[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.149' (ECDSA) to the list of known hosts.
2021/11/29 08:02:59 fuzzer started
2021/11/29 08:02:59 connecting to host at 10.128.0.169:35045
2021/11/29 08:02:59 checking machine...
2021/11/29 08:02:59 checking revisions...
2021/11/29 08:02:59 testing simple program...
syzkaller login: [ 71.716027][ T6518] cgroup: Unknown subsys name 'net'
[ 71.722269][ T6518]
[ 71.724600][ T6518] =========================
[ 71.729076][ T6518] WARNING: held lock freed!
[ 71.733578][ T6518] 5.16.0-rc2-next-20211129-syzkaller #0 Not tainted
[ 71.740167][ T6518] -------------------------
[ 71.744640][ T6518] syz-executor/6518 is freeing memory ffff8880228ab400-ffff8880228ab5ff, with a lock still held there!
[ 71.755647][ T6518] ffff8880228ab548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 71.765384][ T6518] 2 locks held by syz-executor/6518:
[ 71.770652][ T6518] #0: ffffffff8bbc5d08 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 71.781160][ T6518] #1: ffff8880228ab548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 71.791324][ T6518]
[ 71.791324][ T6518] stack backtrace:
[ 71.797202][ T6518] CPU: 0 PID: 6518 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0
[ 71.806894][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 71.816945][ T6518] Call Trace:
[ 71.820208][ T6518]
[ 71.823121][ T6518] dump_stack_lvl+0xcd/0x134
[ 71.827785][ T6518] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 71.833775][ T6518] ? lockdep_hardirqs_on+0x79/0x100
[ 71.838987][ T6518] slab_free_freelist_hook+0x73/0x1c0
[ 71.844361][ T6518] ? kernfs_put.part.0+0x331/0x540
[ 71.849553][ T6518] kfree+0xe0/0x430
[ 71.853363][ T6518] ? kmem_cache_free+0xba/0x4a0
[ 71.858307][ T6518] ? rwlock_bug.part.0+0x90/0x90
[ 71.863350][ T6518] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 71.869599][ T6518] kernfs_put.part.0+0x331/0x540
[ 71.874529][ T6518] kernfs_put+0x42/0x50
[ 71.878788][ T6518] __kernfs_remove+0x7a3/0xb20
[ 71.883810][ T6518] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 71.889784][ T6518] ? down_write+0xde/0x150
[ 71.894192][ T6518] ? down_write_killable_nested+0x180/0x180
[ 71.900160][ T6518] kernfs_destroy_root+0x89/0xb0
[ 71.905130][ T6518] cgroup_setup_root+0x3a6/0xad0
[ 71.910070][ T6518] ? rebind_subsystems+0x10e0/0x10e0
[ 71.915438][ T6518] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 71.921694][ T6518] cgroup1_get_tree+0xd33/0x1390
[ 71.926716][ T6518] vfs_get_tree+0x89/0x2f0
[ 71.931120][ T6518] path_mount+0x1320/0x1fa0
[ 71.935608][ T6518] ? kmem_cache_free+0xba/0x4a0
[ 71.940444][ T6518] ? finish_automount+0xaf0/0xaf0
[ 71.945543][ T6518] ? putname+0xfe/0x140
[ 71.949684][ T6518] __x64_sys_mount+0x27f/0x300
[ 71.954433][ T6518] ? copy_mnt_ns+0xae0/0xae0
[ 71.959015][ T6518] ? syscall_enter_from_user_mode+0x21/0x70
[ 71.964944][ T6518] do_syscall_64+0x35/0xb0
[ 71.969362][ T6518] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.975247][ T6518] RIP: 0033:0x7ff91592c01a
[ 71.979648][ T6518] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 71.999243][ T6518] RSP: 002b:00007fff15a42068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 72.007643][ T6518] RAX: ffffffffffffffda RBX: 00007fff15a421f8 RCX: 00007ff91592c01a
[ 72.015860][ T6518] RDX: 00007ff91598efd6 RSI: 00007ff91598529a RDI: 00007ff915983d71
[ 72.023812][ T6518] RBP: 00007ff91598529a R08: 00007ff9159853f7 R09: 0000000000000026
[ 72.031762][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff15a42070
[ 72.039725][ T6518] R13: 00007fff15a42218 R14: 00007fff15a42140 R15: 00007ff9159853f1
[ 72.047684][ T6518]
[ 72.052167][ T6518] ==================================================================
[ 72.060433][ T6518] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 72.067119][ T6518] Read of size 8 at addr ffff8880228ab540 by task syz-executor/6518
[ 72.075100][ T6518]
[ 72.077423][ T6518] CPU: 1 PID: 6518 Comm: syz-executor Not tainted 5.16.0-rc2-next-20211129-syzkaller #0
[ 72.087139][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 72.097192][ T6518] Call Trace:
[ 72.100471][ T6518]
[ 72.103393][ T6518] dump_stack_lvl+0xcd/0x134
[ 72.107972][ T6518] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 72.114986][ T6518] ? up_write+0x3ac/0x470
[ 72.119310][ T6518] ? up_write+0x3ac/0x470
[ 72.123623][ T6518] kasan_report.cold+0x83/0xdf
[ 72.128380][ T6518] ? up_write+0x3ac/0x470
[ 72.132701][ T6518] up_write+0x3ac/0x470
[ 72.137028][ T6518] cgroup_setup_root+0x3a6/0xad0
[ 72.142051][ T6518] ? rebind_subsystems+0x10e0/0x10e0
[ 72.147335][ T6518] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 72.153847][ T6518] cgroup1_get_tree+0xd33/0x1390
[ 72.158796][ T6518] vfs_get_tree+0x89/0x2f0
[ 72.163228][ T6518] path_mount+0x1320/0x1fa0
[ 72.167724][ T6518] ? kmem_cache_free+0xba/0x4a0
[ 72.172568][ T6518] ? finish_automount+0xaf0/0xaf0
[ 72.177620][ T6518] ? putname+0xfe/0x140
[ 72.181775][ T6518] __x64_sys_mount+0x27f/0x300
[ 72.186624][ T6518] ? copy_mnt_ns+0xae0/0xae0
[ 72.191314][ T6518] ? syscall_enter_from_user_mode+0x21/0x70
[ 72.197196][ T6518] do_syscall_64+0x35/0xb0
[ 72.201781][ T6518] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.207878][ T6518] RIP: 0033:0x7ff91592c01a
[ 72.212291][ T6518] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 72.231884][ T6518] RSP: 002b:00007fff15a42068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 72.240302][ T6518] RAX: ffffffffffffffda RBX: 00007fff15a421f8 RCX: 00007ff91592c01a
[ 72.248272][ T6518] RDX: 00007ff91598efd6 RSI: 00007ff91598529a RDI: 00007ff915983d71
[ 72.256233][ T6518] RBP: 00007ff91598529a R08: 00007ff9159853f7 R09: 0000000000000026
[ 72.264197][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff15a42070
[ 72.272303][ T6518] R13: 00007fff15a42218 R14: 00007fff15a42140 R15: 00007ff9159853f1
[ 72.280273][ T6518]
[ 72.283300][ T6518]
[ 72.285608][ T6518] Allocated by task 6518:
[ 72.289915][ T6518] kasan_save_stack+0x1e/0x50
[ 72.294636][ T6518] __kasan_kmalloc+0xa9/0xd0
[ 72.299236][ T6518] kernfs_create_root+0x4c/0x410
[ 72.304304][ T6518] cgroup_setup_root+0x243/0xad0
[ 72.309238][ T6518] cgroup1_get_tree+0xd33/0x1390
[ 72.314179][ T6518] vfs_get_tree+0x89/0x2f0
[ 72.318609][ T6518] path_mount+0x1320/0x1fa0
[ 72.323106][ T6518] __x64_sys_mount+0x27f/0x300
[ 72.328025][ T6518] do_syscall_64+0x35/0xb0
[ 72.332450][ T6518] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.338453][ T6518]
[ 72.340867][ T6518] Freed by task 6518:
[ 72.344827][ T6518] kasan_save_stack+0x1e/0x50
[ 72.349594][ T6518] kasan_set_track+0x21/0x30
[ 72.354179][ T6518] kasan_set_free_info+0x20/0x30
[ 72.359118][ T6518] __kasan_slab_free+0x103/0x170
[ 72.364067][ T6518] slab_free_freelist_hook+0x8b/0x1c0
[ 72.369437][ T6518] kfree+0xe0/0x430
[ 72.373240][ T6518] kernfs_put.part.0+0x331/0x540
[ 72.378202][ T6518] kernfs_put+0x42/0x50
[ 72.382450][ T6518] __kernfs_remove+0x7a3/0xb20
[ 72.387305][ T6518] kernfs_destroy_root+0x89/0xb0
[ 72.392238][ T6518] cgroup_setup_root+0x3a6/0xad0
[ 72.397255][ T6518] cgroup1_get_tree+0xd33/0x1390
[ 72.402180][ T6518] vfs_get_tree+0x89/0x2f0
[ 72.406671][ T6518] path_mount+0x1320/0x1fa0
[ 72.411182][ T6518] __x64_sys_mount+0x27f/0x300
[ 72.415939][ T6518] do_syscall_64+0x35/0xb0
[ 72.420365][ T6518] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.426246][ T6518]
[ 72.428564][ T6518] The buggy address belongs to the object at ffff8880228ab400
[ 72.428564][ T6518] which belongs to the cache kmalloc-512 of size 512
[ 72.442802][ T6518] The buggy address is located 320 bytes inside of
[ 72.442802][ T6518] 512-byte region [ffff8880228ab400, ffff8880228ab600)
[ 72.456116][ T6518] The buggy address belongs to the page:
[ 72.461748][ T6518] page:ffffea00008a2a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x228a8
[ 72.471975][ T6518] head:ffffea00008a2a00 order:2 compound_mapcount:0 compound_pincount:0
[ 72.480386][ T6518] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.488463][ T6518] raw: 00fff00000010200 ffffea000076cc00 dead000000000002 ffff888010c41c80
[ 72.497153][ T6518] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 72.505715][ T6518] page dumped because: kasan: bad access detected
[ 72.512110][ T6518] page_owner tracks the page as allocated
[ 72.517842][ T6518] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 11817597841, free_ts 0
[ 72.535304][ T6518] get_page_from_freelist+0xa72/0x2f40
[ 72.541238][ T6518] __alloc_pages+0x1b2/0x500
[ 72.545822][ T6518] alloc_page_interleave+0x1e/0x200
[ 72.551008][ T6518] alloc_pages+0x29f/0x300
[ 72.555421][ T6518] new_slab+0x261/0x460
[ 72.559569][ T6518] ___slab_alloc+0x798/0xf30
[ 72.564168][ T6518] __slab_alloc.constprop.0+0x4d/0xa0
[ 72.569524][ T6518] __kmalloc_node_track_caller+0x2cb/0x360
[ 72.575401][ T6518] pskb_expand_head+0x15e/0x1110
[ 72.580405][ T6518] netlink_trim+0x1ea/0x240
[ 72.584909][ T6518] netlink_broadcast+0x5b/0xd50
[ 72.589784][ T6518] genlmsg_mcast+0x1d3/0x2a0
[ 72.594362][ T6518] genl_ctrl_event.isra.0+0x215/0xa60
[ 72.599730][ T6518] genl_register_family+0xae6/0x12f0
[ 72.605149][ T6518] dp_init+0x148/0x25d
[ 72.609419][ T6518] do_one_initcall+0x103/0x650
[ 72.614176][ T6518] page_owner free stack trace missing
[ 72.619526][ T6518]
[ 72.621845][ T6518] Memory state around the buggy address:
[ 72.627458][ T6518] ffff8880228ab400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.635812][ T6518] ffff8880228ab480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.643871][ T6518] >ffff8880228ab500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.651924][ T6518] ^
[ 72.658293][ T6518] ffff8880228ab580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.666518][ T6518] ffff8880228ab600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.674570][ T6518] ==================================================================
[ 72.685201][ T6518] Kernel panic - not syncing: panic_on_warn set ...
[ 72.691803][ T6518] CPU: 1 PID: 6518 Comm: syz-executor Tainted: G B 5.16.0-rc2-next-20211129-syzkaller #0
[ 72.702914][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 72.712974][ T6518] Call Trace:
[ 72.716238][ T6518]
[ 72.719171][ T6518] dump_stack_lvl+0xcd/0x134
[ 72.723869][ T6518] panic+0x2b0/0x6dd
[ 72.727751][ T6518] ? __warn_printk+0xf3/0xf3
[ 72.732399][ T6518] ? preempt_schedule_common+0x59/0xc0
[ 72.737973][ T6518] ? up_write+0x3ac/0x470
[ 72.742309][ T6518] ? preempt_schedule_thunk+0x16/0x18
[ 72.747670][ T6518] ? trace_hardirqs_on+0x38/0x1c0
[ 72.752683][ T6518] ? trace_hardirqs_on+0x51/0x1c0
[ 72.757692][ T6518] ? up_write+0x3ac/0x470
[ 72.762011][ T6518] ? up_write+0x3ac/0x470
[ 72.766337][ T6518] end_report.cold+0x63/0x6f
[ 72.770921][ T6518] kasan_report.cold+0x71/0xdf
[ 72.775780][ T6518] ? up_write+0x3ac/0x470
[ 72.780121][ T6518] up_write+0x3ac/0x470
[ 72.784270][ T6518] cgroup_setup_root+0x3a6/0xad0
[ 72.789206][ T6518] ? rebind_subsystems+0x10e0/0x10e0
[ 72.794491][ T6518] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 72.800840][ T6518] cgroup1_get_tree+0xd33/0x1390
[ 72.805794][ T6518] vfs_get_tree+0x89/0x2f0
[ 72.810221][ T6518] path_mount+0x1320/0x1fa0
[ 72.814768][ T6518] ? kmem_cache_free+0xba/0x4a0
[ 72.819625][ T6518] ? finish_automount+0xaf0/0xaf0
[ 72.824658][ T6518] ? putname+0xfe/0x140
[ 72.828942][ T6518] __x64_sys_mount+0x27f/0x300
[ 72.833712][ T6518] ? copy_mnt_ns+0xae0/0xae0
[ 72.838321][ T6518] ? syscall_enter_from_user_mode+0x21/0x70
[ 72.844215][ T6518] do_syscall_64+0x35/0xb0
[ 72.848633][ T6518] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.854528][ T6518] RIP: 0033:0x7ff91592c01a
[ 72.858947][ T6518] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 72.878550][ T6518] RSP: 002b:00007fff15a42068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 72.886963][ T6518] RAX: ffffffffffffffda RBX: 00007fff15a421f8 RCX: 00007ff91592c01a
[ 72.894947][ T6518] RDX: 00007ff91598efd6 RSI: 00007ff91598529a RDI: 00007ff915983d71
[ 72.903000][ T6518] RBP: 00007ff91598529a R08: 00007ff9159853f7 R09: 0000000000000026
[ 72.911149][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff15a42070
[ 72.919561][ T6518] R13: 00007fff15a42218 R14: 00007fff15a42140 R15: 00007ff9159853f1
[ 72.927554][ T6518]
[ 72.930940][ T6518] Kernel Offset: disabled
[ 72.935346][ T6518] Rebooting in 86400 seconds..