Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
2021/12/03 08:48:05 fuzzer started
2021/12/03 08:48:05 connecting to host at 10.128.0.169:46537
2021/12/03 08:48:05 checking machine...
2021/12/03 08:48:05 checking revisions...
2021/12/03 08:48:05 testing simple program...
[   70.558721][ T6525] cgroup: Unknown subsys name 'net'
[   70.565685][ T6525] 
[   70.568020][ T6525] =========================
[   70.572518][ T6525] WARNING: held lock freed!
[   70.576994][ T6525] 5.16.0-rc3-next-20211203-syzkaller #0 Not tainted
[   70.583559][ T6525] -------------------------
[   70.588052][ T6525] syz-executor/6525 is freeing memory ffff888017908000-ffff8880179081ff, with a lock still held there!
[   70.599216][ T6525] ffff888017908148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   70.608998][ T6525] 2 locks held by syz-executor/6525:
[   70.614301][ T6525]  #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   70.624808][ T6525]  #1: ffff888017908148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   70.634965][ T6525] 
[   70.634965][ T6525] stack backtrace:
[   70.640844][ T6525] CPU: 1 PID: 6525 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   70.650553][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.660595][ T6525] Call Trace:
[   70.663864][ T6525]  <TASK>
[   70.666784][ T6525]  dump_stack_lvl+0xcd/0x134
[   70.671462][ T6525]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   70.677446][ T6525]  ? lockdep_hardirqs_on+0x79/0x100
[   70.682646][ T6525]  slab_free_freelist_hook+0x73/0x1c0
[   70.688024][ T6525]  ? kernfs_put.part.0+0x331/0x540
[   70.693315][ T6525]  kfree+0xd0/0x4b0
[   70.697138][ T6525]  ? kmem_cache_free+0xdd/0x580
[   70.701980][ T6525]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   70.708302][ T6525]  kernfs_put.part.0+0x331/0x540
[   70.713233][ T6525]  kernfs_put+0x42/0x50
[   70.717382][ T6525]  __kernfs_remove+0x7a3/0xb20
[   70.722240][ T6525]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   70.728268][ T6525]  ? down_write+0xde/0x150
[   70.732689][ T6525]  ? down_write_killable_nested+0x180/0x180
[   70.738681][ T6525]  kernfs_destroy_root+0x89/0xb0
[   70.743699][ T6525]  cgroup_setup_root+0x3a6/0xad0
[   70.748727][ T6525]  ? rebind_subsystems+0x10e0/0x10e0
[   70.754005][ T6525]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.760413][ T6525]  cgroup1_get_tree+0xd33/0x1390
[   70.765359][ T6525]  vfs_get_tree+0x89/0x2f0
[   70.769858][ T6525]  path_mount+0x1320/0x1fa0
[   70.774352][ T6525]  ? kmem_cache_free+0xdd/0x580
[   70.779216][ T6525]  ? finish_automount+0xaf0/0xaf0
[   70.784332][ T6525]  ? putname+0xfe/0x140
[   70.788484][ T6525]  __x64_sys_mount+0x27f/0x300
[   70.793238][ T6525]  ? copy_mnt_ns+0xae0/0xae0
[   70.797817][ T6525]  ? syscall_enter_from_user_mode+0x21/0x70
[   70.803704][ T6525]  do_syscall_64+0x35/0xb0
[   70.808371][ T6525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.814271][ T6525] RIP: 0033:0x7fc5b285a01a
[   70.818676][ T6525] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   70.838276][ T6525] RSP: 002b:00007ffdc11874d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.846941][ T6525] RAX: ffffffffffffffda RBX: 00007ffdc1187668 RCX: 00007fc5b285a01a
[   70.855095][ T6525] RDX: 00007fc5b28bcfe2 RSI: 00007fc5b28b329a RDI: 00007fc5b28b1d71
[   70.863154][ T6525] RBP: 00007fc5b28b329a R08: 00007fc5b28b33f7 R09: 0000000000000026
[   70.871117][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc11874e0
[   70.879075][ T6525] R13: 00007ffdc1187688 R14: 00007ffdc11875b0 R15: 00007fc5b28b33f1
[   70.887136][ T6525]  </TASK>
[   70.891697][ T6525] ==================================================================
[   70.900019][ T6525] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   70.906790][ T6525] Read of size 8 at addr ffff888017908140 by task syz-executor/6525
[   70.915042][ T6525] 
[   70.917362][ T6525] CPU: 0 PID: 6525 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   70.927172][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.937481][ T6525] Call Trace:
[   70.940750][ T6525]  <TASK>
[   70.943672][ T6525]  dump_stack_lvl+0xcd/0x134
[   70.948282][ T6525]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   70.955296][ T6525]  ? up_write+0x3ac/0x470
[   70.959612][ T6525]  ? up_write+0x3ac/0x470
[   70.963937][ T6525]  kasan_report.cold+0x83/0xdf
[   70.968690][ T6525]  ? up_write+0x3ac/0x470
[   70.973019][ T6525]  up_write+0x3ac/0x470
[   70.977255][ T6525]  cgroup_setup_root+0x3a6/0xad0
[   70.982195][ T6525]  ? rebind_subsystems+0x10e0/0x10e0
[   70.987500][ T6525]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.993736][ T6525]  cgroup1_get_tree+0xd33/0x1390
[   70.998672][ T6525]  vfs_get_tree+0x89/0x2f0
[   71.003167][ T6525]  path_mount+0x1320/0x1fa0
[   71.008010][ T6525]  ? kmem_cache_free+0xdd/0x580
[   71.012859][ T6525]  ? finish_automount+0xaf0/0xaf0
[   71.017967][ T6525]  ? putname+0xfe/0x140
[   71.022300][ T6525]  __x64_sys_mount+0x27f/0x300
[   71.027117][ T6525]  ? copy_mnt_ns+0xae0/0xae0
[   71.031703][ T6525]  ? syscall_enter_from_user_mode+0x21/0x70
[   71.037608][ T6525]  do_syscall_64+0x35/0xb0
[   71.042030][ T6525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.047928][ T6525] RIP: 0033:0x7fc5b285a01a
[   71.052357][ T6525] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   71.072138][ T6525] RSP: 002b:00007ffdc11874d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   71.080661][ T6525] RAX: ffffffffffffffda RBX: 00007ffdc1187668 RCX: 00007fc5b285a01a
[   71.088892][ T6525] RDX: 00007fc5b28bcfe2 RSI: 00007fc5b28b329a RDI: 00007fc5b28b1d71
[   71.096851][ T6525] RBP: 00007fc5b28b329a R08: 00007fc5b28b33f7 R09: 0000000000000026
[   71.104813][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc11874e0
[   71.112909][ T6525] R13: 00007ffdc1187688 R14: 00007ffdc11875b0 R15: 00007fc5b28b33f1
[   71.120940][ T6525]  </TASK>
[   71.123995][ T6525] 
[   71.126306][ T6525] Allocated by task 6525:
[   71.130638][ T6525]  kasan_save_stack+0x1e/0x40
[   71.135317][ T6525]  __kasan_kmalloc+0xa9/0xd0
[   71.139894][ T6525]  kernfs_create_root+0x4c/0x410
[   71.144995][ T6525]  cgroup_setup_root+0x243/0xad0
[   71.149919][ T6525]  cgroup1_get_tree+0xd33/0x1390
[   71.154852][ T6525]  vfs_get_tree+0x89/0x2f0
[   71.159430][ T6525]  path_mount+0x1320/0x1fa0
[   71.163933][ T6525]  __x64_sys_mount+0x27f/0x300
[   71.168684][ T6525]  do_syscall_64+0x35/0xb0
[   71.173084][ T6525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.178963][ T6525] 
[   71.181269][ T6525] Freed by task 6525:
[   71.185226][ T6525]  kasan_save_stack+0x1e/0x40
[   71.189889][ T6525]  kasan_set_track+0x21/0x30
[   71.194481][ T6525]  kasan_set_free_info+0x20/0x30
[   71.199401][ T6525]  ____kasan_slab_free+0x166/0x1a0
[   71.204500][ T6525]  slab_free_freelist_hook+0x8b/0x1c0
[   71.210041][ T6525]  kfree+0xd0/0x4b0
[   71.213923][ T6525]  kernfs_put.part.0+0x331/0x540
[   71.218883][ T6525]  kernfs_put+0x42/0x50
[   71.223024][ T6525]  __kernfs_remove+0x7a3/0xb20
[   71.227782][ T6525]  kernfs_destroy_root+0x89/0xb0
[   71.232705][ T6525]  cgroup_setup_root+0x3a6/0xad0
[   71.237636][ T6525]  cgroup1_get_tree+0xd33/0x1390
[   71.242559][ T6525]  vfs_get_tree+0x89/0x2f0
[   71.246964][ T6525]  path_mount+0x1320/0x1fa0
[   71.251454][ T6525]  __x64_sys_mount+0x27f/0x300
[   71.256212][ T6525]  do_syscall_64+0x35/0xb0
[   71.260807][ T6525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.266688][ T6525] 
[   71.268994][ T6525] The buggy address belongs to the object at ffff888017908000
[   71.268994][ T6525]  which belongs to the cache kmalloc-512 of size 512
[   71.283121][ T6525] The buggy address is located 320 bytes inside of
[   71.283121][ T6525]  512-byte region [ffff888017908000, ffff888017908200)
[   71.296380][ T6525] The buggy address belongs to the page:
[   71.301988][ T6525] page:ffffea00005e4200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17908
[   71.312356][ T6525] head:ffffea00005e4200 order:2 compound_mapcount:0 compound_pincount:0
[   71.320655][ T6525] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   71.328618][ T6525] raw: 00fff00000010200 ffffea0000658600 dead000000000002 ffff888010c41c80
[   71.337293][ T6525] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   71.345854][ T6525] page dumped because: kasan: bad access detected
[   71.352251][ T6525] page_owner tracks the page as allocated
[   71.357985][ T6525] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 87, ts 3493965392, free_ts 0
[   71.376139][ T6525]  get_page_from_freelist+0xa72/0x2f40
[   71.381595][ T6525]  __alloc_pages+0x1b2/0x500
[   71.386168][ T6525]  alloc_pages+0x1aa/0x310
[   71.390603][ T6525]  new_slab+0x28d/0x3a0
[   71.394887][ T6525]  ___slab_alloc+0x6be/0xd60
[   71.399651][ T6525]  __slab_alloc.constprop.0+0x4d/0xa0
[   71.405022][ T6525]  kmem_cache_alloc_trace+0x289/0x2c0
[   71.410388][ T6525]  alloc_bprm+0x51/0x8f0
[   71.414625][ T6525]  kernel_execve+0x55/0x460
[   71.419108][ T6525]  call_usermodehelper_exec_async+0x2e3/0x580
[   71.425161][ T6525]  ret_from_fork+0x1f/0x30
[   71.429627][ T6525] page_owner free stack trace missing
[   71.434998][ T6525] 
[   71.437524][ T6525] Memory state around the buggy address:
[   71.443395][ T6525]  ffff888017908000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.451541][ T6525]  ffff888017908080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.459612][ T6525] >ffff888017908100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.467753][ T6525]                                            ^
[   71.474425][ T6525]  ffff888017908180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.482481][ T6525]  ffff888017908200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.490653][ T6525] ==================================================================
[   71.508515][ T6525] Kernel panic - not syncing: panic_on_warn set ...
[   71.515122][ T6525] CPU: 0 PID: 6525 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211203-syzkaller #0
[   71.526413][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.536526][ T6525] Call Trace:
[   71.539815][ T6525]  <TASK>
[   71.543375][ T6525]  dump_stack_lvl+0xcd/0x134
[   71.547982][ T6525]  panic+0x2b0/0x6dd
[   71.551973][ T6525]  ? __warn_printk+0xf3/0xf3
[   71.556660][ T6525]  ? preempt_schedule_common+0x59/0xc0
[   71.562347][ T6525]  ? up_write+0x3ac/0x470
[   71.566674][ T6525]  ? preempt_schedule_thunk+0x16/0x18
[   71.572180][ T6525]  ? trace_hardirqs_on+0x38/0x1c0
[   71.577303][ T6525]  ? trace_hardirqs_on+0x51/0x1c0
[   71.582528][ T6525]  ? up_write+0x3ac/0x470
[   71.586990][ T6525]  ? up_write+0x3ac/0x470
[   71.591350][ T6525]  end_report.cold+0x63/0x6f
[   71.595963][ T6525]  kasan_report.cold+0x71/0xdf
[   71.600743][ T6525]  ? up_write+0x3ac/0x470
[   71.605074][ T6525]  up_write+0x3ac/0x470
[   71.609265][ T6525]  cgroup_setup_root+0x3a6/0xad0
[   71.614229][ T6525]  ? rebind_subsystems+0x10e0/0x10e0
[   71.619647][ T6525]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.626307][ T6525]  cgroup1_get_tree+0xd33/0x1390
[   71.631361][ T6525]  vfs_get_tree+0x89/0x2f0
[   71.635795][ T6525]  path_mount+0x1320/0x1fa0
[   71.640340][ T6525]  ? kmem_cache_free+0xdd/0x580
[   71.645197][ T6525]  ? finish_automount+0xaf0/0xaf0
[   71.650550][ T6525]  ? putname+0xfe/0x140
[   71.654729][ T6525]  __x64_sys_mount+0x27f/0x300
[   71.659499][ T6525]  ? copy_mnt_ns+0xae0/0xae0
[   71.664208][ T6525]  ? syscall_enter_from_user_mode+0x21/0x70
[   71.670096][ T6525]  do_syscall_64+0x35/0xb0
[   71.674497][ T6525]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   71.680382][ T6525] RIP: 0033:0x7fc5b285a01a
[   71.685567][ T6525] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   71.705244][ T6525] RSP: 002b:00007ffdc11874d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   71.713677][ T6525] RAX: ffffffffffffffda RBX: 00007ffdc1187668 RCX: 00007fc5b285a01a
[   71.721640][ T6525] RDX: 00007fc5b28bcfe2 RSI: 00007fc5b28b329a RDI: 00007fc5b28b1d71
[   71.729958][ T6525] RBP: 00007fc5b28b329a R08: 00007fc5b28b33f7 R09: 0000000000000026
[   71.737928][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc11874e0
[   71.745898][ T6525] R13: 00007ffdc1187688 R14: 00007ffdc11875b0 R15: 00007fc5b28b33f1
[   71.753873][ T6525]  </TASK>
[   71.757408][ T6525] Kernel Offset: disabled
[   71.761816][ T6525] Rebooting in 86400 seconds..