INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.044416] IPVS: ftp: loaded support on port[0] = 21
[   29.099642] ==================================================================
[   29.107076] BUG: KASAN: use-after-free in uprobe_perf_close+0x45e/0x5f0
[   29.113803] Read of size 4 at addr ffff8801d9af8764 by task syzkaller726693/4483
[   29.121307] 
[   29.122913] CPU: 0 PID: 4483 Comm: syzkaller726693 Not tainted 4.16.0+ #1
[   29.129808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.139143] Call Trace:
[   29.141713]  dump_stack+0x1b9/0x294
[   29.145323]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.150489]  ? printk+0x9e/0xba
[   29.153749]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   29.158484]  ? kasan_check_write+0x14/0x20
[   29.162696]  print_address_description+0x6c/0x20b
[   29.167516]  ? uprobe_perf_close+0x45e/0x5f0
[   29.171898]  kasan_report.cold.7+0x242/0x2fe
[   29.176285]  __asan_report_load4_noabort+0x14/0x20
[   29.181195]  uprobe_perf_close+0x45e/0x5f0
[   29.185414]  ? probes_open+0x1a0/0x1a0
[   29.189280]  ? graph_lock+0x170/0x170
[   29.193058]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.198223]  trace_uprobe_register+0x355/0xcd0
[   29.202780]  ? uprobe_perf_close+0x5f0/0x5f0
[   29.207164]  ? kasan_check_read+0x11/0x20
[   29.211288]  ? rcu_is_watching+0x85/0x140
[   29.215412]  ? rcu_pm_notify+0xc0/0xc0
[   29.219272]  ? perf_event_attach_bpf_prog+0x3e0/0x3e0
[   29.224438]  ? perf_uprobe_init+0x260/0x260
[   29.228735]  perf_uprobe_destroy+0xa0/0x130
[   29.233038]  ? perf_uprobe_init+0x260/0x260
[   29.237336]  _free_event+0x3ff/0x13b0
[   29.241113]  ? __mutex_unlock_slowpath+0x140/0x8a0
[   29.246026]  ? ring_buffer_attach+0x830/0x830
[   29.250502]  ? lock_downgrade+0x8e0/0x8e0
[   29.254627]  ? mark_held_locks+0xc9/0x160
[   29.258748]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.263305]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.267775]  put_event+0x48/0x60
[   29.271118]  perf_event_release_kernel+0x8bd/0xf90
[   29.276032]  ? put_event+0x60/0x60
[   29.279556]  ? kasan_check_read+0x11/0x20
[   29.283676]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.288061]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.292617]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   29.297694]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.302683]  ? trace_hardirqs_on+0xd/0x10
[   29.306810]  ? kasan_check_read+0x11/0x20
[   29.310934]  ? rcu_is_watching+0x85/0x140
[   29.315059]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   29.320225]  ? __call_rcu.constprop.68+0x396/0xbb0
[   29.325132]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.330646]  ? locks_remove_file+0x3f7/0x5a0
[   29.335036]  ? fcntl_setlk+0x1020/0x1020
[   29.339075]  ? fsnotify+0x415/0x1100
[   29.342770]  ? perf_event_release_kernel+0xf90/0xf90
[   29.347849]  perf_release+0x37/0x50
[   29.351452]  __fput+0x34d/0x890
[   29.354707]  ? fput+0x1a0/0x1a0
[   29.357963]  ? check_same_owner+0x320/0x320
[   29.362262]  ____fput+0x15/0x20
[   29.365516]  task_work_run+0x1e4/0x290
[   29.369382]  ? task_work_cancel+0x240/0x240
[   29.373681]  ? switch_task_namespaces+0xbd/0xd0
[   29.378328]  do_exit+0xf89/0x2730
[   29.381758]  ? mm_update_next_owner+0x980/0x980
[   29.386405]  ? __lock_acquire+0x7f5/0x5140
[   29.390617]  ? find_held_lock+0x36/0x1c0
[   29.394666]  ? lock_downgrade+0x8e0/0x8e0
[   29.398792]  ? kasan_check_read+0x11/0x20
[   29.402913]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.407303]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.411859]  ? kasan_check_write+0x14/0x20
[   29.416067]  ? do_raw_spin_lock+0xc1/0x200
[   29.420278]  ? trace_hardirqs_off+0xd/0x10
[   29.424488]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   29.429565]  ? try_to_wake_up+0x102/0x1190
[   29.433773]  ? find_held_lock+0x36/0x1c0
[   29.437813]  ? graph_lock+0x170/0x170
[   29.441586]  ? lock_downgrade+0x8e0/0x8e0
[   29.445713]  ? pvclock_read_flags+0x160/0x160
[   29.450188]  ? find_held_lock+0x36/0x1c0
[   29.454229]  ? lock_downgrade+0x8e0/0x8e0
[   29.458352]  ? kasan_check_read+0x11/0x20
[   29.462476]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.466857]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.471415]  ? force_sig+0x30/0x30
[   29.474930]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.479403]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.484399]  do_group_exit+0x16f/0x430
[   29.488261]  ? do_futex+0x27d0/0x27d0
[   29.492039]  ? SyS_exit+0x30/0x30
[   29.495471]  ? do_syscall_64+0xb7/0x9d0
[   29.499422]  ? do_group_exit+0x430/0x430
[   29.503457]  SyS_exit_group+0x1d/0x20
[   29.507233]  do_syscall_64+0x29e/0x9d0
[   29.511095]  ? vmalloc_sync_all+0x30/0x30
[   29.515220]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.519960]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.524867]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.529773]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   29.535112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.539930]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.545094] RIP: 0033:0x4499a9
[   29.548257] RSP: 002b:00007ffc0fc17a98 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   29.555938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004499a9
[   29.563181] RDX: 00000000004499a9 RSI: 00000000004499a9 RDI: 0000000000000001
[   29.570423] RBP: 00000000006da018 R08: 0000000000000000 R09: 0000000000407170
[   29.577665] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004070e0
[   29.584906] R13: 0000000000407170 R14: 0000000000000000 R15: 0000000000000000
[   29.592154] 
[   29.593757] Allocated by task 4483:
[   29.597360]  save_stack+0x43/0xd0
[   29.600785]  kasan_kmalloc+0xc4/0xe0
[   29.604475]  kasan_slab_alloc+0x12/0x20
[   29.608424]  kmem_cache_alloc_node+0x144/0x780
[   29.612978]  copy_process.part.38+0x16bf/0x6e90
[   29.617622]  _do_fork+0x291/0x12a0
[   29.621137]  SyS_clone+0x37/0x50
[   29.624483]  do_syscall_64+0x29e/0x9d0
[   29.628346]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.633503] 
[   29.635104] Freed by task 0:
[   29.638099]  save_stack+0x43/0xd0
[   29.641524]  __kasan_slab_free+0x11a/0x170
[   29.645730]  kasan_slab_free+0xe/0x10
[   29.649501]  kmem_cache_free+0x86/0x2d0
[   29.653450]  free_task+0x166/0x1d0
[   29.656962]  __put_task_struct+0x2d2/0x600
[   29.661171]  delayed_put_task_struct+0x367/0x470
[   29.665901]  rcu_process_callbacks+0x941/0x15f0
[   29.670543]  __do_softirq+0x2e0/0xaf5
[   29.674313] 
[   29.675915] The buggy address belongs to the object at ffff8801d9af8740
[   29.675915]  which belongs to the cache task_struct of size 5952
[   29.688629] The buggy address is located 36 bytes inside of
[   29.688629]  5952-byte region [ffff8801d9af8740, ffff8801d9af9e80)
[   29.700473] The buggy address belongs to the page:
[   29.705378] page:ffffea000766be00 count:1 mapcount:0 mapping:ffff8801d9af8740 index:0x0 compound_mapcount: 0
[   29.715320] flags: 0x2fffc0000008100(slab|head)
[   29.719965] raw: 02fffc0000008100 ffff8801d9af8740 0000000000000000 0000000100000001
[   29.727821] raw: ffffea0007658420 ffff8801dad0e248 ffff8801dad48200 0000000000000000
[   29.735670] page dumped because: kasan: bad access detected
[   29.741347] 
[   29.742947] Memory state around the buggy address:
[   29.747848]  ffff8801d9af8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.755179]  ffff8801d9af8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.762510] >ffff8801d9af8700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   29.769839]                                                        ^
[   29.776302]  ffff8801d9af8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.783633]  ffff8801d9af8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.790962] ==================================================================
[   29.798289] Disabling lock debugging due to kernel taint
[   29.803834] Kernel panic - not syncing: panic_on_warn set ...
[   29.803834] 
[   29.811199] CPU: 0 PID: 4483 Comm: syzkaller726693 Tainted: G    B             4.16.0+ #1
[   29.819495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.828821] Call Trace:
[   29.831392]  dump_stack+0x1b9/0x294
[   29.834995]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.840164]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.844898]  ? uprobe_perf_close+0x3b0/0x5f0
[   29.849281]  panic+0x22f/0x4de
[   29.852444]  ? add_taint.cold.5+0x16/0x16
[   29.856568]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.860948]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.865329]  ? uprobe_perf_close+0x45e/0x5f0
[   29.869713]  kasan_end_report+0x47/0x4f
[   29.873665]  kasan_report.cold.7+0x76/0x2fe
[   29.877959]  __asan_report_load4_noabort+0x14/0x20
[   29.882860]  uprobe_perf_close+0x45e/0x5f0
[   29.887075]  ? probes_open+0x1a0/0x1a0
[   29.890935]  ? graph_lock+0x170/0x170
[   29.894711]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.899873]  trace_uprobe_register+0x355/0xcd0
[   29.904430]  ? uprobe_perf_close+0x5f0/0x5f0
[   29.908812]  ? kasan_check_read+0x11/0x20
[   29.912933]  ? rcu_is_watching+0x85/0x140
[   29.917052]  ? rcu_pm_notify+0xc0/0xc0
[   29.920911]  ? perf_event_attach_bpf_prog+0x3e0/0x3e0
[   29.926078]  ? perf_uprobe_init+0x260/0x260
[   29.930371]  perf_uprobe_destroy+0xa0/0x130
[   29.934665]  ? perf_uprobe_init+0x260/0x260
[   29.938958]  _free_event+0x3ff/0x13b0
[   29.942733]  ? __mutex_unlock_slowpath+0x140/0x8a0
[   29.947633]  ? ring_buffer_attach+0x830/0x830
[   29.952104]  ? lock_downgrade+0x8e0/0x8e0
[   29.956228]  ? mark_held_locks+0xc9/0x160
[   29.960349]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.964905]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.969371]  put_event+0x48/0x60
[   29.972710]  perf_event_release_kernel+0x8bd/0xf90
[   29.977622]  ? put_event+0x60/0x60
[   29.981138]  ? kasan_check_read+0x11/0x20
[   29.985257]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.989638]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.994192]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   29.999493]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.004484]  ? trace_hardirqs_on+0xd/0x10
[   30.008607]  ? kasan_check_read+0x11/0x20
[   30.012727]  ? rcu_is_watching+0x85/0x140
[   30.016846]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.022017]  ? __call_rcu.constprop.68+0x396/0xbb0
[   30.026928]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.032438]  ? locks_remove_file+0x3f7/0x5a0
[   30.036817]  ? fcntl_setlk+0x1020/0x1020
[   30.040851]  ? fsnotify+0x415/0x1100
[   30.044543]  ? perf_event_release_kernel+0xf90/0xf90
[   30.049616]  perf_release+0x37/0x50
[   30.053215]  __fput+0x34d/0x890
[   30.056471]  ? fput+0x1a0/0x1a0
[   30.059725]  ? check_same_owner+0x320/0x320
[   30.064028]  ____fput+0x15/0x20
[   30.067285]  task_work_run+0x1e4/0x290
[   30.071149]  ? task_work_cancel+0x240/0x240
[   30.075446]  ? switch_task_namespaces+0xbd/0xd0
[   30.080091]  do_exit+0xf89/0x2730
[   30.083518]  ? mm_update_next_owner+0x980/0x980
[   30.088163]  ? __lock_acquire+0x7f5/0x5140
[   30.092371]  ? find_held_lock+0x36/0x1c0
[   30.096405]  ? lock_downgrade+0x8e0/0x8e0
[   30.100529]  ? kasan_check_read+0x11/0x20
[   30.104649]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.109033]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   30.113589]  ? kasan_check_write+0x14/0x20
[   30.117794]  ? do_raw_spin_lock+0xc1/0x200
[   30.122005]  ? trace_hardirqs_off+0xd/0x10
[   30.126220]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   30.131299]  ? try_to_wake_up+0x102/0x1190
[   30.135503]  ? find_held_lock+0x36/0x1c0
[   30.139540]  ? graph_lock+0x170/0x170
[   30.143312]  ? lock_downgrade+0x8e0/0x8e0
[   30.147438]  ? pvclock_read_flags+0x160/0x160
[   30.151905]  ? find_held_lock+0x36/0x1c0
[   30.155938]  ? lock_downgrade+0x8e0/0x8e0
[   30.160059]  ? kasan_check_read+0x11/0x20
[   30.164178]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.168558]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   30.173119]  ? force_sig+0x30/0x30
[   30.176630]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.181098]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.186091]  do_group_exit+0x16f/0x430
[   30.189952]  ? do_futex+0x27d0/0x27d0
[   30.193726]  ? SyS_exit+0x30/0x30
[   30.197159]  ? do_syscall_64+0xb7/0x9d0
[   30.201111]  ? do_group_exit+0x430/0x430
[   30.205146]  SyS_exit_group+0x1d/0x20
[   30.208917]  do_syscall_64+0x29e/0x9d0
[   30.212778]  ? vmalloc_sync_all+0x30/0x30
[   30.216898]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.221627]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.226529]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.231434]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.236771]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.241586]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.246748] RIP: 0033:0x4499a9
[   30.249913] RSP: 002b:00007ffc0fc17a98 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   30.257591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004499a9
[   30.264831] RDX: 00000000004499a9 RSI: 00000000004499a9 RDI: 0000000000000001
[   30.272071] RBP: 00000000006da018 R08: 0000000000000000 R09: 0000000000407170
[   30.279311] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004070e0
[   30.286551] R13: 0000000000407170 R14: 0000000000000000 R15: 0000000000000000
[   30.294189] Dumping ftrace buffer:
[   30.297698]    (ftrace buffer empty)
[   30.301377] Kernel Offset: disabled
[   30.304979] Rebooting in 86400 seconds..