Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.820130][ T8401] ================================================================== [ 68.828368][ T8401] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 68.835329][ T8401] Read of size 8 at addr ffff888017fe6168 by task syz-executor007/8401 [ 68.843553][ T8401] [ 68.845863][ T8401] CPU: 0 PID: 8401 Comm: syz-executor007 Not tainted 5.11.0-rc6-next-20210204-syzkaller #0 [ 68.855822][ T8401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.865865][ T8401] Call Trace: [ 68.869155][ T8401] dump_stack+0x107/0x163 [ 68.873497][ T8401] ? find_uprobe+0x12c/0x150 [ 68.878082][ T8401] ? find_uprobe+0x12c/0x150 [ 68.882662][ T8401] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 68.889697][ T8401] ? find_uprobe+0x12c/0x150 [ 68.894289][ T8401] ? find_uprobe+0x12c/0x150 [ 68.898867][ T8401] kasan_report.cold+0x7c/0xd8 [ 68.903622][ T8401] ? find_uprobe+0x12c/0x150 [ 68.908221][ T8401] find_uprobe+0x12c/0x150 [ 68.912629][ T8401] uprobe_unregister+0x1e/0x70 [ 68.917432][ T8401] __probe_event_disable+0x11e/0x240 [ 68.922727][ T8401] probe_event_disable+0x155/0x1c0 [ 68.927847][ T8401] trace_uprobe_register+0x45a/0x880 [ 68.933135][ T8401] ? trace_uprobe_register+0x3ef/0x880 [ 68.938593][ T8401] ? rcu_read_lock_sched_held+0x3a/0x70 [ 68.944129][ T8401] perf_trace_event_unreg.isra.0+0xac/0x250 [ 68.950023][ T8401] perf_uprobe_destroy+0xbb/0x130 [ 68.955036][ T8401] ? perf_uprobe_init+0x210/0x210 [ 68.960062][ T8401] _free_event+0x2ee/0x1380 [ 68.964562][ T8401] perf_event_release_kernel+0xa24/0xe00 [ 68.970191][ T8401] ? fsnotify_first_mark+0x1f0/0x1f0 [ 68.975488][ T8401] ? __perf_event_exit_context+0x170/0x170 [ 68.981302][ T8401] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 68.987535][ T8401] perf_release+0x33/0x40 [ 68.991863][ T8401] __fput+0x283/0x920 [ 68.995834][ T8401] ? perf_event_release_kernel+0xe00/0xe00 [ 69.001630][ T8401] task_work_run+0xdd/0x190 [ 69.006127][ T8401] do_exit+0xc5c/0x2ae0 [ 69.010289][ T8401] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.015649][ T8401] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.021878][ T8401] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.028116][ T8401] do_group_exit+0x125/0x310 [ 69.032721][ T8401] __x64_sys_exit_group+0x3a/0x50 [ 69.037735][ T8401] do_syscall_64+0x2d/0x70 [ 69.042154][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.048036][ T8401] RIP: 0033:0x43ddc9 [ 69.051930][ T8401] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 69.058756][ T8401] RSP: 002b:00007ffebc2309c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.067169][ T8401] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 69.075125][ T8401] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.083094][ T8401] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 69.091051][ T8401] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 69.099018][ T8401] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.106988][ T8401] [ 69.109296][ T8401] Allocated by task 8401: [ 69.113616][ T8401] kasan_save_stack+0x1b/0x40 [ 69.118296][ T8401] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 69.124100][ T8401] __uprobe_register+0x19c/0x850 [ 69.129040][ T8401] probe_event_enable+0x441/0xa00 [ 69.134053][ T8401] trace_uprobe_register+0x443/0x880 [ 69.139323][ T8401] perf_trace_event_init+0x549/0xa20 [ 69.144594][ T8401] perf_uprobe_init+0x16f/0x210 [ 69.149440][ T8401] perf_uprobe_event_init+0xff/0x1c0 [ 69.154718][ T8401] perf_try_init_event+0x12a/0x560 [ 69.159822][ T8401] perf_event_alloc.part.0+0xe3b/0x3960 [ 69.165363][ T8401] __do_sys_perf_event_open+0x647/0x2e60 [ 69.170986][ T8401] do_syscall_64+0x2d/0x70 [ 69.175389][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.181271][ T8401] [ 69.183579][ T8401] Freed by task 8401: [ 69.189462][ T8401] kasan_save_stack+0x1b/0x40 [ 69.194127][ T8401] kasan_set_track+0x1c/0x30 [ 69.198706][ T8401] kasan_set_free_info+0x20/0x30 [ 69.203644][ T8401] ____kasan_slab_free.part.0+0xe1/0x110 [ 69.209276][ T8401] slab_free_freelist_hook+0x82/0x1d0 [ 69.214648][ T8401] kfree+0xe5/0x7b0 [ 69.218453][ T8401] put_uprobe+0x13b/0x190 [ 69.222769][ T8401] uprobe_apply+0xfc/0x130 [ 69.227183][ T8401] trace_uprobe_register+0x5c9/0x880 [ 69.232468][ T8401] perf_trace_event_init+0x17a/0xa20 [ 69.237739][ T8401] perf_uprobe_init+0x16f/0x210 [ 69.242575][ T8401] perf_uprobe_event_init+0xff/0x1c0 [ 69.247859][ T8401] perf_try_init_event+0x12a/0x560 [ 69.252958][ T8401] perf_event_alloc.part.0+0xe3b/0x3960 [ 69.258503][ T8401] __do_sys_perf_event_open+0x647/0x2e60 [ 69.264136][ T8401] do_syscall_64+0x2d/0x70 [ 69.269000][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.274881][ T8401] [ 69.277190][ T8401] The buggy address belongs to the object at ffff888017fe6000 [ 69.277190][ T8401] which belongs to the cache kmalloc-512 of size 512 [ 69.291241][ T8401] The buggy address is located 360 bytes inside of [ 69.291241][ T8401] 512-byte region [ffff888017fe6000, ffff888017fe6200) [ 69.304531][ T8401] The buggy address belongs to the page: [ 69.310147][ T8401] page:000000007495c93a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17fe6 [ 69.320290][ T8401] head:000000007495c93a order:1 compound_mapcount:0 [ 69.326863][ T8401] flags: 0xfff00000010200(slab|head) [ 69.332142][ T8401] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 69.340712][ T8401] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 69.349291][ T8401] page dumped because: kasan: bad access detected [ 69.355702][ T8401] [ 69.358031][ T8401] Memory state around the buggy address: [ 69.363642][ T8401] ffff888017fe6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.371713][ T8401] ffff888017fe6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.379779][ T8401] >ffff888017fe6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.387988][ T8401] ^ [ 69.395431][ T8401] ffff888017fe6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.403476][ T8401] ffff888017fe6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.411529][ T8401] ================================================================== [ 69.419569][ T8401] Disabling lock debugging due to kernel taint [ 69.426826][ T8401] Kernel panic - not syncing: panic_on_warn set ... [ 69.433428][ T8401] CPU: 0 PID: 8401 Comm: syz-executor007 Tainted: G B 5.11.0-rc6-next-20210204-syzkaller #0 [ 69.444802][ T8401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.454853][ T8401] Call Trace: [ 69.458134][ T8401] dump_stack+0x107/0x163 [ 69.462476][ T8401] ? find_uprobe+0x100/0x150 [ 69.467067][ T8401] panic+0x306/0x73d [ 69.470948][ T8401] ? __warn_printk+0xf3/0xf3 [ 69.475532][ T8401] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.481672][ T8401] ? trace_hardirqs_on+0x38/0x1c0 [ 69.486693][ T8401] ? trace_hardirqs_on+0x51/0x1c0 [ 69.491716][ T8401] ? find_uprobe+0x12c/0x150 [ 69.496291][ T8401] ? find_uprobe+0x12c/0x150 [ 69.500864][ T8401] end_report.cold+0x5a/0x5a [ 69.505439][ T8401] kasan_report.cold+0x6a/0xd8 [ 69.510198][ T8401] ? find_uprobe+0x12c/0x150 [ 69.514771][ T8401] find_uprobe+0x12c/0x150 [ 69.519188][ T8401] uprobe_unregister+0x1e/0x70 [ 69.524023][ T8401] __probe_event_disable+0x11e/0x240 [ 69.529294][ T8401] probe_event_disable+0x155/0x1c0 [ 69.534388][ T8401] trace_uprobe_register+0x45a/0x880 [ 69.539688][ T8401] ? trace_uprobe_register+0x3ef/0x880 [ 69.545151][ T8401] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.550679][ T8401] perf_trace_event_unreg.isra.0+0xac/0x250 [ 69.556566][ T8401] perf_uprobe_destroy+0xbb/0x130 [ 69.561586][ T8401] ? perf_uprobe_init+0x210/0x210 [ 69.566589][ T8401] _free_event+0x2ee/0x1380 [ 69.571075][ T8401] perf_event_release_kernel+0xa24/0xe00 [ 69.576691][ T8401] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.581972][ T8401] ? __perf_event_exit_context+0x170/0x170 [ 69.587773][ T8401] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.593997][ T8401] perf_release+0x33/0x40 [ 69.598321][ T8401] __fput+0x283/0x920 [ 69.602303][ T8401] ? perf_event_release_kernel+0xe00/0xe00 [ 69.608105][ T8401] task_work_run+0xdd/0x190 [ 69.612592][ T8401] do_exit+0xc5c/0x2ae0 [ 69.616749][ T8401] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.622103][ T8401] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.628505][ T8401] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.634732][ T8401] do_group_exit+0x125/0x310 [ 69.639307][ T8401] __x64_sys_exit_group+0x3a/0x50 [ 69.644315][ T8401] do_syscall_64+0x2d/0x70 [ 69.648720][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.654609][ T8401] RIP: 0033:0x43ddc9 [ 69.658508][ T8401] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 69.665332][ T8401] RSP: 002b:00007ffebc2309c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.673726][ T8401] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 69.681696][ T8401] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.689656][ T8401] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 69.697622][ T8401] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 69.705655][ T8401] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.714136][ T8401] Kernel Offset: disabled [ 69.718460][ T8401] Rebooting in 86400 seconds..