Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.242002][ T8399] ================================================================== [ 72.252321][ T8399] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 72.261016][ T8399] Read of size 8 at addr ffff88801862f168 by task syz-executor971/8399 [ 72.270907][ T8399] [ 72.273542][ T8399] CPU: 0 PID: 8399 Comm: syz-executor971 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.286028][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.298942][ T8399] Call Trace: [ 72.302489][ T8399] dump_stack+0x107/0x163 [ 72.307691][ T8399] ? find_uprobe+0x12c/0x150 [ 72.312829][ T8399] ? find_uprobe+0x12c/0x150 [ 72.317659][ T8399] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.325407][ T8399] ? find_uprobe+0x12c/0x150 [ 72.330212][ T8399] ? find_uprobe+0x12c/0x150 [ 72.336174][ T8399] kasan_report.cold+0x7c/0xd8 [ 72.341815][ T8399] ? find_uprobe+0x12c/0x150 [ 72.347185][ T8399] find_uprobe+0x12c/0x150 [ 72.352897][ T8399] uprobe_unregister+0x1e/0x70 [ 72.358453][ T8399] __probe_event_disable+0x11e/0x240 [ 72.365212][ T8399] probe_event_disable+0x155/0x1c0 [ 72.370897][ T8399] trace_uprobe_register+0x45a/0x880 [ 72.376946][ T8399] ? trace_uprobe_register+0x3ef/0x880 [ 72.383557][ T8399] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.389389][ T8399] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.397018][ T8399] perf_uprobe_destroy+0xbb/0x130 [ 72.402802][ T8399] ? perf_uprobe_init+0x210/0x210 [ 72.410665][ T8399] _free_event+0x2ee/0x1380 [ 72.416438][ T8399] perf_event_release_kernel+0xa24/0xe00 [ 72.423752][ T8399] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.429543][ T8399] ? __perf_event_exit_context+0x170/0x170 [ 72.437101][ T8399] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.446450][ T8399] perf_release+0x33/0x40 [ 72.451634][ T8399] __fput+0x283/0x920 [ 72.456083][ T8399] ? perf_event_release_kernel+0xe00/0xe00 [ 72.464098][ T8399] task_work_run+0xdd/0x190 [ 72.470179][ T8399] do_exit+0xc5c/0x2ae0 [ 72.475128][ T8399] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.481000][ T8399] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.489099][ T8399] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.495626][ T8399] do_group_exit+0x125/0x310 [ 72.501343][ T8399] __x64_sys_exit_group+0x3a/0x50 [ 72.506635][ T8399] do_syscall_64+0x2d/0x70 [ 72.511777][ T8399] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.518690][ T8399] RIP: 0033:0x43daf9 [ 72.523357][ T8399] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 72.532618][ T8399] RSP: 002b:00007ffe81d80958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.543730][ T8399] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 72.553669][ T8399] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.562601][ T8399] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.573091][ T8399] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.583226][ T8399] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.592479][ T8399] [ 72.594888][ T8399] Allocated by task 8399: [ 72.599830][ T8399] kasan_save_stack+0x1b/0x40 [ 72.607343][ T8399] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 72.615037][ T8399] __uprobe_register+0x19c/0x850 [ 72.622397][ T8399] probe_event_enable+0x357/0xa00 [ 72.629256][ T8399] trace_uprobe_register+0x443/0x880 [ 72.636425][ T8399] perf_trace_event_init+0x549/0xa20 [ 72.643561][ T8399] perf_uprobe_init+0x16f/0x210 [ 72.650138][ T8399] perf_uprobe_event_init+0xff/0x1c0 [ 72.656167][ T8399] perf_try_init_event+0x12a/0x560 [ 72.662518][ T8399] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.668954][ T8399] __do_sys_perf_event_open+0x647/0x2e60 [ 72.675405][ T8399] do_syscall_64+0x2d/0x70 [ 72.680431][ T8399] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.687879][ T8399] [ 72.690286][ T8399] Freed by task 8399: [ 72.694821][ T8399] kasan_save_stack+0x1b/0x40 [ 72.700421][ T8399] kasan_set_track+0x1c/0x30 [ 72.705805][ T8399] kasan_set_free_info+0x20/0x30 [ 72.711759][ T8399] ____kasan_slab_free.part.0+0xe1/0x110 [ 72.720130][ T8399] slab_free_freelist_hook+0x82/0x1d0 [ 72.726454][ T8399] kfree+0xe5/0x7b0 [ 72.730905][ T8399] put_uprobe+0x13b/0x190 [ 72.736746][ T8399] uprobe_apply+0xfc/0x130 [ 72.742413][ T8399] trace_uprobe_register+0x5c9/0x880 [ 72.749544][ T8399] perf_trace_event_init+0x17a/0xa20 [ 72.754999][ T8399] perf_uprobe_init+0x16f/0x210 [ 72.761689][ T8399] perf_uprobe_event_init+0xff/0x1c0 [ 72.767942][ T8399] perf_try_init_event+0x12a/0x560 [ 72.774351][ T8399] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.780619][ T8399] __do_sys_perf_event_open+0x647/0x2e60 [ 72.786353][ T8399] do_syscall_64+0x2d/0x70 [ 72.791062][ T8399] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.797782][ T8399] [ 72.800282][ T8399] The buggy address belongs to the object at ffff88801862f000 [ 72.800282][ T8399] which belongs to the cache kmalloc-512 of size 512 [ 72.815568][ T8399] The buggy address is located 360 bytes inside of [ 72.815568][ T8399] 512-byte region [ffff88801862f000, ffff88801862f200) [ 72.829813][ T8399] The buggy address belongs to the page: [ 72.835998][ T8399] page:00000000ae707f15 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1862e [ 72.846956][ T8399] head:00000000ae707f15 order:1 compound_mapcount:0 [ 72.854059][ T8399] flags: 0xfff00000010200(slab|head) [ 72.860064][ T8399] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 72.869218][ T8399] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 72.878210][ T8399] page dumped because: kasan: bad access detected [ 72.885404][ T8399] [ 72.887903][ T8399] Memory state around the buggy address: [ 72.893727][ T8399] ffff88801862f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.902160][ T8399] ffff88801862f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.910767][ T8399] >ffff88801862f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.919455][ T8399] ^ [ 72.927816][ T8399] ffff88801862f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.936612][ T8399] ffff88801862f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.944934][ T8399] ================================================================== [ 72.954044][ T8399] Disabling lock debugging due to kernel taint [ 72.961504][ T8399] Kernel panic - not syncing: panic_on_warn set ... [ 72.968488][ T8399] CPU: 0 PID: 8399 Comm: syz-executor971 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.980739][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.991765][ T8399] Call Trace: [ 72.995252][ T8399] dump_stack+0x107/0x163 [ 73.000467][ T8399] ? find_uprobe+0x90/0x150 [ 73.006392][ T8399] panic+0x306/0x73d [ 73.011160][ T8399] ? __warn_printk+0xf3/0xf3 [ 73.016543][ T8399] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 73.024493][ T8399] ? trace_hardirqs_on+0x38/0x1c0 [ 73.030536][ T8399] ? trace_hardirqs_on+0x51/0x1c0 [ 73.036393][ T8399] ? find_uprobe+0x12c/0x150 [ 73.041974][ T8399] ? find_uprobe+0x12c/0x150 [ 73.046836][ T8399] end_report.cold+0x5a/0x5a [ 73.052396][ T8399] kasan_report.cold+0x6a/0xd8 [ 73.057589][ T8399] ? find_uprobe+0x12c/0x150 [ 73.062633][ T8399] find_uprobe+0x12c/0x150 [ 73.067562][ T8399] uprobe_unregister+0x1e/0x70 [ 73.072482][ T8399] __probe_event_disable+0x11e/0x240 [ 73.077923][ T8399] probe_event_disable+0x155/0x1c0 [ 73.083427][ T8399] trace_uprobe_register+0x45a/0x880 [ 73.089313][ T8399] ? trace_uprobe_register+0x3ef/0x880 [ 73.095557][ T8399] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.101589][ T8399] perf_trace_event_unreg.isra.0+0xac/0x250 [ 73.109712][ T8399] perf_uprobe_destroy+0xbb/0x130 [ 73.115260][ T8399] ? perf_uprobe_init+0x210/0x210 [ 73.121074][ T8399] _free_event+0x2ee/0x1380 [ 73.126555][ T8399] perf_event_release_kernel+0xa24/0xe00 [ 73.132947][ T8399] ? fsnotify_first_mark+0x1f0/0x1f0 [ 73.139033][ T8399] ? __perf_event_exit_context+0x170/0x170 [ 73.145702][ T8399] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.152919][ T8399] perf_release+0x33/0x40 [ 73.157946][ T8399] __fput+0x283/0x920 [ 73.163277][ T8399] ? perf_event_release_kernel+0xe00/0xe00 [ 73.169357][ T8399] task_work_run+0xdd/0x190 [ 73.174710][ T8399] do_exit+0xc5c/0x2ae0 [ 73.179234][ T8399] ? mm_update_next_owner+0x7a0/0x7a0 [ 73.186899][ T8399] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.194847][ T8399] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.202184][ T8399] do_group_exit+0x125/0x310 [ 73.207629][ T8399] __x64_sys_exit_group+0x3a/0x50 [ 73.213060][ T8399] do_syscall_64+0x2d/0x70 [ 73.218292][ T8399] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.224533][ T8399] RIP: 0033:0x43daf9 [ 73.228759][ T8399] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 73.236315][ T8399] RSP: 002b:00007ffe81d80958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.246198][ T8399] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 73.254670][ T8399] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 73.263274][ T8399] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 73.271650][ T8399] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 73.280293][ T8399] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 73.290654][ T8399] Kernel Offset: disabled [ 73.295506][ T8399] Rebooting in 86400 seconds..