[�[0;32m OK �[0m] Started Daily apt download activities.
Starting System Logging Service...
[�[0;32m OK �[0m] Started Daily apt upgrade and clean activities.
[�[0;32m OK �[0m] Started Daily Cleanup of Temporary Directories.
[�[0;32m OK �[0m] Reached target Timers.
Starting OpenBSD Secure Shell server...
[�[0;32m OK �[0m] Started Permit User Sessions.
[�[0;32m OK �[0m] Started System Logging Service.
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Started getty on tty2-tty6 if dbus and logind are not available.
[�[0;32m OK �[0m] Started Getty on tty6.
[�[0;32m OK �[0m] Started Getty on tty5.
[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
2021/12/01 06:05:22 fuzzer started
2021/12/01 06:05:22 connecting to host at 10.128.0.169:44807
2021/12/01 06:05:22 checking machine...
2021/12/01 06:05:22 checking revisions...
2021/12/01 06:05:22 testing simple program...
syzkaller login: [ 77.257063][ T6522] cgroup: Unknown subsys name 'net'
[ 77.264228][ T6522]
[ 77.266569][ T6522] =========================
[ 77.271073][ T6522] WARNING: held lock freed!
[ 77.275662][ T6522] 5.16.0-rc3-next-20211201-syzkaller #0 Not tainted
[ 77.282414][ T6522] -------------------------
[ 77.287129][ T6522] syz-executor/6522 is freeing memory ffff88801c4cd000-ffff88801c4cd1ff, with a lock still held there!
[ 77.298322][ T6522] ffff88801c4cd148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 77.308141][ T6522] 2 locks held by syz-executor/6522:
[ 77.313455][ T6522] #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 77.324027][ T6522] #1: ffff88801c4cd148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 77.334262][ T6522]
[ 77.334262][ T6522] stack backtrace:
[ 77.340147][ T6522] CPU: 0 PID: 6522 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211201-syzkaller #0
[ 77.350024][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.360324][ T6522] Call Trace:
[ 77.363595][ T6522]
[ 77.366523][ T6522] dump_stack_lvl+0xcd/0x134
[ 77.371119][ T6522] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 77.377096][ T6522] ? lockdep_hardirqs_on+0x79/0x100
[ 77.382324][ T6522] slab_free_freelist_hook+0x73/0x1c0
[ 77.387695][ T6522] ? kernfs_put.part.0+0x331/0x540
[ 77.392794][ T6522] kfree+0xe0/0x430
[ 77.396592][ T6522] ? kmem_cache_free+0xba/0x4a0
[ 77.401442][ T6522] ? rwlock_bug.part.0+0x90/0x90
[ 77.406384][ T6522] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 77.412876][ T6522] kernfs_put.part.0+0x331/0x540
[ 77.417894][ T6522] kernfs_put+0x42/0x50
[ 77.422045][ T6522] __kernfs_remove+0x7a3/0xb20
[ 77.426810][ T6522] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 77.432777][ T6522] ? down_write+0xde/0x150
[ 77.437355][ T6522] ? down_write_killable_nested+0x180/0x180
[ 77.443543][ T6522] kernfs_destroy_root+0x89/0xb0
[ 77.448483][ T6522] cgroup_setup_root+0x3a6/0xad0
[ 77.453996][ T6522] ? rebind_subsystems+0x10e0/0x10e0
[ 77.459391][ T6522] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 77.465914][ T6522] cgroup1_get_tree+0xd33/0x1390
[ 77.470947][ T6522] vfs_get_tree+0x89/0x2f0
[ 77.475363][ T6522] path_mount+0x1320/0x1fa0
[ 77.479859][ T6522] ? kmem_cache_free+0xba/0x4a0
[ 77.484705][ T6522] ? finish_automount+0xaf0/0xaf0
[ 77.489982][ T6522] ? putname+0xfe/0x140
[ 77.494141][ T6522] __x64_sys_mount+0x27f/0x300
[ 77.498905][ T6522] ? copy_mnt_ns+0xae0/0xae0
[ 77.503672][ T6522] ? syscall_enter_from_user_mode+0x21/0x70
[ 77.509561][ T6522] do_syscall_64+0x35/0xb0
[ 77.513986][ T6522] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.519878][ T6522] RIP: 0033:0x7feff185f01a
[ 77.524305][ T6522] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 77.544068][ T6522] RSP: 002b:00007fff83709918 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 77.552598][ T6522] RAX: ffffffffffffffda RBX: 00007fff83709aa8 RCX: 00007feff185f01a
[ 77.560673][ T6522] RDX: 00007feff18c1fe2 RSI: 00007feff18b829a RDI: 00007feff18b6d71
[ 77.568995][ T6522] RBP: 00007feff18b829a R08: 00007feff18b83f7 R09: 0000000000000026
[ 77.577307][ T6522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff83709920
[ 77.585374][ T6522] R13: 00007fff83709ac8 R14: 00007fff837099f0 R15: 00007feff18b83f1
[ 77.593673][ T6522]
[ 77.597846][ T6522] ==================================================================
[ 77.606089][ T6522] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 77.612772][ T6522] Read of size 8 at addr ffff88801c4cd140 by task syz-executor/6522
[ 77.620761][ T6522]
[ 77.623079][ T6522] CPU: 0 PID: 6522 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211201-syzkaller #0
[ 77.632812][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.643069][ T6522] Call Trace:
[ 77.646347][ T6522]
[ 77.649292][ T6522] dump_stack_lvl+0xcd/0x134
[ 77.653918][ T6522] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 77.660942][ T6522] ? up_write+0x3ac/0x470
[ 77.665269][ T6522] ? up_write+0x3ac/0x470
[ 77.669595][ T6522] kasan_report.cold+0x83/0xdf
[ 77.674357][ T6522] ? up_write+0x3ac/0x470
[ 77.678771][ T6522] up_write+0x3ac/0x470
[ 77.682927][ T6522] cgroup_setup_root+0x3a6/0xad0
[ 77.687882][ T6522] ? rebind_subsystems+0x10e0/0x10e0
[ 77.693172][ T6522] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 77.699422][ T6522] cgroup1_get_tree+0xd33/0x1390
[ 77.704378][ T6522] vfs_get_tree+0x89/0x2f0
[ 77.708800][ T6522] path_mount+0x1320/0x1fa0
[ 77.713307][ T6522] ? kmem_cache_free+0xba/0x4a0
[ 77.718179][ T6522] ? finish_automount+0xaf0/0xaf0
[ 77.723378][ T6522] ? putname+0xfe/0x140
[ 77.727536][ T6522] __x64_sys_mount+0x27f/0x300
[ 77.732305][ T6522] ? copy_mnt_ns+0xae0/0xae0
[ 77.736893][ T6522] ? syscall_enter_from_user_mode+0x21/0x70
[ 77.742906][ T6522] do_syscall_64+0x35/0xb0
[ 77.747333][ T6522] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.753227][ T6522] RIP: 0033:0x7feff185f01a
[ 77.757639][ T6522] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 77.777252][ T6522] RSP: 002b:00007fff83709918 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 77.786033][ T6522] RAX: ffffffffffffffda RBX: 00007fff83709aa8 RCX: 00007feff185f01a
[ 77.794146][ T6522] RDX: 00007feff18c1fe2 RSI: 00007feff18b829a RDI: 00007feff18b6d71
[ 77.802189][ T6522] RBP: 00007feff18b829a R08: 00007feff18b83f7 R09: 0000000000000026
[ 77.810179][ T6522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff83709920
[ 77.818161][ T6522] R13: 00007fff83709ac8 R14: 00007fff837099f0 R15: 00007feff18b83f1
[ 77.826142][ T6522]
[ 77.829157][ T6522]
[ 77.831473][ T6522] Allocated by task 6522:
[ 77.835801][ T6522] kasan_save_stack+0x1e/0x50
[ 77.840586][ T6522] __kasan_kmalloc+0xa9/0xd0
[ 77.845265][ T6522] kernfs_create_root+0x4c/0x410
[ 77.850203][ T6522] cgroup_setup_root+0x243/0xad0
[ 77.855143][ T6522] cgroup1_get_tree+0xd33/0x1390
[ 77.860078][ T6522] vfs_get_tree+0x89/0x2f0
[ 77.864503][ T6522] path_mount+0x1320/0x1fa0
[ 77.869005][ T6522] __x64_sys_mount+0x27f/0x300
[ 77.873828][ T6522] do_syscall_64+0x35/0xb0
[ 77.878248][ T6522] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.884144][ T6522]
[ 77.886455][ T6522] Freed by task 6522:
[ 77.890421][ T6522] kasan_save_stack+0x1e/0x50
[ 77.895101][ T6522] kasan_set_track+0x21/0x30
[ 77.899688][ T6522] kasan_set_free_info+0x20/0x30
[ 77.904618][ T6522] __kasan_slab_free+0x103/0x170
[ 77.909552][ T6522] slab_free_freelist_hook+0x8b/0x1c0
[ 77.914919][ T6522] kfree+0xe0/0x430
[ 77.918720][ T6522] kernfs_put.part.0+0x331/0x540
[ 77.923656][ T6522] kernfs_put+0x42/0x50
[ 77.927804][ T6522] __kernfs_remove+0x7a3/0xb20
[ 77.932565][ T6522] kernfs_destroy_root+0x89/0xb0
[ 77.937512][ T6522] cgroup_setup_root+0x3a6/0xad0
[ 77.942449][ T6522] cgroup1_get_tree+0xd33/0x1390
[ 77.947383][ T6522] vfs_get_tree+0x89/0x2f0
[ 77.951807][ T6522] path_mount+0x1320/0x1fa0
[ 77.956307][ T6522] __x64_sys_mount+0x27f/0x300
[ 77.961080][ T6522] do_syscall_64+0x35/0xb0
[ 77.965507][ T6522] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.971413][ T6522]
[ 77.973728][ T6522] The buggy address belongs to the object at ffff88801c4cd000
[ 77.973728][ T6522] which belongs to the cache kmalloc-512 of size 512
[ 77.987781][ T6522] The buggy address is located 320 bytes inside of
[ 77.987781][ T6522] 512-byte region [ffff88801c4cd000, ffff88801c4cd200)
[ 78.001136][ T6522] The buggy address belongs to the page:
[ 78.006755][ T6522] page:ffffea0000713300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c4cc
[ 78.017076][ T6522] head:ffffea0000713300 order:2 compound_mapcount:0 compound_pincount:0
[ 78.025482][ T6522] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 78.033466][ T6522] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41c80
[ 78.042143][ T6522] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 78.050712][ T6522] page dumped because: kasan: bad access detected
[ 78.057110][ T6522] page_owner tracks the page as allocated
[ 78.062809][ T6522] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1180, ts 9082052809, free_ts 0
[ 78.081169][ T6522] get_page_from_freelist+0xa72/0x2f40
[ 78.086822][ T6522] __alloc_pages+0x1b2/0x500
[ 78.091408][ T6522] alloc_pages+0x1a7/0x300
[ 78.095911][ T6522] new_slab+0x261/0x460
[ 78.100077][ T6522] ___slab_alloc+0x798/0xf30
[ 78.104942][ T6522] __slab_alloc.constprop.0+0x4d/0xa0
[ 78.110313][ T6522] kmem_cache_alloc_trace+0x289/0x2c0
[ 78.115686][ T6522] alloc_bprm+0x51/0x8f0
[ 78.119937][ T6522] kernel_execve+0x55/0x460
[ 78.124453][ T6522] call_usermodehelper_exec_async+0x2e3/0x580
[ 78.130521][ T6522] ret_from_fork+0x1f/0x30
[ 78.134946][ T6522] page_owner free stack trace missing
[ 78.140388][ T6522]
[ 78.142711][ T6522] Memory state around the buggy address:
[ 78.148329][ T6522] ffff88801c4cd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.156651][ T6522] ffff88801c4cd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.165154][ T6522] >ffff88801c4cd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.173548][ T6522] ^
[ 78.179786][ T6522] ffff88801c4cd180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.187923][ T6522] ffff88801c4cd200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.195986][ T6522] ==================================================================
[ 78.210930][ T6522] Kernel panic - not syncing: panic_on_warn set ...
[ 78.217626][ T6522] CPU: 0 PID: 6522 Comm: syz-executor Tainted: G B 5.16.0-rc3-next-20211201-syzkaller #0
[ 78.228825][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 78.238887][ T6522] Call Trace:
[ 78.242339][ T6522]
[ 78.245311][ T6522] dump_stack_lvl+0xcd/0x134
[ 78.250276][ T6522] panic+0x2b0/0x6dd
[ 78.254206][ T6522] ? __warn_printk+0xf3/0xf3
[ 78.258796][ T6522] ? preempt_schedule_common+0x59/0xc0
[ 78.264353][ T6522] ? up_write+0x3ac/0x470
[ 78.268697][ T6522] ? preempt_schedule_thunk+0x16/0x18
[ 78.274117][ T6522] ? trace_hardirqs_on+0x38/0x1c0
[ 78.279154][ T6522] ? trace_hardirqs_on+0x51/0x1c0
[ 78.284519][ T6522] ? up_write+0x3ac/0x470
[ 78.288853][ T6522] ? up_write+0x3ac/0x470
[ 78.293203][ T6522] end_report.cold+0x63/0x6f
[ 78.297805][ T6522] kasan_report.cold+0x71/0xdf
[ 78.302755][ T6522] ? up_write+0x3ac/0x470
[ 78.307093][ T6522] up_write+0x3ac/0x470
[ 78.312169][ T6522] cgroup_setup_root+0x3a6/0xad0
[ 78.317162][ T6522] ? rebind_subsystems+0x10e0/0x10e0
[ 78.322485][ T6522] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 78.328739][ T6522] cgroup1_get_tree+0xd33/0x1390
[ 78.333683][ T6522] vfs_get_tree+0x89/0x2f0
[ 78.338118][ T6522] path_mount+0x1320/0x1fa0
[ 78.342623][ T6522] ? kmem_cache_free+0xba/0x4a0
[ 78.347482][ T6522] ? finish_automount+0xaf0/0xaf0
[ 78.352509][ T6522] ? putname+0xfe/0x140
[ 78.356760][ T6522] __x64_sys_mount+0x27f/0x300
[ 78.361528][ T6522] ? copy_mnt_ns+0xae0/0xae0
[ 78.366203][ T6522] ? syscall_enter_from_user_mode+0x21/0x70
[ 78.372188][ T6522] do_syscall_64+0x35/0xb0
[ 78.376604][ T6522] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 78.382500][ T6522] RIP: 0033:0x7feff185f01a
[ 78.386922][ T6522] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 78.406643][ T6522] RSP: 002b:00007fff83709918 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 78.415146][ T6522] RAX: ffffffffffffffda RBX: 00007fff83709aa8 RCX: 00007feff185f01a
[ 78.423116][ T6522] RDX: 00007feff18c1fe2 RSI: 00007feff18b829a RDI: 00007feff18b6d71
[ 78.431080][ T6522] RBP: 00007feff18b829a R08: 00007feff18b83f7 R09: 0000000000000026
[ 78.439057][ T6522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff83709920
[ 78.447207][ T6522] R13: 00007fff83709ac8 R14: 00007fff837099f0 R15: 00007feff18b83f1
[ 78.455353][ T6522]
[ 78.458428][ T6522] Kernel Offset: disabled
[ 78.462805][ T6522] Rebooting in 86400 seconds..