Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts.
2021/12/03 23:55:41 fuzzer started
2021/12/03 23:55:41 connecting to host at 10.128.0.169:36071
2021/12/03 23:55:41 checking machine...
2021/12/03 23:55:41 checking revisions...
2021/12/03 23:55:41 testing simple program...
syzkaller login: [   70.299396][ T6534] cgroup: Unknown subsys name 'net'
[   70.305816][ T6534] 
[   70.308145][ T6534] =========================
[   70.312622][ T6534] WARNING: held lock freed!
[   70.317097][ T6534] 5.16.0-rc3-next-20211203-syzkaller #0 Not tainted
[   70.323662][ T6534] -------------------------
[   70.328226][ T6534] syz-executor/6534 is freeing memory ffff888020fad400-ffff888020fad5ff, with a lock still held there!
[   70.339224][ T6534] ffff888020fad548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   70.348950][ T6534] 2 locks held by syz-executor/6534:
[   70.354317][ T6534]  #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   70.364915][ T6534]  #1: ffff888020fad548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   70.375092][ T6534] 
[   70.375092][ T6534] stack backtrace:
[   70.380977][ T6534] CPU: 1 PID: 6534 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   70.390675][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.400715][ T6534] Call Trace:
[   70.403983][ T6534]  <TASK>
[   70.406901][ T6534]  dump_stack_lvl+0xcd/0x134
[   70.411577][ T6534]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   70.417583][ T6534]  ? lockdep_hardirqs_on+0x79/0x100
[   70.422786][ T6534]  slab_free_freelist_hook+0x73/0x1c0
[   70.428146][ T6534]  ? kernfs_put.part.0+0x331/0x540
[   70.433244][ T6534]  kfree+0xd0/0x4b0
[   70.437038][ T6534]  ? kmem_cache_free+0xdd/0x580
[   70.441879][ T6534]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   70.448121][ T6534]  kernfs_put.part.0+0x331/0x540
[   70.453051][ T6534]  kernfs_put+0x42/0x50
[   70.457191][ T6534]  __kernfs_remove+0x7a3/0xb20
[   70.461960][ T6534]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   70.467924][ T6534]  ? down_write+0xde/0x150
[   70.472326][ T6534]  ? down_write_killable_nested+0x180/0x180
[   70.478210][ T6534]  kernfs_destroy_root+0x89/0xb0
[   70.483142][ T6534]  cgroup_setup_root+0x3a6/0xad0
[   70.488075][ T6534]  ? rebind_subsystems+0x10e0/0x10e0
[   70.493352][ T6534]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.499605][ T6534]  cgroup1_get_tree+0xd33/0x1390
[   70.504552][ T6534]  vfs_get_tree+0x89/0x2f0
[   70.508961][ T6534]  path_mount+0x1320/0x1fa0
[   70.513453][ T6534]  ? kmem_cache_free+0xdd/0x580
[   70.518293][ T6534]  ? finish_automount+0xaf0/0xaf0
[   70.523303][ T6534]  ? putname+0xfe/0x140
[   70.527454][ T6534]  __x64_sys_mount+0x27f/0x300
[   70.532209][ T6534]  ? copy_mnt_ns+0xae0/0xae0
[   70.536782][ T6534]  ? syscall_enter_from_user_mode+0x21/0x70
[   70.542666][ T6534]  do_syscall_64+0x35/0xb0
[   70.547095][ T6534]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.552974][ T6534] RIP: 0033:0x7f91cfb1f01a
[   70.557376][ T6534] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   70.576994][ T6534] RSP: 002b:00007ffff313c6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.585492][ T6534] RAX: ffffffffffffffda RBX: 00007ffff313c848 RCX: 00007f91cfb1f01a
[   70.593460][ T6534] RDX: 00007f91cfb82051 RSI: 00007f91cfb78324 RDI: 00007f91cfb76dc9
[   70.601437][ T6534] RBP: 00007f91cfb78324 R08: 00007f91cfb78481 R09: 0000000000000026
[   70.609444][ T6534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff313c6c0
[   70.617417][ T6534] R13: 00007ffff313c868 R14: 00007ffff313c790 R15: 00007f91cfb7847b
[   70.625466][ T6534]  </TASK>
[   70.628700][ T6534] ==================================================================
[   70.636862][ T6534] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   70.643559][ T6534] Read of size 8 at addr ffff888020fad540 by task syz-executor/6534
[   70.651528][ T6534] 
[   70.653836][ T6534] CPU: 1 PID: 6534 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   70.663537][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.673578][ T6534] Call Trace:
[   70.676859][ T6534]  <TASK>
[   70.679774][ T6534]  dump_stack_lvl+0xcd/0x134
[   70.684361][ T6534]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   70.691378][ T6534]  ? up_write+0x3ac/0x470
[   70.695727][ T6534]  ? up_write+0x3ac/0x470
[   70.700058][ T6534]  kasan_report.cold+0x83/0xdf
[   70.704933][ T6534]  ? up_write+0x3ac/0x470
[   70.709270][ T6534]  up_write+0x3ac/0x470
[   70.713422][ T6534]  cgroup_setup_root+0x3a6/0xad0
[   70.718366][ T6534]  ? rebind_subsystems+0x10e0/0x10e0
[   70.723648][ T6534]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.729887][ T6534]  cgroup1_get_tree+0xd33/0x1390
[   70.734817][ T6534]  vfs_get_tree+0x89/0x2f0
[   70.739225][ T6534]  path_mount+0x1320/0x1fa0
[   70.743723][ T6534]  ? kmem_cache_free+0xdd/0x580
[   70.748570][ T6534]  ? finish_automount+0xaf0/0xaf0
[   70.753604][ T6534]  ? putname+0xfe/0x140
[   70.757752][ T6534]  __x64_sys_mount+0x27f/0x300
[   70.762508][ T6534]  ? copy_mnt_ns+0xae0/0xae0
[   70.767102][ T6534]  ? syscall_enter_from_user_mode+0x21/0x70
[   70.772999][ T6534]  do_syscall_64+0x35/0xb0
[   70.777419][ T6534]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.783302][ T6534] RIP: 0033:0x7f91cfb1f01a
[   70.787719][ T6534] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   70.807397][ T6534] RSP: 002b:00007ffff313c6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.815813][ T6534] RAX: ffffffffffffffda RBX: 00007ffff313c848 RCX: 00007f91cfb1f01a
[   70.823801][ T6534] RDX: 00007f91cfb82051 RSI: 00007f91cfb78324 RDI: 00007f91cfb76dc9
[   70.831771][ T6534] RBP: 00007f91cfb78324 R08: 00007f91cfb78481 R09: 0000000000000026
[   70.839749][ T6534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff313c6c0
[   70.847737][ T6534] R13: 00007ffff313c868 R14: 00007ffff313c790 R15: 00007f91cfb7847b
[   70.855729][ T6534]  </TASK>
[   70.858735][ T6534] 
[   70.861144][ T6534] Allocated by task 6534:
[   70.865451][ T6534]  kasan_save_stack+0x1e/0x40
[   70.870138][ T6534]  __kasan_kmalloc+0xa9/0xd0
[   70.874722][ T6534]  kernfs_create_root+0x4c/0x410
[   70.879650][ T6534]  cgroup_setup_root+0x243/0xad0
[   70.884674][ T6534]  cgroup1_get_tree+0xd33/0x1390
[   70.889694][ T6534]  vfs_get_tree+0x89/0x2f0
[   70.894106][ T6534]  path_mount+0x1320/0x1fa0
[   70.898608][ T6534]  __x64_sys_mount+0x27f/0x300
[   70.903380][ T6534]  do_syscall_64+0x35/0xb0
[   70.907805][ T6534]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.913694][ T6534] 
[   70.916004][ T6534] Freed by task 6534:
[   70.919988][ T6534]  kasan_save_stack+0x1e/0x40
[   70.924865][ T6534]  kasan_set_track+0x21/0x30
[   70.929493][ T6534]  kasan_set_free_info+0x20/0x30
[   70.934417][ T6534]  ____kasan_slab_free+0x166/0x1a0
[   70.939606][ T6534]  slab_free_freelist_hook+0x8b/0x1c0
[   70.944973][ T6534]  kfree+0xd0/0x4b0
[   70.948768][ T6534]  kernfs_put.part.0+0x331/0x540
[   70.953704][ T6534]  kernfs_put+0x42/0x50
[   70.957968][ T6534]  __kernfs_remove+0x7a3/0xb20
[   70.962728][ T6534]  kernfs_destroy_root+0x89/0xb0
[   70.967745][ T6534]  cgroup_setup_root+0x3a6/0xad0
[   70.972672][ T6534]  cgroup1_get_tree+0xd33/0x1390
[   70.977613][ T6534]  vfs_get_tree+0x89/0x2f0
[   70.982028][ T6534]  path_mount+0x1320/0x1fa0
[   70.986518][ T6534]  __x64_sys_mount+0x27f/0x300
[   70.991281][ T6534]  do_syscall_64+0x35/0xb0
[   70.995684][ T6534]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.001564][ T6534] 
[   71.003879][ T6534] The buggy address belongs to the object at ffff888020fad400
[   71.003879][ T6534]  which belongs to the cache kmalloc-512 of size 512
[   71.017998][ T6534] The buggy address is located 320 bytes inside of
[   71.017998][ T6534]  512-byte region [ffff888020fad400, ffff888020fad600)
[   71.031343][ T6534] The buggy address belongs to the page:
[   71.037039][ T6534] page:ffffea000083eb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20fac
[   71.047172][ T6534] head:ffffea000083eb00 order:2 compound_mapcount:0 compound_pincount:0
[   71.055489][ T6534] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   71.063462][ T6534] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c41c80
[   71.072131][ T6534] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   71.080693][ T6534] page dumped because: kasan: bad access detected
[   71.087092][ T6534] page_owner tracks the page as allocated
[   71.092783][ T6534] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2311, ts 12683857315, free_ts 0
[   71.111267][ T6534]  get_page_from_freelist+0xa72/0x2f40
[   71.116718][ T6534]  __alloc_pages+0x1b2/0x500
[   71.121293][ T6534]  alloc_pages+0x1aa/0x310
[   71.125700][ T6534]  new_slab+0x28d/0x3a0
[   71.129844][ T6534]  ___slab_alloc+0x6be/0xd60
[   71.134512][ T6534]  __slab_alloc.constprop.0+0x4d/0xa0
[   71.140046][ T6534]  kmem_cache_alloc_trace+0x289/0x2c0
[   71.145494][ T6534]  alloc_bprm+0x51/0x8f0
[   71.149723][ T6534]  kernel_execve+0x55/0x460
[   71.154213][ T6534]  call_usermodehelper_exec_async+0x2e3/0x580
[   71.160272][ T6534]  ret_from_fork+0x1f/0x30
[   71.164718][ T6534] page_owner free stack trace missing
[   71.170067][ T6534] 
[   71.172375][ T6534] Memory state around the buggy address:
[   71.177986][ T6534]  ffff888020fad400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.186033][ T6534]  ffff888020fad480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.195032][ T6534] >ffff888020fad500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.203069][ T6534]                                            ^
[   71.209309][ T6534]  ffff888020fad580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.217353][ T6534]  ffff888020fad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.225397][ T6534] ==================================================================
[   71.235137][ T6534] Kernel panic - not syncing: panic_on_warn set ...
[   71.241724][ T6534] CPU: 0 PID: 6534 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211203-syzkaller #0
[   71.252839][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.262908][ T6534] Call Trace:
[   71.266183][ T6534]  <TASK>
[   71.269138][ T6534]  dump_stack_lvl+0xcd/0x134
[   71.273756][ T6534]  panic+0x2b0/0x6dd
[   71.277657][ T6534]  ? __warn_printk+0xf3/0xf3
[   71.282254][ T6534]  ? preempt_schedule_common+0x59/0xc0
[   71.287954][ T6534]  ? up_write+0x3ac/0x470
[   71.292266][ T6534]  ? preempt_schedule_thunk+0x16/0x18
[   71.297772][ T6534]  ? trace_hardirqs_on+0x38/0x1c0
[   71.302884][ T6534]  ? trace_hardirqs_on+0x51/0x1c0
[   71.307985][ T6534]  ? up_write+0x3ac/0x470
[   71.312310][ T6534]  ? up_write+0x3ac/0x470
[   71.316633][ T6534]  end_report.cold+0x63/0x6f
[   71.321312][ T6534]  kasan_report.cold+0x71/0xdf
[   71.326063][ T6534]  ? up_write+0x3ac/0x470
[   71.330425][ T6534]  up_write+0x3ac/0x470
[   71.334568][ T6534]  cgroup_setup_root+0x3a6/0xad0
[   71.339495][ T6534]  ? rebind_subsystems+0x10e0/0x10e0
[   71.344767][ T6534]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.351006][ T6534]  cgroup1_get_tree+0xd33/0x1390
[   71.355950][ T6534]  vfs_get_tree+0x89/0x2f0
[   71.360354][ T6534]  path_mount+0x1320/0x1fa0
[   71.364878][ T6534]  ? kmem_cache_free+0xdd/0x580
[   71.369736][ T6534]  ? finish_automount+0xaf0/0xaf0
[   71.374747][ T6534]  ? putname+0xfe/0x140
[   71.378897][ T6534]  __x64_sys_mount+0x27f/0x300
[   71.383678][ T6534]  ? copy_mnt_ns+0xae0/0xae0
[   71.388400][ T6534]  ? syscall_enter_from_user_mode+0x21/0x70
[   71.394547][ T6534]  do_syscall_64+0x35/0xb0
[   71.398968][ T6534]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.405037][ T6534] RIP: 0033:0x7f91cfb1f01a
[   71.409451][ T6534] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   71.429042][ T6534] RSP: 002b:00007ffff313c6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   71.437440][ T6534] RAX: ffffffffffffffda RBX: 00007ffff313c848 RCX: 00007f91cfb1f01a
[   71.445409][ T6534] RDX: 00007f91cfb82051 RSI: 00007f91cfb78324 RDI: 00007f91cfb76dc9
[   71.453390][ T6534] RBP: 00007f91cfb78324 R08: 00007f91cfb78481 R09: 0000000000000026
[   71.461371][ T6534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff313c6c0
[   71.469378][ T6534] R13: 00007ffff313c868 R14: 00007ffff313c790 R15: 00007f91cfb7847b
[   71.477342][ T6534]  </TASK>
[   71.480662][ T6534] Kernel Offset: disabled
[   71.484973][ T6534] Rebooting in 86400 seconds..