         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts.
2021/12/03 23:55:39 fuzzer started
2021/12/03 23:55:39 connecting to host at 10.128.0.169:39665
2021/12/03 23:55:39 checking machine...
2021/12/03 23:55:39 checking revisions...
2021/12/03 23:55:39 testing simple program...
syzkaller login: [   69.647690][ T6539] cgroup: Unknown subsys name 'net'
[   69.653867][ T6539] 
[   69.656285][ T6539] =========================
[   69.660781][ T6539] WARNING: held lock freed!
[   69.665261][ T6539] 5.16.0-rc3-next-20211203-syzkaller #0 Not tainted
[   69.671927][ T6539] -------------------------
[   69.676408][ T6539] syz-executor/6539 is freeing memory ffff888018205400-ffff8880182055ff, with a lock still held there!
[   69.687405][ T6539] ffff888018205548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   69.697135][ T6539] 2 locks held by syz-executor/6539:
[   69.702402][ T6539]  #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[   69.712933][ T6539]  #1: ffff888018205548 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[   69.723104][ T6539] 
[   69.723104][ T6539] stack backtrace:
[   69.729083][ T6539] CPU: 0 PID: 6539 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   69.738784][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.748824][ T6539] Call Trace:
[   69.752109][ T6539]  <TASK>
[   69.755035][ T6539]  dump_stack_lvl+0xcd/0x134
[   69.759713][ T6539]  debug_check_no_locks_freed.cold+0x9d/0xa9
[   69.765802][ T6539]  ? lockdep_hardirqs_on+0x79/0x100
[   69.771016][ T6539]  slab_free_freelist_hook+0x73/0x1c0
[   69.776409][ T6539]  ? kernfs_put.part.0+0x331/0x540
[   69.781525][ T6539]  kfree+0xd0/0x4b0
[   69.785341][ T6539]  ? kmem_cache_free+0xdd/0x580
[   69.790187][ T6539]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   69.796426][ T6539]  kernfs_put.part.0+0x331/0x540
[   69.801365][ T6539]  kernfs_put+0x42/0x50
[   69.805615][ T6539]  __kernfs_remove+0x7a3/0xb20
[   69.810381][ T6539]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   69.816634][ T6539]  ? down_write+0xde/0x150
[   69.821043][ T6539]  ? down_write_killable_nested+0x180/0x180
[   69.827138][ T6539]  kernfs_destroy_root+0x89/0xb0
[   69.832090][ T6539]  cgroup_setup_root+0x3a6/0xad0
[   69.837034][ T6539]  ? rebind_subsystems+0x10e0/0x10e0
[   69.842320][ T6539]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   69.848576][ T6539]  cgroup1_get_tree+0xd33/0x1390
[   69.853555][ T6539]  vfs_get_tree+0x89/0x2f0
[   69.858062][ T6539]  path_mount+0x1320/0x1fa0
[   69.862574][ T6539]  ? kmem_cache_free+0xdd/0x580
[   69.867623][ T6539]  ? finish_automount+0xaf0/0xaf0
[   69.872644][ T6539]  ? putname+0xfe/0x140
[   69.876794][ T6539]  __x64_sys_mount+0x27f/0x300
[   69.881661][ T6539]  ? copy_mnt_ns+0xae0/0xae0
[   69.886257][ T6539]  ? syscall_enter_from_user_mode+0x21/0x70
[   69.892331][ T6539]  do_syscall_64+0x35/0xb0
[   69.896742][ T6539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   69.902625][ T6539] RIP: 0033:0x7facf2f8301a
[   69.907139][ T6539] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   69.927016][ T6539] RSP: 002b:00007fff3c9422f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   69.935441][ T6539] RAX: ffffffffffffffda RBX: 00007fff3c942488 RCX: 00007facf2f8301a
[   69.943593][ T6539] RDX: 00007facf2fe6051 RSI: 00007facf2fdc324 RDI: 00007facf2fdadc9
[   69.951552][ T6539] RBP: 00007facf2fdc324 R08: 00007facf2fdc481 R09: 0000000000000026
[   69.959515][ T6539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3c942300
[   69.967488][ T6539] R13: 00007fff3c9424a8 R14: 00007fff3c9423d0 R15: 00007facf2fdc47b
[   69.975472][ T6539]  </TASK>
[   69.984373][ T6539] ==================================================================
[   69.984385][ T6539] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[   69.984412][ T6539] Read of size 8 at addr ffff888018205540 by task syz-executor/6539
[   69.984430][ T6539] 
[   69.984436][ T6539] CPU: 1 PID: 6539 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211203-syzkaller #0
[   69.984466][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.029512][ T6539] Call Trace:
[   70.032813][ T6539]  <TASK>
[   70.035911][ T6539]  dump_stack_lvl+0xcd/0x134
[   70.040522][ T6539]  print_address_description.constprop.0.cold+0xa5/0x3ed
[   70.047571][ T6539]  ? up_write+0x3ac/0x470
[   70.051918][ T6539]  ? up_write+0x3ac/0x470
[   70.056242][ T6539]  kasan_report.cold+0x83/0xdf
[   70.061002][ T6539]  ? up_write+0x3ac/0x470
[   70.065322][ T6539]  up_write+0x3ac/0x470
[   70.069585][ T6539]  cgroup_setup_root+0x3a6/0xad0
[   70.074520][ T6539]  ? rebind_subsystems+0x10e0/0x10e0
[   70.079801][ T6539]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.086042][ T6539]  cgroup1_get_tree+0xd33/0x1390
[   70.091084][ T6539]  vfs_get_tree+0x89/0x2f0
[   70.095501][ T6539]  path_mount+0x1320/0x1fa0
[   70.100260][ T6539]  ? kmem_cache_free+0xdd/0x580
[   70.105114][ T6539]  ? finish_automount+0xaf0/0xaf0
[   70.110223][ T6539]  ? putname+0xfe/0x140
[   70.114378][ T6539]  __x64_sys_mount+0x27f/0x300
[   70.119140][ T6539]  ? copy_mnt_ns+0xae0/0xae0
[   70.123769][ T6539]  ? syscall_enter_from_user_mode+0x21/0x70
[   70.129664][ T6539]  do_syscall_64+0x35/0xb0
[   70.134183][ T6539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.140085][ T6539] RIP: 0033:0x7facf2f8301a
[   70.144519][ T6539] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   70.164291][ T6539] RSP: 002b:00007fff3c9422f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.172786][ T6539] RAX: ffffffffffffffda RBX: 00007fff3c942488 RCX: 00007facf2f8301a
[   70.180749][ T6539] RDX: 00007facf2fe6051 RSI: 00007facf2fdc324 RDI: 00007facf2fdadc9
[   70.188709][ T6539] RBP: 00007facf2fdc324 R08: 00007facf2fdc481 R09: 0000000000000026
[   70.197028][ T6539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3c942300
[   70.205009][ T6539] R13: 00007fff3c9424a8 R14: 00007fff3c9423d0 R15: 00007facf2fdc47b
[   70.212982][ T6539]  </TASK>
[   70.215988][ T6539] 
[   70.218310][ T6539] Allocated by task 6539:
[   70.222622][ T6539]  kasan_save_stack+0x1e/0x40
[   70.227298][ T6539]  __kasan_kmalloc+0xa9/0xd0
[   70.231881][ T6539]  kernfs_create_root+0x4c/0x410
[   70.236812][ T6539]  cgroup_setup_root+0x243/0xad0
[   70.241742][ T6539]  cgroup1_get_tree+0xd33/0x1390
[   70.246671][ T6539]  vfs_get_tree+0x89/0x2f0
[   70.251167][ T6539]  path_mount+0x1320/0x1fa0
[   70.255661][ T6539]  __x64_sys_mount+0x27f/0x300
[   70.260507][ T6539]  do_syscall_64+0x35/0xb0
[   70.265099][ T6539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.271249][ T6539] 
[   70.273557][ T6539] Freed by task 6539:
[   70.277517][ T6539]  kasan_save_stack+0x1e/0x40
[   70.282275][ T6539]  kasan_set_track+0x21/0x30
[   70.286856][ T6539]  kasan_set_free_info+0x20/0x30
[   70.291876][ T6539]  ____kasan_slab_free+0x166/0x1a0
[   70.297241][ T6539]  slab_free_freelist_hook+0x8b/0x1c0
[   70.302606][ T6539]  kfree+0xd0/0x4b0
[   70.306404][ T6539]  kernfs_put.part.0+0x331/0x540
[   70.311342][ T6539]  kernfs_put+0x42/0x50
[   70.315497][ T6539]  __kernfs_remove+0x7a3/0xb20
[   70.320353][ T6539]  kernfs_destroy_root+0x89/0xb0
[   70.325391][ T6539]  cgroup_setup_root+0x3a6/0xad0
[   70.330333][ T6539]  cgroup1_get_tree+0xd33/0x1390
[   70.335266][ T6539]  vfs_get_tree+0x89/0x2f0
[   70.339704][ T6539]  path_mount+0x1320/0x1fa0
[   70.344224][ T6539]  __x64_sys_mount+0x27f/0x300
[   70.349335][ T6539]  do_syscall_64+0x35/0xb0
[   70.353841][ T6539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.359790][ T6539] 
[   70.362377][ T6539] The buggy address belongs to the object at ffff888018205400
[   70.362377][ T6539]  which belongs to the cache kmalloc-512 of size 512
[   70.377040][ T6539] The buggy address is located 320 bytes inside of
[   70.377040][ T6539]  512-byte region [ffff888018205400, ffff888018205600)
[   70.390555][ T6539] The buggy address belongs to the page:
[   70.396167][ T6539] page:ffffea0000608100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18204
[   70.406398][ T6539] head:ffffea0000608100 order:2 compound_mapcount:0 compound_pincount:0
[   70.415270][ T6539] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   70.423513][ T6539] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c41c80
[   70.432090][ T6539] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   70.440666][ T6539] page dumped because: kasan: bad access detected
[   70.447090][ T6539] page_owner tracks the page as allocated
[   70.452954][ T6539] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 209, ts 7445590769, free_ts 0
[   70.471270][ T6539]  get_page_from_freelist+0xa72/0x2f40
[   70.476741][ T6539]  __alloc_pages+0x1b2/0x500
[   70.481496][ T6539]  alloc_pages+0x1aa/0x310
[   70.485904][ T6539]  new_slab+0x28d/0x3a0
[   70.490143][ T6539]  ___slab_alloc+0x6be/0xd60
[   70.494826][ T6539]  __slab_alloc.constprop.0+0x4d/0xa0
[   70.500468][ T6539]  kmem_cache_alloc_trace+0x289/0x2c0
[   70.506142][ T6539]  alloc_bprm+0x51/0x8f0
[   70.510487][ T6539]  kernel_execve+0x55/0x460
[   70.514978][ T6539]  call_usermodehelper_exec_async+0x2e3/0x580
[   70.521039][ T6539]  ret_from_fork+0x1f/0x30
[   70.525453][ T6539] page_owner free stack trace missing
[   70.530813][ T6539] 
[   70.533120][ T6539] Memory state around the buggy address:
[   70.538735][ T6539]  ffff888018205400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.546880][ T6539]  ffff888018205480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.554928][ T6539] >ffff888018205500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.562979][ T6539]                                            ^
[   70.569115][ T6539]  ffff888018205580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.577246][ T6539]  ffff888018205600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.585304][ T6539] ==================================================================
[   70.607036][ T6539] Kernel panic - not syncing: panic_on_warn set ...
[   70.614019][ T6539] CPU: 1 PID: 6539 Comm: syz-executor Tainted: G    B             5.16.0-rc3-next-20211203-syzkaller #0
[   70.625134][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.635283][ T6539] Call Trace:
[   70.638554][ T6539]  <TASK>
[   70.641475][ T6539]  dump_stack_lvl+0xcd/0x134
[   70.646075][ T6539]  panic+0x2b0/0x6dd
[   70.649990][ T6539]  ? __warn_printk+0xf3/0xf3
[   70.654591][ T6539]  ? preempt_schedule_common+0x59/0xc0
[   70.660148][ T6539]  ? up_write+0x3ac/0x470
[   70.664487][ T6539]  ? preempt_schedule_thunk+0x16/0x18
[   70.669857][ T6539]  ? trace_hardirqs_on+0x38/0x1c0
[   70.674897][ T6539]  ? trace_hardirqs_on+0x51/0x1c0
[   70.679931][ T6539]  ? up_write+0x3ac/0x470
[   70.684270][ T6539]  ? up_write+0x3ac/0x470
[   70.688614][ T6539]  end_report.cold+0x63/0x6f
[   70.693222][ T6539]  kasan_report.cold+0x71/0xdf
[   70.697981][ T6539]  ? up_write+0x3ac/0x470
[   70.702318][ T6539]  up_write+0x3ac/0x470
[   70.706481][ T6539]  cgroup_setup_root+0x3a6/0xad0
[   70.711418][ T6539]  ? rebind_subsystems+0x10e0/0x10e0
[   70.716710][ T6539]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   70.722960][ T6539]  cgroup1_get_tree+0xd33/0x1390
[   70.727894][ T6539]  vfs_get_tree+0x89/0x2f0
[   70.732303][ T6539]  path_mount+0x1320/0x1fa0
[   70.736802][ T6539]  ? kmem_cache_free+0xdd/0x580
[   70.741647][ T6539]  ? finish_automount+0xaf0/0xaf0
[   70.747115][ T6539]  ? putname+0xfe/0x140
[   70.751266][ T6539]  __x64_sys_mount+0x27f/0x300
[   70.756297][ T6539]  ? copy_mnt_ns+0xae0/0xae0
[   70.760976][ T6539]  ? syscall_enter_from_user_mode+0x21/0x70
[   70.767055][ T6539]  do_syscall_64+0x35/0xb0
[   70.771501][ T6539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   70.777578][ T6539] RIP: 0033:0x7facf2f8301a
[   70.782017][ T6539] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   70.801637][ T6539] RSP: 002b:00007fff3c9422f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.812478][ T6539] RAX: ffffffffffffffda RBX: 00007fff3c942488 RCX: 00007facf2f8301a
[   70.820449][ T6539] RDX: 00007facf2fe6051 RSI: 00007facf2fdc324 RDI: 00007facf2fdadc9
[   70.828510][ T6539] RBP: 00007facf2fdc324 R08: 00007facf2fdc481 R09: 0000000000000026
[   70.836636][ T6539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3c942300
[   70.844934][ T6539] R13: 00007fff3c9424a8 R14: 00007fff3c9423d0 R15: 00007facf2fdc47b
[   70.853277][ T6539]  </TASK>
[   70.856583][ T6539] Kernel Offset: disabled
[   70.861088][ T6539] Rebooting in 86400 seconds..