Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 77.582617][ T8408] ================================================================== [ 77.592018][ T8408] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 77.599531][ T8408] Read of size 8 at addr ffff888011ecf568 by task syz-executor638/8408 [ 77.608373][ T8408] [ 77.611026][ T8408] CPU: 1 PID: 8408 Comm: syz-executor638 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 77.621141][ T8408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.631559][ T8408] Call Trace: [ 77.634881][ T8408] dump_stack+0x107/0x163 [ 77.639340][ T8408] ? find_uprobe+0x12c/0x150 [ 77.644232][ T8408] ? find_uprobe+0x12c/0x150 [ 77.649350][ T8408] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 77.657434][ T8408] ? find_uprobe+0x12c/0x150 [ 77.662067][ T8408] ? find_uprobe+0x12c/0x150 [ 77.666718][ T8408] kasan_report.cold+0x7c/0xd8 [ 77.671553][ T8408] ? find_uprobe+0x12c/0x150 [ 77.676514][ T8408] find_uprobe+0x12c/0x150 [ 77.680962][ T8408] uprobe_unregister+0x1e/0x70 [ 77.685850][ T8408] __probe_event_disable+0x11e/0x240 [ 77.691523][ T8408] probe_event_disable+0x155/0x1c0 [ 77.696773][ T8408] trace_uprobe_register+0x45a/0x880 [ 77.702112][ T8408] ? trace_uprobe_register+0x3ef/0x880 [ 77.707952][ T8408] ? rcu_read_lock_sched_held+0x3a/0x70 [ 77.713737][ T8408] perf_trace_event_unreg.isra.0+0xac/0x250 [ 77.719670][ T8408] perf_uprobe_destroy+0xbb/0x130 [ 77.724978][ T8408] ? perf_uprobe_init+0x210/0x210 [ 77.730260][ T8408] _free_event+0x2ee/0x1380 [ 77.735398][ T8408] perf_event_release_kernel+0xa24/0xe00 [ 77.741067][ T8408] ? fsnotify_first_mark+0x1f0/0x1f0 [ 77.747032][ T8408] ? __perf_event_exit_context+0x170/0x170 [ 77.752871][ T8408] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 77.759331][ T8408] perf_release+0x33/0x40 [ 77.764112][ T8408] __fput+0x283/0x920 [ 77.768901][ T8408] ? perf_event_release_kernel+0xe00/0xe00 [ 77.774744][ T8408] task_work_run+0xdd/0x190 [ 77.779493][ T8408] do_exit+0xc5c/0x2ae0 [ 77.783803][ T8408] ? mm_update_next_owner+0x7a0/0x7a0 [ 77.789755][ T8408] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 77.796318][ T8408] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.802808][ T8408] do_group_exit+0x125/0x310 [ 77.807973][ T8408] __x64_sys_exit_group+0x3a/0x50 [ 77.813034][ T8408] do_syscall_64+0x2d/0x70 [ 77.817469][ T8408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.823396][ T8408] RIP: 0033:0x43daf9 [ 77.827388][ T8408] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 77.834324][ T8408] RSP: 002b:00007ffca977d308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 77.843035][ T8408] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 77.851135][ T8408] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 77.859467][ T8408] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 77.867611][ T8408] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 77.875624][ T8408] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 77.883818][ T8408] [ 77.886166][ T8408] Allocated by task 8408: [ 77.890509][ T8408] kasan_save_stack+0x1b/0x40 [ 77.895470][ T8408] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 77.901304][ T8408] __uprobe_register+0x19c/0x850 [ 77.906420][ T8408] probe_event_enable+0x357/0xa00 [ 77.911604][ T8408] trace_uprobe_register+0x443/0x880 [ 77.917011][ T8408] perf_trace_event_init+0x549/0xa20 [ 77.922315][ T8408] perf_uprobe_init+0x16f/0x210 [ 77.927175][ T8408] perf_uprobe_event_init+0xff/0x1c0 [ 77.932490][ T8408] perf_try_init_event+0x12a/0x560 [ 77.937666][ T8408] perf_event_alloc.part.0+0xe3b/0x3960 [ 77.943239][ T8408] __do_sys_perf_event_open+0x647/0x2e60 [ 77.948892][ T8408] do_syscall_64+0x2d/0x70 [ 77.953332][ T8408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.959303][ T8408] [ 77.961624][ T8408] Freed by task 8408: [ 77.965658][ T8408] kasan_save_stack+0x1b/0x40 [ 77.970356][ T8408] kasan_set_track+0x1c/0x30 [ 77.974959][ T8408] kasan_set_free_info+0x20/0x30 [ 77.979926][ T8408] ____kasan_slab_free.part.0+0xe1/0x110 [ 77.985605][ T8408] slab_free_freelist_hook+0x82/0x1d0 [ 77.991085][ T8408] kfree+0xe5/0x7b0 [ 77.995032][ T8408] put_uprobe+0x13b/0x190 [ 77.999702][ T8408] uprobe_apply+0xfc/0x130 [ 78.004817][ T8408] trace_uprobe_register+0x5c9/0x880 [ 78.011487][ T8408] perf_trace_event_init+0x17a/0xa20 [ 78.017281][ T8408] perf_uprobe_init+0x16f/0x210 [ 78.022310][ T8408] perf_uprobe_event_init+0xff/0x1c0 [ 78.027636][ T8408] perf_try_init_event+0x12a/0x560 [ 78.032857][ T8408] perf_event_alloc.part.0+0xe3b/0x3960 [ 78.038668][ T8408] __do_sys_perf_event_open+0x647/0x2e60 [ 78.044348][ T8408] do_syscall_64+0x2d/0x70 [ 78.048783][ T8408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.055867][ T8408] [ 78.058336][ T8408] The buggy address belongs to the object at ffff888011ecf400 [ 78.058336][ T8408] which belongs to the cache kmalloc-512 of size 512 [ 78.072601][ T8408] The buggy address is located 360 bytes inside of [ 78.072601][ T8408] 512-byte region [ffff888011ecf400, ffff888011ecf600) [ 78.085897][ T8408] The buggy address belongs to the page: [ 78.091543][ T8408] page:000000006370ddee refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ece [ 78.101751][ T8408] head:000000006370ddee order:1 compound_mapcount:0 [ 78.108342][ T8408] flags: 0xfff00000010200(slab|head) [ 78.113639][ T8408] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 78.122632][ T8408] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 78.132357][ T8408] page dumped because: kasan: bad access detected [ 78.139282][ T8408] [ 78.141790][ T8408] Memory state around the buggy address: [ 78.147919][ T8408] ffff888011ecf400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.156097][ T8408] ffff888011ecf480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.164247][ T8408] >ffff888011ecf500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.173102][ T8408] ^ [ 78.181784][ T8408] ffff888011ecf580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.189867][ T8408] ffff888011ecf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.199101][ T8408] ================================================================== [ 78.207526][ T8408] Disabling lock debugging due to kernel taint [ 78.214821][ T8408] Kernel panic - not syncing: panic_on_warn set ... [ 78.222331][ T8408] CPU: 1 PID: 8408 Comm: syz-executor638 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 78.233865][ T8408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.244053][ T8408] Call Trace: [ 78.247379][ T8408] dump_stack+0x107/0x163 [ 78.251852][ T8408] ? find_uprobe+0x90/0x150 [ 78.256385][ T8408] panic+0x306/0x73d [ 78.260384][ T8408] ? __warn_printk+0xf3/0xf3 [ 78.265008][ T8408] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 78.271175][ T8408] ? trace_hardirqs_on+0x38/0x1c0 [ 78.276243][ T8408] ? trace_hardirqs_on+0x51/0x1c0 [ 78.281330][ T8408] ? find_uprobe+0x12c/0x150 [ 78.285934][ T8408] ? find_uprobe+0x12c/0x150 [ 78.290609][ T8408] end_report.cold+0x5a/0x5a [ 78.295222][ T8408] kasan_report.cold+0x6a/0xd8 [ 78.300271][ T8408] ? find_uprobe+0x12c/0x150 [ 78.304913][ T8408] find_uprobe+0x12c/0x150 [ 78.310135][ T8408] uprobe_unregister+0x1e/0x70 [ 78.314927][ T8408] __probe_event_disable+0x11e/0x240 [ 78.320277][ T8408] probe_event_disable+0x155/0x1c0 [ 78.325611][ T8408] trace_uprobe_register+0x45a/0x880 [ 78.331059][ T8408] ? trace_uprobe_register+0x3ef/0x880 [ 78.336564][ T8408] ? rcu_read_lock_sched_held+0x3a/0x70 [ 78.342127][ T8408] perf_trace_event_unreg.isra.0+0xac/0x250 [ 78.348051][ T8408] perf_uprobe_destroy+0xbb/0x130 [ 78.353072][ T8408] ? perf_uprobe_init+0x210/0x210 [ 78.358083][ T8408] _free_event+0x2ee/0x1380 [ 78.362589][ T8408] perf_event_release_kernel+0xa24/0xe00 [ 78.368228][ T8408] ? fsnotify_first_mark+0x1f0/0x1f0 [ 78.373590][ T8408] ? __perf_event_exit_context+0x170/0x170 [ 78.379490][ T8408] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 78.385745][ T8408] perf_release+0x33/0x40 [ 78.390072][ T8408] __fput+0x283/0x920 [ 78.394040][ T8408] ? perf_event_release_kernel+0xe00/0xe00 [ 78.399841][ T8408] task_work_run+0xdd/0x190 [ 78.404343][ T8408] do_exit+0xc5c/0x2ae0 [ 78.409630][ T8408] ? mm_update_next_owner+0x7a0/0x7a0 [ 78.414999][ T8408] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.421234][ T8408] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.427485][ T8408] do_group_exit+0x125/0x310 [ 78.432067][ T8408] __x64_sys_exit_group+0x3a/0x50 [ 78.437182][ T8408] do_syscall_64+0x2d/0x70 [ 78.441584][ T8408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.447513][ T8408] RIP: 0033:0x43daf9 [ 78.451411][ T8408] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 78.458248][ T8408] RSP: 002b:00007ffca977d308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 78.466664][ T8408] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 78.474629][ T8408] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 78.482594][ T8408] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 78.490577][ T8408] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 78.498578][ T8408] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 78.507291][ T8408] Kernel Offset: disabled [ 78.511613][ T8408] Rebooting in 86400 seconds..