Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. executing program [ 86.446115][ T8409] ================================================================== [ 86.454447][ T8409] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 86.461399][ T8409] Read of size 8 at addr ffff88801219c568 by task syz-executor260/8409 [ 86.469625][ T8409] [ 86.471936][ T8409] CPU: 1 PID: 8409 Comm: syz-executor260 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 86.481893][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.491993][ T8409] Call Trace: [ 86.495261][ T8409] dump_stack+0x107/0x163 [ 86.499595][ T8409] ? find_uprobe+0x12c/0x150 [ 86.504187][ T8409] ? find_uprobe+0x12c/0x150 [ 86.508778][ T8409] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 86.515796][ T8409] ? find_uprobe+0x12c/0x150 [ 86.520461][ T8409] ? find_uprobe+0x12c/0x150 [ 86.525075][ T8409] kasan_report.cold+0x7c/0xd8 [ 86.529833][ T8409] ? find_uprobe+0x12c/0x150 [ 86.534430][ T8409] find_uprobe+0x12c/0x150 [ 86.538839][ T8409] uprobe_unregister+0x1e/0x70 [ 86.543593][ T8409] __probe_event_disable+0x11e/0x240 [ 86.548871][ T8409] probe_event_disable+0x155/0x1c0 [ 86.553976][ T8409] trace_uprobe_register+0x45a/0x880 [ 86.559265][ T8409] ? trace_uprobe_register+0x3ef/0x880 [ 86.564713][ T8409] ? rcu_read_lock_sched_held+0x3a/0x70 [ 86.570250][ T8409] perf_trace_event_unreg.isra.0+0xac/0x250 [ 86.576135][ T8409] perf_uprobe_destroy+0xbb/0x130 [ 86.581146][ T8409] ? perf_uprobe_init+0x210/0x210 [ 86.586165][ T8409] _free_event+0x2ee/0x1380 [ 86.590658][ T8409] perf_event_release_kernel+0xa24/0xe00 [ 86.596394][ T8409] ? fsnotify_first_mark+0x1f0/0x1f0 [ 86.601860][ T8409] ? __perf_event_exit_context+0x170/0x170 [ 86.607672][ T8409] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 86.613907][ T8409] perf_release+0x33/0x40 [ 86.618244][ T8409] __fput+0x283/0x920 [ 86.622218][ T8409] ? perf_event_release_kernel+0xe00/0xe00 [ 86.628034][ T8409] task_work_run+0xdd/0x190 [ 86.632530][ T8409] do_exit+0xc5c/0x2ae0 [ 86.636679][ T8409] ? mm_update_next_owner+0x7a0/0x7a0 [ 86.642145][ T8409] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 86.648379][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.654619][ T8409] do_group_exit+0x125/0x310 [ 86.659203][ T8409] __x64_sys_exit_group+0x3a/0x50 [ 86.664216][ T8409] do_syscall_64+0x2d/0x70 [ 86.668631][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.674519][ T8409] RIP: 0033:0x43db29 [ 86.678415][ T8409] Code: Unable to access opcode bytes at RIP 0x43daff. [ 86.685263][ T8409] RSP: 002b:00007ffca4ecd3f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 86.693672][ T8409] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 86.701631][ T8409] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 86.709694][ T8409] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 86.717649][ T8409] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 86.725606][ T8409] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 86.733590][ T8409] [ 86.735899][ T8409] Allocated by task 8409: [ 86.740207][ T8409] kasan_save_stack+0x1b/0x40 [ 86.744884][ T8409] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 86.750679][ T8409] __uprobe_register+0x19c/0x850 [ 86.755609][ T8409] probe_event_enable+0x357/0xa00 [ 86.760630][ T8409] trace_uprobe_register+0x443/0x880 [ 86.765914][ T8409] perf_trace_event_init+0x549/0xa20 [ 86.771185][ T8409] perf_uprobe_init+0x16f/0x210 [ 86.776019][ T8409] perf_uprobe_event_init+0xff/0x1c0 [ 86.781288][ T8409] perf_try_init_event+0x12a/0x560 [ 86.786409][ T8409] perf_event_alloc.part.0+0xe3b/0x3960 [ 86.791949][ T8409] __do_sys_perf_event_open+0x647/0x2e60 [ 86.797567][ T8409] do_syscall_64+0x2d/0x70 [ 86.801970][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.807848][ T8409] [ 86.810153][ T8409] Freed by task 8409: [ 86.814125][ T8409] kasan_save_stack+0x1b/0x40 [ 86.818799][ T8409] kasan_set_track+0x1c/0x30 [ 86.823372][ T8409] kasan_set_free_info+0x20/0x30 [ 86.828302][ T8409] ____kasan_slab_free.part.0+0xe1/0x110 [ 86.833944][ T8409] slab_free_freelist_hook+0x82/0x1d0 [ 86.839302][ T8409] kfree+0xe5/0x7b0 [ 86.843096][ T8409] put_uprobe+0x13b/0x190 [ 86.847423][ T8409] uprobe_apply+0xfc/0x130 [ 86.851860][ T8409] trace_uprobe_register+0x5c9/0x880 [ 86.857151][ T8409] perf_trace_event_init+0x17a/0xa20 [ 86.862432][ T8409] perf_uprobe_init+0x16f/0x210 [ 86.867274][ T8409] perf_uprobe_event_init+0xff/0x1c0 [ 86.872543][ T8409] perf_try_init_event+0x12a/0x560 [ 86.877639][ T8409] perf_event_alloc.part.0+0xe3b/0x3960 [ 86.883199][ T8409] __do_sys_perf_event_open+0x647/0x2e60 [ 86.888851][ T8409] do_syscall_64+0x2d/0x70 [ 86.893253][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.899133][ T8409] [ 86.901449][ T8409] The buggy address belongs to the object at ffff88801219c400 [ 86.901449][ T8409] which belongs to the cache kmalloc-512 of size 512 [ 86.915502][ T8409] The buggy address is located 360 bytes inside of [ 86.915502][ T8409] 512-byte region [ffff88801219c400, ffff88801219c600) [ 86.928773][ T8409] The buggy address belongs to the page: [ 86.934387][ T8409] page:0000000077cf5538 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1219c [ 86.944532][ T8409] head:0000000077cf5538 order:1 compound_mapcount:0 [ 86.951100][ T8409] flags: 0xfff00000010200(slab|head) [ 86.956373][ T8409] raw: 00fff00000010200 ffffea000082bf80 0000000300000003 ffff888010841c80 [ 86.964964][ T8409] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 86.973527][ T8409] page dumped because: kasan: bad access detected [ 86.979918][ T8409] [ 86.982235][ T8409] Memory state around the buggy address: [ 86.987844][ T8409] ffff88801219c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.995886][ T8409] ffff88801219c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.003928][ T8409] >ffff88801219c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.011969][ T8409] ^ [ 87.019404][ T8409] ffff88801219c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.027461][ T8409] ffff88801219c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 87.035503][ T8409] ================================================================== [ 87.043544][ T8409] Disabling lock debugging due to kernel taint [ 87.049818][ T8409] Kernel panic - not syncing: panic_on_warn set ... [ 87.056406][ T8409] CPU: 1 PID: 8409 Comm: syz-executor260 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 87.067783][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.077844][ T8409] Call Trace: [ 87.081139][ T8409] dump_stack+0x107/0x163 [ 87.085458][ T8409] ? find_uprobe+0x90/0x150 [ 87.089945][ T8409] panic+0x306/0x73d [ 87.093823][ T8409] ? __warn_printk+0xf3/0xf3 [ 87.098392][ T8409] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 87.104527][ T8409] ? trace_hardirqs_on+0x38/0x1c0 [ 87.109558][ T8409] ? trace_hardirqs_on+0x51/0x1c0 [ 87.114575][ T8409] ? find_uprobe+0x12c/0x150 [ 87.119159][ T8409] ? find_uprobe+0x12c/0x150 [ 87.123731][ T8409] end_report.cold+0x5a/0x5a [ 87.128307][ T8409] kasan_report.cold+0x6a/0xd8 [ 87.133068][ T8409] ? find_uprobe+0x12c/0x150 [ 87.137650][ T8409] find_uprobe+0x12c/0x150 [ 87.142057][ T8409] uprobe_unregister+0x1e/0x70 [ 87.146813][ T8409] __probe_event_disable+0x11e/0x240 [ 87.152094][ T8409] probe_event_disable+0x155/0x1c0 [ 87.157189][ T8409] trace_uprobe_register+0x45a/0x880 [ 87.162454][ T8409] ? trace_uprobe_register+0x3ef/0x880 [ 87.167907][ T8409] ? rcu_read_lock_sched_held+0x3a/0x70 [ 87.173434][ T8409] perf_trace_event_unreg.isra.0+0xac/0x250 [ 87.179311][ T8409] perf_uprobe_destroy+0xbb/0x130 [ 87.184327][ T8409] ? perf_uprobe_init+0x210/0x210 [ 87.189336][ T8409] _free_event+0x2ee/0x1380 [ 87.193823][ T8409] perf_event_release_kernel+0xa24/0xe00 [ 87.199448][ T8409] ? fsnotify_first_mark+0x1f0/0x1f0 [ 87.204716][ T8409] ? __perf_event_exit_context+0x170/0x170 [ 87.210505][ T8409] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 87.216730][ T8409] perf_release+0x33/0x40 [ 87.221039][ T8409] __fput+0x283/0x920 [ 87.225016][ T8409] ? perf_event_release_kernel+0xe00/0xe00 [ 87.230805][ T8409] task_work_run+0xdd/0x190 [ 87.235290][ T8409] do_exit+0xc5c/0x2ae0 [ 87.239429][ T8409] ? mm_update_next_owner+0x7a0/0x7a0 [ 87.244782][ T8409] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 87.251003][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 87.257244][ T8409] do_group_exit+0x125/0x310 [ 87.261821][ T8409] __x64_sys_exit_group+0x3a/0x50 [ 87.266828][ T8409] do_syscall_64+0x2d/0x70 [ 87.271226][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 87.277105][ T8409] RIP: 0033:0x43db29 [ 87.280978][ T8409] Code: Unable to access opcode bytes at RIP 0x43daff. [ 87.287797][ T8409] RSP: 002b:00007ffca4ecd3f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 87.296186][ T8409] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db29 [ 87.304150][ T8409] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 87.312112][ T8409] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 87.320077][ T8409] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 87.328026][ T8409] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 87.336675][ T8409] Kernel Offset: disabled [ 87.341002][ T8409] Rebooting in 86400 seconds..