Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.645549][ T36] audit: type=1804 audit(1612462367.236:2): pid=8396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor461" name="/root/bus" dev="sda1" ino=14153 res=1 errno=0 [ 69.670992][ T8396] ================================================================== [ 69.679401][ T8396] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 69.686378][ T8396] Read of size 8 at addr ffff888016cbc968 by task syz-executor461/8396 [ 69.694640][ T8396] [ 69.696959][ T8396] CPU: 0 PID: 8396 Comm: syz-executor461 Not tainted 5.11.0-rc6-next-20210204-syzkaller #0 [ 69.706957][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.717101][ T8396] Call Trace: [ 69.720574][ T8396] dump_stack+0x107/0x163 [ 69.724917][ T8396] ? find_uprobe+0x12c/0x150 [ 69.729503][ T8396] ? find_uprobe+0x12c/0x150 [ 69.734083][ T8396] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 69.741106][ T8396] ? find_uprobe+0x12c/0x150 [ 69.745709][ T8396] ? find_uprobe+0x12c/0x150 [ 69.750465][ T8396] kasan_report.cold+0x7c/0xd8 [ 69.755226][ T8396] ? find_uprobe+0x12c/0x150 [ 69.759810][ T8396] find_uprobe+0x12c/0x150 [ 69.764222][ T8396] uprobe_apply+0x26/0x130 [ 69.768638][ T8396] uprobe_perf_close+0x41e/0x6f0 [ 69.773583][ T8396] trace_uprobe_register+0x3e7/0x880 [ 69.778882][ T8396] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.784440][ T8396] ? kfree+0x69a/0x7b0 [ 69.788517][ T8396] perf_uprobe_destroy+0x98/0x130 [ 69.793550][ T8396] ? perf_uprobe_init+0x210/0x210 [ 69.798577][ T8396] _free_event+0x2ee/0x1380 [ 69.803107][ T8396] perf_event_release_kernel+0xa24/0xe00 [ 69.808782][ T8396] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.814086][ T8396] ? __perf_event_exit_context+0x170/0x170 [ 69.820008][ T8396] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.826293][ T8396] perf_release+0x33/0x40 [ 69.830626][ T8396] __fput+0x283/0x920 [ 69.834627][ T8396] ? perf_event_release_kernel+0xe00/0xe00 [ 69.840441][ T8396] task_work_run+0xdd/0x190 [ 69.845048][ T8396] do_exit+0xc5c/0x2ae0 [ 69.849231][ T8396] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.854619][ T8396] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.860855][ T8396] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.867112][ T8396] do_group_exit+0x125/0x310 [ 69.871823][ T8396] __x64_sys_exit_group+0x3a/0x50 [ 69.876847][ T8396] do_syscall_64+0x2d/0x70 [ 69.881259][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.887152][ T8396] RIP: 0033:0x43db29 [ 69.891055][ T8396] Code: Unable to access opcode bytes at RIP 0x43daff. [ 69.897989][ T8396] RSP: 002b:00007ffc68b7b858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.906399][ T8396] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 69.914366][ T8396] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.922332][ T8396] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 69.930500][ T8396] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 69.938465][ T8396] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.946458][ T8396] [ 69.948774][ T8396] Allocated by task 8396: [ 69.953092][ T8396] kasan_save_stack+0x1b/0x40 [ 69.957762][ T8396] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 69.963561][ T8396] __uprobe_register+0x19c/0x850 [ 69.968506][ T8396] probe_event_enable+0x357/0xa00 [ 69.973530][ T8396] trace_uprobe_register+0x443/0x880 [ 69.978831][ T8396] perf_trace_event_init+0x549/0xa20 [ 69.984113][ T8396] perf_uprobe_init+0x16f/0x210 [ 69.988950][ T8396] perf_uprobe_event_init+0xff/0x1c0 [ 69.994250][ T8396] perf_try_init_event+0x12a/0x560 [ 69.999349][ T8396] perf_event_alloc.part.0+0xe3b/0x3960 [ 70.004883][ T8396] __do_sys_perf_event_open+0x647/0x2e60 [ 70.010516][ T8396] do_syscall_64+0x2d/0x70 [ 70.014922][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.020804][ T8396] [ 70.023127][ T8396] Freed by task 8396: [ 70.027086][ T8396] kasan_save_stack+0x1b/0x40 [ 70.031907][ T8396] kasan_set_track+0x1c/0x30 [ 70.037832][ T8396] kasan_set_free_info+0x20/0x30 [ 70.042764][ T8396] ____kasan_slab_free.part.0+0xe1/0x110 [ 70.048390][ T8396] slab_free_freelist_hook+0x82/0x1d0 [ 70.053786][ T8396] kfree+0xe5/0x7b0 [ 70.057596][ T8396] put_uprobe+0x13b/0x190 [ 70.061914][ T8396] uprobe_apply+0xfc/0x130 [ 70.066325][ T8396] trace_uprobe_register+0x5c9/0x880 [ 70.071610][ T8396] perf_trace_event_init+0x17a/0xa20 [ 70.076901][ T8396] perf_uprobe_init+0x16f/0x210 [ 70.081855][ T8396] perf_uprobe_event_init+0xff/0x1c0 [ 70.087135][ T8396] perf_try_init_event+0x12a/0x560 [ 70.092270][ T8396] perf_event_alloc.part.0+0xe3b/0x3960 [ 70.097820][ T8396] __do_sys_perf_event_open+0x647/0x2e60 [ 70.103484][ T8396] do_syscall_64+0x2d/0x70 [ 70.107912][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.113827][ T8396] [ 70.116270][ T8396] The buggy address belongs to the object at ffff888016cbc800 [ 70.116270][ T8396] which belongs to the cache kmalloc-512 of size 512 [ 70.130339][ T8396] The buggy address is located 360 bytes inside of [ 70.130339][ T8396] 512-byte region [ffff888016cbc800, ffff888016cbca00) [ 70.143628][ T8396] The buggy address belongs to the page: [ 70.149250][ T8396] page:000000000733a661 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16cbc [ 70.159396][ T8396] head:000000000733a661 order:1 compound_mapcount:0 [ 70.166102][ T8396] flags: 0xfff00000010200(slab|head) [ 70.171394][ T8396] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888010841c80 [ 70.180025][ T8396] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 70.188622][ T8396] page dumped because: kasan: bad access detected [ 70.195036][ T8396] [ 70.197344][ T8396] Memory state around the buggy address: [ 70.202961][ T8396] ffff888016cbc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.211015][ T8396] ffff888016cbc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.219084][ T8396] >ffff888016cbc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.227172][ T8396] ^ [ 70.234630][ T8396] ffff888016cbc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.242686][ T8396] ffff888016cbca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.250753][ T8396] ================================================================== [ 70.258820][ T8396] Disabling lock debugging due to kernel taint [ 70.265216][ T8396] Kernel panic - not syncing: panic_on_warn set ... [ 70.271814][ T8396] CPU: 0 PID: 8396 Comm: syz-executor461 Tainted: G B 5.11.0-rc6-next-20210204-syzkaller #0 [ 70.283198][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.293265][ T8396] Call Trace: [ 70.296552][ T8396] dump_stack+0x107/0x163 [ 70.300906][ T8396] ? find_uprobe+0x100/0x150 [ 70.305577][ T8396] panic+0x306/0x73d [ 70.309462][ T8396] ? __warn_printk+0xf3/0xf3 [ 70.314054][ T8396] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 70.320212][ T8396] ? trace_hardirqs_on+0x38/0x1c0 [ 70.325226][ T8396] ? trace_hardirqs_on+0x51/0x1c0 [ 70.330236][ T8396] ? find_uprobe+0x12c/0x150 [ 70.334832][ T8396] ? find_uprobe+0x12c/0x150 [ 70.339409][ T8396] end_report.cold+0x5a/0x5a [ 70.343998][ T8396] kasan_report.cold+0x6a/0xd8 [ 70.348752][ T8396] ? find_uprobe+0x12c/0x150 [ 70.353330][ T8396] find_uprobe+0x12c/0x150 [ 70.357743][ T8396] uprobe_apply+0x26/0x130 [ 70.362161][ T8396] uprobe_perf_close+0x41e/0x6f0 [ 70.367092][ T8396] trace_uprobe_register+0x3e7/0x880 [ 70.372395][ T8396] ? rcu_read_lock_sched_held+0x3a/0x70 [ 70.377961][ T8396] ? kfree+0x69a/0x7b0 [ 70.382029][ T8396] perf_uprobe_destroy+0x98/0x130 [ 70.387053][ T8396] ? perf_uprobe_init+0x210/0x210 [ 70.392084][ T8396] _free_event+0x2ee/0x1380 [ 70.396598][ T8396] perf_event_release_kernel+0xa24/0xe00 [ 70.402246][ T8396] ? fsnotify_first_mark+0x1f0/0x1f0 [ 70.407547][ T8396] ? __perf_event_exit_context+0x170/0x170 [ 70.413345][ T8396] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 70.419587][ T8396] perf_release+0x33/0x40 [ 70.423925][ T8396] __fput+0x283/0x920 [ 70.427913][ T8396] ? perf_event_release_kernel+0xe00/0xe00 [ 70.433871][ T8396] task_work_run+0xdd/0x190 [ 70.438473][ T8396] do_exit+0xc5c/0x2ae0 [ 70.442631][ T8396] ? mm_update_next_owner+0x7a0/0x7a0 [ 70.447991][ T8396] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 70.454231][ T8396] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.460460][ T8396] do_group_exit+0x125/0x310 [ 70.465052][ T8396] __x64_sys_exit_group+0x3a/0x50 [ 70.470060][ T8396] do_syscall_64+0x2d/0x70 [ 70.474459][ T8396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.480353][ T8396] RIP: 0033:0x43db29 [ 70.484228][ T8396] Code: Unable to access opcode bytes at RIP 0x43daff. [ 70.491050][ T8396] RSP: 002b:00007ffc68b7b858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 70.499459][ T8396] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 70.507430][ T8396] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 70.515391][ T8396] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 70.523451][ T8396] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 70.531412][ T8396] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 70.539909][ T8396] Kernel Offset: disabled [ 70.544242][ T8396] Rebooting in 86400 seconds..