Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.064032][ T8376] ================================================================== [ 69.072218][ T8376] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 69.079161][ T8376] Read of size 8 at addr ffff8880158e7d68 by task syz-executor427/8376 [ 69.087414][ T8376] [ 69.089739][ T8376] CPU: 0 PID: 8376 Comm: syz-executor427 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 69.099716][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.109762][ T8376] Call Trace: [ 69.113033][ T8376] dump_stack+0x107/0x163 [ 69.117368][ T8376] ? find_uprobe+0x12c/0x150 [ 69.121988][ T8376] ? find_uprobe+0x12c/0x150 [ 69.126579][ T8376] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 69.133595][ T8376] ? find_uprobe+0x12c/0x150 [ 69.138185][ T8376] ? find_uprobe+0x12c/0x150 [ 69.142760][ T8376] kasan_report.cold+0x7c/0xd8 [ 69.147515][ T8376] ? find_uprobe+0x12c/0x150 [ 69.152094][ T8376] find_uprobe+0x12c/0x150 [ 69.156512][ T8376] uprobe_unregister+0x1e/0x70 [ 69.161277][ T8376] __probe_event_disable+0x11e/0x240 [ 69.166583][ T8376] probe_event_disable+0x155/0x1c0 [ 69.171693][ T8376] trace_uprobe_register+0x45a/0x880 [ 69.176970][ T8376] ? trace_uprobe_register+0x3ef/0x880 [ 69.182416][ T8376] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.187950][ T8376] perf_trace_event_unreg.isra.0+0xac/0x250 [ 69.193841][ T8376] perf_uprobe_destroy+0xbb/0x130 [ 69.198860][ T8376] ? perf_uprobe_init+0x210/0x210 [ 69.203872][ T8376] _free_event+0x2ee/0x1380 [ 69.208369][ T8376] perf_event_release_kernel+0xa24/0xe00 [ 69.213999][ T8376] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.219296][ T8376] ? __perf_event_exit_context+0x170/0x170 [ 69.225093][ T8376] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.231338][ T8376] perf_release+0x33/0x40 [ 69.235653][ T8376] __fput+0x283/0x920 [ 69.239624][ T8376] ? perf_event_release_kernel+0xe00/0xe00 [ 69.245491][ T8376] task_work_run+0xdd/0x190 [ 69.250023][ T8376] do_exit+0xc5c/0x2ae0 [ 69.254186][ T8376] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.259549][ T8376] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.265786][ T8376] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.272024][ T8376] do_group_exit+0x125/0x310 [ 69.276606][ T8376] __x64_sys_exit_group+0x3a/0x50 [ 69.281706][ T8376] do_syscall_64+0x2d/0x70 [ 69.286108][ T8376] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.291989][ T8376] RIP: 0033:0x43ddc9 [ 69.295865][ T8376] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 69.302689][ T8376] RSP: 002b:00007ffdd244bfc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.311085][ T8376] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 69.319050][ T8376] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.327006][ T8376] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 69.334975][ T8376] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 69.342931][ T8376] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.350899][ T8376] [ 69.353217][ T8376] Allocated by task 8376: [ 69.357530][ T8376] kasan_save_stack+0x1b/0x40 [ 69.362246][ T8376] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 69.368048][ T8376] __uprobe_register+0x19c/0x850 [ 69.372980][ T8376] probe_event_enable+0x441/0xa00 [ 69.377996][ T8376] trace_uprobe_register+0x443/0x880 [ 69.383282][ T8376] perf_trace_event_init+0x549/0xa20 [ 69.388556][ T8376] perf_uprobe_init+0x16f/0x210 [ 69.393394][ T8376] perf_uprobe_event_init+0xff/0x1c0 [ 69.398662][ T8376] perf_try_init_event+0x12a/0x560 [ 69.403858][ T8376] perf_event_alloc.part.0+0xe3b/0x3960 [ 69.409389][ T8376] __do_sys_perf_event_open+0x647/0x2e60 [ 69.415008][ T8376] do_syscall_64+0x2d/0x70 [ 69.419409][ T8376] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.425291][ T8376] [ 69.427597][ T8376] Freed by task 8376: [ 69.431568][ T8376] kasan_save_stack+0x1b/0x40 [ 69.436251][ T8376] kasan_set_track+0x1c/0x30 [ 69.440823][ T8376] kasan_set_free_info+0x20/0x30 [ 69.445766][ T8376] ____kasan_slab_free.part.0+0xe1/0x110 [ 69.451393][ T8376] slab_free_freelist_hook+0x82/0x1d0 [ 69.456756][ T8376] kfree+0xe5/0x7b0 [ 69.460562][ T8376] put_uprobe+0x13b/0x190 [ 69.464879][ T8376] uprobe_apply+0xfc/0x130 [ 69.469294][ T8376] trace_uprobe_register+0x5c9/0x880 [ 69.474574][ T8376] perf_trace_event_init+0x17a/0xa20 [ 69.479869][ T8376] perf_uprobe_init+0x16f/0x210 [ 69.484733][ T8376] perf_uprobe_event_init+0xff/0x1c0 [ 69.490018][ T8376] perf_try_init_event+0x12a/0x560 [ 69.495129][ T8376] perf_event_alloc.part.0+0xe3b/0x3960 [ 69.500669][ T8376] __do_sys_perf_event_open+0x647/0x2e60 [ 69.506288][ T8376] do_syscall_64+0x2d/0x70 [ 69.510700][ T8376] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.516760][ T8376] [ 69.519067][ T8376] The buggy address belongs to the object at ffff8880158e7c00 [ 69.519067][ T8376] which belongs to the cache kmalloc-512 of size 512 [ 69.533105][ T8376] The buggy address is located 360 bytes inside of [ 69.533105][ T8376] 512-byte region [ffff8880158e7c00, ffff8880158e7e00) [ 69.546823][ T8376] The buggy address belongs to the page: [ 69.552442][ T8376] page:000000003681043b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x158e6 [ 69.562599][ T8376] head:000000003681043b order:1 compound_mapcount:0 [ 69.569189][ T8376] flags: 0xfff00000010200(slab|head) [ 69.574476][ T8376] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 69.583048][ T8376] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 69.591616][ T8376] page dumped because: kasan: bad access detected [ 69.598025][ T8376] [ 69.600341][ T8376] Memory state around the buggy address: [ 69.605963][ T8376] ffff8880158e7c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.614007][ T8376] ffff8880158e7c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.622051][ T8376] >ffff8880158e7d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.630093][ T8376] ^ [ 69.637550][ T8376] ffff8880158e7d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.645595][ T8376] ffff8880158e7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.653643][ T8376] ================================================================== [ 69.661695][ T8376] Disabling lock debugging due to kernel taint [ 69.668026][ T8376] Kernel panic - not syncing: panic_on_warn set ... [ 69.674628][ T8376] CPU: 0 PID: 8376 Comm: syz-executor427 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 69.686015][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.696086][ T8376] Call Trace: [ 69.699370][ T8376] dump_stack+0x107/0x163 [ 69.703713][ T8376] ? find_uprobe+0x90/0x150 [ 69.708202][ T8376] panic+0x306/0x73d [ 69.712083][ T8376] ? __warn_printk+0xf3/0xf3 [ 69.716666][ T8376] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.722805][ T8376] ? trace_hardirqs_on+0x38/0x1c0 [ 69.727812][ T8376] ? trace_hardirqs_on+0x51/0x1c0 [ 69.732819][ T8376] ? find_uprobe+0x12c/0x150 [ 69.737392][ T8376] ? find_uprobe+0x12c/0x150 [ 69.741964][ T8376] end_report.cold+0x5a/0x5a [ 69.746550][ T8376] kasan_report.cold+0x6a/0xd8 [ 69.751304][ T8376] ? find_uprobe+0x12c/0x150 [ 69.755877][ T8376] find_uprobe+0x12c/0x150 [ 69.760289][ T8376] uprobe_unregister+0x1e/0x70 [ 69.765036][ T8376] __probe_event_disable+0x11e/0x240 [ 69.770305][ T8376] probe_event_disable+0x155/0x1c0 [ 69.775399][ T8376] trace_uprobe_register+0x45a/0x880 [ 69.780667][ T8376] ? trace_uprobe_register+0x3ef/0x880 [ 69.786107][ T8376] ? rcu_read_lock_sched_held+0x3a/0x70 [ 69.791644][ T8376] perf_trace_event_unreg.isra.0+0xac/0x250 [ 69.797532][ T8376] perf_uprobe_destroy+0xbb/0x130 [ 69.802539][ T8376] ? perf_uprobe_init+0x210/0x210 [ 69.807555][ T8376] _free_event+0x2ee/0x1380 [ 69.812054][ T8376] perf_event_release_kernel+0xa24/0xe00 [ 69.817680][ T8376] ? fsnotify_first_mark+0x1f0/0x1f0 [ 69.822949][ T8376] ? __perf_event_exit_context+0x170/0x170 [ 69.828751][ T8376] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 69.834984][ T8376] perf_release+0x33/0x40 [ 69.839307][ T8376] __fput+0x283/0x920 [ 69.843284][ T8376] ? perf_event_release_kernel+0xe00/0xe00 [ 69.849075][ T8376] task_work_run+0xdd/0x190 [ 69.853562][ T8376] do_exit+0xc5c/0x2ae0 [ 69.857703][ T8376] ? mm_update_next_owner+0x7a0/0x7a0 [ 69.863059][ T8376] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.869293][ T8376] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.875518][ T8376] do_group_exit+0x125/0x310 [ 69.880101][ T8376] __x64_sys_exit_group+0x3a/0x50 [ 69.885110][ T8376] do_syscall_64+0x2d/0x70 [ 69.889524][ T8376] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.895403][ T8376] RIP: 0033:0x43ddc9 [ 69.899284][ T8376] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 69.906115][ T8376] RSP: 002b:00007ffdd244bfc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.914505][ T8376] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 69.922466][ T8376] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 69.930427][ T8376] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 69.938382][ T8376] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 69.946338][ T8376] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 69.954773][ T8376] Kernel Offset: disabled [ 69.959091][ T8376] Rebooting in 86400 seconds..