Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts.
2021/12/02 07:07:58 fuzzer started
2021/12/02 07:07:59 connecting to host at 10.128.0.169:45929
2021/12/02 07:07:59 checking machine...
2021/12/02 07:07:59 checking revisions...
2021/12/02 07:07:59 testing simple program...
syzkaller login: [ 69.553184][ T6521] cgroup: Unknown subsys name 'net'
[ 69.559506][ T6521]
[ 69.561835][ T6521] =========================
[ 69.566312][ T6521] WARNING: held lock freed!
[ 69.570796][ T6521] 5.16.0-rc3-next-20211202-syzkaller #0 Not tainted
[ 69.577365][ T6521] -------------------------
[ 69.581849][ T6521] syz-executor/6521 is freeing memory ffff888010e1cc00-ffff888010e1cdff, with a lock still held there!
[ 69.592847][ T6521] ffff888010e1cd48 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 69.602601][ T6521] 2 locks held by syz-executor/6521:
[ 69.607863][ T6521] #0: ffffffff8bbc4e48 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline+0xa5/0x900
[ 69.618369][ T6521] #1: ffff888010e1cd48 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_destroy_root+0x81/0xb0
[ 69.628523][ T6521]
[ 69.628523][ T6521] stack backtrace:
[ 69.634385][ T6521] CPU: 0 PID: 6521 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[ 69.644080][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.654112][ T6521] Call Trace:
[ 69.657371][ T6521] <TASK>
[ 69.660284][ T6521] dump_stack_lvl+0xcd/0x134
[ 69.664861][ T6521] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 69.670843][ T6521] ? lockdep_hardirqs_on+0x79/0x100
[ 69.676037][ T6521] slab_free_freelist_hook+0x73/0x1c0
[ 69.681414][ T6521] ? kernfs_put.part.0+0x331/0x540
[ 69.686506][ T6521] kfree+0xe0/0x430
[ 69.690293][ T6521] ? kmem_cache_free+0xba/0x4a0
[ 69.695127][ T6521] ? rwlock_bug.part.0+0x90/0x90
[ 69.700047][ T6521] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 69.706298][ T6521] kernfs_put.part.0+0x331/0x540
[ 69.711242][ T6521] kernfs_put+0x42/0x50
[ 69.715403][ T6521] __kernfs_remove+0x7a3/0xb20
[ 69.720150][ T6521] ? kernfs_next_descendant_post+0x2f0/0x2f0
[ 69.726113][ T6521] ? down_write+0xde/0x150
[ 69.730515][ T6521] ? down_write_killable_nested+0x180/0x180
[ 69.736428][ T6521] kernfs_destroy_root+0x89/0xb0
[ 69.741351][ T6521] cgroup_setup_root+0x3a6/0xad0
[ 69.746272][ T6521] ? rebind_subsystems+0x10e0/0x10e0
[ 69.751889][ T6521] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 69.758123][ T6521] cgroup1_get_tree+0xd33/0x1390
[ 69.763046][ T6521] vfs_get_tree+0x89/0x2f0
[ 69.767466][ T6521] path_mount+0x1320/0x1fa0
[ 69.771951][ T6521] ? kmem_cache_free+0xba/0x4a0
[ 69.776796][ T6521] ? finish_automount+0xaf0/0xaf0
[ 69.781804][ T6521] ? putname+0xfe/0x140
[ 69.785943][ T6521] __x64_sys_mount+0x27f/0x300
[ 69.790688][ T6521] ? copy_mnt_ns+0xae0/0xae0
[ 69.795270][ T6521] ? syscall_enter_from_user_mode+0x21/0x70
[ 69.801149][ T6521] do_syscall_64+0x35/0xb0
[ 69.805546][ T6521] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 69.811425][ T6521] RIP: 0033:0x7f2f26f3601a
[ 69.815826][ T6521] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 69.835670][ T6521] RSP: 002b:00007ffdb02ed8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 69.844059][ T6521] RAX: ffffffffffffffda RBX: 00007ffdb02eda78 RCX: 00007f2f26f3601a
[ 69.852014][ T6521] RDX: 00007f2f26f98fe2 RSI: 00007f2f26f8f29a RDI: 00007f2f26f8dd71
[ 69.859971][ T6521] RBP: 00007f2f26f8f29a R08: 00007f2f26f8f3f7 R09: 0000000000000026
[ 69.867918][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb02ed8f0
[ 69.875866][ T6521] R13: 00007ffdb02eda98 R14: 00007ffdb02ed9c0 R15: 00007f2f26f8f3f1
[ 69.883823][ T6521] </TASK>
[ 69.887524][ T6521] ==================================================================
[ 69.895577][ T6521] BUG: KASAN: use-after-free in up_write+0x3ac/0x470
[ 69.902260][ T6521] Read of size 8 at addr ffff888010e1cd40 by task syz-executor/6521
[ 69.910230][ T6521]
[ 69.912535][ T6521] CPU: 0 PID: 6521 Comm: syz-executor Not tainted 5.16.0-rc3-next-20211202-syzkaller #0
[ 69.922234][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.932270][ T6521] Call Trace:
[ 69.935535][ T6521] <TASK>
[ 69.938450][ T6521] dump_stack_lvl+0xcd/0x134
[ 69.943038][ T6521] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 69.950056][ T6521] ? up_write+0x3ac/0x470
[ 69.954384][ T6521] ? up_write+0x3ac/0x470
[ 69.958701][ T6521] kasan_report.cold+0x83/0xdf
[ 69.963453][ T6521] ? up_write+0x3ac/0x470
[ 69.967770][ T6521] up_write+0x3ac/0x470
[ 69.971916][ T6521] cgroup_setup_root+0x3a6/0xad0
[ 69.976845][ T6521] ? rebind_subsystems+0x10e0/0x10e0
[ 69.982120][ T6521] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 69.988365][ T6521] cgroup1_get_tree+0xd33/0x1390
[ 69.993294][ T6521] vfs_get_tree+0x89/0x2f0
[ 69.997702][ T6521] path_mount+0x1320/0x1fa0
[ 70.002192][ T6521] ? kmem_cache_free+0xba/0x4a0
[ 70.007041][ T6521] ? finish_automount+0xaf0/0xaf0
[ 70.012055][ T6521] ? putname+0xfe/0x140
[ 70.016204][ T6521] __x64_sys_mount+0x27f/0x300
[ 70.020958][ T6521] ? copy_mnt_ns+0xae0/0xae0
[ 70.025537][ T6521] ? syscall_enter_from_user_mode+0x21/0x70
[ 70.031429][ T6521] do_syscall_64+0x35/0xb0
[ 70.035855][ T6521] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.041739][ T6521] RIP: 0033:0x7f2f26f3601a
[ 70.046143][ T6521] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 70.065745][ T6521] RSP: 002b:00007ffdb02ed8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 70.074150][ T6521] RAX: ffffffffffffffda RBX: 00007ffdb02eda78 RCX: 00007f2f26f3601a
[ 70.082116][ T6521] RDX: 00007f2f26f98fe2 RSI: 00007f2f26f8f29a RDI: 00007f2f26f8dd71
[ 70.090072][ T6521] RBP: 00007f2f26f8f29a R08: 00007f2f26f8f3f7 R09: 0000000000000026
[ 70.098025][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb02ed8f0
[ 70.105979][ T6521] R13: 00007ffdb02eda98 R14: 00007ffdb02ed9c0 R15: 00007f2f26f8f3f1
[ 70.113939][ T6521] </TASK>
[ 70.116940][ T6521]
[ 70.119244][ T6521] Allocated by task 6521:
[ 70.123550][ T6521] kasan_save_stack+0x1e/0x50
[ 70.128220][ T6521] __kasan_kmalloc+0xa9/0xd0
[ 70.132800][ T6521] kernfs_create_root+0x4c/0x410
[ 70.137725][ T6521] cgroup_setup_root+0x243/0xad0
[ 70.142653][ T6521] cgroup1_get_tree+0xd33/0x1390
[ 70.147574][ T6521] vfs_get_tree+0x89/0x2f0
[ 70.151976][ T6521] path_mount+0x1320/0x1fa0
[ 70.156471][ T6521] __x64_sys_mount+0x27f/0x300
[ 70.161236][ T6521] do_syscall_64+0x35/0xb0
[ 70.165645][ T6521] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.171530][ T6521]
[ 70.173837][ T6521] Freed by task 6521:
[ 70.177805][ T6521] kasan_save_stack+0x1e/0x50
[ 70.182476][ T6521] kasan_set_track+0x21/0x30
[ 70.187062][ T6521] kasan_set_free_info+0x20/0x30
[ 70.191986][ T6521] __kasan_slab_free+0x103/0x170
[ 70.196912][ T6521] slab_free_freelist_hook+0x8b/0x1c0
[ 70.202270][ T6521] kfree+0xe0/0x430
[ 70.206062][ T6521] kernfs_put.part.0+0x331/0x540
[ 70.210989][ T6521] kernfs_put+0x42/0x50
[ 70.215133][ T6521] __kernfs_remove+0x7a3/0xb20
[ 70.219929][ T6521] kernfs_destroy_root+0x89/0xb0
[ 70.224864][ T6521] cgroup_setup_root+0x3a6/0xad0
[ 70.229804][ T6521] cgroup1_get_tree+0xd33/0x1390
[ 70.234728][ T6521] vfs_get_tree+0x89/0x2f0
[ 70.239136][ T6521] path_mount+0x1320/0x1fa0
[ 70.243633][ T6521] __x64_sys_mount+0x27f/0x300
[ 70.248388][ T6521] do_syscall_64+0x35/0xb0
[ 70.252796][ T6521] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.258676][ T6521]
[ 70.260981][ T6521] The buggy address belongs to the object at ffff888010e1cc00
[ 70.260981][ T6521] which belongs to the cache kmalloc-512 of size 512
[ 70.275020][ T6521] The buggy address is located 320 bytes inside of
[ 70.275020][ T6521] 512-byte region [ffff888010e1cc00, ffff888010e1ce00)
[ 70.288300][ T6521] The buggy address belongs to the page:
[ 70.293909][ T6521] page:ffffea0000438700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e1c
[ 70.304041][ T6521] head:ffffea0000438700 order:2 compound_mapcount:0 compound_pincount:0
[ 70.312348][ T6521] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 70.320319][ T6521] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41c80
[ 70.328890][ T6521] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 70.337465][ T6521] page dumped because: kasan: bad access detected
[ 70.343855][ T6521] page_owner tracks the page as allocated
[ 70.349550][ T6521] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 1, ts 1869459273, free_ts 0
[ 70.360814][ T6521] register_early_stack+0x66/0xb0
[ 70.365880][ T6521] init_page_owner+0x53/0x930
[ 70.370551][ T6521] page_ext_init+0x4c9/0x4dc
[ 70.375129][ T6521] kernel_init_freeable+0x48b/0x73a
[ 70.380314][ T6521] page_owner free stack trace missing
[ 70.385659][ T6521]
[ 70.387963][ T6521] Memory state around the buggy address:
[ 70.393574][ T6521] ffff888010e1cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.401628][ T6521] ffff888010e1cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.409672][ T6521] >ffff888010e1cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.417716][ T6521] ^
[ 70.423851][ T6521] ffff888010e1cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.431909][ T6521] ffff888010e1ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 70.439949][ T6521] ==================================================================
[ 70.451109][ T6521] Kernel panic - not syncing: panic_on_warn set ...
[ 70.457790][ T6521] CPU: 1 PID: 6521 Comm: syz-executor Tainted: G B 5.16.0-rc3-next-20211202-syzkaller #0
[ 70.468897][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 70.478948][ T6521] Call Trace:
[ 70.482227][ T6521] <TASK>
[ 70.485155][ T6521] dump_stack_lvl+0xcd/0x134
[ 70.489791][ T6521] panic+0x2b0/0x6dd
[ 70.493691][ T6521] ? __warn_printk+0xf3/0xf3
[ 70.498281][ T6521] ? preempt_schedule_common+0x59/0xc0
[ 70.503726][ T6521] ? up_write+0x3ac/0x470
[ 70.508039][ T6521] ? preempt_schedule_thunk+0x16/0x18
[ 70.513394][ T6521] ? trace_hardirqs_on+0x38/0x1c0
[ 70.518561][ T6521] ? trace_hardirqs_on+0x51/0x1c0
[ 70.523565][ T6521] ? up_write+0x3ac/0x470
[ 70.527875][ T6521] ? up_write+0x3ac/0x470
[ 70.532185][ T6521] end_report.cold+0x63/0x6f
[ 70.536759][ T6521] kasan_report.cold+0x71/0xdf
[ 70.541543][ T6521] ? up_write+0x3ac/0x470
[ 70.545852][ T6521] up_write+0x3ac/0x470
[ 70.549991][ T6521] cgroup_setup_root+0x3a6/0xad0
[ 70.554920][ T6521] ? rebind_subsystems+0x10e0/0x10e0
[ 70.560192][ T6521] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 70.566427][ T6521] cgroup1_get_tree+0xd33/0x1390
[ 70.571352][ T6521] vfs_get_tree+0x89/0x2f0
[ 70.575760][ T6521] path_mount+0x1320/0x1fa0
[ 70.580245][ T6521] ? kmem_cache_free+0xba/0x4a0
[ 70.585080][ T6521] ? finish_automount+0xaf0/0xaf0
[ 70.590098][ T6521] ? putname+0xfe/0x140
[ 70.594244][ T6521] __x64_sys_mount+0x27f/0x300
[ 70.598997][ T6521] ? copy_mnt_ns+0xae0/0xae0
[ 70.603570][ T6521] ? syscall_enter_from_user_mode+0x21/0x70
[ 70.609451][ T6521] do_syscall_64+0x35/0xb0
[ 70.613854][ T6521] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.619728][ T6521] RIP: 0033:0x7f2f26f3601a
[ 70.624126][ T6521] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 70.643711][ T6521] RSP: 002b:00007ffdb02ed8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 70.652101][ T6521] RAX: ffffffffffffffda RBX: 00007ffdb02eda78 RCX: 00007f2f26f3601a
[ 70.660051][ T6521] RDX: 00007f2f26f98fe2 RSI: 00007f2f26f8f29a RDI: 00007f2f26f8dd71
[ 70.668004][ T6521] RBP: 00007f2f26f8f29a R08: 00007f2f26f8f3f7 R09: 0000000000000026
[ 70.675952][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb02ed8f0
[ 70.683903][ T6521] R13: 00007ffdb02eda98 R14: 00007ffdb02ed9c0 R15: 00007f2f26f8f3f1
[ 70.691856][ T6521] </TASK>
[ 70.695099][ T6521] Kernel Offset: disabled
[ 70.699410][ T6521] Rebooting in 86400 seconds..