Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.897414][ T8391] ================================================================== [ 67.905627][ T8391] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 67.912566][ T8391] Read of size 8 at addr ffff888018158968 by task syz-executor540/8391 [ 67.920786][ T8391] [ 67.923094][ T8391] CPU: 1 PID: 8391 Comm: syz-executor540 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 67.933068][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.943110][ T8391] Call Trace: [ 67.946379][ T8391] dump_stack+0x107/0x163 [ 67.950714][ T8391] ? find_uprobe+0x12c/0x150 [ 67.955319][ T8391] ? find_uprobe+0x12c/0x150 [ 67.959910][ T8391] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 67.966925][ T8391] ? find_uprobe+0x12c/0x150 [ 67.971500][ T8391] ? find_uprobe+0x12c/0x150 [ 67.976077][ T8391] kasan_report.cold+0x7c/0xd8 [ 67.980830][ T8391] ? find_uprobe+0x12c/0x150 [ 67.985419][ T8391] find_uprobe+0x12c/0x150 [ 67.989830][ T8391] uprobe_unregister+0x1e/0x70 [ 67.994602][ T8391] __probe_event_disable+0x11e/0x240 [ 67.999897][ T8391] probe_event_disable+0x155/0x1c0 [ 68.005009][ T8391] trace_uprobe_register+0x45a/0x880 [ 68.010303][ T8391] ? trace_uprobe_register+0x3ef/0x880 [ 68.015781][ T8391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.021331][ T8391] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.027227][ T8391] perf_uprobe_destroy+0xbb/0x130 [ 68.032261][ T8391] ? perf_uprobe_init+0x210/0x210 [ 68.037298][ T8391] _free_event+0x2ee/0x1380 [ 68.041793][ T8391] perf_event_release_kernel+0xa24/0xe00 [ 68.047412][ T8391] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.052714][ T8391] ? __perf_event_exit_context+0x170/0x170 [ 68.058509][ T8391] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.064748][ T8391] perf_release+0x33/0x40 [ 68.069068][ T8391] __fput+0x283/0x920 [ 68.073054][ T8391] ? perf_event_release_kernel+0xe00/0xe00 [ 68.078856][ T8391] task_work_run+0xdd/0x190 [ 68.083350][ T8391] do_exit+0xc5c/0x2ae0 [ 68.087501][ T8391] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.092979][ T8391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.099224][ T8391] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.105489][ T8391] do_group_exit+0x125/0x310 [ 68.110093][ T8391] __x64_sys_exit_group+0x3a/0x50 [ 68.115116][ T8391] do_syscall_64+0x2d/0x70 [ 68.119529][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.125606][ T8391] RIP: 0033:0x43daf9 [ 68.129507][ T8391] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 68.136366][ T8391] RSP: 002b:00007ffe08770448 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.144781][ T8391] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 68.152757][ T8391] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 68.160728][ T8391] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 68.168687][ T8391] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 68.176671][ T8391] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 68.184642][ T8391] [ 68.186963][ T8391] Allocated by task 8391: [ 68.191282][ T8391] kasan_save_stack+0x1b/0x40 [ 68.195947][ T8391] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 68.201743][ T8391] __uprobe_register+0x19c/0x850 [ 68.206669][ T8391] probe_event_enable+0x357/0xa00 [ 68.212476][ T8391] trace_uprobe_register+0x443/0x880 [ 68.217753][ T8391] perf_trace_event_init+0x549/0xa20 [ 68.223025][ T8391] perf_uprobe_init+0x16f/0x210 [ 68.227861][ T8391] perf_uprobe_event_init+0xff/0x1c0 [ 68.233131][ T8391] perf_try_init_event+0x12a/0x560 [ 68.238257][ T8391] perf_event_alloc.part.0+0xe3b/0x3960 [ 68.243799][ T8391] __do_sys_perf_event_open+0x647/0x2e60 [ 68.249430][ T8391] do_syscall_64+0x2d/0x70 [ 68.253837][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.259735][ T8391] [ 68.262064][ T8391] Freed by task 8391: [ 68.266027][ T8391] kasan_save_stack+0x1b/0x40 [ 68.270691][ T8391] kasan_set_track+0x1c/0x30 [ 68.275264][ T8391] kasan_set_free_info+0x20/0x30 [ 68.280189][ T8391] ____kasan_slab_free.part.0+0xe1/0x110 [ 68.285807][ T8391] slab_free_freelist_hook+0x82/0x1d0 [ 68.291172][ T8391] kfree+0xe5/0x7b0 [ 68.294966][ T8391] put_uprobe+0x13b/0x190 [ 68.299284][ T8391] uprobe_apply+0xfc/0x130 [ 68.303703][ T8391] trace_uprobe_register+0x5c9/0x880 [ 68.308976][ T8391] perf_trace_event_init+0x17a/0xa20 [ 68.314266][ T8391] perf_uprobe_init+0x16f/0x210 [ 68.319192][ T8391] perf_uprobe_event_init+0xff/0x1c0 [ 68.324476][ T8391] perf_try_init_event+0x12a/0x560 [ 68.329692][ T8391] perf_event_alloc.part.0+0xe3b/0x3960 [ 68.335224][ T8391] __do_sys_perf_event_open+0x647/0x2e60 [ 68.340869][ T8391] do_syscall_64+0x2d/0x70 [ 68.345274][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.351156][ T8391] [ 68.353465][ T8391] The buggy address belongs to the object at ffff888018158800 [ 68.353465][ T8391] which belongs to the cache kmalloc-512 of size 512 [ 68.367505][ T8391] The buggy address is located 360 bytes inside of [ 68.367505][ T8391] 512-byte region [ffff888018158800, ffff888018158a00) [ 68.380779][ T8391] The buggy address belongs to the page: [ 68.386392][ T8391] page:00000000f793f815 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18158 [ 68.396533][ T8391] head:00000000f793f815 order:1 compound_mapcount:0 [ 68.403122][ T8391] flags: 0xfff00000010200(slab|head) [ 68.410585][ T8391] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 68.419155][ T8391] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 68.427733][ T8391] page dumped because: kasan: bad access detected [ 68.434142][ T8391] [ 68.436452][ T8391] Memory state around the buggy address: [ 68.442063][ T8391] ffff888018158800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.450112][ T8391] ffff888018158880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.458167][ T8391] >ffff888018158900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.466208][ T8391] ^ [ 68.473645][ T8391] ffff888018158980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.481689][ T8391] ffff888018158a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.489748][ T8391] ================================================================== [ 68.497805][ T8391] Disabling lock debugging due to kernel taint [ 68.504136][ T8391] Kernel panic - not syncing: panic_on_warn set ... [ 68.510730][ T8391] CPU: 1 PID: 8391 Comm: syz-executor540 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 68.522102][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.532160][ T8391] Call Trace: [ 68.535442][ T8391] dump_stack+0x107/0x163 [ 68.539781][ T8391] ? find_uprobe+0x90/0x150 [ 68.544291][ T8391] panic+0x306/0x73d [ 68.548171][ T8391] ? __warn_printk+0xf3/0xf3 [ 68.552759][ T8391] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.558898][ T8391] ? trace_hardirqs_on+0x38/0x1c0 [ 68.563926][ T8391] ? trace_hardirqs_on+0x51/0x1c0 [ 68.568932][ T8391] ? find_uprobe+0x12c/0x150 [ 68.573506][ T8391] ? find_uprobe+0x12c/0x150 [ 68.578080][ T8391] end_report.cold+0x5a/0x5a [ 68.582654][ T8391] kasan_report.cold+0x6a/0xd8 [ 68.587402][ T8391] ? find_uprobe+0x12c/0x150 [ 68.592077][ T8391] find_uprobe+0x12c/0x150 [ 68.596493][ T8391] uprobe_unregister+0x1e/0x70 [ 68.601242][ T8391] __probe_event_disable+0x11e/0x240 [ 68.606537][ T8391] probe_event_disable+0x155/0x1c0 [ 68.611632][ T8391] trace_uprobe_register+0x45a/0x880 [ 68.616913][ T8391] ? trace_uprobe_register+0x3ef/0x880 [ 68.622354][ T8391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.627883][ T8391] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.633781][ T8391] perf_uprobe_destroy+0xbb/0x130 [ 68.638801][ T8391] ? perf_uprobe_init+0x210/0x210 [ 68.643806][ T8391] _free_event+0x2ee/0x1380 [ 68.648294][ T8391] perf_event_release_kernel+0xa24/0xe00 [ 68.653923][ T8391] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.659208][ T8391] ? __perf_event_exit_context+0x170/0x170 [ 68.665013][ T8391] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.671246][ T8391] perf_release+0x33/0x40 [ 68.679814][ T8391] __fput+0x283/0x920 [ 68.683800][ T8391] ? perf_event_release_kernel+0xe00/0xe00 [ 68.689603][ T8391] task_work_run+0xdd/0x190 [ 68.694097][ T8391] do_exit+0xc5c/0x2ae0 [ 68.698251][ T8391] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.703619][ T8391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.709852][ T8391] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.716076][ T8391] do_group_exit+0x125/0x310 [ 68.720659][ T8391] __x64_sys_exit_group+0x3a/0x50 [ 68.725671][ T8391] do_syscall_64+0x2d/0x70 [ 68.730088][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.735968][ T8391] RIP: 0033:0x43daf9 [ 68.740808][ T8391] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 68.747628][ T8391] RSP: 002b:00007ffe08770448 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.756035][ T8391] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 68.764027][ T8391] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 68.771978][ T8391] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 68.779942][ T8391] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 68.787893][ T8391] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 68.796269][ T8391] Kernel Offset: disabled [ 68.800593][ T8391] Rebooting in 86400 seconds..