Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.254749][ T8410] ================================================================== [ 75.264116][ T8410] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 75.271828][ T8410] Read of size 8 at addr ffff88801c129968 by task syz-executor409/8410 [ 75.280410][ T8410] [ 75.282822][ T8410] CPU: 1 PID: 8410 Comm: syz-executor409 Not tainted 5.11.0-rc6-next-20210204-syzkaller #0 [ 75.293051][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.303477][ T8410] Call Trace: [ 75.306757][ T8410] dump_stack+0x107/0x163 [ 75.311363][ T8410] ? find_uprobe+0x12c/0x150 [ 75.315946][ T8410] ? find_uprobe+0x12c/0x150 [ 75.320995][ T8410] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 75.328015][ T8410] ? find_uprobe+0x12c/0x150 [ 75.333006][ T8410] ? find_uprobe+0x12c/0x150 [ 75.338048][ T8410] kasan_report.cold+0x7c/0xd8 [ 75.343835][ T8410] ? find_uprobe+0x12c/0x150 [ 75.349331][ T8410] find_uprobe+0x12c/0x150 [ 75.353974][ T8410] uprobe_unregister+0x1e/0x70 [ 75.358863][ T8410] __probe_event_disable+0x11e/0x240 [ 75.364327][ T8410] probe_event_disable+0x155/0x1c0 [ 75.369643][ T8410] trace_uprobe_register+0x45a/0x880 [ 75.375189][ T8410] ? trace_uprobe_register+0x3ef/0x880 [ 75.380646][ T8410] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.386297][ T8410] perf_trace_event_unreg.isra.0+0xac/0x250 [ 75.392373][ T8410] perf_uprobe_destroy+0xbb/0x130 [ 75.397760][ T8410] ? perf_uprobe_init+0x210/0x210 [ 75.403717][ T8410] _free_event+0x2ee/0x1380 [ 75.408326][ T8410] perf_event_release_kernel+0xa24/0xe00 [ 75.413999][ T8410] ? fsnotify_first_mark+0x1f0/0x1f0 [ 75.419292][ T8410] ? __perf_event_exit_context+0x170/0x170 [ 75.426398][ T8410] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.432931][ T8410] perf_release+0x33/0x40 [ 75.439811][ T8410] __fput+0x283/0x920 [ 75.444059][ T8410] ? perf_event_release_kernel+0xe00/0xe00 [ 75.450041][ T8410] task_work_run+0xdd/0x190 [ 75.454634][ T8410] do_exit+0xc5c/0x2ae0 [ 75.458983][ T8410] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.464939][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.471357][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.477799][ T8410] do_group_exit+0x125/0x310 [ 75.482665][ T8410] __x64_sys_exit_group+0x3a/0x50 [ 75.487961][ T8410] do_syscall_64+0x2d/0x70 [ 75.492567][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.498792][ T8410] RIP: 0033:0x43daf9 [ 75.502893][ T8410] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 75.509727][ T8410] RSP: 002b:00007ffebbd7c8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.518595][ T8410] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 75.526941][ T8410] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 75.535304][ T8410] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 75.543958][ T8410] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 75.552214][ T8410] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 75.560550][ T8410] [ 75.562883][ T8410] Allocated by task 8410: [ 75.567412][ T8410] kasan_save_stack+0x1b/0x40 [ 75.572954][ T8410] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 75.578988][ T8410] __uprobe_register+0x19c/0x850 [ 75.584579][ T8410] probe_event_enable+0x441/0xa00 [ 75.589877][ T8410] trace_uprobe_register+0x443/0x880 [ 75.595691][ T8410] perf_trace_event_init+0x549/0xa20 [ 75.601539][ T8410] perf_uprobe_init+0x16f/0x210 [ 75.606506][ T8410] perf_uprobe_event_init+0xff/0x1c0 [ 75.612385][ T8410] perf_try_init_event+0x12a/0x560 [ 75.618199][ T8410] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.623928][ T8410] __do_sys_perf_event_open+0x647/0x2e60 [ 75.629877][ T8410] do_syscall_64+0x2d/0x70 [ 75.634773][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.641338][ T8410] [ 75.643830][ T8410] Freed by task 8410: [ 75.647988][ T8410] kasan_save_stack+0x1b/0x40 [ 75.652702][ T8410] kasan_set_track+0x1c/0x30 [ 75.657860][ T8410] kasan_set_free_info+0x20/0x30 [ 75.664019][ T8410] ____kasan_slab_free.part.0+0xe1/0x110 [ 75.670555][ T8410] slab_free_freelist_hook+0x82/0x1d0 [ 75.676338][ T8410] kfree+0xe5/0x7b0 [ 75.680976][ T8410] put_uprobe+0x13b/0x190 [ 75.685825][ T8410] uprobe_apply+0xfc/0x130 [ 75.690526][ T8410] trace_uprobe_register+0x5c9/0x880 [ 75.697016][ T8410] perf_trace_event_init+0x17a/0xa20 [ 75.702850][ T8410] perf_uprobe_init+0x16f/0x210 [ 75.707814][ T8410] perf_uprobe_event_init+0xff/0x1c0 [ 75.713478][ T8410] perf_try_init_event+0x12a/0x560 [ 75.719052][ T8410] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.725950][ T8410] __do_sys_perf_event_open+0x647/0x2e60 [ 75.731943][ T8410] do_syscall_64+0x2d/0x70 [ 75.736554][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.742566][ T8410] [ 75.745261][ T8410] The buggy address belongs to the object at ffff88801c129800 [ 75.745261][ T8410] which belongs to the cache kmalloc-512 of size 512 [ 75.759948][ T8410] The buggy address is located 360 bytes inside of [ 75.759948][ T8410] 512-byte region [ffff88801c129800, ffff88801c129a00) [ 75.773968][ T8410] The buggy address belongs to the page: [ 75.779859][ T8410] page:00000000818d6d6a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c128 [ 75.790645][ T8410] head:00000000818d6d6a order:1 compound_mapcount:0 [ 75.797844][ T8410] flags: 0xfff00000010200(slab|head) [ 75.803652][ T8410] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 75.812746][ T8410] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 75.822279][ T8410] page dumped because: kasan: bad access detected [ 75.829220][ T8410] [ 75.831644][ T8410] Memory state around the buggy address: [ 75.837868][ T8410] ffff88801c129800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.846445][ T8410] ffff88801c129880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.854970][ T8410] >ffff88801c129900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.863462][ T8410] ^ [ 75.871066][ T8410] ffff88801c129980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.879640][ T8410] ffff88801c129a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.888277][ T8410] ================================================================== [ 75.897313][ T8410] Disabling lock debugging due to kernel taint [ 75.903794][ T8410] Kernel panic - not syncing: panic_on_warn set ... [ 75.910609][ T8410] CPU: 1 PID: 8410 Comm: syz-executor409 Tainted: G B 5.11.0-rc6-next-20210204-syzkaller #0 [ 75.922440][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.932923][ T8410] Call Trace: [ 75.936223][ T8410] dump_stack+0x107/0x163 [ 75.940652][ T8410] ? find_uprobe+0x100/0x150 [ 75.946127][ T8410] panic+0x306/0x73d [ 75.950351][ T8410] ? __warn_printk+0xf3/0xf3 [ 75.955388][ T8410] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 75.961898][ T8410] ? trace_hardirqs_on+0x38/0x1c0 [ 75.967267][ T8410] ? trace_hardirqs_on+0x51/0x1c0 [ 75.972504][ T8410] ? find_uprobe+0x12c/0x150 [ 75.977359][ T8410] ? find_uprobe+0x12c/0x150 [ 75.982017][ T8410] end_report.cold+0x5a/0x5a [ 75.986608][ T8410] kasan_report.cold+0x6a/0xd8 [ 75.991627][ T8410] ? find_uprobe+0x12c/0x150 [ 75.996304][ T8410] find_uprobe+0x12c/0x150 [ 76.000946][ T8410] uprobe_unregister+0x1e/0x70 [ 76.005804][ T8410] __probe_event_disable+0x11e/0x240 [ 76.011358][ T8410] probe_event_disable+0x155/0x1c0 [ 76.016744][ T8410] trace_uprobe_register+0x45a/0x880 [ 76.022320][ T8410] ? trace_uprobe_register+0x3ef/0x880 [ 76.028011][ T8410] ? rcu_read_lock_sched_held+0x3a/0x70 [ 76.033793][ T8410] perf_trace_event_unreg.isra.0+0xac/0x250 [ 76.039973][ T8410] perf_uprobe_destroy+0xbb/0x130 [ 76.045084][ T8410] ? perf_uprobe_init+0x210/0x210 [ 76.050526][ T8410] _free_event+0x2ee/0x1380 [ 76.055337][ T8410] perf_event_release_kernel+0xa24/0xe00 [ 76.061057][ T8410] ? fsnotify_first_mark+0x1f0/0x1f0 [ 76.066885][ T8410] ? __perf_event_exit_context+0x170/0x170 [ 76.073162][ T8410] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 76.079867][ T8410] perf_release+0x33/0x40 [ 76.084421][ T8410] __fput+0x283/0x920 [ 76.088497][ T8410] ? perf_event_release_kernel+0xe00/0xe00 [ 76.094590][ T8410] task_work_run+0xdd/0x190 [ 76.099274][ T8410] do_exit+0xc5c/0x2ae0 [ 76.103862][ T8410] ? mm_update_next_owner+0x7a0/0x7a0 [ 76.109567][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.116751][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.123085][ T8410] do_group_exit+0x125/0x310 [ 76.127993][ T8410] __x64_sys_exit_group+0x3a/0x50 [ 76.133474][ T8410] do_syscall_64+0x2d/0x70 [ 76.137901][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.143798][ T8410] RIP: 0033:0x43daf9 [ 76.147904][ T8410] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 76.155056][ T8410] RSP: 002b:00007ffebbd7c8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.163950][ T8410] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 76.172101][ T8410] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.180151][ T8410] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 76.188217][ T8410] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 76.196742][ T8410] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 76.206513][ T8410] Kernel Offset: disabled [ 76.210843][ T8410] Rebooting in 86400 seconds..