Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.620009][ T8393] ================================================================== [ 75.628696][ T8393] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 75.635641][ T8393] Read of size 8 at addr ffff888017fd1d68 by task syz-executor880/8393 [ 75.643862][ T8393] [ 75.646172][ T8393] CPU: 0 PID: 8393 Comm: syz-executor880 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 75.656165][ T8393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.666208][ T8393] Call Trace: [ 75.669480][ T8393] dump_stack+0x107/0x163 [ 75.673812][ T8393] ? find_uprobe+0x12c/0x150 [ 75.678402][ T8393] ? find_uprobe+0x12c/0x150 [ 75.682984][ T8393] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 75.689995][ T8393] ? find_uprobe+0x12c/0x150 [ 75.694581][ T8393] ? find_uprobe+0x12c/0x150 [ 75.699157][ T8393] kasan_report.cold+0x7c/0xd8 [ 75.703909][ T8393] ? find_uprobe+0x12c/0x150 [ 75.708589][ T8393] find_uprobe+0x12c/0x150 [ 75.712992][ T8393] uprobe_unregister+0x1e/0x70 [ 75.717745][ T8393] __probe_event_disable+0x11e/0x240 [ 75.723019][ T8393] probe_event_disable+0x155/0x1c0 [ 75.728128][ T8393] trace_uprobe_register+0x45a/0x880 [ 75.733403][ T8393] ? trace_uprobe_register+0x3ef/0x880 [ 75.738854][ T8393] ? rcu_read_lock_sched_held+0x3a/0x70 [ 75.744400][ T8393] perf_trace_event_unreg.isra.0+0xac/0x250 [ 75.750289][ T8393] perf_uprobe_destroy+0xbb/0x130 [ 75.755297][ T8393] ? perf_uprobe_init+0x210/0x210 [ 75.760317][ T8393] _free_event+0x2ee/0x1380 [ 75.764812][ T8393] perf_event_release_kernel+0xa24/0xe00 [ 75.770447][ T8393] ? fsnotify_first_mark+0x1f0/0x1f0 [ 75.775723][ T8393] ? __perf_event_exit_context+0x170/0x170 [ 75.781518][ T8393] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.787759][ T8393] perf_release+0x33/0x40 [ 75.792073][ T8393] __fput+0x283/0x920 [ 75.796052][ T8393] ? perf_event_release_kernel+0xe00/0xe00 [ 75.801847][ T8393] task_work_run+0xdd/0x190 [ 75.806352][ T8393] do_exit+0xc5c/0x2ae0 [ 75.810511][ T8393] ? mm_update_next_owner+0x7a0/0x7a0 [ 75.815869][ T8393] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.822095][ T8393] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.828329][ T8393] do_group_exit+0x125/0x310 [ 75.832935][ T8393] __x64_sys_exit_group+0x3a/0x50 [ 75.837945][ T8393] do_syscall_64+0x2d/0x70 [ 75.842348][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.848228][ T8393] RIP: 0033:0x43daf9 [ 75.852103][ T8393] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 75.858924][ T8393] RSP: 002b:00007ffd387a9378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.867358][ T8393] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 75.875343][ T8393] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 75.883329][ T8393] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 75.891297][ T8393] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 75.899261][ T8393] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 75.907233][ T8393] [ 75.909543][ T8393] Allocated by task 8393: [ 75.913851][ T8393] kasan_save_stack+0x1b/0x40 [ 75.918520][ T8393] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 75.924312][ T8393] __uprobe_register+0x19c/0x850 [ 75.929240][ T8393] probe_event_enable+0x357/0xa00 [ 75.934261][ T8393] trace_uprobe_register+0x443/0x880 [ 75.939549][ T8393] perf_trace_event_init+0x549/0xa20 [ 75.945267][ T8393] perf_uprobe_init+0x16f/0x210 [ 75.953465][ T8393] perf_uprobe_event_init+0xff/0x1c0 [ 75.958971][ T8393] perf_try_init_event+0x12a/0x560 [ 75.964077][ T8393] perf_event_alloc.part.0+0xe3b/0x3960 [ 75.969614][ T8393] __do_sys_perf_event_open+0x647/0x2e60 [ 75.975397][ T8393] do_syscall_64+0x2d/0x70 [ 75.979820][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.985724][ T8393] [ 75.988035][ T8393] Freed by task 8393: [ 75.991998][ T8393] kasan_save_stack+0x1b/0x40 [ 75.996664][ T8393] kasan_set_track+0x1c/0x30 [ 76.001242][ T8393] kasan_set_free_info+0x20/0x30 [ 76.006170][ T8393] ____kasan_slab_free.part.0+0xe1/0x110 [ 76.011804][ T8393] slab_free_freelist_hook+0x82/0x1d0 [ 76.017282][ T8393] kfree+0xe5/0x7b0 [ 76.021079][ T8393] put_uprobe+0x13b/0x190 [ 76.025396][ T8393] uprobe_apply+0xfc/0x130 [ 76.029797][ T8393] trace_uprobe_register+0x5c9/0x880 [ 76.035068][ T8393] perf_trace_event_init+0x17a/0xa20 [ 76.040353][ T8393] perf_uprobe_init+0x16f/0x210 [ 76.045545][ T8393] perf_uprobe_event_init+0xff/0x1c0 [ 76.050818][ T8393] perf_try_init_event+0x12a/0x560 [ 76.055912][ T8393] perf_event_alloc.part.0+0xe3b/0x3960 [ 76.061442][ T8393] __do_sys_perf_event_open+0x647/0x2e60 [ 76.067075][ T8393] do_syscall_64+0x2d/0x70 [ 76.071474][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.077468][ T8393] [ 76.079787][ T8393] Last potentially related work creation: [ 76.085484][ T8393] kasan_save_stack+0x1b/0x40 [ 76.090173][ T8393] kasan_record_aux_stack+0xe5/0x110 [ 76.095446][ T8393] kvfree_call_rcu+0x74/0x8c0 [ 76.100109][ T8393] timerfd_release+0x105/0x290 [ 76.104858][ T8393] __fput+0x283/0x920 [ 76.108829][ T8393] task_work_run+0xdd/0x190 [ 76.113332][ T8393] exit_to_user_mode_prepare+0x249/0x250 [ 76.118949][ T8393] syscall_exit_to_user_mode+0x19/0x50 [ 76.124409][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.130288][ T8393] [ 76.132767][ T8393] The buggy address belongs to the object at ffff888017fd1c00 [ 76.132767][ T8393] which belongs to the cache kmalloc-512 of size 512 [ 76.146802][ T8393] The buggy address is located 360 bytes inside of [ 76.146802][ T8393] 512-byte region [ffff888017fd1c00, ffff888017fd1e00) [ 76.160067][ T8393] The buggy address belongs to the page: [ 76.165679][ T8393] page:00000000c31d4752 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17fd0 [ 76.175810][ T8393] head:00000000c31d4752 order:1 compound_mapcount:0 [ 76.182376][ T8393] flags: 0xfff00000010200(slab|head) [ 76.187649][ T8393] raw: 00fff00000010200 ffffea000071a000 0000000300000003 ffff888010841c80 [ 76.196476][ T8393] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 76.205038][ T8393] page dumped because: kasan: bad access detected [ 76.211513][ T8393] [ 76.213819][ T8393] Memory state around the buggy address: [ 76.219427][ T8393] ffff888017fd1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.227469][ T8393] ffff888017fd1c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.235516][ T8393] >ffff888017fd1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.243643][ T8393] ^ [ 76.251075][ T8393] ffff888017fd1d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.259119][ T8393] ffff888017fd1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.267159][ T8393] ================================================================== [ 76.275196][ T8393] Disabling lock debugging due to kernel taint [ 76.281434][ T8393] Kernel panic - not syncing: panic_on_warn set ... [ 76.288027][ T8393] CPU: 0 PID: 8393 Comm: syz-executor880 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 76.299399][ T8393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.309451][ T8393] Call Trace: [ 76.312731][ T8393] dump_stack+0x107/0x163 [ 76.317933][ T8393] ? find_uprobe+0x90/0x150 [ 76.322424][ T8393] panic+0x306/0x73d [ 76.326343][ T8393] ? __warn_printk+0xf3/0xf3 [ 76.330924][ T8393] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.337073][ T8393] ? trace_hardirqs_on+0x38/0x1c0 [ 76.342100][ T8393] ? trace_hardirqs_on+0x51/0x1c0 [ 76.347121][ T8393] ? find_uprobe+0x12c/0x150 [ 76.351695][ T8393] ? find_uprobe+0x12c/0x150 [ 76.356269][ T8393] end_report.cold+0x5a/0x5a [ 76.360844][ T8393] kasan_report.cold+0x6a/0xd8 [ 76.365593][ T8393] ? find_uprobe+0x12c/0x150 [ 76.370170][ T8393] find_uprobe+0x12c/0x150 [ 76.374568][ T8393] uprobe_unregister+0x1e/0x70 [ 76.379327][ T8393] __probe_event_disable+0x11e/0x240 [ 76.384608][ T8393] probe_event_disable+0x155/0x1c0 [ 76.389709][ T8393] trace_uprobe_register+0x45a/0x880 [ 76.394992][ T8393] ? trace_uprobe_register+0x3ef/0x880 [ 76.400434][ T8393] ? rcu_read_lock_sched_held+0x3a/0x70 [ 76.405962][ T8393] perf_trace_event_unreg.isra.0+0xac/0x250 [ 76.411837][ T8393] perf_uprobe_destroy+0xbb/0x130 [ 76.416850][ T8393] ? perf_uprobe_init+0x210/0x210 [ 76.421865][ T8393] _free_event+0x2ee/0x1380 [ 76.426362][ T8393] perf_event_release_kernel+0xa24/0xe00 [ 76.431983][ T8393] ? fsnotify_first_mark+0x1f0/0x1f0 [ 76.437258][ T8393] ? __perf_event_exit_context+0x170/0x170 [ 76.443053][ T8393] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 76.449295][ T8393] perf_release+0x33/0x40 [ 76.453658][ T8393] __fput+0x283/0x920 [ 76.457627][ T8393] ? perf_event_release_kernel+0xe00/0xe00 [ 76.463418][ T8393] task_work_run+0xdd/0x190 [ 76.467907][ T8393] do_exit+0xc5c/0x2ae0 [ 76.472047][ T8393] ? mm_update_next_owner+0x7a0/0x7a0 [ 76.477401][ T8393] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.483627][ T8393] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.489864][ T8393] do_group_exit+0x125/0x310 [ 76.494450][ T8393] __x64_sys_exit_group+0x3a/0x50 [ 76.499466][ T8393] do_syscall_64+0x2d/0x70 [ 76.503867][ T8393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.509750][ T8393] RIP: 0033:0x43daf9 [ 76.513627][ T8393] Code: Unable to access opcode bytes at RIP 0x43dacf. [ 76.520454][ T8393] RSP: 002b:00007ffd387a9378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.528848][ T8393] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043daf9 [ 76.536799][ T8393] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.544917][ T8393] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 76.556981][ T8393] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 76.564934][ T8393] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 76.573716][ T8393] Kernel Offset: disabled [ 76.578034][ T8393] Rebooting in 86400 seconds..