Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 66.929443][ T8393] ================================================================== [ 66.937815][ T8393] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 66.944764][ T8393] Read of size 8 at addr ffff88801e519968 by task syz-executor283/8393 [ 66.953030][ T8393] [ 66.955339][ T8393] CPU: 1 PID: 8393 Comm: syz-executor283 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 66.965337][ T8393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.975383][ T8393] Call Trace: [ 66.978656][ T8393] dump_stack+0x107/0x163 [ 66.982996][ T8393] ? find_uprobe+0x12c/0x150 [ 66.987586][ T8393] ? find_uprobe+0x12c/0x150 [ 66.992161][ T8393] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 66.999198][ T8393] ? find_uprobe+0x12c/0x150 [ 67.003777][ T8393] ? find_uprobe+0x12c/0x150 [ 67.008369][ T8393] kasan_report.cold+0x7c/0xd8 [ 67.013172][ T8393] ? find_uprobe+0x12c/0x150 [ 67.017753][ T8393] find_uprobe+0x12c/0x150 [ 67.022164][ T8393] uprobe_unregister+0x1e/0x70 [ 67.026922][ T8393] __probe_event_disable+0x11e/0x240 [ 67.032200][ T8393] probe_event_disable+0x155/0x1c0 [ 67.037420][ T8393] trace_uprobe_register+0x45a/0x880 [ 67.042702][ T8393] ? trace_uprobe_register+0x3ef/0x880 [ 67.048147][ T8393] ? rcu_read_lock_sched_held+0x3a/0x70 [ 67.053716][ T8393] perf_trace_event_unreg.isra.0+0xac/0x250 [ 67.059598][ T8393] perf_uprobe_destroy+0xbb/0x130 [ 67.064607][ T8393] ? perf_uprobe_init+0x210/0x210 [ 67.069620][ T8393] _free_event+0x2ee/0x1380 [ 67.074113][ T8393] perf_event_release_kernel+0xa24/0xe00 [ 67.079733][ T8393] ? fsnotify_first_mark+0x1f0/0x1f0 [ 67.085013][ T8393] ? __perf_event_exit_context+0x170/0x170 [ 67.090810][ T8393] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 67.097044][ T8393] perf_release+0x33/0x40 [ 67.101362][ T8393] __fput+0x283/0x920 [ 67.105334][ T8393] ? perf_event_release_kernel+0xe00/0xe00 [ 67.111134][ T8393] task_work_run+0xdd/0x190 [ 67.115626][ T8393] do_exit+0xc5c/0x2ae0 [ 67.119811][ T8393] ? mm_update_next_owner+0x7a0/0x7a0 [ 67.125172][ T8393] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 67.131399][ T8393] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.137632][ T8393] do_group_exit+0x125/0x310 [ 67.142209][ T8393] __x64_sys_exit_group+0x3a/0x50 [ 67.147219][ T8393] do_syscall_64+0x2d/0x70 [ 67.151621][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.157516][ T8393] RIP: 0033:0x43daf9 [ 67.161398][ T8393] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 67.168221][ T8393] RSP: 002b:00007fffa11a33b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 67.176634][ T8393] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 67.184589][ T8393] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 67.192547][ T8393] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 67.200519][ T8393] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 67.208472][ T8393] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 67.216452][ T8393] [ 67.218758][ T8393] Allocated by task 8393: [ 67.223090][ T8393] kasan_save_stack+0x1b/0x40 [ 67.227762][ T8393] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 67.233548][ T8393] __uprobe_register+0x19c/0x850 [ 67.238469][ T8393] probe_event_enable+0x357/0xa00 [ 67.243493][ T8393] trace_uprobe_register+0x443/0x880 [ 67.248764][ T8393] perf_trace_event_init+0x549/0xa20 [ 67.254031][ T8393] perf_uprobe_init+0x16f/0x210 [ 67.258862][ T8393] perf_uprobe_event_init+0xff/0x1c0 [ 67.264129][ T8393] perf_try_init_event+0x12a/0x560 [ 67.269220][ T8393] perf_event_alloc.part.0+0xe3b/0x3960 [ 67.274760][ T8393] __do_sys_perf_event_open+0x647/0x2e60 [ 67.280378][ T8393] do_syscall_64+0x2d/0x70 [ 67.284790][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.290673][ T8393] [ 67.292975][ T8393] Freed by task 8393: [ 67.296933][ T8393] kasan_save_stack+0x1b/0x40 [ 67.301590][ T8393] kasan_set_track+0x1c/0x30 [ 67.306159][ T8393] kasan_set_free_info+0x20/0x30 [ 67.311078][ T8393] ____kasan_slab_free.part.0+0xe1/0x110 [ 67.316692][ T8393] slab_free_freelist_hook+0x82/0x1d0 [ 67.322049][ T8393] kfree+0xe5/0x7b0 [ 67.325840][ T8393] put_uprobe+0x13b/0x190 [ 67.330153][ T8393] uprobe_apply+0xfc/0x130 [ 67.334550][ T8393] trace_uprobe_register+0x5c9/0x880 [ 67.339830][ T8393] perf_trace_event_init+0x17a/0xa20 [ 67.345098][ T8393] perf_uprobe_init+0x16f/0x210 [ 67.349944][ T8393] perf_uprobe_event_init+0xff/0x1c0 [ 67.355221][ T8393] perf_try_init_event+0x12a/0x560 [ 67.360312][ T8393] perf_event_alloc.part.0+0xe3b/0x3960 [ 67.365852][ T8393] __do_sys_perf_event_open+0x647/0x2e60 [ 67.371471][ T8393] do_syscall_64+0x2d/0x70 [ 67.375868][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.381744][ T8393] [ 67.384051][ T8393] The buggy address belongs to the object at ffff88801e519800 [ 67.384051][ T8393] which belongs to the cache kmalloc-512 of size 512 [ 67.398092][ T8393] The buggy address is located 360 bytes inside of [ 67.398092][ T8393] 512-byte region [ffff88801e519800, ffff88801e519a00) [ 67.411344][ T8393] The buggy address belongs to the page: [ 67.416952][ T8393] page:00000000ddf2e1b7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e518 [ 67.427095][ T8393] head:00000000ddf2e1b7 order:1 compound_mapcount:0 [ 67.433659][ T8393] flags: 0xfff00000010200(slab|head) [ 67.438929][ T8393] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 67.447494][ T8393] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 67.456052][ T8393] page dumped because: kasan: bad access detected [ 67.462442][ T8393] [ 67.464768][ T8393] Memory state around the buggy address: [ 67.470379][ T8393] ffff88801e519800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.478527][ T8393] ffff88801e519880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.486568][ T8393] >ffff88801e519900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.494605][ T8393] ^ [ 67.502049][ T8393] ffff88801e519980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.510099][ T8393] ffff88801e519a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.518136][ T8393] ================================================================== [ 67.526172][ T8393] Disabling lock debugging due to kernel taint [ 67.532491][ T8393] Kernel panic - not syncing: panic_on_warn set ... [ 67.539078][ T8393] CPU: 1 PID: 8393 Comm: syz-executor283 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 67.550970][ T8393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.561022][ T8393] Call Trace: [ 67.564327][ T8393] dump_stack+0x107/0x163 [ 67.568640][ T8393] ? find_uprobe+0x90/0x150 [ 67.573128][ T8393] panic+0x306/0x73d [ 67.577022][ T8393] ? __warn_printk+0xf3/0xf3 [ 67.581601][ T8393] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.587738][ T8393] ? trace_hardirqs_on+0x38/0x1c0 [ 67.592760][ T8393] ? trace_hardirqs_on+0x51/0x1c0 [ 67.597763][ T8393] ? find_uprobe+0x12c/0x150 [ 67.602331][ T8393] ? find_uprobe+0x12c/0x150 [ 67.606910][ T8393] end_report.cold+0x5a/0x5a [ 67.611482][ T8393] kasan_report.cold+0x6a/0xd8 [ 67.616223][ T8393] ? find_uprobe+0x12c/0x150 [ 67.620792][ T8393] find_uprobe+0x12c/0x150 [ 67.625187][ T8393] uprobe_unregister+0x1e/0x70 [ 67.629930][ T8393] __probe_event_disable+0x11e/0x240 [ 67.635198][ T8393] probe_event_disable+0x155/0x1c0 [ 67.640288][ T8393] trace_uprobe_register+0x45a/0x880 [ 67.645557][ T8393] ? trace_uprobe_register+0x3ef/0x880 [ 67.650996][ T8393] ? rcu_read_lock_sched_held+0x3a/0x70 [ 67.656518][ T8393] perf_trace_event_unreg.isra.0+0xac/0x250 [ 67.662389][ T8393] perf_uprobe_destroy+0xbb/0x130 [ 67.667401][ T8393] ? perf_uprobe_init+0x210/0x210 [ 67.672418][ T8393] _free_event+0x2ee/0x1380 [ 67.676928][ T8393] perf_event_release_kernel+0xa24/0xe00 [ 67.682539][ T8393] ? fsnotify_first_mark+0x1f0/0x1f0 [ 67.687803][ T8393] ? __perf_event_exit_context+0x170/0x170 [ 67.693599][ T8393] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 67.699840][ T8393] perf_release+0x33/0x40 [ 67.704148][ T8393] __fput+0x283/0x920 [ 67.708113][ T8393] ? perf_event_release_kernel+0xe00/0xe00 [ 67.713899][ T8393] task_work_run+0xdd/0x190 [ 67.718394][ T8393] do_exit+0xc5c/0x2ae0 [ 67.722531][ T8393] ? mm_update_next_owner+0x7a0/0x7a0 [ 67.727885][ T8393] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 67.734111][ T8393] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.740333][ T8393] do_group_exit+0x125/0x310 [ 67.744902][ T8393] __x64_sys_exit_group+0x3a/0x50 [ 67.749906][ T8393] do_syscall_64+0x2d/0x70 [ 67.754313][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.760186][ T8393] RIP: 0033:0x43daf9 [ 67.764054][ T8393] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 67.770881][ T8393] RSP: 002b:00007fffa11a33b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 67.779272][ T8393] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 67.787313][ T8393] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 67.795276][ T8393] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 67.803237][ T8393] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 67.811187][ T8393] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 67.819957][ T8393] Kernel Offset: disabled [ 67.824273][ T8393] Rebooting in 86400 seconds..