[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 68.111385][ T8423] ==================================================================
[ 68.119716][ T8423] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150
[ 68.126656][ T8423] Read of size 8 at addr ffff88801c9d1d68 by task syz-executor805/8423
[ 68.134979][ T8423]
[ 68.137290][ T8423] CPU: 1 PID: 8423 Comm: syz-executor805 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0
[ 68.147859][ T8423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.157943][ T8423] Call Trace:
[ 68.161226][ T8423] dump_stack+0x107/0x163
[ 68.165556][ T8423] ? find_uprobe+0x12c/0x150
[ 68.170136][ T8423] ? find_uprobe+0x12c/0x150
[ 68.174713][ T8423] print_address_description.constprop.0.cold+0x5b/0x2f8
[ 68.181760][ T8423] ? find_uprobe+0x12c/0x150
[ 68.186339][ T8423] ? find_uprobe+0x12c/0x150
[ 68.190920][ T8423] kasan_report.cold+0x7c/0xd8
[ 68.195670][ T8423] ? find_uprobe+0x12c/0x150
[ 68.200247][ T8423] find_uprobe+0x12c/0x150
[ 68.204651][ T8423] uprobe_unregister+0x1e/0x70
[ 68.209420][ T8423] __probe_event_disable+0x11e/0x240
[ 68.214695][ T8423] probe_event_disable+0x155/0x1c0
[ 68.219806][ T8423] trace_uprobe_register+0x45a/0x880
[ 68.225080][ T8423] ? trace_uprobe_register+0x3ef/0x880
[ 68.230536][ T8423] ? rcu_read_lock_sched_held+0x3a/0x70
[ 68.236079][ T8423] perf_trace_event_unreg.isra.0+0xac/0x250
[ 68.241962][ T8423] perf_uprobe_destroy+0xbb/0x130
[ 68.246983][ T8423] ? perf_uprobe_init+0x210/0x210
[ 68.251991][ T8423] _free_event+0x2ee/0x1380
[ 68.256485][ T8423] perf_event_release_kernel+0xa24/0xe00
[ 68.262102][ T8423] ? fsnotify_first_mark+0x1f0/0x1f0
[ 68.267379][ T8423] ? __perf_event_exit_context+0x170/0x170
[ 68.273189][ T8423] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 68.279424][ T8423] perf_release+0x33/0x40
[ 68.283740][ T8423] __fput+0x283/0x920
[ 68.287718][ T8423] ? perf_event_release_kernel+0xe00/0xe00
[ 68.293585][ T8423] task_work_run+0xdd/0x190
[ 68.298117][ T8423] do_exit+0xc5c/0x2ae0
[ 68.302411][ T8423] ? mm_update_next_owner+0x7a0/0x7a0
[ 68.307828][ T8423] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 68.314093][ T8423] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 68.320376][ T8423] do_group_exit+0x125/0x310
[ 68.324991][ T8423] __x64_sys_exit_group+0x3a/0x50
[ 68.330038][ T8423] do_syscall_64+0x2d/0x70
[ 68.334469][ T8423] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 68.340380][ T8423] RIP: 0033:0x43daf9
[ 68.344266][ T8423] Code: Unable to access opcode bytes at RIP 0x43dacf.
[ 68.351100][ T8423] RSP: 002b:00007ffcd183ad58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 68.359508][ T8423] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9
[ 68.367466][ T8423] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 68.375426][ T8423] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[ 68.383383][ T8423] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230
[ 68.391337][ T8423] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 68.399308][ T8423]
[ 68.401617][ T8423] Allocated by task 8423:
[ 68.405922][ T8423] kasan_save_stack+0x1b/0x40
[ 68.410587][ T8423] ____kasan_kmalloc.constprop.0+0xa0/0xd0
[ 68.416379][ T8423] __uprobe_register+0x19c/0x850
[ 68.421309][ T8423] probe_event_enable+0x357/0xa00
[ 68.426320][ T8423] trace_uprobe_register+0x443/0x880
[ 68.431601][ T8423] perf_trace_event_init+0x549/0xa20
[ 68.436869][ T8423] perf_uprobe_init+0x16f/0x210
[ 68.441708][ T8423] perf_uprobe_event_init+0xff/0x1c0
[ 68.446976][ T8423] perf_try_init_event+0x12a/0x560
[ 68.452073][ T8423] perf_event_alloc.part.0+0xe3b/0x3960
[ 68.457624][ T8423] __do_sys_perf_event_open+0x647/0x2e60
[ 68.463245][ T8423] do_syscall_64+0x2d/0x70
[ 68.467671][ T8423] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 68.473566][ T8423]
[ 68.475873][ T8423] Freed by task 8423:
[ 68.479836][ T8423] kasan_save_stack+0x1b/0x40
[ 68.484505][ T8423] kasan_set_track+0x1c/0x30
[ 68.489081][ T8423] kasan_set_free_info+0x20/0x30
[ 68.494048][ T8423] ____kasan_slab_free.part.0+0xe1/0x110
[ 68.499664][ T8423] slab_free_freelist_hook+0x82/0x1d0
[ 68.505026][ T8423] kfree+0xe5/0x7b0
[ 68.508820][ T8423] put_uprobe+0x13b/0x190
[ 68.513140][ T8423] uprobe_apply+0xfc/0x130
[ 68.517569][ T8423] trace_uprobe_register+0x5c9/0x880
[ 68.522933][ T8423] perf_trace_event_init+0x17a/0xa20
[ 68.528200][ T8423] perf_uprobe_init+0x16f/0x210
[ 68.533036][ T8423] perf_uprobe_event_init+0xff/0x1c0
[ 68.538304][ T8423] perf_try_init_event+0x12a/0x560
[ 68.543395][ T8423] perf_event_alloc.part.0+0xe3b/0x3960
[ 68.548925][ T8423] __do_sys_perf_event_open+0x647/0x2e60
[ 68.554542][ T8423] do_syscall_64+0x2d/0x70
[ 68.558940][ T8423] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 68.564818][ T8423]
[ 68.567123][ T8423] The buggy address belongs to the object at ffff88801c9d1c00
[ 68.567123][ T8423] which belongs to the cache kmalloc-512 of size 512
[ 68.581262][ T8423] The buggy address is located 360 bytes inside of
[ 68.581262][ T8423] 512-byte region [ffff88801c9d1c00, ffff88801c9d1e00)
[ 68.594521][ T8423] The buggy address belongs to the page:
[ 68.600133][ T8423] page:00000000690f3938 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c9d0
[ 68.610267][ T8423] head:00000000690f3938 order:1 compound_mapcount:0
[ 68.616836][ T8423] flags: 0xfff00000010200(slab|head)
[ 68.622173][ T8423] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80
[ 68.630749][ T8423] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 68.639317][ T8423] page dumped because: kasan: bad access detected
[ 68.645896][ T8423]
[ 68.648217][ T8423] Memory state around the buggy address:
[ 68.653829][ T8423] ffff88801c9d1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.661927][ T8423] ffff88801c9d1c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.669978][ T8423] >ffff88801c9d1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.678021][ T8423] ^
[ 68.685457][ T8423] ffff88801c9d1d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.693501][ T8423] ffff88801c9d1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.701543][ T8423] ==================================================================
[ 68.709579][ T8423] Disabling lock debugging due to kernel taint
[ 68.715836][ T8423] Kernel panic - not syncing: panic_on_warn set ...
[ 68.722399][ T8423] CPU: 1 PID: 8423 Comm: syz-executor805 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0
[ 68.733742][ T8423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.743793][ T8423] Call Trace:
[ 68.747057][ T8423] dump_stack+0x107/0x163
[ 68.751416][ T8423] ? find_uprobe+0x90/0x150
[ 68.755903][ T8423] panic+0x306/0x73d
[ 68.759776][ T8423] ? __warn_printk+0xf3/0xf3
[ 68.764345][ T8423] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 68.770486][ T8423] ? trace_hardirqs_on+0x38/0x1c0
[ 68.775492][ T8423] ? trace_hardirqs_on+0x51/0x1c0
[ 68.780509][ T8423] ? find_uprobe+0x12c/0x150
[ 68.785078][ T8423] ? find_uprobe+0x12c/0x150
[ 68.789648][ T8423] end_report.cold+0x5a/0x5a
[ 68.794228][ T8423] kasan_report.cold+0x6a/0xd8
[ 68.798970][ T8423] ? find_uprobe+0x12c/0x150
[ 68.803553][ T8423] find_uprobe+0x12c/0x150
[ 68.807950][ T8423] uprobe_unregister+0x1e/0x70
[ 68.812696][ T8423] __probe_event_disable+0x11e/0x240
[ 68.817977][ T8423] probe_event_disable+0x155/0x1c0
[ 68.823070][ T8423] trace_uprobe_register+0x45a/0x880
[ 68.828367][ T8423] ? trace_uprobe_register+0x3ef/0x880
[ 68.833826][ T8423] ? rcu_read_lock_sched_held+0x3a/0x70
[ 68.839361][ T8423] perf_trace_event_unreg.isra.0+0xac/0x250
[ 68.845236][ T8423] perf_uprobe_destroy+0xbb/0x130
[ 68.850254][ T8423] ? perf_uprobe_init+0x210/0x210
[ 68.855272][ T8423] _free_event+0x2ee/0x1380
[ 68.859769][ T8423] perf_event_release_kernel+0xa24/0xe00
[ 68.865381][ T8423] ? fsnotify_first_mark+0x1f0/0x1f0
[ 68.870661][ T8423] ? __perf_event_exit_context+0x170/0x170
[ 68.876450][ T8423] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 68.882690][ T8423] perf_release+0x33/0x40
[ 68.887002][ T8423] __fput+0x283/0x920
[ 68.890985][ T8423] ? perf_event_release_kernel+0xe00/0xe00
[ 68.896771][ T8423] task_work_run+0xdd/0x190
[ 68.901260][ T8423] do_exit+0xc5c/0x2ae0
[ 68.905402][ T8423] ? mm_update_next_owner+0x7a0/0x7a0
[ 68.910755][ T8423] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 68.917007][ T8423] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 68.923237][ T8423] do_group_exit+0x125/0x310
[ 68.927810][ T8423] __x64_sys_exit_group+0x3a/0x50
[ 68.932823][ T8423] do_syscall_64+0x2d/0x70
[ 68.937223][ T8423] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 68.943104][ T8423] RIP: 0033:0x43daf9
[ 68.946978][ T8423] Code: Unable to access opcode bytes at RIP 0x43dacf.
[ 68.953800][ T8423] RSP: 002b:00007ffcd183ad58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 68.962191][ T8423] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9
[ 68.970141][ T8423] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 68.978089][ T8423] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[ 68.986040][ T8423] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230
[ 68.994091][ T8423] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 69.002754][ T8423] Kernel Offset: disabled
[ 69.007068][ T8423] Rebooting in 86400 seconds..