000026
[   76.772865][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc67733150
[   76.780830][ T6559] R13: 00007ffc677332f8 R14: 00007ffc67733220 R15: 00007fc72656b3f1
[   76.788807][ T6559]  </TASK>
[   76.792069][ T6559] Kernel Offset: disabled
[   76.796496][ T6559] Rebooting in 86400 seconds..