Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.488358][ T36] audit: type=1804 audit(1612498461.152:2): pid=8413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor398" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 68.514732][ T8413] ================================================================== [ 68.523523][ T8413] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 68.530474][ T8413] Read of size 8 at addr ffff888017443568 by task syz-executor398/8413 [ 68.538716][ T8413] [ 68.541064][ T8413] CPU: 0 PID: 8413 Comm: syz-executor398 Not tainted 5.11.0-rc6-next-20210204-syzkaller #0 [ 68.551157][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.561214][ T8413] Call Trace: [ 68.564488][ T8413] dump_stack+0x107/0x163 [ 68.568828][ T8413] ? find_uprobe+0x12c/0x150 [ 68.573420][ T8413] ? find_uprobe+0x12c/0x150 [ 68.578028][ T8413] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 68.585069][ T8413] ? find_uprobe+0x12c/0x150 [ 68.589664][ T8413] ? find_uprobe+0x12c/0x150 [ 68.594261][ T8413] kasan_report.cold+0x7c/0xd8 [ 68.599017][ T8413] ? find_uprobe+0x12c/0x150 [ 68.603601][ T8413] find_uprobe+0x12c/0x150 [ 68.608015][ T8413] uprobe_unregister+0x1e/0x70 [ 68.612788][ T8413] __probe_event_disable+0x11e/0x240 [ 68.618080][ T8413] probe_event_disable+0x155/0x1c0 [ 68.623199][ T8413] trace_uprobe_register+0x45a/0x880 [ 68.628491][ T8413] ? trace_uprobe_register+0x3ef/0x880 [ 68.633941][ T8413] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.639485][ T8413] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.645401][ T8413] perf_uprobe_destroy+0xbb/0x130 [ 68.650446][ T8413] ? perf_uprobe_init+0x210/0x210 [ 68.655487][ T8413] _free_event+0x2ee/0x1380 [ 68.659989][ T8413] perf_event_release_kernel+0xa24/0xe00 [ 68.665616][ T8413] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.670905][ T8413] ? __perf_event_exit_context+0x170/0x170 [ 68.676735][ T8413] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.682997][ T8413] perf_release+0x33/0x40 [ 68.688024][ T8413] __fput+0x283/0x920 [ 68.692017][ T8413] ? perf_event_release_kernel+0xe00/0xe00 [ 68.697827][ T8413] task_work_run+0xdd/0x190 [ 68.702331][ T8413] do_exit+0xc5c/0x2ae0 [ 68.706503][ T8413] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.711886][ T8413] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.718123][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.724365][ T8413] do_group_exit+0x125/0x310 [ 68.728949][ T8413] __x64_sys_exit_group+0x3a/0x50 [ 68.733967][ T8413] do_syscall_64+0x2d/0x70 [ 68.738375][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.744272][ T8413] RIP: 0033:0x43db19 [ 68.748157][ T8413] Code: Unable to access opcode bytes at RIP 0x43daef. [ 68.754989][ T8413] RSP: 002b:00007ffc46673758 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.763399][ T8413] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db19 [ 68.771365][ T8413] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 68.779330][ T8413] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 68.787296][ T8413] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 68.795271][ T8413] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 68.803244][ T8413] [ 68.805556][ T8413] Allocated by task 8413: [ 68.809870][ T8413] kasan_save_stack+0x1b/0x40 [ 68.814563][ T8413] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 68.820368][ T8413] __uprobe_register+0x19c/0x850 [ 68.825326][ T8413] probe_event_enable+0x357/0xa00 [ 68.830353][ T8413] trace_uprobe_register+0x443/0x880 [ 68.835634][ T8413] perf_trace_event_init+0x549/0xa20 [ 68.840921][ T8413] perf_uprobe_init+0x16f/0x210 [ 68.845760][ T8413] perf_uprobe_event_init+0xff/0x1c0 [ 68.851039][ T8413] perf_try_init_event+0x12a/0x560 [ 68.856140][ T8413] perf_event_alloc.part.0+0xe3b/0x3960 [ 68.861678][ T8413] __do_sys_perf_event_open+0x647/0x2e60 [ 68.867299][ T8413] do_syscall_64+0x2d/0x70 [ 68.871709][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.877594][ T8413] [ 68.879903][ T8413] Freed by task 8413: [ 68.883869][ T8413] kasan_save_stack+0x1b/0x40 [ 68.888663][ T8413] kasan_set_track+0x1c/0x30 [ 68.893266][ T8413] kasan_set_free_info+0x20/0x30 [ 68.898284][ T8413] ____kasan_slab_free.part.0+0xe1/0x110 [ 68.903912][ T8413] slab_free_freelist_hook+0x82/0x1d0 [ 68.909287][ T8413] kfree+0xe5/0x7b0 [ 68.913105][ T8413] put_uprobe+0x13b/0x190 [ 68.917431][ T8413] uprobe_apply+0xfc/0x130 [ 68.921850][ T8413] trace_uprobe_register+0x5c9/0x880 [ 68.927146][ T8413] perf_trace_event_init+0x17a/0xa20 [ 68.932425][ T8413] perf_uprobe_init+0x16f/0x210 [ 68.937273][ T8413] perf_uprobe_event_init+0xff/0x1c0 [ 68.942545][ T8413] perf_try_init_event+0x12a/0x560 [ 68.947644][ T8413] perf_event_alloc.part.0+0xe3b/0x3960 [ 68.953177][ T8413] __do_sys_perf_event_open+0x647/0x2e60 [ 68.958886][ T8413] do_syscall_64+0x2d/0x70 [ 68.963398][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.969729][ T8413] [ 68.972040][ T8413] The buggy address belongs to the object at ffff888017443400 [ 68.972040][ T8413] which belongs to the cache kmalloc-512 of size 512 [ 68.986249][ T8413] The buggy address is located 360 bytes inside of [ 68.986249][ T8413] 512-byte region [ffff888017443400, ffff888017443600) [ 68.999534][ T8413] The buggy address belongs to the page: [ 69.005154][ T8413] page:000000001a625acd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17442 [ 69.015305][ T8413] head:000000001a625acd order:1 compound_mapcount:0 [ 69.021895][ T8413] flags: 0xfff00000010200(slab|head) [ 69.027179][ T8413] raw: 00fff00000010200 ffffea00005a6f00 0000000600000006 ffff888010841c80 [ 69.035776][ T8413] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 69.044350][ T8413] page dumped because: kasan: bad access detected [ 69.050764][ T8413] [ 69.053109][ T8413] Memory state around the buggy address: [ 69.058747][ T8413] ffff888017443400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.066805][ T8413] ffff888017443480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.074980][ T8413] >ffff888017443500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.083047][ T8413] ^ [ 69.090517][ T8413] ffff888017443580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.098596][ T8413] ffff888017443600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.106651][ T8413] ================================================================== [ 69.114704][ T8413] Disabling lock debugging due to kernel taint [ 69.121153][ T8413] Kernel panic - not syncing: panic_on_warn set ... [ 69.127754][ T8413] CPU: 0 PID: 8413 Comm: syz-executor398 Tainted: G B 5.11.0-rc6-next-20210204-syzkaller #0 [ 69.139151][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.151041][ T8413] Call Trace: [ 69.154323][ T8413] dump_stack+0x107/0x163 [ 69.158660][ T8413] ? find_uprobe+0x100/0x150 [ 69.163248][ T8413] panic+0x306/0x73d [ 69.167130][ T8413] ? __warn_printk+0xf3/0xf3 [ 69.171719][ T8413] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.177866][ T8413] ? trace_hardirqs_on+0x38/0x1c0 [ 69.182899][ T8413] ? trace_hardirqs_on+0x51/0x1c0 [ 69.187914][ T8413] ? find_uprobe+0x12c/0x150 [ 69.192495][ T8413] ? find_uprobe+0x12c/0x150 [ 69.197085][ T8413] end_report.cold+0x5a/0x5a [ 69.201686][ T8413] kasan_report.cold+0x6a/0xd8 [ 69.206439][ T8413] ? find_uprobe+0x12c/0x150 [ 69.211020][ T8413] find_uprobe+0x12c/0x150 [ 69.215429][ T8413] uprobe_unregister+0x1e/0x70 [ 69.220221][ T8413] __probe_event_disable+0x11e/0x240 [ 69.225598][ T8413] probe_event_disable+0x155/0x1c0 [ 69.230715][ T8413] trace_uprobe_register+0x45a/0x880 [ 69.235999][ T8413] ? trace_uprobe_register+0x3ef/0x880 [ 69.241469][ T8413] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.247580][ T8413] perf_trace_event_unreg.isra.0+0xac/0x250 [ 69.253478][ T8413] perf_uprobe_destroy+0xbb/0x130 [ 69.258587][ T8413] ? perf_uprobe_init+0x210/0x210 [ 69.263601][ T8413] _free_event+0x2ee/0x1380 [ 69.268092][ T8413] perf_event_release_kernel+0xa24/0xe00 [ 69.273711][ T8413] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.278998][ T8413] ? __perf_event_exit_context+0x170/0x170 [ 69.284807][ T8413] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.291040][ T8413] perf_release+0x33/0x40 [ 69.295401][ T8413] __fput+0x283/0x920 [ 69.299382][ T8413] ? perf_event_release_kernel+0xe00/0xe00 [ 69.305177][ T8413] task_work_run+0xdd/0x190 [ 69.312295][ T8413] do_exit+0xc5c/0x2ae0 [ 69.316463][ T8413] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.321823][ T8413] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.328056][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.334384][ T8413] do_group_exit+0x125/0x310 [ 69.338991][ T8413] __x64_sys_exit_group+0x3a/0x50 [ 69.344023][ T8413] do_syscall_64+0x2d/0x70 [ 69.348436][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.354319][ T8413] RIP: 0033:0x43db19 [ 69.358214][ T8413] Code: Unable to access opcode bytes at RIP 0x43daef. [ 69.365042][ T8413] RSP: 002b:00007ffc46673758 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.373440][ T8413] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db19 [ 69.384099][ T8413] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.392167][ T8413] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 69.401169][ T8413] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 69.409154][ T8413] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.417743][ T8413] Kernel Offset: disabled [ 69.422068][ T8413] Rebooting in 86400 seconds..