[ OK ] Started Getty on tty4. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.476028][ T8440] ================================================================== [ 72.484435][ T8440] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 72.491430][ T8440] Read of size 8 at addr ffff8880206b5968 by task syz-executor986/8440 [ 72.499868][ T8440] [ 72.502216][ T8440] CPU: 1 PID: 8440 Comm: syz-executor986 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.512230][ T8440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.522422][ T8440] Call Trace: [ 72.525732][ T8440] dump_stack+0x107/0x163 [ 72.530199][ T8440] ? find_uprobe+0x12c/0x150 [ 72.534827][ T8440] ? find_uprobe+0x12c/0x150 [ 72.540050][ T8440] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.547105][ T8440] ? find_uprobe+0x12c/0x150 [ 72.551720][ T8440] ? find_uprobe+0x12c/0x150 [ 72.556981][ T8440] kasan_report.cold+0x7c/0xd8 [ 72.561799][ T8440] ? find_uprobe+0x12c/0x150 [ 72.566417][ T8440] find_uprobe+0x12c/0x150 [ 72.571578][ T8440] uprobe_unregister+0x1e/0x70 [ 72.576366][ T8440] __probe_event_disable+0x11e/0x240 [ 72.581674][ T8440] probe_event_disable+0x155/0x1c0 [ 72.586811][ T8440] trace_uprobe_register+0x45a/0x880 [ 72.592154][ T8440] ? trace_uprobe_register+0x3ef/0x880 [ 72.597733][ T8440] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.603300][ T8440] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.609209][ T8440] perf_uprobe_destroy+0xbb/0x130 [ 72.614229][ T8440] ? perf_uprobe_init+0x210/0x210 [ 72.619248][ T8440] _free_event+0x2ee/0x1380 [ 72.623756][ T8440] perf_event_release_kernel+0xa24/0xe00 [ 72.629412][ T8440] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.634712][ T8440] ? __perf_event_exit_context+0x170/0x170 [ 72.640538][ T8440] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.646963][ T8440] perf_release+0x33/0x40 [ 72.651563][ T8440] __fput+0x283/0x920 [ 72.655565][ T8440] ? perf_event_release_kernel+0xe00/0xe00 [ 72.661416][ T8440] task_work_run+0xdd/0x190 [ 72.666072][ T8440] do_exit+0xc5c/0x2ae0 [ 72.670285][ T8440] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.675719][ T8440] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.682014][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.688329][ T8440] do_group_exit+0x125/0x310 [ 72.693168][ T8440] __x64_sys_exit_group+0x3a/0x50 [ 72.698245][ T8440] do_syscall_64+0x2d/0x70 [ 72.702731][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.708663][ T8440] RIP: 0033:0x43daf9 [ 72.712626][ T8440] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 72.720053][ T8440] RSP: 002b:00007fffb7147268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.728483][ T8440] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 72.737094][ T8440] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.745268][ T8440] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.754162][ T8440] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.762348][ T8440] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.770372][ T8440] [ 72.772722][ T8440] Allocated by task 8440: [ 72.777061][ T8440] kasan_save_stack+0x1b/0x40 [ 72.781766][ T8440] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 72.787853][ T8440] __uprobe_register+0x19c/0x850 [ 72.792811][ T8440] probe_event_enable+0x357/0xa00 [ 72.797872][ T8440] trace_uprobe_register+0x443/0x880 [ 72.803175][ T8440] perf_trace_event_init+0x549/0xa20 [ 72.808906][ T8440] perf_uprobe_init+0x16f/0x210 [ 72.813773][ T8440] perf_uprobe_event_init+0xff/0x1c0 [ 72.819091][ T8440] perf_try_init_event+0x12a/0x560 [ 72.824364][ T8440] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.830139][ T8440] __do_sys_perf_event_open+0x647/0x2e60 [ 72.835796][ T8440] do_syscall_64+0x2d/0x70 [ 72.840393][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.846315][ T8440] [ 72.848722][ T8440] Freed by task 8440: [ 72.852709][ T8440] kasan_save_stack+0x1b/0x40 [ 72.857382][ T8440] kasan_set_track+0x1c/0x30 [ 72.861975][ T8440] kasan_set_free_info+0x20/0x30 [ 72.866917][ T8440] ____kasan_slab_free.part.0+0xe1/0x110 [ 72.872553][ T8440] slab_free_freelist_hook+0x82/0x1d0 [ 72.877929][ T8440] kfree+0xe5/0x7b0 [ 72.881747][ T8440] put_uprobe+0x13b/0x190 [ 72.886082][ T8440] uprobe_apply+0xfc/0x130 [ 72.890518][ T8440] trace_uprobe_register+0x5c9/0x880 [ 72.896158][ T8440] perf_trace_event_init+0x17a/0xa20 [ 72.901452][ T8440] perf_uprobe_init+0x16f/0x210 [ 72.906312][ T8440] perf_uprobe_event_init+0xff/0x1c0 [ 72.911616][ T8440] perf_try_init_event+0x12a/0x560 [ 72.916731][ T8440] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.922279][ T8440] __do_sys_perf_event_open+0x647/0x2e60 [ 72.928037][ T8440] do_syscall_64+0x2d/0x70 [ 72.933694][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.939644][ T8440] [ 72.942060][ T8440] The buggy address belongs to the object at ffff8880206b5800 [ 72.942060][ T8440] which belongs to the cache kmalloc-512 of size 512 [ 72.956129][ T8440] The buggy address is located 360 bytes inside of [ 72.956129][ T8440] 512-byte region [ffff8880206b5800, ffff8880206b5a00) [ 72.969519][ T8440] The buggy address belongs to the page: [ 72.975159][ T8440] page:000000009f3fcb3a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x206b4 [ 72.985878][ T8440] head:000000009f3fcb3a order:1 compound_mapcount:0 [ 72.992662][ T8440] flags: 0xfff00000010200(slab|head) [ 72.998009][ T8440] raw: 00fff00000010200 ffffea000055aa80 0000000600000006 ffff888010841c80 [ 73.006780][ T8440] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 73.015359][ T8440] page dumped because: kasan: bad access detected [ 73.022098][ T8440] [ 73.024423][ T8440] Memory state around the buggy address: [ 73.030177][ T8440] ffff8880206b5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.038269][ T8440] ffff8880206b5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.046330][ T8440] >ffff8880206b5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.054799][ T8440] ^ [ 73.062377][ T8440] ffff8880206b5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.070792][ T8440] ffff8880206b5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.078859][ T8440] ================================================================== [ 73.087064][ T8440] Disabling lock debugging due to kernel taint [ 73.093589][ T8440] Kernel panic - not syncing: panic_on_warn set ... [ 73.100189][ T8440] CPU: 1 PID: 8440 Comm: syz-executor986 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 73.111574][ T8440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.121629][ T8440] Call Trace: [ 73.124907][ T8440] dump_stack+0x107/0x163 [ 73.129510][ T8440] ? find_uprobe+0x90/0x150 [ 73.134217][ T8440] panic+0x306/0x73d [ 73.138108][ T8440] ? __warn_printk+0xf3/0xf3 [ 73.142787][ T8440] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 73.149048][ T8440] ? trace_hardirqs_on+0x38/0x1c0 [ 73.154196][ T8440] ? trace_hardirqs_on+0x51/0x1c0 [ 73.159262][ T8440] ? find_uprobe+0x12c/0x150 [ 73.163880][ T8440] ? find_uprobe+0x12c/0x150 [ 73.168737][ T8440] end_report.cold+0x5a/0x5a [ 73.173336][ T8440] kasan_report.cold+0x6a/0xd8 [ 73.178191][ T8440] ? find_uprobe+0x12c/0x150 [ 73.182857][ T8440] find_uprobe+0x12c/0x150 [ 73.187259][ T8440] uprobe_unregister+0x1e/0x70 [ 73.192012][ T8440] __probe_event_disable+0x11e/0x240 [ 73.197290][ T8440] probe_event_disable+0x155/0x1c0 [ 73.202428][ T8440] trace_uprobe_register+0x45a/0x880 [ 73.207726][ T8440] ? trace_uprobe_register+0x3ef/0x880 [ 73.213197][ T8440] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.218762][ T8440] perf_trace_event_unreg.isra.0+0xac/0x250 [ 73.224771][ T8440] perf_uprobe_destroy+0xbb/0x130 [ 73.229793][ T8440] ? perf_uprobe_init+0x210/0x210 [ 73.234822][ T8440] _free_event+0x2ee/0x1380 [ 73.239332][ T8440] perf_event_release_kernel+0xa24/0xe00 [ 73.244970][ T8440] ? fsnotify_first_mark+0x1f0/0x1f0 [ 73.250247][ T8440] ? __perf_event_exit_context+0x170/0x170 [ 73.256057][ T8440] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.262397][ T8440] perf_release+0x33/0x40 [ 73.266722][ T8440] __fput+0x283/0x920 [ 73.270697][ T8440] ? perf_event_release_kernel+0xe00/0xe00 [ 73.277148][ T8440] task_work_run+0xdd/0x190 [ 73.281653][ T8440] do_exit+0xc5c/0x2ae0 [ 73.285900][ T8440] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.291342][ T8440] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.297843][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.304221][ T8440] do_group_exit+0x125/0x310 [ 73.308830][ T8440] __x64_sys_exit_group+0x3a/0x50 [ 73.313961][ T8440] do_syscall_64+0x2d/0x70 [ 73.318488][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.324643][ T8440] RIP: 0033:0x43daf9 [ 73.328547][ T8440] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 73.335560][ T8440] RSP: 002b:00007fffb7147268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.343983][ T8440] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 73.352083][ T8440] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.360060][ T8440] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 73.368225][ T8440] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 73.376573][ T8440] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.386396][ T8440] Kernel Offset: disabled [ 73.390857][ T8440] Rebooting in 86400 seconds..