[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.648640][ T8403] ================================================================== [ 76.657036][ T8403] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 76.664027][ T8403] Read of size 8 at addr ffff888019500168 by task syz-executor355/8403 [ 76.672270][ T8403] [ 76.674597][ T8403] CPU: 0 PID: 8403 Comm: syz-executor355 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 76.684582][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.694890][ T8403] Call Trace: [ 76.698359][ T8403] dump_stack+0x107/0x163 [ 76.702858][ T8403] ? find_uprobe+0x12c/0x150 [ 76.707460][ T8403] ? find_uprobe+0x12c/0x150 [ 76.712043][ T8403] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 76.719129][ T8403] ? find_uprobe+0x12c/0x150 [ 76.723740][ T8403] ? find_uprobe+0x12c/0x150 [ 76.728427][ T8403] kasan_report.cold+0x7c/0xd8 [ 76.733227][ T8403] ? find_uprobe+0x12c/0x150 [ 76.737823][ T8403] find_uprobe+0x12c/0x150 [ 76.742248][ T8403] uprobe_unregister+0x1e/0x70 [ 76.747011][ T8403] __probe_event_disable+0x11e/0x240 [ 76.752320][ T8403] probe_event_disable+0x155/0x1c0 [ 76.757485][ T8403] trace_uprobe_register+0x45a/0x880 [ 76.762780][ T8403] ? trace_uprobe_register+0x3ef/0x880 [ 76.768239][ T8403] ? rcu_read_lock_sched_held+0x3a/0x70 [ 76.773790][ T8403] perf_trace_event_unreg.isra.0+0xac/0x250 [ 76.779686][ T8403] perf_uprobe_destroy+0xbb/0x130 [ 76.788729][ T8403] ? perf_uprobe_init+0x210/0x210 [ 76.793780][ T8403] _free_event+0x2ee/0x1380 [ 76.798295][ T8403] perf_event_release_kernel+0xa24/0xe00 [ 76.803942][ T8403] ? fsnotify_first_mark+0x1f0/0x1f0 [ 76.809244][ T8403] ? __perf_event_exit_context+0x170/0x170 [ 76.815072][ T8403] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 76.821462][ T8403] perf_release+0x33/0x40 [ 76.825815][ T8403] __fput+0x283/0x920 [ 76.829804][ T8403] ? perf_event_release_kernel+0xe00/0xe00 [ 76.835692][ T8403] task_work_run+0xdd/0x190 [ 76.840215][ T8403] do_exit+0xc5c/0x2ae0 [ 76.844381][ T8403] ? mm_update_next_owner+0x7a0/0x7a0 [ 76.849746][ T8403] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.855978][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.862240][ T8403] do_group_exit+0x125/0x310 [ 76.868219][ T8403] __x64_sys_exit_group+0x3a/0x50 [ 76.873501][ T8403] do_syscall_64+0x2d/0x70 [ 76.877930][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.883838][ T8403] RIP: 0033:0x43ddc9 [ 76.887720][ T8403] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 76.894755][ T8403] RSP: 002b:00007ffc36ec8958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.903173][ T8403] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 76.911135][ T8403] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.919108][ T8403] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 76.927073][ T8403] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 76.935031][ T8403] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 76.943018][ T8403] [ 76.945343][ T8403] Allocated by task 8403: [ 76.949850][ T8403] kasan_save_stack+0x1b/0x40 [ 76.954524][ T8403] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 76.960773][ T8403] __uprobe_register+0x19c/0x850 [ 76.965723][ T8403] probe_event_enable+0x441/0xa00 [ 76.970832][ T8403] trace_uprobe_register+0x443/0x880 [ 76.976308][ T8403] perf_trace_event_init+0x549/0xa20 [ 76.981603][ T8403] perf_uprobe_init+0x16f/0x210 [ 76.986456][ T8403] perf_uprobe_event_init+0xff/0x1c0 [ 76.992077][ T8403] perf_try_init_event+0x12a/0x560 [ 76.997176][ T8403] perf_event_alloc.part.0+0xe3b/0x3960 [ 77.002719][ T8403] __do_sys_perf_event_open+0x647/0x2e60 [ 77.008350][ T8403] do_syscall_64+0x2d/0x70 [ 77.012773][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.019189][ T8403] [ 77.022121][ T8403] Freed by task 8403: [ 77.026129][ T8403] kasan_save_stack+0x1b/0x40 [ 77.030809][ T8403] kasan_set_track+0x1c/0x30 [ 77.035402][ T8403] kasan_set_free_info+0x20/0x30 [ 77.040381][ T8403] ____kasan_slab_free.part.0+0xe1/0x110 [ 77.046174][ T8403] slab_free_freelist_hook+0x82/0x1d0 [ 77.051536][ T8403] kfree+0xe5/0x7b0 [ 77.055518][ T8403] put_uprobe+0x13b/0x190 [ 77.059854][ T8403] uprobe_apply+0xfc/0x130 [ 77.064466][ T8403] trace_uprobe_register+0x5c9/0x880 [ 77.069752][ T8403] perf_trace_event_init+0x17a/0xa20 [ 77.076864][ T8403] perf_uprobe_init+0x16f/0x210 [ 77.081761][ T8403] perf_uprobe_event_init+0xff/0x1c0 [ 77.087054][ T8403] perf_try_init_event+0x12a/0x560 [ 77.092174][ T8403] perf_event_alloc.part.0+0xe3b/0x3960 [ 77.097967][ T8403] __do_sys_perf_event_open+0x647/0x2e60 [ 77.103597][ T8403] do_syscall_64+0x2d/0x70 [ 77.108015][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.113911][ T8403] [ 77.116241][ T8403] The buggy address belongs to the object at ffff888019500000 [ 77.116241][ T8403] which belongs to the cache kmalloc-512 of size 512 [ 77.130347][ T8403] The buggy address is located 360 bytes inside of [ 77.130347][ T8403] 512-byte region [ffff888019500000, ffff888019500200) [ 77.143980][ T8403] The buggy address belongs to the page: [ 77.149605][ T8403] page:00000000e94ed8f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19500 [ 77.160807][ T8403] head:00000000e94ed8f8 order:1 compound_mapcount:0 [ 77.168429][ T8403] flags: 0xfff00000010200(slab|head) [ 77.173814][ T8403] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 77.182393][ T8403] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 77.190972][ T8403] page dumped because: kasan: bad access detected [ 77.197646][ T8403] [ 77.199969][ T8403] Memory state around the buggy address: [ 77.205598][ T8403] ffff888019500000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.213660][ T8403] ffff888019500080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.224167][ T8403] >ffff888019500100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.232234][ T8403] ^ [ 77.239698][ T8403] ffff888019500180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.247754][ T8403] ffff888019500200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.255823][ T8403] ================================================================== [ 77.264161][ T8403] Disabling lock debugging due to kernel taint [ 77.270783][ T8403] Kernel panic - not syncing: panic_on_warn set ... [ 77.277420][ T8403] CPU: 0 PID: 8403 Comm: syz-executor355 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 77.288805][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.298881][ T8403] Call Trace: [ 77.302173][ T8403] dump_stack+0x107/0x163 [ 77.306983][ T8403] ? find_uprobe+0x90/0x150 [ 77.311504][ T8403] panic+0x306/0x73d [ 77.315420][ T8403] ? __warn_printk+0xf3/0xf3 [ 77.320167][ T8403] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 77.326574][ T8403] ? trace_hardirqs_on+0x38/0x1c0 [ 77.331613][ T8403] ? trace_hardirqs_on+0x51/0x1c0 [ 77.336649][ T8403] ? find_uprobe+0x12c/0x150 [ 77.341377][ T8403] ? find_uprobe+0x12c/0x150 [ 77.345992][ T8403] end_report.cold+0x5a/0x5a [ 77.350626][ T8403] kasan_report.cold+0x6a/0xd8 [ 77.355611][ T8403] ? find_uprobe+0x12c/0x150 [ 77.360234][ T8403] find_uprobe+0x12c/0x150 [ 77.364667][ T8403] uprobe_unregister+0x1e/0x70 [ 77.369451][ T8403] __probe_event_disable+0x11e/0x240 [ 77.374802][ T8403] probe_event_disable+0x155/0x1c0 [ 77.380027][ T8403] trace_uprobe_register+0x45a/0x880 [ 77.385471][ T8403] ? trace_uprobe_register+0x3ef/0x880 [ 77.390954][ T8403] ? rcu_read_lock_sched_held+0x3a/0x70 [ 77.396535][ T8403] perf_trace_event_unreg.isra.0+0xac/0x250 [ 77.402546][ T8403] perf_uprobe_destroy+0xbb/0x130 [ 77.407581][ T8403] ? perf_uprobe_init+0x210/0x210 [ 77.412611][ T8403] _free_event+0x2ee/0x1380 [ 77.417270][ T8403] perf_event_release_kernel+0xa24/0xe00 [ 77.422910][ T8403] ? fsnotify_first_mark+0x1f0/0x1f0 [ 77.428214][ T8403] ? __perf_event_exit_context+0x170/0x170 [ 77.434149][ T8403] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 77.440389][ T8403] perf_release+0x33/0x40 [ 77.444817][ T8403] __fput+0x283/0x920 [ 77.448802][ T8403] ? perf_event_release_kernel+0xe00/0xe00 [ 77.454630][ T8403] task_work_run+0xdd/0x190 [ 77.459233][ T8403] do_exit+0xc5c/0x2ae0 [ 77.463395][ T8403] ? mm_update_next_owner+0x7a0/0x7a0 [ 77.468766][ T8403] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 77.475031][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.481278][ T8403] do_group_exit+0x125/0x310 [ 77.485876][ T8403] __x64_sys_exit_group+0x3a/0x50 [ 77.490911][ T8403] do_syscall_64+0x2d/0x70 [ 77.495344][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.501386][ T8403] RIP: 0033:0x43ddc9 [ 77.505276][ T8403] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 77.512161][ T8403] RSP: 002b:00007ffc36ec8958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 77.520680][ T8403] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 77.528660][ T8403] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 77.536625][ T8403] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 77.544590][ T8403] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 77.552575][ T8403] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 77.561168][ T8403] Kernel Offset: disabled [ 77.565499][ T8403] Rebooting in 86400 seconds..