[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts.
2021/11/30 11:12:49 fuzzer started
2021/11/30 11:12:49 connecting to host at 10.128.0.169:34969
2021/11/30 11:12:49 checking machine...
2021/11/30 11:12:49 checking revisions...
2021/11/30 11:12:50 testing simple program...
syzkaller login: [ 75.704165][ T6541] cgroup: Unknown subsys name 'net'
[ 75.710990][ T6541]
[ 75.713329][ T6541] =========================
[ 75.717807][ T6541] WARNING: held lock freed!
[ 75.722281][ T6541] 5.16.0-rc3-next-20211130-syzkaller #0 Not tainted
[ 75.728841][ T6541] -------------------------
[ 75.733359][ T6541] syz-executor/6541 is freeing memory ffff88801d286400-ffff88801d2865ff, with a lock still held there!
[ 75.744487][ T6541] ffff88801d286548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 75.754358][ T6541] 2 locks held by syz-executor/6541:
[ 75.759633][ T6541] #0: ffffffff8bbc50c8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 75.770172][ T6541] #1: ffff88801d286548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 75.780365][ T6541]
[ 75.780365][ T6541] stack backtrace:
[ 75.786240][ T6541] CPU: 1 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[ 75.796044][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 75.806088][ T6541] Call Trace:
[ 75.809384][ T6541]
[ 75.812299][ T6541] dump_stack_lvl+0xcd/0x134
[ 75.816920][ T6541] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 75.822902][ T6541] ? lockdep_hardirqs_on+0x79/0x100
[ 75.828102][ T6541] slab_free_freelist_hook+0x73/0x1c0
[ 75.833557][ T6541] ? kernfs_put.part.0+0x331/0x540
[ 75.838825][ T6541] kfree+0xe0/0x430
[ 75.842621][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 75.847457][ T6541] ? rwlock_bug.part.0+0x90/0x90
[ 75.852380][ T6541] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 75.858611][ T6541] kernfs_put.part.0+0x331/0x540
[ 75.863533][ T6541] kernfs_put+0x42/0x50
[ 75.867671][ T6541] __kernfs_remove+0x7a3/0xb20
[ 75.872422][ T6541] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 75.878398][ T6541] ? down_write+0xde/0x150
[ 75.882982][ T6541] ? down_write_killable_nested+0x180/0x180
[ 75.888874][ T6541] kernfs_destroy_root+0x89/0xb0
[ 75.893795][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 75.898721][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 75.903990][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 75.910215][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 75.915143][ T6541] vfs_get_tree+0x89/0x2f0
[ 75.919556][ T6541] path_mount+0x1320/0x1fa0
[ 75.924042][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 75.928877][ T6541] ? finish_automount+0xaf0/0xaf0
[ 75.933885][ T6541] ? putname+0xfe/0x140
[ 75.938024][ T6541] __x64_sys_mount+0x27f/0x300
[ 75.942771][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 75.947359][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 75.953239][ T6541] do_syscall_64+0x35/0xb0
[ 75.957638][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 75.963780][ T6541] RIP: 0033:0x7efd4c34a01a
[ 75.968215][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 75.987976][ T6541] RSP: 002b:00007fffbab820e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 75.996371][ T6541] RAX: ffffffffffffffda RBX: 00007fffbab82278 RCX: 00007efd4c34a01a
[ 76.004324][ T6541] RDX: 00007efd4c3acfe2 RSI: 00007efd4c3a329a RDI: 00007efd4c3a1d71
[ 76.012276][ T6541] RBP: 00007efd4c3a329a R08: 00007efd4c3a33f7 R09: 0000000000000026
[ 76.020231][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbab820f0
[ 76.028197][ T6541] R13: 00007fffbab82298 R14: 00007fffbab821c0 R15: 00007efd4c3a33f1
[ 76.036153][ T6541]
[ 76.040575][ T6541] ==================================================================
[ 76.048659][ T6541] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 76.055336][ T6541] Read of size 8 at addr ffff88801d286540 by task syz-executor/6541
[ 76.063310][ T6541]
[ 76.065624][ T6541] CPU: 0 PID: 6541 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211130-syzkaller #0
[ 76.075353][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 76.085398][ T6541] Call Trace:
[ 76.088668][ T6541]
[ 76.091679][ T6541] dump_stack_lvl+0xcd/0x134
[ 76.096292][ T6541] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 76.103316][ T6541] ? up_write+0x3ac/0x470
[ 76.108086][ T6541] ? up_write+0x3ac/0x470
[ 76.112509][ T6541] kasan_report.cold+0x83/0xdf
[ 76.117531][ T6541] ? up_write+0x3ac/0x470
[ 76.121856][ T6541] up_write+0x3ac/0x470
[ 76.126008][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 76.131057][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 76.136355][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 76.142689][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 76.148670][ T6541] vfs_get_tree+0x89/0x2f0
[ 76.153089][ T6541] path_mount+0x1320/0x1fa0
[ 76.157602][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 76.162485][ T6541] ? finish_automount+0xaf0/0xaf0
[ 76.167531][ T6541] ? putname+0xfe/0x140
[ 76.171698][ T6541] __x64_sys_mount+0x27f/0x300
[ 76.176479][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 76.181086][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 76.187330][ T6541] do_syscall_64+0x35/0xb0
[ 76.191744][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.197635][ T6541] RIP: 0033:0x7efd4c34a01a
[ 76.202043][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 76.221733][ T6541] RSP: 002b:00007fffbab820e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 76.230329][ T6541] RAX: ffffffffffffffda RBX: 00007fffbab82278 RCX: 00007efd4c34a01a
[ 76.238391][ T6541] RDX: 00007efd4c3acfe2 RSI: 00007efd4c3a329a RDI: 00007efd4c3a1d71
[ 76.246374][ T6541] RBP: 00007efd4c3a329a R08: 00007efd4c3a33f7 R09: 0000000000000026
[ 76.254343][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbab820f0
[ 76.262492][ T6541] R13: 00007fffbab82298 R14: 00007fffbab821c0 R15: 00007efd4c3a33f1
[ 76.270552][ T6541]
[ 76.273566][ T6541]
[ 76.275884][ T6541] Allocated by task 6541:
[ 76.280206][ T6541] kasan_save_stack+0x1e/0x50
[ 76.284896][ T6541] __kasan_kmalloc+0xa9/0xd0
[ 76.289487][ T6541] kernfs_create_root+0x4c/0x410
[ 76.294423][ T6541] cgroup_setup_root+0x243/0xad0
[ 76.299443][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 76.304374][ T6541] vfs_get_tree+0x89/0x2f0
[ 76.308889][ T6541] path_mount+0x1320/0x1fa0
[ 76.313387][ T6541] __x64_sys_mount+0x27f/0x300
[ 76.318149][ T6541] do_syscall_64+0x35/0xb0
[ 76.322648][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.328546][ T6541]
[ 76.330856][ T6541] Freed by task 6541:
[ 76.334819][ T6541] kasan_save_stack+0x1e/0x50
[ 76.339596][ T6541] kasan_set_track+0x21/0x30
[ 76.344180][ T6541] kasan_set_free_info+0x20/0x30
[ 76.349111][ T6541] __kasan_slab_free+0x103/0x170
[ 76.354064][ T6541] slab_free_freelist_hook+0x8b/0x1c0
[ 76.359431][ T6541] kfree+0xe0/0x430
[ 76.363233][ T6541] kernfs_put.part.0+0x331/0x540
[ 76.368176][ T6541] kernfs_put+0x42/0x50
[ 76.372328][ T6541] __kernfs_remove+0x7a3/0xb20
[ 76.377193][ T6541] kernfs_destroy_root+0x89/0xb0
[ 76.382128][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 76.387073][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 76.392007][ T6541] vfs_get_tree+0x89/0x2f0
[ 76.396417][ T6541] path_mount+0x1320/0x1fa0
[ 76.400919][ T6541] __x64_sys_mount+0x27f/0x300
[ 76.405678][ T6541] do_syscall_64+0x35/0xb0
[ 76.410269][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.416160][ T6541]
[ 76.418467][ T6541] Last potentially related work creation:
[ 76.424171][ T6541] kasan_save_stack+0x1e/0x50
[ 76.428859][ T6541] __kasan_record_aux_stack+0xfe/0x1b0
[ 76.434313][ T6541] call_rcu+0xb1/0x740
[ 76.438379][ T6541] rht_deferred_worker+0x146d/0x2030
[ 76.443747][ T6541] process_one_work+0x9b2/0x1690
[ 76.448777][ T6541] worker_thread+0x658/0x11f0
[ 76.453483][ T6541] kthread+0x405/0x4f0
[ 76.457701][ T6541] ret_from_fork+0x1f/0x30
[ 76.462142][ T6541]
[ 76.464480][ T6541] The buggy address belongs to the object at ffff88801d286400
[ 76.464480][ T6541] which belongs to the cache kmalloc-512 of size 512
[ 76.478612][ T6541] The buggy address is located 320 bytes inside of
[ 76.478612][ T6541] 512-byte region [ffff88801d286400, ffff88801d286600)
[ 76.491981][ T6541] The buggy address belongs to the page:
[ 76.497768][ T6541] page:ffffea000074a100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d284
[ 76.507911][ T6541] head:ffffea000074a100 order:2 compound_mapcount:0 compound_pincount:0
[ 76.516234][ T6541] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 76.524981][ T6541] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c41c80
[ 76.534007][ T6541] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 76.542577][ T6541] page dumped because: kasan: bad access detected
[ 76.549077][ T6541] page_owner tracks the page as allocated
[ 76.554774][ T6541] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2970, ts 32028923287, free_ts 21987656555
[ 76.573954][ T6541] get_page_from_freelist+0xa72/0x2f40
[ 76.579416][ T6541] __alloc_pages+0x1b2/0x500
[ 76.583999][ T6541] alloc_pages+0x1a7/0x300
[ 76.588418][ T6541] new_slab+0x261/0x460
[ 76.592583][ T6541] ___slab_alloc+0x798/0xf30
[ 76.597167][ T6541] __slab_alloc.constprop.0+0x4d/0xa0
[ 76.602533][ T6541] __kmalloc_node_track_caller+0x2cb/0x360
[ 76.608341][ T6541] __alloc_skb+0xde/0x340
[ 76.612666][ T6541] netlink_sendmsg+0x967/0xda0
[ 76.617768][ T6541] sock_sendmsg+0xcf/0x120
[ 76.622178][ T6541] ____sys_sendmsg+0x6e8/0x810
[ 76.626935][ T6541] ___sys_sendmsg+0xf3/0x170
[ 76.631707][ T6541] __sys_sendmsg+0xe5/0x1b0
[ 76.636206][ T6541] do_syscall_64+0x35/0xb0
[ 76.640618][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.646626][ T6541] page last free stack trace:
[ 76.651319][ T6541] free_pcp_prepare+0x414/0xb60
[ 76.656188][ T6541] free_unref_page+0x19/0x690
[ 76.660875][ T6541] __unfreeze_partials+0x19f/0x1c0
[ 76.665995][ T6541] qlist_free_all+0x5a/0xf0
[ 76.670493][ T6541] kasan_quarantine_reduce+0x180/0x200
[ 76.675947][ T6541] __kasan_slab_alloc+0xa2/0xc0
[ 76.680795][ T6541] __kmalloc+0x1e7/0x340
[ 76.685643][ T6541] tomoyo_realpath_from_path+0xc3/0x620
[ 76.691185][ T6541] tomoyo_path_perm+0x21b/0x400
[ 76.696112][ T6541] security_inode_getattr+0xcf/0x140
[ 76.701510][ T6541] vfs_fstat+0x43/0xb0
[ 76.705574][ T6541] __do_sys_newfstat+0x81/0x100
[ 76.710610][ T6541] do_syscall_64+0x35/0xb0
[ 76.715028][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.721175][ T6541]
[ 76.723484][ T6541] Memory state around the buggy address:
[ 76.729115][ T6541] ffff88801d286400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.737166][ T6541] ffff88801d286480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.745239][ T6541] >ffff88801d286500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.753283][ T6541] ^
[ 76.759420][ T6541] ffff88801d286580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.767472][ T6541] ffff88801d286600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.775528][ T6541] ==================================================================
[ 76.783859][ T6541] Kernel panic - not syncing: panic_on_warn set ...
[ 76.790845][ T6541] CPU: 1 PID: 6541 Comm: syz-executor Tainted: G B 5.16.0-rc3-next-20211130-syzkaller #0
[ 76.802149][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 76.812208][ T6541] Call Trace:
[ 76.815489][ T6541]
[ 76.818433][ T6541] dump_stack_lvl+0xcd/0x134
[ 76.823056][ T6541] panic+0x2b0/0x6dd
[ 76.827146][ T6541] ? __warn_printk+0xf3/0xf3
[ 76.831861][ T6541] ? preempt_schedule_common+0x59/0xc0
[ 76.837341][ T6541] ? up_write+0x3ac/0x470
[ 76.841677][ T6541] ? preempt_schedule_thunk+0x16/0x18
[ 76.847066][ T6541] ? trace_hardirqs_on+0x38/0x1c0
[ 76.852115][ T6541] ? trace_hardirqs_on+0x51/0x1c0
[ 76.857241][ T6541] ? up_write+0x3ac/0x470
[ 76.861570][ T6541] ? up_write+0x3ac/0x470
[ 76.865908][ T6541] end_report.cold+0x63/0x6f
[ 76.870862][ T6541] kasan_report.cold+0x71/0xdf
[ 76.875641][ T6541] ? up_write+0x3ac/0x470
[ 76.879964][ T6541] up_write+0x3ac/0x470
[ 76.884117][ T6541] cgroup_setup_root+0x3a6/0xad0
[ 76.889056][ T6541] ? rebind_subsystems+0x10e0/0x10e0
[ 76.894345][ T6541] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 76.900602][ T6541] cgroup1_get_tree+0xd33/0x1390
[ 76.905540][ T6541] vfs_get_tree+0x89/0x2f0
[ 76.909969][ T6541] path_mount+0x1320/0x1fa0
[ 76.914471][ T6541] ? kmem_cache_free+0xba/0x4a0
[ 76.919418][ T6541] ? finish_automount+0xaf0/0xaf0
[ 76.924579][ T6541] ? putname+0xfe/0x140
[ 76.928745][ T6541] __x64_sys_mount+0x27f/0x300
[ 76.933610][ T6541] ? copy_mnt_ns+0xae0/0xae0
[ 76.938218][ T6541] ? syscall_enter_from_user_mode+0x21/0x70
[ 76.944219][ T6541] do_syscall_64+0x35/0xb0
[ 76.948786][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 76.954959][ T6541] RIP: 0033:0x7efd4c34a01a
[ 76.959466][ T6541] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 76.979246][ T6541] RSP: 002b:00007fffbab820e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 76.987673][ T6541] RAX: ffffffffffffffda RBX: 00007fffbab82278 RCX: 00007efd4c34a01a
[ 76.995723][ T6541] RDX: 00007efd4c3acfe2 RSI: 00007efd4c3a329a RDI: 00007efd4c3a1d71
[ 77.003716][ T6541] RBP: 00007efd4c3a329a R08: 00007efd4c3a33f7 R09: 0000000000000026
[ 77.011677][ T6541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbab820f0
[ 77.020162][ T6541] R13: 00007fffbab82298 R14: 00007fffbab821c0 R15: 00007efd4c3a33f1
[ 77.028134][ T6541]
[ 77.031205][ T6541] Kernel Offset: disabled
[ 77.035606][ T6541] Rebooting in 86400 seconds..