[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 74.801620][ T8415] ================================================================== [ 74.810034][ T8415] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 74.817371][ T8415] Read of size 8 at addr ffff888014180568 by task syz-executor188/8415 [ 74.827037][ T8415] [ 74.829673][ T8415] CPU: 1 PID: 8415 Comm: syz-executor188 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 74.842418][ T8415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.852762][ T8415] Call Trace: [ 74.856075][ T8415] dump_stack+0x107/0x163 [ 74.860751][ T8415] ? find_uprobe+0x12c/0x150 [ 74.865624][ T8415] ? find_uprobe+0x12c/0x150 [ 74.874150][ T8415] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 74.882153][ T8415] ? find_uprobe+0x12c/0x150 [ 74.887967][ T8415] ? find_uprobe+0x12c/0x150 [ 74.893449][ T8415] kasan_report.cold+0x7c/0xd8 [ 74.898486][ T8415] ? find_uprobe+0x12c/0x150 [ 74.903112][ T8415] find_uprobe+0x12c/0x150 [ 74.907584][ T8415] uprobe_unregister+0x1e/0x70 [ 74.912451][ T8415] __probe_event_disable+0x11e/0x240 [ 74.917775][ T8415] probe_event_disable+0x155/0x1c0 [ 74.923064][ T8415] trace_uprobe_register+0x45a/0x880 [ 74.928476][ T8415] ? trace_uprobe_register+0x3ef/0x880 [ 74.934131][ T8415] ? rcu_read_lock_sched_held+0x3a/0x70 [ 74.941405][ T8415] perf_trace_event_unreg.isra.0+0xac/0x250 [ 74.948127][ T8415] perf_uprobe_destroy+0xbb/0x130 [ 74.953465][ T8415] ? perf_uprobe_init+0x210/0x210 [ 74.958587][ T8415] _free_event+0x2ee/0x1380 [ 74.963184][ T8415] perf_event_release_kernel+0xa24/0xe00 [ 74.968830][ T8415] ? fsnotify_first_mark+0x1f0/0x1f0 [ 74.974113][ T8415] ? __perf_event_exit_context+0x170/0x170 [ 74.979954][ T8415] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 74.986220][ T8415] perf_release+0x33/0x40 [ 74.990576][ T8415] __fput+0x283/0x920 [ 74.994660][ T8415] ? perf_event_release_kernel+0xe00/0xe00 [ 75.001030][ T8415] task_work_run+0xdd/0x190 [ 75.005558][ T8415] do_exit+0xc5c/0x2ae0 [ 75.018206][ T8415] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.023589][ T8415] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.029838][ T8415] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.036097][ T8415] do_group_exit+0x125/0x310 [ 75.040712][ T8415] __x64_sys_exit_group+0x3a/0x50 [ 75.045762][ T8415] do_syscall_64+0x2d/0x70 [ 75.050351][ T8415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.056349][ T8415] RIP: 0033:0x43daf9 [ 75.060242][ T8415] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 75.067188][ T8415] RSP: 002b:00007ffd7ed9cc18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.075609][ T8415] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 75.083589][ T8415] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 75.091757][ T8415] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 75.100389][ T8415] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 75.108573][ T8415] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 75.116797][ T8415] [ 75.119140][ T8415] Allocated by task 8415: [ 75.123568][ T8415] kasan_save_stack+0x1b/0x40 [ 75.128283][ T8415] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 75.134107][ T8415] __uprobe_register+0x19c/0x850 [ 75.139056][ T8415] probe_event_enable+0x357/0xa00 [ 75.144089][ T8415] trace_uprobe_register+0x443/0x880 [ 75.149562][ T8415] perf_trace_event_init+0x549/0xa20 [ 75.154867][ T8415] perf_uprobe_init+0x16f/0x210 [ 75.159715][ T8415] perf_uprobe_event_init+0xff/0x1c0 [ 75.165201][ T8415] perf_try_init_event+0x12a/0x560 [ 75.170339][ T8415] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.175894][ T8415] __do_sys_perf_event_open+0x647/0x2e60 [ 75.181685][ T8415] do_syscall_64+0x2d/0x70 [ 75.186209][ T8415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.192587][ T8415] [ 75.195003][ T8415] Freed by task 8415: [ 75.198967][ T8415] kasan_save_stack+0x1b/0x40 [ 75.203646][ T8415] kasan_set_track+0x1c/0x30 [ 75.208233][ T8415] kasan_set_free_info+0x20/0x30 [ 75.213195][ T8415] ____kasan_slab_free.part.0+0xe1/0x110 [ 75.218829][ T8415] slab_free_freelist_hook+0x82/0x1d0 [ 75.224217][ T8415] kfree+0xe5/0x7b0 [ 75.228028][ T8415] put_uprobe+0x13b/0x190 [ 75.232385][ T8415] uprobe_apply+0xfc/0x130 [ 75.236908][ T8415] trace_uprobe_register+0x5c9/0x880 [ 75.242317][ T8415] perf_trace_event_init+0x17a/0xa20 [ 75.247613][ T8415] perf_uprobe_init+0x16f/0x210 [ 75.252474][ T8415] perf_uprobe_event_init+0xff/0x1c0 [ 75.257777][ T8415] perf_try_init_event+0x12a/0x560 [ 75.263297][ T8415] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.269021][ T8415] __do_sys_perf_event_open+0x647/0x2e60 [ 75.274680][ T8415] do_syscall_64+0x2d/0x70 [ 75.279116][ T8415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.285025][ T8415] [ 75.287342][ T8415] The buggy address belongs to the object at ffff888014180400 [ 75.287342][ T8415] which belongs to the cache kmalloc-512 of size 512 [ 75.301420][ T8415] The buggy address is located 360 bytes inside of [ 75.301420][ T8415] 512-byte region [ffff888014180400, ffff888014180600) [ 75.314795][ T8415] The buggy address belongs to the page: [ 75.320472][ T8415] page:00000000f182ac35 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14180 [ 75.330737][ T8415] head:00000000f182ac35 order:1 compound_mapcount:0 [ 75.337674][ T8415] flags: 0xfff00000010200(slab|head) [ 75.343238][ T8415] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888010841c80 [ 75.351893][ T8415] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 75.360709][ T8415] page dumped because: kasan: bad access detected [ 75.367346][ T8415] [ 75.369662][ T8415] Memory state around the buggy address: [ 75.375300][ T8415] ffff888014180400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.383377][ T8415] ffff888014180480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.393330][ T8415] >ffff888014180500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.401405][ T8415] ^ [ 75.408901][ T8415] ffff888014180580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.417000][ T8415] ffff888014180600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.425089][ T8415] ================================================================== [ 75.433167][ T8415] Disabling lock debugging due to kernel taint [ 75.440079][ T8415] Kernel panic - not syncing: panic_on_warn set ... [ 75.447511][ T8415] CPU: 1 PID: 8415 Comm: syz-executor188 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 75.459110][ T8415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.469211][ T8415] Call Trace: [ 75.472508][ T8415] dump_stack+0x107/0x163 [ 75.476854][ T8415] ? find_uprobe+0x90/0x150 [ 75.481358][ T8415] panic+0x306/0x73d [ 75.485244][ T8415] ? __warn_printk+0xf3/0xf3 [ 75.489924][ T8415] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 75.496203][ T8415] ? trace_hardirqs_on+0x38/0x1c0 [ 75.501545][ T8415] ? trace_hardirqs_on+0x51/0x1c0 [ 75.506867][ T8415] ? find_uprobe+0x12c/0x150 [ 75.512279][ T8415] ? find_uprobe+0x12c/0x150 [ 75.516877][ T8415] end_report.cold+0x5a/0x5a [ 75.522356][ T8415] kasan_report.cold+0x6a/0xd8 [ 75.527499][ T8415] ? find_uprobe+0x12c/0x150 [ 75.532886][ T8415] find_uprobe+0x12c/0x150 [ 75.537601][ T8415] uprobe_unregister+0x1e/0x70 [ 75.542568][ T8415] __probe_event_disable+0x11e/0x240 [ 75.548688][ T8415] probe_event_disable+0x155/0x1c0 [ 75.553813][ T8415] trace_uprobe_register+0x45a/0x880 [ 75.559101][ T8415] ? trace_uprobe_register+0x3ef/0x880 [ 75.564772][ T8415] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.570323][ T8415] perf_trace_event_unreg.isra.0+0xac/0x250 [ 75.576210][ T8415] perf_uprobe_destroy+0xbb/0x130 [ 75.581248][ T8415] ? perf_uprobe_init+0x210/0x210 [ 75.586351][ T8415] _free_event+0x2ee/0x1380 [ 75.590851][ T8415] perf_event_release_kernel+0xa24/0xe00 [ 75.596488][ T8415] ? fsnotify_first_mark+0x1f0/0x1f0 [ 75.601778][ T8415] ? __perf_event_exit_context+0x170/0x170 [ 75.607591][ T8415] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.613830][ T8415] perf_release+0x33/0x40 [ 75.618148][ T8415] __fput+0x283/0x920 [ 75.622140][ T8415] ? perf_event_release_kernel+0xe00/0xe00 [ 75.628018][ T8415] task_work_run+0xdd/0x190 [ 75.632537][ T8415] do_exit+0xc5c/0x2ae0 [ 75.636703][ T8415] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.642096][ T8415] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.648346][ T8415] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.654591][ T8415] do_group_exit+0x125/0x310 [ 75.659193][ T8415] __x64_sys_exit_group+0x3a/0x50 [ 75.664237][ T8415] do_syscall_64+0x2d/0x70 [ 75.668701][ T8415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.674665][ T8415] RIP: 0033:0x43daf9 [ 75.678561][ T8415] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 75.685405][ T8415] RSP: 002b:00007ffd7ed9cc18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.693944][ T8415] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 75.702197][ T8415] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 75.710173][ T8415] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 75.718159][ T8415] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 75.726239][ T8415] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 75.734865][ T8415] Kernel Offset: disabled [ 75.739186][ T8415] Rebooting in 86400 seconds..