Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. executing program [ 71.381010][ T36] audit: type=1804 audit(1612461174.384:2): pid=8398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor663" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 71.404826][ T8398] ================================================================== [ 71.413045][ T8398] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 71.420015][ T8398] Read of size 8 at addr ffff8880219e0168 by task syz-executor663/8398 [ 71.428253][ T8398] [ 71.430923][ T8398] CPU: 1 PID: 8398 Comm: syz-executor663 Not tainted 5.11.0-rc6-next-20210204-syzkaller #0 [ 71.440997][ T8398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.451172][ T8398] Call Trace: [ 71.454560][ T8398] dump_stack+0x107/0x163 [ 71.459030][ T8398] ? find_uprobe+0x12c/0x150 [ 71.463714][ T8398] ? find_uprobe+0x12c/0x150 [ 71.468305][ T8398] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.475590][ T8398] ? find_uprobe+0x12c/0x150 [ 71.481297][ T8398] ? find_uprobe+0x12c/0x150 [ 71.486498][ T8398] kasan_report.cold+0x7c/0xd8 [ 71.491624][ T8398] ? find_uprobe+0x12c/0x150 [ 71.496690][ T8398] find_uprobe+0x12c/0x150 [ 71.501254][ T8398] uprobe_apply+0x26/0x130 [ 71.505684][ T8398] uprobe_perf_close+0x41e/0x6f0 [ 71.510635][ T8398] trace_uprobe_register+0x3e7/0x880 [ 71.516878][ T8398] ? rcu_read_lock_sched_held+0x3a/0x70 [ 71.522425][ T8398] ? kfree+0x69a/0x7b0 [ 71.527277][ T8398] perf_uprobe_destroy+0x98/0x130 [ 71.532574][ T8398] ? perf_uprobe_init+0x210/0x210 [ 71.539741][ T8398] _free_event+0x2ee/0x1380 [ 71.544871][ T8398] perf_event_release_kernel+0xa24/0xe00 [ 71.550885][ T8398] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.556803][ T8398] ? __perf_event_exit_context+0x170/0x170 [ 71.563538][ T8398] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 71.570658][ T8398] perf_release+0x33/0x40 [ 71.575504][ T8398] __fput+0x283/0x920 [ 71.579677][ T8398] ? perf_event_release_kernel+0xe00/0xe00 [ 71.586131][ T8398] task_work_run+0xdd/0x190 [ 71.591037][ T8398] do_exit+0xc5c/0x2ae0 [ 71.595231][ T8398] ? mm_update_next_owner+0x7a0/0x7a0 [ 71.600910][ T8398] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.609087][ T8398] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.615360][ T8398] do_group_exit+0x125/0x310 [ 71.620060][ T8398] __x64_sys_exit_group+0x3a/0x50 [ 71.625535][ T8398] do_syscall_64+0x2d/0x70 [ 71.630140][ T8398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.636137][ T8398] RIP: 0033:0x43db29 [ 71.640896][ T8398] Code: Unable to access opcode bytes at RIP 0x43daff. [ 71.647826][ T8398] RSP: 002b:00007ffd2cdc9378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.656515][ T8398] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 71.664630][ T8398] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 71.674592][ T8398] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 71.682747][ T8398] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 71.690816][ T8398] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 71.698842][ T8398] [ 71.701164][ T8398] Allocated by task 8398: [ 71.705751][ T8398] kasan_save_stack+0x1b/0x40 [ 71.710479][ T8398] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 71.716361][ T8398] __uprobe_register+0x19c/0x850 [ 71.721295][ T8398] probe_event_enable+0x357/0xa00 [ 71.727804][ T8398] trace_uprobe_register+0x443/0x880 [ 71.733092][ T8398] perf_trace_event_init+0x549/0xa20 [ 71.738405][ T8398] perf_uprobe_init+0x16f/0x210 [ 71.743257][ T8398] perf_uprobe_event_init+0xff/0x1c0 [ 71.748531][ T8398] perf_try_init_event+0x12a/0x560 [ 71.753632][ T8398] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.759162][ T8398] __do_sys_perf_event_open+0x647/0x2e60 [ 71.764782][ T8398] do_syscall_64+0x2d/0x70 [ 71.769195][ T8398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.775097][ T8398] [ 71.777428][ T8398] Freed by task 8398: [ 71.781398][ T8398] kasan_save_stack+0x1b/0x40 [ 71.786178][ T8398] kasan_set_track+0x1c/0x30 [ 71.791314][ T8398] kasan_set_free_info+0x20/0x30 [ 71.796242][ T8398] ____kasan_slab_free.part.0+0xe1/0x110 [ 71.802145][ T8398] slab_free_freelist_hook+0x82/0x1d0 [ 71.807645][ T8398] kfree+0xe5/0x7b0 [ 71.811465][ T8398] put_uprobe+0x13b/0x190 [ 71.815785][ T8398] uprobe_apply+0xfc/0x130 [ 71.820191][ T8398] trace_uprobe_register+0x5c9/0x880 [ 71.825480][ T8398] perf_trace_event_init+0x17a/0xa20 [ 71.830751][ T8398] perf_uprobe_init+0x16f/0x210 [ 71.835589][ T8398] perf_uprobe_event_init+0xff/0x1c0 [ 71.841032][ T8398] perf_try_init_event+0x12a/0x560 [ 71.846126][ T8398] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.851688][ T8398] __do_sys_perf_event_open+0x647/0x2e60 [ 71.857321][ T8398] do_syscall_64+0x2d/0x70 [ 71.861729][ T8398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.867638][ T8398] [ 71.869957][ T8398] The buggy address belongs to the object at ffff8880219e0000 [ 71.869957][ T8398] which belongs to the cache kmalloc-512 of size 512 [ 71.884234][ T8398] The buggy address is located 360 bytes inside of [ 71.884234][ T8398] 512-byte region [ffff8880219e0000, ffff8880219e0200) [ 71.898598][ T8398] The buggy address belongs to the page: [ 71.904319][ T8398] page:00000000dea40424 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x219e0 [ 71.914486][ T8398] head:00000000dea40424 order:1 compound_mapcount:0 [ 71.921591][ T8398] flags: 0xfff00000010200(slab|head) [ 71.927716][ T8398] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888010841c80 [ 71.936904][ T8398] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 71.945753][ T8398] page dumped because: kasan: bad access detected [ 71.952143][ T8398] [ 71.954465][ T8398] Memory state around the buggy address: [ 71.960268][ T8398] ffff8880219e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.968696][ T8398] ffff8880219e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.976756][ T8398] >ffff8880219e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.984829][ T8398] ^ [ 71.992487][ T8398] ffff8880219e0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.000574][ T8398] ffff8880219e0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.008622][ T8398] ================================================================== [ 72.016857][ T8398] Disabling lock debugging due to kernel taint [ 72.023215][ T8398] Kernel panic - not syncing: panic_on_warn set ... [ 72.029999][ T8398] CPU: 1 PID: 8398 Comm: syz-executor663 Tainted: G B 5.11.0-rc6-next-20210204-syzkaller #0 [ 72.041552][ T8398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.051899][ T8398] Call Trace: [ 72.055177][ T8398] dump_stack+0x107/0x163 [ 72.059503][ T8398] ? find_uprobe+0x100/0x150 [ 72.064086][ T8398] panic+0x306/0x73d [ 72.068205][ T8398] ? __warn_printk+0xf3/0xf3 [ 72.072803][ T8398] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.078947][ T8398] ? trace_hardirqs_on+0x38/0x1c0 [ 72.084070][ T8398] ? trace_hardirqs_on+0x51/0x1c0 [ 72.089229][ T8398] ? find_uprobe+0x12c/0x150 [ 72.093816][ T8398] ? find_uprobe+0x12c/0x150 [ 72.098415][ T8398] end_report.cold+0x5a/0x5a [ 72.102991][ T8398] kasan_report.cold+0x6a/0xd8 [ 72.107736][ T8398] ? find_uprobe+0x12c/0x150 [ 72.112510][ T8398] find_uprobe+0x12c/0x150 [ 72.116910][ T8398] uprobe_apply+0x26/0x130 [ 72.121321][ T8398] uprobe_perf_close+0x41e/0x6f0 [ 72.126249][ T8398] trace_uprobe_register+0x3e7/0x880 [ 72.131535][ T8398] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.137070][ T8398] ? kfree+0x69a/0x7b0 [ 72.141483][ T8398] perf_uprobe_destroy+0x98/0x130 [ 72.146486][ T8398] ? perf_uprobe_init+0x210/0x210 [ 72.151588][ T8398] _free_event+0x2ee/0x1380 [ 72.156072][ T8398] perf_event_release_kernel+0xa24/0xe00 [ 72.161723][ T8398] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.167430][ T8398] ? __perf_event_exit_context+0x170/0x170 [ 72.173216][ T8398] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.179582][ T8398] perf_release+0x33/0x40 [ 72.183905][ T8398] __fput+0x283/0x920 [ 72.188042][ T8398] ? perf_event_release_kernel+0xe00/0xe00 [ 72.193838][ T8398] task_work_run+0xdd/0x190 [ 72.198336][ T8398] do_exit+0xc5c/0x2ae0 [ 72.202491][ T8398] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.207863][ T8398] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.214100][ T8398] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.220419][ T8398] do_group_exit+0x125/0x310 [ 72.225003][ T8398] __x64_sys_exit_group+0x3a/0x50 [ 72.230014][ T8398] do_syscall_64+0x2d/0x70 [ 72.234602][ T8398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.240496][ T8398] RIP: 0033:0x43db29 [ 72.244388][ T8398] Code: Unable to access opcode bytes at RIP 0x43daff. [ 72.251209][ T8398] RSP: 002b:00007ffd2cdc9378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.259602][ T8398] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 72.267578][ T8398] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.275537][ T8398] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.283509][ T8398] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.291491][ T8398] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.300144][ T8398] Kernel Offset: disabled [ 72.304473][ T8398] Rebooting in 86400 seconds..