Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.267583][ T36] audit: type=1804 audit(1612743216.539:2): pid=8396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor643" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 71.297492][ T8396] ================================================================== [ 71.305765][ T8396] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 71.312741][ T8396] Read of size 8 at addr ffff888021bd8168 by task syz-executor643/8396 [ 71.320989][ T8396] [ 71.323319][ T8396] CPU: 0 PID: 8396 Comm: syz-executor643 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 71.333342][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.343438][ T8396] Call Trace: [ 71.346706][ T8396] dump_stack+0x107/0x163 [ 71.351069][ T8396] ? find_uprobe+0x12c/0x150 [ 71.355647][ T8396] ? find_uprobe+0x12c/0x150 [ 71.360235][ T8396] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.367247][ T8396] ? find_uprobe+0x12c/0x150 [ 71.371837][ T8396] ? find_uprobe+0x12c/0x150 [ 71.376411][ T8396] kasan_report.cold+0x7c/0xd8 [ 71.381162][ T8396] ? find_uprobe+0x12c/0x150 [ 71.385865][ T8396] find_uprobe+0x12c/0x150 [ 71.390309][ T8396] uprobe_unregister+0x1e/0x70 [ 71.395062][ T8396] __probe_event_disable+0x11e/0x240 [ 71.400337][ T8396] probe_event_disable+0x155/0x1c0 [ 71.405435][ T8396] trace_uprobe_register+0x45a/0x880 [ 71.410728][ T8396] ? trace_uprobe_register+0x3ef/0x880 [ 71.416175][ T8396] ? rcu_read_lock_sched_held+0x3a/0x70 [ 71.421710][ T8396] perf_trace_event_unreg.isra.0+0xac/0x250 [ 71.427591][ T8396] perf_uprobe_destroy+0xbb/0x130 [ 71.432600][ T8396] ? perf_uprobe_init+0x210/0x210 [ 71.437607][ T8396] _free_event+0x2ee/0x1380 [ 71.442115][ T8396] perf_event_release_kernel+0xa24/0xe00 [ 71.447752][ T8396] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.453028][ T8396] ? __perf_event_exit_context+0x170/0x170 [ 71.458822][ T8396] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 71.465051][ T8396] perf_release+0x33/0x40 [ 71.469387][ T8396] __fput+0x283/0x920 [ 71.473357][ T8396] ? perf_event_release_kernel+0xe00/0xe00 [ 71.479151][ T8396] task_work_run+0xdd/0x190 [ 71.483642][ T8396] do_exit+0xc5c/0x2ae0 [ 71.487794][ T8396] ? mm_update_next_owner+0x7a0/0x7a0 [ 71.493154][ T8396] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.499380][ T8396] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.505617][ T8396] do_group_exit+0x125/0x310 [ 71.510196][ T8396] __x64_sys_exit_group+0x3a/0x50 [ 71.515207][ T8396] do_syscall_64+0x2d/0x70 [ 71.519607][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.525486][ T8396] RIP: 0033:0x43db29 [ 71.529364][ T8396] Code: Unable to access opcode bytes at RIP 0x43daff. [ 71.536188][ T8396] RSP: 002b:00007fffc3560718 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.544581][ T8396] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 71.552535][ T8396] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 71.560491][ T8396] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 71.568446][ T8396] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 71.576401][ T8396] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 71.584383][ T8396] [ 71.586690][ T8396] Allocated by task 8396: [ 71.591015][ T8396] kasan_save_stack+0x1b/0x40 [ 71.595684][ T8396] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 71.601472][ T8396] __uprobe_register+0x19c/0x850 [ 71.606395][ T8396] probe_event_enable+0x357/0xa00 [ 71.611419][ T8396] trace_uprobe_register+0x443/0x880 [ 71.616686][ T8396] perf_trace_event_init+0x549/0xa20 [ 71.621951][ T8396] perf_uprobe_init+0x16f/0x210 [ 71.626784][ T8396] perf_uprobe_event_init+0xff/0x1c0 [ 71.632055][ T8396] perf_try_init_event+0x12a/0x560 [ 71.637146][ T8396] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.642674][ T8396] __do_sys_perf_event_open+0x647/0x2e60 [ 71.648289][ T8396] do_syscall_64+0x2d/0x70 [ 71.652687][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.658582][ T8396] [ 71.660887][ T8396] Freed by task 8396: [ 71.664846][ T8396] kasan_save_stack+0x1b/0x40 [ 71.669507][ T8396] kasan_set_track+0x1c/0x30 [ 71.674083][ T8396] kasan_set_free_info+0x20/0x30 [ 71.679017][ T8396] ____kasan_slab_free.part.0+0xe1/0x110 [ 71.684652][ T8396] slab_free_freelist_hook+0x82/0x1d0 [ 71.690008][ T8396] kfree+0xe5/0x7b0 [ 71.693825][ T8396] put_uprobe+0x13b/0x190 [ 71.698139][ T8396] uprobe_apply+0xfc/0x130 [ 71.702535][ T8396] trace_uprobe_register+0x5c9/0x880 [ 71.707822][ T8396] perf_trace_event_init+0x17a/0xa20 [ 71.713108][ T8396] perf_uprobe_init+0x16f/0x210 [ 71.717939][ T8396] perf_uprobe_event_init+0xff/0x1c0 [ 71.723206][ T8396] perf_try_init_event+0x12a/0x560 [ 71.728300][ T8396] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.733847][ T8396] __do_sys_perf_event_open+0x647/0x2e60 [ 71.739463][ T8396] do_syscall_64+0x2d/0x70 [ 71.743875][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.749776][ T8396] [ 71.752083][ T8396] The buggy address belongs to the object at ffff888021bd8000 [ 71.752083][ T8396] which belongs to the cache kmalloc-512 of size 512 [ 71.766115][ T8396] The buggy address is located 360 bytes inside of [ 71.766115][ T8396] 512-byte region [ffff888021bd8000, ffff888021bd8200) [ 71.779491][ T8396] The buggy address belongs to the page: [ 71.785100][ T8396] page:00000000b1a30947 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21bd8 [ 71.795232][ T8396] head:00000000b1a30947 order:1 compound_mapcount:0 [ 71.803242][ T8396] flags: 0xfff00000010200(slab|head) [ 71.808516][ T8396] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 71.817090][ T8396] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 71.825648][ T8396] page dumped because: kasan: bad access detected [ 71.832038][ T8396] [ 71.834342][ T8396] Memory state around the buggy address: [ 71.839950][ T8396] ffff888021bd8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.847991][ T8396] ffff888021bd8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.856032][ T8396] >ffff888021bd8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.864073][ T8396] ^ [ 71.871507][ T8396] ffff888021bd8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.879559][ T8396] ffff888021bd8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.887602][ T8396] ================================================================== [ 71.895765][ T8396] Disabling lock debugging due to kernel taint [ 71.902143][ T8396] Kernel panic - not syncing: panic_on_warn set ... [ 71.908733][ T8396] CPU: 0 PID: 8396 Comm: syz-executor643 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 71.920101][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.930152][ T8396] Call Trace: [ 71.933448][ T8396] dump_stack+0x107/0x163 [ 71.937901][ T8396] ? find_uprobe+0x90/0x150 [ 71.942389][ T8396] panic+0x306/0x73d [ 71.946268][ T8396] ? __warn_printk+0xf3/0xf3 [ 71.950844][ T8396] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 71.956991][ T8396] ? trace_hardirqs_on+0x38/0x1c0 [ 71.961998][ T8396] ? trace_hardirqs_on+0x51/0x1c0 [ 71.967091][ T8396] ? find_uprobe+0x12c/0x150 [ 71.971662][ T8396] ? find_uprobe+0x12c/0x150 [ 71.976237][ T8396] end_report.cold+0x5a/0x5a [ 71.980807][ T8396] kasan_report.cold+0x6a/0xd8 [ 71.985551][ T8396] ? find_uprobe+0x12c/0x150 [ 71.990125][ T8396] find_uprobe+0x12c/0x150 [ 71.994536][ T8396] uprobe_unregister+0x1e/0x70 [ 71.999282][ T8396] __probe_event_disable+0x11e/0x240 [ 72.004552][ T8396] probe_event_disable+0x155/0x1c0 [ 72.009648][ T8396] trace_uprobe_register+0x45a/0x880 [ 72.014916][ T8396] ? trace_uprobe_register+0x3ef/0x880 [ 72.020356][ T8396] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.025886][ T8396] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.031762][ T8396] perf_uprobe_destroy+0xbb/0x130 [ 72.036784][ T8396] ? perf_uprobe_init+0x210/0x210 [ 72.041816][ T8396] _free_event+0x2ee/0x1380 [ 72.046369][ T8396] perf_event_release_kernel+0xa24/0xe00 [ 72.051989][ T8396] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.057262][ T8396] ? __perf_event_exit_context+0x170/0x170 [ 72.063064][ T8396] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.069404][ T8396] perf_release+0x33/0x40 [ 72.073717][ T8396] __fput+0x283/0x920 [ 72.077697][ T8396] ? perf_event_release_kernel+0xe00/0xe00 [ 72.083486][ T8396] task_work_run+0xdd/0x190 [ 72.087976][ T8396] do_exit+0xc5c/0x2ae0 [ 72.092118][ T8396] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.097475][ T8396] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.103718][ T8396] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.109943][ T8396] do_group_exit+0x125/0x310 [ 72.114524][ T8396] __x64_sys_exit_group+0x3a/0x50 [ 72.119529][ T8396] do_syscall_64+0x2d/0x70 [ 72.123926][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.129802][ T8396] RIP: 0033:0x43db29 [ 72.133674][ T8396] Code: Unable to access opcode bytes at RIP 0x43daff. [ 72.140514][ T8396] RSP: 002b:00007fffc3560718 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.148904][ T8396] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 72.156854][ T8396] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.164803][ T8396] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.172752][ T8396] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.180702][ T8396] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.189296][ T8396] Kernel Offset: disabled [ 72.193610][ T8396] Rebooting in 86400 seconds..