Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.671885][ T8416] ================================================================== [ 71.680087][ T8416] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 71.687034][ T8416] Read of size 8 at addr ffff88801eb14968 by task syz-executor517/8416 [ 71.695256][ T8416] [ 71.697564][ T8416] CPU: 1 PID: 8416 Comm: syz-executor517 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 71.707576][ T8416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.717620][ T8416] Call Trace: [ 71.720890][ T8416] dump_stack+0x107/0x163 [ 71.725222][ T8416] ? find_uprobe+0x12c/0x150 [ 71.729795][ T8416] ? find_uprobe+0x12c/0x150 [ 71.734388][ T8416] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.741413][ T8416] ? find_uprobe+0x12c/0x150 [ 71.746000][ T8416] ? find_uprobe+0x12c/0x150 [ 71.750583][ T8416] kasan_report.cold+0x7c/0xd8 [ 71.755333][ T8416] ? find_uprobe+0x12c/0x150 [ 71.759913][ T8416] find_uprobe+0x12c/0x150 [ 71.764318][ T8416] uprobe_unregister+0x1e/0x70 [ 71.769066][ T8416] __probe_event_disable+0x11e/0x240 [ 71.774342][ T8416] probe_event_disable+0x155/0x1c0 [ 71.779445][ T8416] trace_uprobe_register+0x45a/0x880 [ 71.784740][ T8416] ? trace_uprobe_register+0x3ef/0x880 [ 71.790198][ T8416] ? rcu_read_lock_sched_held+0x3a/0x70 [ 71.795733][ T8416] perf_trace_event_unreg.isra.0+0xac/0x250 [ 71.801615][ T8416] perf_uprobe_destroy+0xbb/0x130 [ 71.806663][ T8416] ? perf_uprobe_init+0x210/0x210 [ 71.811672][ T8416] _free_event+0x2ee/0x1380 [ 71.816170][ T8416] perf_event_release_kernel+0xa24/0xe00 [ 71.821786][ T8416] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.827067][ T8416] ? __perf_event_exit_context+0x170/0x170 [ 71.832868][ T8416] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 71.839104][ T8416] perf_release+0x33/0x40 [ 71.843432][ T8416] __fput+0x283/0x920 [ 71.847404][ T8416] ? perf_event_release_kernel+0xe00/0xe00 [ 71.853199][ T8416] task_work_run+0xdd/0x190 [ 71.857698][ T8416] do_exit+0xc5c/0x2ae0 [ 71.861844][ T8416] ? mm_update_next_owner+0x7a0/0x7a0 [ 71.867203][ T8416] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.873428][ T8416] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.879675][ T8416] do_group_exit+0x125/0x310 [ 71.884257][ T8416] __x64_sys_exit_group+0x3a/0x50 [ 71.889268][ T8416] do_syscall_64+0x2d/0x70 [ 71.893669][ T8416] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.899562][ T8416] RIP: 0033:0x43daf9 [ 71.903537][ T8416] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 71.910367][ T8416] RSP: 002b:00007ffe893eb958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.918762][ T8416] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 71.926716][ T8416] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 71.934682][ T8416] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 71.942639][ T8416] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 71.950594][ T8416] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 71.958660][ T8416] [ 71.960974][ T8416] Allocated by task 8416: [ 71.965302][ T8416] kasan_save_stack+0x1b/0x40 [ 71.969968][ T8416] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 71.975763][ T8416] __uprobe_register+0x19c/0x850 [ 71.980693][ T8416] probe_event_enable+0x357/0xa00 [ 71.985715][ T8416] trace_uprobe_register+0x443/0x880 [ 71.991020][ T8416] perf_trace_event_init+0x549/0xa20 [ 71.996291][ T8416] perf_uprobe_init+0x16f/0x210 [ 72.001124][ T8416] perf_uprobe_event_init+0xff/0x1c0 [ 72.009342][ T8416] perf_try_init_event+0x12a/0x560 [ 72.014435][ T8416] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.019965][ T8416] __do_sys_perf_event_open+0x647/0x2e60 [ 72.025578][ T8416] do_syscall_64+0x2d/0x70 [ 72.029999][ T8416] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.035880][ T8416] [ 72.038186][ T8416] Freed by task 8416: [ 72.042143][ T8416] kasan_save_stack+0x1b/0x40 [ 72.046803][ T8416] kasan_set_track+0x1c/0x30 [ 72.051375][ T8416] kasan_set_free_info+0x20/0x30 [ 72.056295][ T8416] ____kasan_slab_free.part.0+0xe1/0x110 [ 72.061909][ T8416] slab_free_freelist_hook+0x82/0x1d0 [ 72.067268][ T8416] kfree+0xe5/0x7b0 [ 72.071058][ T8416] put_uprobe+0x13b/0x190 [ 72.075371][ T8416] uprobe_apply+0xfc/0x130 [ 72.079785][ T8416] trace_uprobe_register+0x5c9/0x880 [ 72.085071][ T8416] perf_trace_event_init+0x17a/0xa20 [ 72.090349][ T8416] perf_uprobe_init+0x16f/0x210 [ 72.095189][ T8416] perf_uprobe_event_init+0xff/0x1c0 [ 72.100471][ T8416] perf_try_init_event+0x12a/0x560 [ 72.105565][ T8416] perf_event_alloc.part.0+0xe3b/0x3960 [ 72.111114][ T8416] __do_sys_perf_event_open+0x647/0x2e60 [ 72.116733][ T8416] do_syscall_64+0x2d/0x70 [ 72.121135][ T8416] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.127012][ T8416] [ 72.129317][ T8416] The buggy address belongs to the object at ffff88801eb14800 [ 72.129317][ T8416] which belongs to the cache kmalloc-512 of size 512 [ 72.143352][ T8416] The buggy address is located 360 bytes inside of [ 72.143352][ T8416] 512-byte region [ffff88801eb14800, ffff88801eb14a00) [ 72.156609][ T8416] The buggy address belongs to the page: [ 72.162232][ T8416] page:000000007a64f031 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eb14 [ 72.172363][ T8416] head:000000007a64f031 order:1 compound_mapcount:0 [ 72.178942][ T8416] flags: 0xfff00000010200(slab|head) [ 72.184213][ T8416] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 72.192780][ T8416] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 72.201340][ T8416] page dumped because: kasan: bad access detected [ 72.207724][ T8416] [ 72.210028][ T8416] Memory state around the buggy address: [ 72.215648][ T8416] ffff88801eb14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.223691][ T8416] ffff88801eb14880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.231737][ T8416] >ffff88801eb14900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.239803][ T8416] ^ [ 72.247234][ T8416] ffff88801eb14980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.255277][ T8416] ffff88801eb14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.263315][ T8416] ================================================================== [ 72.271350][ T8416] Disabling lock debugging due to kernel taint [ 72.277648][ T8416] Kernel panic - not syncing: panic_on_warn set ... [ 72.284232][ T8416] CPU: 1 PID: 8416 Comm: syz-executor517 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 72.295613][ T8416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.305668][ T8416] Call Trace: [ 72.308932][ T8416] dump_stack+0x107/0x163 [ 72.313246][ T8416] ? find_uprobe+0x90/0x150 [ 72.317733][ T8416] panic+0x306/0x73d [ 72.321623][ T8416] ? __warn_printk+0xf3/0xf3 [ 72.326191][ T8416] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.332327][ T8416] ? trace_hardirqs_on+0x38/0x1c0 [ 72.337349][ T8416] ? trace_hardirqs_on+0x51/0x1c0 [ 72.342364][ T8416] ? find_uprobe+0x12c/0x150 [ 72.346937][ T8416] ? find_uprobe+0x12c/0x150 [ 72.351506][ T8416] end_report.cold+0x5a/0x5a [ 72.356075][ T8416] kasan_report.cold+0x6a/0xd8 [ 72.360834][ T8416] ? find_uprobe+0x12c/0x150 [ 72.365405][ T8416] find_uprobe+0x12c/0x150 [ 72.369801][ T8416] uprobe_unregister+0x1e/0x70 [ 72.374556][ T8416] __probe_event_disable+0x11e/0x240 [ 72.379866][ T8416] probe_event_disable+0x155/0x1c0 [ 72.384972][ T8416] trace_uprobe_register+0x45a/0x880 [ 72.390244][ T8416] ? trace_uprobe_register+0x3ef/0x880 [ 72.395684][ T8416] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.401211][ T8416] perf_trace_event_unreg.isra.0+0xac/0x250 [ 72.407085][ T8416] perf_uprobe_destroy+0xbb/0x130 [ 72.412089][ T8416] ? perf_uprobe_init+0x210/0x210 [ 72.417104][ T8416] _free_event+0x2ee/0x1380 [ 72.421587][ T8416] perf_event_release_kernel+0xa24/0xe00 [ 72.427198][ T8416] ? fsnotify_first_mark+0x1f0/0x1f0 [ 72.432465][ T8416] ? __perf_event_exit_context+0x170/0x170 [ 72.438257][ T8416] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.444479][ T8416] perf_release+0x33/0x40 [ 72.448814][ T8416] __fput+0x283/0x920 [ 72.452794][ T8416] ? perf_event_release_kernel+0xe00/0xe00 [ 72.458595][ T8416] task_work_run+0xdd/0x190 [ 72.463093][ T8416] do_exit+0xc5c/0x2ae0 [ 72.467288][ T8416] ? mm_update_next_owner+0x7a0/0x7a0 [ 72.472659][ T8416] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.478901][ T8416] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.485126][ T8416] do_group_exit+0x125/0x310 [ 72.489731][ T8416] __x64_sys_exit_group+0x3a/0x50 [ 72.494736][ T8416] do_syscall_64+0x2d/0x70 [ 72.499142][ T8416] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.505024][ T8416] RIP: 0033:0x43daf9 [ 72.508902][ T8416] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 72.515723][ T8416] RSP: 002b:00007ffe893eb958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 72.524220][ T8416] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 72.532187][ T8416] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 72.540145][ T8416] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 72.548097][ T8416] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 72.556049][ T8416] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 72.564505][ T8416] Kernel Offset: disabled [ 72.568817][ T8416] Rebooting in 86400 seconds..