[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.093124][ T36] audit: type=1804 audit(1612556150.906:2): pid=8424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor146" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 68.118453][ T8424] [ 68.120802][ T8424] ========================= [ 68.125296][ T8424] WARNING: held lock freed! [ 68.129776][ T8424] 5.11.0-rc6-next-20210205-syzkaller #0 Not tainted [ 68.136361][ T8424] ------------------------- [ 68.141806][ T8424] syz-executor146/8424 is freeing memory ffff888014c83800-ffff888014c839ff, with a lock still held there! [ 68.153081][ T8424] ffff888014c83890 (&uprobe->register_rwsem){+.+.}-{3:3}, at: uprobe_unregister+0x37/0x70 [ 68.163013][ T8424] 2 locks held by syz-executor146/8424: [ 68.168545][ T8424] #0: ffffffff8bfe1328 (event_mutex){+.+.}-{3:3}, at: perf_uprobe_destroy+0x23/0x130 [ 68.178173][ T8424] #1: ffff888014c83890 (&uprobe->register_rwsem){+.+.}-{3:3}, at: uprobe_unregister+0x37/0x70 [ 68.188579][ T8424] [ 68.188579][ T8424] stack backtrace: [ 68.194474][ T8424] CPU: 0 PID: 8424 Comm: syz-executor146 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 68.204458][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.214543][ T8424] Call Trace: [ 68.217827][ T8424] dump_stack+0x107/0x163 [ 68.222189][ T8424] debug_check_no_locks_freed.cold+0x9d/0xa9 [ 68.228530][ T8424] ? lockdep_hardirqs_off+0x90/0xd0 [ 68.233744][ T8424] slab_free_freelist_hook+0xd8/0x1d0 [ 68.239148][ T8424] kfree+0xe5/0x7b0 [ 68.242947][ T8424] ? put_uprobe+0x13b/0x190 [ 68.247437][ T8424] ? rwlock_bug.part.0+0x90/0x90 [ 68.252362][ T8424] put_uprobe+0x13b/0x190 [ 68.256691][ T8424] __uprobe_unregister+0x1e5/0x260 [ 68.261791][ T8424] uprobe_unregister+0x42/0x70 [ 68.266541][ T8424] __probe_event_disable+0x11e/0x240 [ 68.271817][ T8424] probe_event_disable+0x155/0x1c0 [ 68.276913][ T8424] trace_uprobe_register+0x45a/0x880 [ 68.282184][ T8424] ? trace_uprobe_register+0x3ef/0x880 [ 68.287627][ T8424] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.293158][ T8424] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.299037][ T8424] perf_uprobe_destroy+0xbb/0x130 [ 68.304058][ T8424] ? perf_uprobe_init+0x210/0x210 [ 68.309102][ T8424] _free_event+0x2ee/0x1380 [ 68.313611][ T8424] perf_event_release_kernel+0xa24/0xe00 [ 68.319287][ T8424] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.324562][ T8424] ? __perf_event_exit_context+0x170/0x170 [ 68.330356][ T8424] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.336586][ T8424] perf_release+0x33/0x40 [ 68.340915][ T8424] __fput+0x283/0x920 [ 68.344883][ T8424] ? perf_event_release_kernel+0xe00/0xe00 [ 68.350697][ T8424] task_work_run+0xdd/0x190 [ 68.355187][ T8424] do_exit+0xc5c/0x2ae0 [ 68.359331][ T8424] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.364689][ T8424] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.370929][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.377159][ T8424] do_group_exit+0x125/0x310 [ 68.381740][ T8424] __x64_sys_exit_group+0x3a/0x50 [ 68.386749][ T8424] do_syscall_64+0x2d/0x70 [ 68.391164][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.397079][ T8424] RIP: 0033:0x43db19 [ 68.400957][ T8424] Code: Unable to access opcode bytes at RIP 0x43daef. [ 68.407779][ T8424] RSP: 002b:00007ffd9444ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.416173][ T8424] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db19 [ 68.424142][ T8424] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 68.432096][ T8424] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 68.440074][ T8424] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 68.448027][ T8424] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 68.456801][ T8424] ================================================================== [ 68.464888][ T8424] BUG: KASAN: use-after-free in up_write+0x488/0x560 [ 68.471578][ T8424] Read of size 8 at addr ffff888014c83888 by task syz-executor146/8424 [ 68.479818][ T8424] [ 68.482138][ T8424] CPU: 0 PID: 8424 Comm: syz-executor146 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 68.492096][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.502135][ T8424] Call Trace: [ 68.505402][ T8424] dump_stack+0x107/0x163 [ 68.509720][ T8424] ? up_write+0x488/0x560 [ 68.514034][ T8424] ? up_write+0x488/0x560 [ 68.518371][ T8424] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 68.525382][ T8424] ? up_write+0x488/0x560 [ 68.529695][ T8424] ? up_write+0x488/0x560 [ 68.534021][ T8424] kasan_report.cold+0x7c/0xd8 [ 68.538786][ T8424] ? up_write+0x488/0x560 [ 68.543098][ T8424] up_write+0x488/0x560 [ 68.547250][ T8424] ? downgrade_write+0x3a0/0x3a0 [ 68.552183][ T8424] ? put_uprobe+0x13b/0x190 [ 68.556674][ T8424] ? __uprobe_unregister+0x1e5/0x260 [ 68.561947][ T8424] uprobe_unregister+0x4a/0x70 [ 68.566700][ T8424] __probe_event_disable+0x11e/0x240 [ 68.571985][ T8424] probe_event_disable+0x155/0x1c0 [ 68.577085][ T8424] trace_uprobe_register+0x45a/0x880 [ 68.582356][ T8424] ? trace_uprobe_register+0x3ef/0x880 [ 68.587814][ T8424] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.593345][ T8424] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.599223][ T8424] perf_uprobe_destroy+0xbb/0x130 [ 68.604234][ T8424] ? perf_uprobe_init+0x210/0x210 [ 68.609255][ T8424] _free_event+0x2ee/0x1380 [ 68.613744][ T8424] perf_event_release_kernel+0xa24/0xe00 [ 68.619385][ T8424] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.624674][ T8424] ? __perf_event_exit_context+0x170/0x170 [ 68.630477][ T8424] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.636725][ T8424] perf_release+0x33/0x40 [ 68.641046][ T8424] __fput+0x283/0x920 [ 68.645022][ T8424] ? perf_event_release_kernel+0xe00/0xe00 [ 68.650817][ T8424] task_work_run+0xdd/0x190 [ 68.655311][ T8424] do_exit+0xc5c/0x2ae0 [ 68.659456][ T8424] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.664823][ T8424] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.671051][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.677298][ T8424] do_group_exit+0x125/0x310 [ 68.681876][ T8424] __x64_sys_exit_group+0x3a/0x50 [ 68.686889][ T8424] do_syscall_64+0x2d/0x70 [ 68.691292][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.697176][ T8424] RIP: 0033:0x43db19 [ 68.701068][ T8424] Code: Unable to access opcode bytes at RIP 0x43daef. [ 68.707956][ T8424] RSP: 002b:00007ffd9444ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.716374][ T8424] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db19 [ 68.724329][ T8424] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 68.732295][ T8424] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 68.740250][ T8424] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 68.748205][ T8424] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 68.756163][ T8424] [ 68.758483][ T8424] Allocated by task 8424: [ 68.762799][ T8424] kasan_save_stack+0x1b/0x40 [ 68.767464][ T8424] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 68.773252][ T8424] __uprobe_register+0x19c/0x850 [ 68.778175][ T8424] probe_event_enable+0x441/0xa00 [ 68.783199][ T8424] trace_uprobe_register+0x443/0x880 [ 68.788468][ T8424] perf_trace_event_init+0x549/0xa20 [ 68.793760][ T8424] perf_uprobe_init+0x16f/0x210 [ 68.798592][ T8424] perf_uprobe_event_init+0xff/0x1c0 [ 68.803876][ T8424] perf_try_init_event+0x12a/0x560 [ 68.808981][ T8424] perf_event_alloc.part.0+0xe3b/0x3960 [ 68.814514][ T8424] __do_sys_perf_event_open+0x647/0x2e60 [ 68.820132][ T8424] do_syscall_64+0x2d/0x70 [ 68.824530][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.830408][ T8424] [ 68.832712][ T8424] Freed by task 8424: [ 68.836682][ T8424] kasan_save_stack+0x1b/0x40 [ 68.841343][ T8424] kasan_set_track+0x1c/0x30 [ 68.845915][ T8424] kasan_set_free_info+0x20/0x30 [ 68.850848][ T8424] ____kasan_slab_free.part.0+0xe1/0x110 [ 68.856467][ T8424] slab_free_freelist_hook+0x82/0x1d0 [ 68.861832][ T8424] kfree+0xe5/0x7b0 [ 68.865728][ T8424] put_uprobe+0x13b/0x190 [ 68.870143][ T8424] __uprobe_unregister+0x1e5/0x260 [ 68.875237][ T8424] uprobe_unregister+0x42/0x70 [ 68.879998][ T8424] __probe_event_disable+0x11e/0x240 [ 68.885267][ T8424] probe_event_disable+0x155/0x1c0 [ 68.890377][ T8424] trace_uprobe_register+0x45a/0x880 [ 68.895653][ T8424] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.901579][ T8424] perf_uprobe_destroy+0xbb/0x130 [ 68.906592][ T8424] _free_event+0x2ee/0x1380 [ 68.911082][ T8424] perf_event_release_kernel+0xa24/0xe00 [ 68.916699][ T8424] perf_release+0x33/0x40 [ 68.921026][ T8424] __fput+0x283/0x920 [ 68.924993][ T8424] task_work_run+0xdd/0x190 [ 68.929480][ T8424] do_exit+0xc5c/0x2ae0 [ 68.933631][ T8424] do_group_exit+0x125/0x310 [ 68.938294][ T8424] __x64_sys_exit_group+0x3a/0x50 [ 68.943307][ T8424] do_syscall_64+0x2d/0x70 [ 68.947714][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.953607][ T8424] [ 68.955931][ T8424] The buggy address belongs to the object at ffff888014c83800 [ 68.955931][ T8424] which belongs to the cache kmalloc-512 of size 512 [ 68.969969][ T8424] The buggy address is located 136 bytes inside of [ 68.969969][ T8424] 512-byte region [ffff888014c83800, ffff888014c83a00) [ 68.983244][ T8424] The buggy address belongs to the page: [ 68.988868][ T8424] page:0000000084dcae2b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14c82 [ 68.999002][ T8424] head:0000000084dcae2b order:1 compound_mapcount:0 [ 69.005569][ T8424] flags: 0xfff00000010200(slab|head) [ 69.010843][ T8424] raw: 00fff00000010200 0000000000000000 0000000600000001 ffff888010841c80 [ 69.019413][ T8424] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 69.027984][ T8424] page dumped because: kasan: bad access detected [ 69.034371][ T8424] [ 69.036689][ T8424] Memory state around the buggy address: [ 69.042298][ T8424] ffff888014c83780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.050341][ T8424] ffff888014c83800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.058384][ T8424] >ffff888014c83880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.066423][ T8424] ^ [ 69.070729][ T8424] ffff888014c83900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.078771][ T8424] ffff888014c83980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.086813][ T8424] ================================================================== [ 69.096031][ T8424] Kernel panic - not syncing: panic_on_warn set ... [ 69.102628][ T8424] CPU: 0 PID: 8424 Comm: syz-executor146 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 69.114006][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.124071][ T8424] Call Trace: [ 69.127355][ T8424] dump_stack+0x107/0x163 [ 69.131707][ T8424] ? up_write+0x440/0x560 [ 69.136047][ T8424] panic+0x306/0x73d [ 69.139949][ T8424] ? __warn_printk+0xf3/0xf3 [ 69.144525][ T8424] ? preempt_schedule_common+0x59/0xc0 [ 69.149971][ T8424] ? up_write+0x488/0x560 [ 69.154284][ T8424] ? preempt_schedule_thunk+0x16/0x18 [ 69.159641][ T8424] ? trace_hardirqs_on+0x38/0x1c0 [ 69.164654][ T8424] ? trace_hardirqs_on+0x51/0x1c0 [ 69.169664][ T8424] ? up_write+0x488/0x560 [ 69.173979][ T8424] ? up_write+0x488/0x560 [ 69.178292][ T8424] end_report.cold+0x5a/0x5a [ 69.182870][ T8424] kasan_report.cold+0x6a/0xd8 [ 69.187624][ T8424] ? up_write+0x488/0x560 [ 69.191986][ T8424] up_write+0x488/0x560 [ 69.196133][ T8424] ? downgrade_write+0x3a0/0x3a0 [ 69.201068][ T8424] ? put_uprobe+0x13b/0x190 [ 69.205572][ T8424] ? __uprobe_unregister+0x1e5/0x260 [ 69.211039][ T8424] uprobe_unregister+0x4a/0x70 [ 69.215809][ T8424] __probe_event_disable+0x11e/0x240 [ 69.221081][ T8424] probe_event_disable+0x155/0x1c0 [ 69.226194][ T8424] trace_uprobe_register+0x45a/0x880 [ 69.231477][ T8424] ? trace_uprobe_register+0x3ef/0x880 [ 69.236937][ T8424] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.242481][ T8424] perf_trace_event_unreg.isra.0+0xac/0x250 [ 69.248380][ T8424] perf_uprobe_destroy+0xbb/0x130 [ 69.253387][ T8424] ? perf_uprobe_init+0x210/0x210 [ 69.258395][ T8424] _free_event+0x2ee/0x1380 [ 69.262908][ T8424] perf_event_release_kernel+0xa24/0xe00 [ 69.268528][ T8424] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.273802][ T8424] ? __perf_event_exit_context+0x170/0x170 [ 69.279591][ T8424] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.285819][ T8424] perf_release+0x33/0x40 [ 69.290132][ T8424] __fput+0x283/0x920 [ 69.294104][ T8424] ? perf_event_release_kernel+0xe00/0xe00 [ 69.299903][ T8424] task_work_run+0xdd/0x190 [ 69.304394][ T8424] do_exit+0xc5c/0x2ae0 [ 69.308538][ T8424] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.313915][ T8424] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.320142][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.326385][ T8424] do_group_exit+0x125/0x310 [ 69.330974][ T8424] __x64_sys_exit_group+0x3a/0x50 [ 69.335986][ T8424] do_syscall_64+0x2d/0x70 [ 69.340408][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.346289][ T8424] RIP: 0033:0x43db19 [ 69.350178][ T8424] Code: Unable to access opcode bytes at RIP 0x43daef. [ 69.357001][ T8424] RSP: 002b:00007ffd9444ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.365408][ T8424] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db19 [ 69.373390][ T8424] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.381347][ T8424] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 69.389301][ T8424] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 69.397280][ T8424] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.405298][ T8424] Kernel Offset: disabled [ 69.409626][ T8424] Rebooting in 86400 seconds..