Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.186690][ T8389] ================================================================== [ 72.195100][ T8389] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 72.202077][ T8389] Read of size 8 at addr ffff888013d99568 by task syz-executor829/8389 [ 72.210456][ T8389] [ 72.212788][ T8389] CPU: 0 PID: 8389 Comm: syz-executor829 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.222799][ T8389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.233138][ T8389] Call Trace: [ 72.236423][ T8389] dump_stack+0x107/0x163 [ 72.241324][ T8389] ? find_uprobe+0x12c/0x150 [ 72.245962][ T8389] ? find_uprobe+0x12c/0x150 [ 72.250574][ T8389] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.257715][ T8389] ? find_uprobe+0x12c/0x150 [ 72.262798][ T8389] ? find_uprobe+0x12c/0x150 [ 72.268988][ T8389] kasan_report.cold+0x7c/0xd8 [ 72.273962][ T8389] ? find_uprobe+0x12c/0x150 [ 72.278597][ T8389] find_uprobe+0x12c/0x150 [ 72.283030][ T8389] uprobe_unregister+0x1e/0x70 [ 72.287821][ T8389] __probe_event_disable+0x11e/0x240 [ 72.293144][ T8389] probe_event_disable+0x155/0x1c0 [ 72.298451][ T8389] trace_uprobe_register+0x45a/0x880 [ 72.304007][ T8389] ? trace_uprobe_register+0x3ef/0x880 [ 72.310366][ T8389] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.315979][ T8389] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.321981][ T8389] perf_uprobe_destroy+0xbb/0x130 [ 72.327022][ T8389] ? perf_uprobe_init+0x210/0x210 [ 72.332272][ T8389] _free_event+0x2ee/0x1380 [ 72.336779][ T8389] perf_event_release_kernel+0xa24/0xe00 [ 72.342421][ T8389] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.347727][ T8389] ? __perf_event_exit_context+0x170/0x170 [ 72.353724][ T8389] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.359992][ T8389] perf_release+0x33/0x40 [ 72.364349][ T8389] __fput+0x283/0x920 [ 72.368352][ T8389] ? perf_event_release_kernel+0xe00/0xe00 [ 72.374340][ T8389] task_work_run+0xdd/0x190 [ 72.378867][ T8389] do_exit+0xc5c/0x2ae0 [ 72.383054][ T8389] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.388526][ T8389] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.395218][ T8389] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.401592][ T8389] do_group_exit+0x125/0x310 [ 72.406407][ T8389] __x64_sys_exit_group+0x3a/0x50 [ 72.411736][ T8389] do_syscall_64+0x2d/0x70 [ 72.416183][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.422118][ T8389] RIP: 0033:0x43ddc9 [ 72.426040][ T8389] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 72.432879][ T8389] RSP: 002b:00007ffd6c060088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.441396][ T8389] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 72.449460][ T8389] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.457451][ T8389] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 72.465523][ T8389] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 72.473596][ T8389] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.481606][ T8389] [ 72.483925][ T8389] Allocated by task 8389: [ 72.488240][ T8389] kasan_save_stack+0x1b/0x40 [ 72.493018][ T8389] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 72.498934][ T8389] __uprobe_register+0x19c/0x850 [ 72.503896][ T8389] probe_event_enable+0x441/0xa00 [ 72.508944][ T8389] trace_uprobe_register+0x443/0x880 [ 72.514250][ T8389] perf_trace_event_init+0x549/0xa20 [ 72.519583][ T8389] perf_uprobe_init+0x16f/0x210 [ 72.524452][ T8389] perf_uprobe_event_init+0xff/0x1c0 [ 72.529759][ T8389] perf_try_init_event+0x12a/0x560 [ 72.534871][ T8389] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.540467][ T8389] __do_sys_perf_event_open+0x647/0x2e60 [ 72.546110][ T8389] do_syscall_64+0x2d/0x70 [ 72.550765][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.557145][ T8389] [ 72.559476][ T8389] Freed by task 8389: [ 72.563470][ T8389] kasan_save_stack+0x1b/0x40 [ 72.568159][ T8389] kasan_set_track+0x1c/0x30 [ 72.572988][ T8389] kasan_set_free_info+0x20/0x30 [ 72.578092][ T8389] ____kasan_slab_free.part.0+0xe1/0x110 [ 72.584282][ T8389] slab_free_freelist_hook+0x82/0x1d0 [ 72.589664][ T8389] kfree+0xe5/0x7b0 [ 72.593499][ T8389] put_uprobe+0x13b/0x190 [ 72.597850][ T8389] uprobe_apply+0xfc/0x130 [ 72.602278][ T8389] trace_uprobe_register+0x5c9/0x880 [ 72.607592][ T8389] perf_trace_event_init+0x17a/0xa20 [ 72.612898][ T8389] perf_uprobe_init+0x16f/0x210 [ 72.617761][ T8389] perf_uprobe_event_init+0xff/0x1c0 [ 72.623061][ T8389] perf_try_init_event+0x12a/0x560 [ 72.628187][ T8389] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.633751][ T8389] __do_sys_perf_event_open+0x647/0x2e60 [ 72.639403][ T8389] do_syscall_64+0x2d/0x70 [ 72.643958][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.650015][ T8389] [ 72.652334][ T8389] Last potentially related work creation: [ 72.658151][ T8389] kasan_save_stack+0x1b/0x40 [ 72.662848][ T8389] kasan_record_aux_stack+0xe5/0x110 [ 72.668146][ T8389] kvfree_call_rcu+0x74/0x8c0 [ 72.672828][ T8389] timerfd_release+0x105/0x290 [ 72.677780][ T8389] __fput+0x283/0x920 [ 72.681809][ T8389] task_work_run+0xdd/0x190 [ 72.686418][ T8389] exit_to_user_mode_prepare+0x249/0x250 [ 72.692103][ T8389] syscall_exit_to_user_mode+0x19/0x50 [ 72.697585][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.703613][ T8389] [ 72.705947][ T8389] The buggy address belongs to the object at ffff888013d99400 [ 72.705947][ T8389] which belongs to the cache kmalloc-512 of size 512 [ 72.720200][ T8389] The buggy address is located 360 bytes inside of [ 72.720200][ T8389] 512-byte region [ffff888013d99400, ffff888013d99600) [ 72.733502][ T8389] The buggy address belongs to the page: [ 72.739262][ T8389] page:00000000308f8668 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13d98 [ 72.749541][ T8389] head:00000000308f8668 order:1 compound_mapcount:0 [ 72.756500][ T8389] flags: 0xfff00000010200(slab|head) [ 72.761992][ T8389] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 72.771645][ T8389] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 72.781285][ T8389] page dumped because: kasan: bad access detected [ 72.788147][ T8389] [ 72.790473][ T8389] Memory state around the buggy address: [ 72.796123][ T8389] ffff888013d99400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.804210][ T8389] ffff888013d99480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.812308][ T8389] >ffff888013d99500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.820373][ T8389] ^ [ 72.828001][ T8389] ffff888013d99580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.836086][ T8389] ffff888013d99600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.844147][ T8389] ================================================================== [ 72.852209][ T8389] Disabling lock debugging due to kernel taint [ 72.858648][ T8389] Kernel panic - not syncing: panic_on_warn set ... [ 72.865348][ T8389] CPU: 0 PID: 8389 Comm: syz-executor829 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.876751][ T8389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.886820][ T8389] Call Trace: [ 72.890109][ T8389] dump_stack+0x107/0x163 [ 72.894568][ T8389] ? find_uprobe+0x90/0x150 [ 72.899092][ T8389] panic+0x306/0x73d [ 72.903785][ T8389] ? __warn_printk+0xf3/0xf3 [ 72.908388][ T8389] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.914651][ T8389] ? trace_hardirqs_on+0x38/0x1c0 [ 72.919687][ T8389] ? trace_hardirqs_on+0x51/0x1c0 [ 72.924828][ T8389] ? find_uprobe+0x12c/0x150 [ 72.929780][ T8389] ? find_uprobe+0x12c/0x150 [ 72.934380][ T8389] end_report.cold+0x5a/0x5a [ 72.938996][ T8389] kasan_report.cold+0x6a/0xd8 [ 72.943786][ T8389] ? find_uprobe+0x12c/0x150 [ 72.948402][ T8389] find_uprobe+0x12c/0x150 [ 72.952862][ T8389] uprobe_unregister+0x1e/0x70 [ 72.957634][ T8389] __probe_event_disable+0x11e/0x240 [ 72.963013][ T8389] probe_event_disable+0x155/0x1c0 [ 72.968256][ T8389] trace_uprobe_register+0x45a/0x880 [ 72.973583][ T8389] ? trace_uprobe_register+0x3ef/0x880 [ 72.979333][ T8389] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.985540][ T8389] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.991719][ T8389] perf_uprobe_destroy+0xbb/0x130 [ 72.996765][ T8389] ? perf_uprobe_init+0x210/0x210 [ 73.002224][ T8389] _free_event+0x2ee/0x1380 [ 73.007166][ T8389] perf_event_release_kernel+0xa24/0xe00 [ 73.012801][ T8389] ? fsnotify_first_mark+0x1f0/0x1f0 [ 73.018105][ T8389] ? __perf_event_exit_context+0x170/0x170 [ 73.024035][ T8389] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.030295][ T8389] perf_release+0x33/0x40 [ 73.034643][ T8389] __fput+0x283/0x920 [ 73.038751][ T8389] ? perf_event_release_kernel+0xe00/0xe00 [ 73.044571][ T8389] task_work_run+0xdd/0x190 [ 73.049097][ T8389] do_exit+0xc5c/0x2ae0 [ 73.053537][ T8389] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.058920][ T8389] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.065182][ T8389] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.071552][ T8389] do_group_exit+0x125/0x310 [ 73.076152][ T8389] __x64_sys_exit_group+0x3a/0x50 [ 73.081206][ T8389] do_syscall_64+0x2d/0x70 [ 73.085648][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.091645][ T8389] RIP: 0033:0x43ddc9 [ 73.095534][ T8389] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 73.102377][ T8389] RSP: 002b:00007ffd6c060088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.110780][ T8389] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 73.118852][ T8389] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.127013][ T8389] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 73.134989][ T8389] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 73.142964][ T8389] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.151277][ T8389] Kernel Offset: disabled [ 73.155631][ T8389] Rebooting in 86400 seconds..