Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program [ 72.155173][ T36] audit: type=1804 audit(1612674933.338:2): pid=8384 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor714" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 72.179696][ T8384] ================================================================== [ 72.188385][ T8384] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 72.195387][ T8384] Read of size 8 at addr ffff8880141e5d68 by task syz-executor714/8384 [ 72.203613][ T8384] [ 72.205926][ T8384] CPU: 1 PID: 8384 Comm: syz-executor714 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.215896][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.225938][ T8384] Call Trace: [ 72.229381][ T8384] dump_stack+0x107/0x163 [ 72.233715][ T8384] ? find_uprobe+0x12c/0x150 [ 72.238297][ T8384] ? find_uprobe+0x12c/0x150 [ 72.242871][ T8384] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.249896][ T8384] ? find_uprobe+0x12c/0x150 [ 72.254513][ T8384] ? find_uprobe+0x12c/0x150 [ 72.259088][ T8384] kasan_report.cold+0x7c/0xd8 [ 72.263847][ T8384] ? find_uprobe+0x12c/0x150 [ 72.268426][ T8384] find_uprobe+0x12c/0x150 [ 72.272831][ T8384] uprobe_unregister+0x1e/0x70 [ 72.277585][ T8384] __probe_event_disable+0x11e/0x240 [ 72.282862][ T8384] probe_event_disable+0x155/0x1c0 [ 72.288076][ T8384] trace_uprobe_register+0x45a/0x880 [ 72.293372][ T8384] ? trace_uprobe_register+0x3ef/0x880 [ 72.298827][ T8384] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.304375][ T8384] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.310261][ T8384] perf_uprobe_destroy+0xbb/0x130 [ 72.315282][ T8384] ? perf_uprobe_init+0x210/0x210 [ 72.320292][ T8384] _free_event+0x2ee/0x1380 [ 72.324803][ T8384] perf_event_release_kernel+0xa24/0xe00 [ 72.330525][ T8384] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.335812][ T8384] ? __perf_event_exit_context+0x170/0x170 [ 72.341620][ T8384] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.347850][ T8384] perf_release+0x33/0x40 [ 72.352177][ T8384] __fput+0x283/0x920 [ 72.356162][ T8384] ? perf_event_release_kernel+0xe00/0xe00 [ 72.361957][ T8384] task_work_run+0xdd/0x190 [ 72.366452][ T8384] do_exit+0xc5c/0x2ae0 [ 72.370600][ T8384] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.375974][ T8384] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.382208][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.388447][ T8384] do_group_exit+0x125/0x310 [ 72.393045][ T8384] __x64_sys_exit_group+0x3a/0x50 [ 72.398056][ T8384] do_syscall_64+0x2d/0x70 [ 72.402459][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.408363][ T8384] RIP: 0033:0x43db29 [ 72.412256][ T8384] Code: Unable to access opcode bytes at RIP 0x43daff. [ 72.419077][ T8384] RSP: 002b:00007ffeba220628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.427473][ T8384] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 72.435430][ T8384] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.443386][ T8384] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.451353][ T8384] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.459319][ T8384] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.467284][ T8384] [ 72.469604][ T8384] Allocated by task 8384: [ 72.473913][ T8384] kasan_save_stack+0x1b/0x40 [ 72.478578][ T8384] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 72.484371][ T8384] __uprobe_register+0x19c/0x850 [ 72.489305][ T8384] probe_event_enable+0x357/0xa00 [ 72.494321][ T8384] trace_uprobe_register+0x443/0x880 [ 72.499591][ T8384] perf_trace_event_init+0x549/0xa20 [ 72.504873][ T8384] perf_uprobe_init+0x16f/0x210 [ 72.509710][ T8384] perf_uprobe_event_init+0xff/0x1c0 [ 72.515008][ T8384] perf_try_init_event+0x12a/0x560 [ 72.520106][ T8384] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.525648][ T8384] __do_sys_perf_event_open+0x647/0x2e60 [ 72.531278][ T8384] do_syscall_64+0x2d/0x70 [ 72.535679][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.541556][ T8384] [ 72.543860][ T8384] Freed by task 8384: [ 72.547814][ T8384] kasan_save_stack+0x1b/0x40 [ 72.552474][ T8384] kasan_set_track+0x1c/0x30 [ 72.557045][ T8384] kasan_set_free_info+0x20/0x30 [ 72.561968][ T8384] ____kasan_slab_free.part.0+0xe1/0x110 [ 72.567584][ T8384] slab_free_freelist_hook+0x82/0x1d0 [ 72.572954][ T8384] kfree+0xe5/0x7b0 [ 72.576747][ T8384] put_uprobe+0x13b/0x190 [ 72.581062][ T8384] uprobe_apply+0xfc/0x130 [ 72.585464][ T8384] trace_uprobe_register+0x5c9/0x880 [ 72.590734][ T8384] perf_trace_event_init+0x17a/0xa20 [ 72.596005][ T8384] perf_uprobe_init+0x16f/0x210 [ 72.600836][ T8384] perf_uprobe_event_init+0xff/0x1c0 [ 72.606101][ T8384] perf_try_init_event+0x12a/0x560 [ 72.611194][ T8384] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.616722][ T8384] __do_sys_perf_event_open+0x647/0x2e60 [ 72.622353][ T8384] do_syscall_64+0x2d/0x70 [ 72.626864][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.632742][ T8384] [ 72.635068][ T8384] The buggy address belongs to the object at ffff8880141e5c00 [ 72.635068][ T8384] which belongs to the cache kmalloc-512 of size 512 [ 72.649100][ T8384] The buggy address is located 360 bytes inside of [ 72.649100][ T8384] 512-byte region [ffff8880141e5c00, ffff8880141e5e00) [ 72.662355][ T8384] The buggy address belongs to the page: [ 72.667964][ T8384] page:000000004017686a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141e4 [ 72.678106][ T8384] head:000000004017686a order:1 compound_mapcount:0 [ 72.684673][ T8384] flags: 0xfff00000010200(slab|head) [ 72.689947][ T8384] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 72.701128][ T8384] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 72.709694][ T8384] page dumped because: kasan: bad access detected [ 72.716110][ T8384] [ 72.718413][ T8384] Memory state around the buggy address: [ 72.724019][ T8384] ffff8880141e5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.732078][ T8384] ffff8880141e5c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.740221][ T8384] >ffff8880141e5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.748271][ T8384] ^ [ 72.755748][ T8384] ffff8880141e5d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.763797][ T8384] ffff8880141e5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.771837][ T8384] ================================================================== [ 72.779876][ T8384] Disabling lock debugging due to kernel taint [ 72.786287][ T8384] Kernel panic - not syncing: panic_on_warn set ... [ 72.792871][ T8384] CPU: 1 PID: 8384 Comm: syz-executor714 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.804243][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.814299][ T8384] Call Trace: [ 72.817561][ T8384] dump_stack+0x107/0x163 [ 72.821874][ T8384] ? find_uprobe+0x90/0x150 [ 72.826390][ T8384] panic+0x306/0x73d [ 72.830268][ T8384] ? __warn_printk+0xf3/0xf3 [ 72.834837][ T8384] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.840989][ T8384] ? trace_hardirqs_on+0x38/0x1c0 [ 72.845995][ T8384] ? trace_hardirqs_on+0x51/0x1c0 [ 72.851012][ T8384] ? find_uprobe+0x12c/0x150 [ 72.855584][ T8384] ? find_uprobe+0x12c/0x150 [ 72.860152][ T8384] end_report.cold+0x5a/0x5a [ 72.864735][ T8384] kasan_report.cold+0x6a/0xd8 [ 72.869486][ T8384] ? find_uprobe+0x12c/0x150 [ 72.874069][ T8384] find_uprobe+0x12c/0x150 [ 72.878467][ T8384] uprobe_unregister+0x1e/0x70 [ 72.883212][ T8384] __probe_event_disable+0x11e/0x240 [ 72.888482][ T8384] probe_event_disable+0x155/0x1c0 [ 72.893574][ T8384] trace_uprobe_register+0x45a/0x880 [ 72.898842][ T8384] ? trace_uprobe_register+0x3ef/0x880 [ 72.904282][ T8384] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.909811][ T8384] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.915701][ T8384] perf_uprobe_destroy+0xbb/0x130 [ 72.920706][ T8384] ? perf_uprobe_init+0x210/0x210 [ 72.925713][ T8384] _free_event+0x2ee/0x1380 [ 72.930214][ T8384] perf_event_release_kernel+0xa24/0xe00 [ 72.935838][ T8384] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.941105][ T8384] ? __perf_event_exit_context+0x170/0x170 [ 72.946892][ T8384] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.953135][ T8384] perf_release+0x33/0x40 [ 72.957444][ T8384] __fput+0x283/0x920 [ 72.961404][ T8384] ? perf_event_release_kernel+0xe00/0xe00 [ 72.967203][ T8384] task_work_run+0xdd/0x190 [ 72.971690][ T8384] do_exit+0xc5c/0x2ae0 [ 72.975826][ T8384] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.981177][ T8384] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.987434][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.993669][ T8384] do_group_exit+0x125/0x310 [ 72.998255][ T8384] __x64_sys_exit_group+0x3a/0x50 [ 73.003484][ T8384] do_syscall_64+0x2d/0x70 [ 73.007881][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.013758][ T8384] RIP: 0033:0x43db29 [ 73.017662][ T8384] Code: Unable to access opcode bytes at RIP 0x43daff. [ 73.024480][ T8384] RSP: 002b:00007ffeba220628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.032871][ T8384] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 73.040820][ T8384] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.048788][ T8384] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 73.056795][ T8384] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 73.064781][ T8384] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.073345][ T8384] Kernel Offset: disabled [ 73.077666][ T8384] Rebooting in 86400 seconds..