[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.071248][ T8407] ================================================================== [ 73.079816][ T8407] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 73.086970][ T8407] Read of size 8 at addr ffff8880155aa968 by task syz-executor273/8407 [ 73.095387][ T8407] [ 73.097711][ T8407] CPU: 1 PID: 8407 Comm: syz-executor273 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 73.107874][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.119098][ T8407] Call Trace: [ 73.122480][ T8407] dump_stack+0x107/0x163 [ 73.126842][ T8407] ? find_uprobe+0x12c/0x150 [ 73.131465][ T8407] ? find_uprobe+0x12c/0x150 [ 73.136077][ T8407] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 73.143126][ T8407] ? find_uprobe+0x12c/0x150 [ 73.147745][ T8407] ? find_uprobe+0x12c/0x150 [ 73.152350][ T8407] kasan_report.cold+0x7c/0xd8 [ 73.157489][ T8407] ? find_uprobe+0x12c/0x150 [ 73.162105][ T8407] find_uprobe+0x12c/0x150 [ 73.166805][ T8407] uprobe_unregister+0x1e/0x70 [ 73.172111][ T8407] __probe_event_disable+0x11e/0x240 [ 73.177411][ T8407] probe_event_disable+0x155/0x1c0 [ 73.182540][ T8407] trace_uprobe_register+0x45a/0x880 [ 73.187960][ T8407] ? trace_uprobe_register+0x3ef/0x880 [ 73.193488][ T8407] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.199421][ T8407] perf_trace_event_unreg.isra.0+0xac/0x250 [ 73.205346][ T8407] perf_uprobe_destroy+0xbb/0x130 [ 73.210387][ T8407] ? perf_uprobe_init+0x210/0x210 [ 73.215549][ T8407] _free_event+0x2ee/0x1380 [ 73.220074][ T8407] perf_event_release_kernel+0xa24/0xe00 [ 73.225917][ T8407] ? fsnotify_first_mark+0x1f0/0x1f0 [ 73.231265][ T8407] ? __perf_event_exit_context+0x170/0x170 [ 73.237098][ T8407] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.244047][ T8407] perf_release+0x33/0x40 [ 73.248415][ T8407] __fput+0x283/0x920 [ 73.252606][ T8407] ? perf_event_release_kernel+0xe00/0xe00 [ 73.258437][ T8407] task_work_run+0xdd/0x190 [ 73.262970][ T8407] do_exit+0xc5c/0x2ae0 [ 73.268069][ T8407] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.273674][ T8407] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.280036][ T8407] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.286753][ T8407] do_group_exit+0x125/0x310 [ 73.291372][ T8407] __x64_sys_exit_group+0x3a/0x50 [ 73.296541][ T8407] do_syscall_64+0x2d/0x70 [ 73.300970][ T8407] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.306877][ T8407] RIP: 0033:0x43daf9 [ 73.310776][ T8407] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 73.317653][ T8407] RSP: 002b:00007ffeac6f9948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.326281][ T8407] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 73.334262][ T8407] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.342251][ T8407] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 73.350697][ T8407] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 73.359298][ T8407] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.367743][ T8407] [ 73.370084][ T8407] Allocated by task 8407: [ 73.374626][ T8407] kasan_save_stack+0x1b/0x40 [ 73.379422][ T8407] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 73.385248][ T8407] __uprobe_register+0x19c/0x850 [ 73.390225][ T8407] probe_event_enable+0x357/0xa00 [ 73.395351][ T8407] trace_uprobe_register+0x443/0x880 [ 73.400661][ T8407] perf_trace_event_init+0x549/0xa20 [ 73.406672][ T8407] perf_uprobe_init+0x16f/0x210 [ 73.411534][ T8407] perf_uprobe_event_init+0xff/0x1c0 [ 73.416835][ T8407] perf_try_init_event+0x12a/0x560 [ 73.422077][ T8407] perf_event_alloc.part.0+0xe3b/0x3960 [ 73.427803][ T8407] __do_sys_perf_event_open+0x647/0x2e60 [ 73.433453][ T8407] do_syscall_64+0x2d/0x70 [ 73.437977][ T8407] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.443927][ T8407] [ 73.446250][ T8407] Freed by task 8407: [ 73.450232][ T8407] kasan_save_stack+0x1b/0x40 [ 73.454931][ T8407] kasan_set_track+0x1c/0x30 [ 73.459523][ T8407] kasan_set_free_info+0x20/0x30 [ 73.464665][ T8407] ____kasan_slab_free.part.0+0xe1/0x110 [ 73.470418][ T8407] slab_free_freelist_hook+0x82/0x1d0 [ 73.475799][ T8407] kfree+0xe5/0x7b0 [ 73.479621][ T8407] put_uprobe+0x13b/0x190 [ 73.484239][ T8407] uprobe_apply+0xfc/0x130 [ 73.489293][ T8407] trace_uprobe_register+0x5c9/0x880 [ 73.494601][ T8407] perf_trace_event_init+0x17a/0xa20 [ 73.499892][ T8407] perf_uprobe_init+0x16f/0x210 [ 73.504760][ T8407] perf_uprobe_event_init+0xff/0x1c0 [ 73.510107][ T8407] perf_try_init_event+0x12a/0x560 [ 73.515260][ T8407] perf_event_alloc.part.0+0xe3b/0x3960 [ 73.520902][ T8407] __do_sys_perf_event_open+0x647/0x2e60 [ 73.526948][ T8407] do_syscall_64+0x2d/0x70 [ 73.531400][ T8407] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.537740][ T8407] [ 73.540402][ T8407] The buggy address belongs to the object at ffff8880155aa800 [ 73.540402][ T8407] which belongs to the cache kmalloc-512 of size 512 [ 73.556660][ T8407] The buggy address is located 360 bytes inside of [ 73.556660][ T8407] 512-byte region [ffff8880155aa800, ffff8880155aaa00) [ 73.570577][ T8407] The buggy address belongs to the page: [ 73.576848][ T8407] page:000000000676117c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155aa [ 73.588450][ T8407] head:000000000676117c order:1 compound_mapcount:0 [ 73.595079][ T8407] flags: 0xfff00000010200(slab|head) [ 73.600815][ T8407] raw: 00fff00000010200 0000000000000000 0000000700000001 ffff888010841c80 [ 73.609674][ T8407] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 73.619349][ T8407] page dumped because: kasan: bad access detected [ 73.626619][ T8407] [ 73.629230][ T8407] Memory state around the buggy address: [ 73.634866][ T8407] ffff8880155aa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.643513][ T8407] ffff8880155aa880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.651668][ T8407] >ffff8880155aa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.659863][ T8407] ^ [ 73.667689][ T8407] ffff8880155aa980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.675969][ T8407] ffff8880155aaa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.684031][ T8407] ================================================================== [ 73.692266][ T8407] Disabling lock debugging due to kernel taint [ 73.699322][ T8407] Kernel panic - not syncing: panic_on_warn set ... [ 73.706637][ T8407] CPU: 1 PID: 8407 Comm: syz-executor273 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 73.718030][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.728393][ T8407] Call Trace: [ 73.731962][ T8407] dump_stack+0x107/0x163 [ 73.736840][ T8407] ? find_uprobe+0x90/0x150 [ 73.741711][ T8407] panic+0x306/0x73d [ 73.745613][ T8407] ? __warn_printk+0xf3/0xf3 [ 73.750278][ T8407] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 73.756640][ T8407] ? trace_hardirqs_on+0x38/0x1c0 [ 73.762293][ T8407] ? trace_hardirqs_on+0x51/0x1c0 [ 73.767803][ T8407] ? find_uprobe+0x12c/0x150 [ 73.772487][ T8407] ? find_uprobe+0x12c/0x150 [ 73.777254][ T8407] end_report.cold+0x5a/0x5a [ 73.783775][ T8407] kasan_report.cold+0x6a/0xd8 [ 73.788565][ T8407] ? find_uprobe+0x12c/0x150 [ 73.793421][ T8407] find_uprobe+0x12c/0x150 [ 73.797845][ T8407] uprobe_unregister+0x1e/0x70 [ 73.802640][ T8407] __probe_event_disable+0x11e/0x240 [ 73.808981][ T8407] probe_event_disable+0x155/0x1c0 [ 73.814145][ T8407] trace_uprobe_register+0x45a/0x880 [ 73.819561][ T8407] ? trace_uprobe_register+0x3ef/0x880 [ 73.825032][ T8407] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.830897][ T8407] perf_trace_event_unreg.isra.0+0xac/0x250 [ 73.836967][ T8407] perf_uprobe_destroy+0xbb/0x130 [ 73.842145][ T8407] ? perf_uprobe_init+0x210/0x210 [ 73.847194][ T8407] _free_event+0x2ee/0x1380 [ 73.851740][ T8407] perf_event_release_kernel+0xa24/0xe00 [ 73.857378][ T8407] ? fsnotify_first_mark+0x1f0/0x1f0 [ 73.862675][ T8407] ? __perf_event_exit_context+0x170/0x170 [ 73.868824][ T8407] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.875090][ T8407] perf_release+0x33/0x40 [ 73.879884][ T8407] __fput+0x283/0x920 [ 73.884770][ T8407] ? perf_event_release_kernel+0xe00/0xe00 [ 73.891458][ T8407] task_work_run+0xdd/0x190 [ 73.895978][ T8407] do_exit+0xc5c/0x2ae0 [ 73.900584][ T8407] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.906351][ T8407] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.912607][ T8407] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.918868][ T8407] do_group_exit+0x125/0x310 [ 73.923464][ T8407] __x64_sys_exit_group+0x3a/0x50 [ 73.928531][ T8407] do_syscall_64+0x2d/0x70 [ 73.933048][ T8407] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.938964][ T8407] RIP: 0033:0x43daf9 [ 73.942853][ T8407] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 73.949839][ T8407] RSP: 002b:00007ffeac6f9948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.958258][ T8407] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 73.966593][ T8407] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.974686][ T8407] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 73.983030][ T8407] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 73.991007][ T8407] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.999631][ T8407] Kernel Offset: disabled [ 74.004253][ T8407] Rebooting in 86400 seconds..