[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.168635][ T8417] ================================================================== [ 75.177236][ T8417] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 75.184192][ T8417] Read of size 8 at addr ffff888011bb4568 by task syz-executor189/8417 [ 75.192422][ T8417] [ 75.194757][ T8417] CPU: 1 PID: 8417 Comm: syz-executor189 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 75.204719][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.214765][ T8417] Call Trace: [ 75.218049][ T8417] dump_stack+0x107/0x163 [ 75.222406][ T8417] ? find_uprobe+0x12c/0x150 [ 75.226986][ T8417] ? find_uprobe+0x12c/0x150 [ 75.231560][ T8417] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 75.238661][ T8417] ? find_uprobe+0x12c/0x150 [ 75.243635][ T8417] ? find_uprobe+0x12c/0x150 [ 75.248509][ T8417] kasan_report.cold+0x7c/0xd8 [ 75.253279][ T8417] ? find_uprobe+0x12c/0x150 [ 75.257998][ T8417] find_uprobe+0x12c/0x150 [ 75.262599][ T8417] uprobe_unregister+0x1e/0x70 [ 75.268257][ T8417] __probe_event_disable+0x11e/0x240 [ 75.273724][ T8417] probe_event_disable+0x155/0x1c0 [ 75.278840][ T8417] trace_uprobe_register+0x45a/0x880 [ 75.284117][ T8417] ? trace_uprobe_register+0x3ef/0x880 [ 75.289659][ T8417] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.295209][ T8417] perf_trace_event_unreg.isra.0+0xac/0x250 [ 75.301092][ T8417] perf_uprobe_destroy+0xbb/0x130 [ 75.306102][ T8417] ? perf_uprobe_init+0x210/0x210 [ 75.311111][ T8417] _free_event+0x2ee/0x1380 [ 75.315605][ T8417] perf_event_release_kernel+0xa24/0xe00 [ 75.321223][ T8417] ? fsnotify_first_mark+0x1f0/0x1f0 [ 75.326514][ T8417] ? __perf_event_exit_context+0x170/0x170 [ 75.332308][ T8417] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.338561][ T8417] perf_release+0x33/0x40 [ 75.342890][ T8417] __fput+0x283/0x920 [ 75.346857][ T8417] ? perf_event_release_kernel+0xe00/0xe00 [ 75.352652][ T8417] task_work_run+0xdd/0x190 [ 75.357160][ T8417] do_exit+0xc5c/0x2ae0 [ 75.361308][ T8417] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.366681][ T8417] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.372906][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.379156][ T8417] do_group_exit+0x125/0x310 [ 75.383758][ T8417] __x64_sys_exit_group+0x3a/0x50 [ 75.389099][ T8417] do_syscall_64+0x2d/0x70 [ 75.393518][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.399406][ T8417] RIP: 0033:0x43daf9 [ 75.403307][ T8417] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 75.410131][ T8417] RSP: 002b:00007ffd24dc6558 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.418532][ T8417] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 75.426577][ T8417] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 75.434894][ T8417] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 75.442850][ T8417] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 75.450820][ T8417] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 75.458786][ T8417] [ 75.461094][ T8417] Allocated by task 8417: [ 75.465398][ T8417] kasan_save_stack+0x1b/0x40 [ 75.470086][ T8417] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 75.475879][ T8417] __uprobe_register+0x19c/0x850 [ 75.480823][ T8417] probe_event_enable+0x357/0xa00 [ 75.485922][ T8417] trace_uprobe_register+0x443/0x880 [ 75.491194][ T8417] perf_trace_event_init+0x549/0xa20 [ 75.496483][ T8417] perf_uprobe_init+0x16f/0x210 [ 75.501327][ T8417] perf_uprobe_event_init+0xff/0x1c0 [ 75.506595][ T8417] perf_try_init_event+0x12a/0x560 [ 75.511685][ T8417] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.517228][ T8417] __do_sys_perf_event_open+0x647/0x2e60 [ 75.522847][ T8417] do_syscall_64+0x2d/0x70 [ 75.527247][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.533130][ T8417] [ 75.535445][ T8417] Freed by task 8417: [ 75.539409][ T8417] kasan_save_stack+0x1b/0x40 [ 75.544079][ T8417] kasan_set_track+0x1c/0x30 [ 75.548667][ T8417] kasan_set_free_info+0x20/0x30 [ 75.553590][ T8417] ____kasan_slab_free.part.0+0xe1/0x110 [ 75.559214][ T8417] slab_free_freelist_hook+0x82/0x1d0 [ 75.564586][ T8417] kfree+0xe5/0x7b0 [ 75.568380][ T8417] put_uprobe+0x13b/0x190 [ 75.572693][ T8417] uprobe_apply+0xfc/0x130 [ 75.577092][ T8417] trace_uprobe_register+0x5c9/0x880 [ 75.582359][ T8417] perf_trace_event_init+0x17a/0xa20 [ 75.587624][ T8417] perf_uprobe_init+0x16f/0x210 [ 75.592456][ T8417] perf_uprobe_event_init+0xff/0x1c0 [ 75.597723][ T8417] perf_try_init_event+0x12a/0x560 [ 75.602828][ T8417] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.608356][ T8417] __do_sys_perf_event_open+0x647/0x2e60 [ 75.613972][ T8417] do_syscall_64+0x2d/0x70 [ 75.618386][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.624264][ T8417] [ 75.626567][ T8417] The buggy address belongs to the object at ffff888011bb4400 [ 75.626567][ T8417] which belongs to the cache kmalloc-512 of size 512 [ 75.640700][ T8417] The buggy address is located 360 bytes inside of [ 75.640700][ T8417] 512-byte region [ffff888011bb4400, ffff888011bb4600) [ 75.653968][ T8417] The buggy address belongs to the page: [ 75.659596][ T8417] page:00000000ad042b10 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bb4 [ 75.669736][ T8417] head:00000000ad042b10 order:1 compound_mapcount:0 [ 75.676302][ T8417] flags: 0xfff00000010200(slab|head) [ 75.681575][ T8417] raw: 00fff00000010200 ffffea0000817e80 0000000700000002 ffff888010841c80 [ 75.690138][ T8417] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 75.698696][ T8417] page dumped because: kasan: bad access detected [ 75.705096][ T8417] [ 75.707401][ T8417] Memory state around the buggy address: [ 75.713025][ T8417] ffff888011bb4400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.721067][ T8417] ffff888011bb4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.729134][ T8417] >ffff888011bb4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.737173][ T8417] ^ [ 75.744610][ T8417] ffff888011bb4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.752653][ T8417] ffff888011bb4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.760706][ T8417] ================================================================== [ 75.768755][ T8417] Disabling lock debugging due to kernel taint [ 75.775034][ T8417] Kernel panic - not syncing: panic_on_warn set ... [ 75.781628][ T8417] CPU: 1 PID: 8417 Comm: syz-executor189 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 75.793018][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.803100][ T8417] Call Trace: [ 75.806376][ T8417] dump_stack+0x107/0x163 [ 75.810691][ T8417] ? find_uprobe+0x90/0x150 [ 75.815283][ T8417] panic+0x306/0x73d [ 75.819170][ T8417] ? __warn_printk+0xf3/0xf3 [ 75.823763][ T8417] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 75.829901][ T8417] ? trace_hardirqs_on+0x38/0x1c0 [ 75.834918][ T8417] ? trace_hardirqs_on+0x51/0x1c0 [ 75.839922][ T8417] ? find_uprobe+0x12c/0x150 [ 75.844507][ T8417] ? find_uprobe+0x12c/0x150 [ 75.849090][ T8417] end_report.cold+0x5a/0x5a [ 75.853672][ T8417] kasan_report.cold+0x6a/0xd8 [ 75.858425][ T8417] ? find_uprobe+0x12c/0x150 [ 75.862994][ T8417] find_uprobe+0x12c/0x150 [ 75.867393][ T8417] uprobe_unregister+0x1e/0x70 [ 75.872146][ T8417] __probe_event_disable+0x11e/0x240 [ 75.877413][ T8417] probe_event_disable+0x155/0x1c0 [ 75.882516][ T8417] trace_uprobe_register+0x45a/0x880 [ 75.887780][ T8417] ? trace_uprobe_register+0x3ef/0x880 [ 75.893218][ T8417] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.898749][ T8417] perf_trace_event_unreg.isra.0+0xac/0x250 [ 75.904635][ T8417] perf_uprobe_destroy+0xbb/0x130 [ 75.909653][ T8417] ? perf_uprobe_init+0x210/0x210 [ 75.914671][ T8417] _free_event+0x2ee/0x1380 [ 75.919174][ T8417] perf_event_release_kernel+0xa24/0xe00 [ 75.924801][ T8417] ? fsnotify_first_mark+0x1f0/0x1f0 [ 75.930083][ T8417] ? __perf_event_exit_context+0x170/0x170 [ 75.935891][ T8417] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.942142][ T8417] perf_release+0x33/0x40 [ 75.946458][ T8417] __fput+0x283/0x920 [ 75.950428][ T8417] ? perf_event_release_kernel+0xe00/0xe00 [ 75.956217][ T8417] task_work_run+0xdd/0x190 [ 75.960758][ T8417] do_exit+0xc5c/0x2ae0 [ 75.964900][ T8417] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.975117][ T8417] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.981340][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.987561][ T8417] do_group_exit+0x125/0x310 [ 75.992136][ T8417] __x64_sys_exit_group+0x3a/0x50 [ 75.997258][ T8417] do_syscall_64+0x2d/0x70 [ 76.001670][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.007559][ T8417] RIP: 0033:0x43daf9 [ 76.011435][ T8417] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 76.018267][ T8417] RSP: 002b:00007ffd24dc6558 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.027092][ T8417] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 76.035073][ T8417] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.043033][ T8417] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 76.050990][ T8417] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 76.058976][ T8417] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 76.067773][ T8417] Kernel Offset: disabled [ 76.072217][ T8417] Rebooting in 86400 seconds..