Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.967466][ T8409] ================================================================== [ 69.975701][ T8409] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 69.982687][ T8409] Read of size 8 at addr ffff8880123cc568 by task syz-executor194/8409 [ 69.990944][ T8409] [ 69.993266][ T8409] CPU: 1 PID: 8409 Comm: syz-executor194 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 70.003259][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.013314][ T8409] Call Trace: [ 70.016617][ T8409] dump_stack+0x107/0x163 [ 70.020983][ T8409] ? find_uprobe+0x12c/0x150 [ 70.025618][ T8409] ? find_uprobe+0x12c/0x150 [ 70.030226][ T8409] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 70.037289][ T8409] ? find_uprobe+0x12c/0x150 [ 70.042163][ T8409] ? find_uprobe+0x12c/0x150 [ 70.047407][ T8409] kasan_report.cold+0x7c/0xd8 [ 70.052211][ T8409] ? find_uprobe+0x12c/0x150 [ 70.056837][ T8409] find_uprobe+0x12c/0x150 [ 70.061273][ T8409] uprobe_unregister+0x1e/0x70 [ 70.066072][ T8409] __probe_event_disable+0x11e/0x240 [ 70.071376][ T8409] probe_event_disable+0x155/0x1c0 [ 70.076853][ T8409] trace_uprobe_register+0x45a/0x880 [ 70.082162][ T8409] ? trace_uprobe_register+0x3ef/0x880 [ 70.087736][ T8409] ? rcu_read_lock_sched_held+0x3a/0x70 [ 70.093333][ T8409] perf_trace_event_unreg.isra.0+0xac/0x250 [ 70.099423][ T8409] perf_uprobe_destroy+0xbb/0x130 [ 70.104460][ T8409] ? perf_uprobe_init+0x210/0x210 [ 70.109497][ T8409] _free_event+0x2ee/0x1380 [ 70.114017][ T8409] perf_event_release_kernel+0xa24/0xe00 [ 70.119753][ T8409] ? fsnotify_first_mark+0x1f0/0x1f0 [ 70.125063][ T8409] ? __perf_event_exit_context+0x170/0x170 [ 70.130892][ T8409] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 70.137145][ T8409] perf_release+0x33/0x40 [ 70.141490][ T8409] __fput+0x283/0x920 [ 70.145683][ T8409] ? perf_event_release_kernel+0xe00/0xe00 [ 70.151519][ T8409] task_work_run+0xdd/0x190 [ 70.156300][ T8409] do_exit+0xc5c/0x2ae0 [ 70.161277][ T8409] ? mm_update_next_owner+0x7a0/0x7a0 [ 70.166683][ T8409] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 70.173205][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.179483][ T8409] do_group_exit+0x125/0x310 [ 70.185081][ T8409] __x64_sys_exit_group+0x3a/0x50 [ 70.190262][ T8409] do_syscall_64+0x2d/0x70 [ 70.194684][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.200682][ T8409] RIP: 0033:0x43ddc9 [ 70.204731][ T8409] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 70.211574][ T8409] RSP: 002b:00007fffc1738b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 70.220800][ T8409] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 70.228875][ T8409] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 70.237009][ T8409] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 70.245009][ T8409] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 70.253173][ T8409] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 70.261673][ T8409] [ 70.264074][ T8409] Allocated by task 8409: [ 70.268526][ T8409] kasan_save_stack+0x1b/0x40 [ 70.273655][ T8409] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 70.279929][ T8409] __uprobe_register+0x19c/0x850 [ 70.284923][ T8409] probe_event_enable+0x441/0xa00 [ 70.290110][ T8409] trace_uprobe_register+0x443/0x880 [ 70.295404][ T8409] perf_trace_event_init+0x549/0xa20 [ 70.300703][ T8409] perf_uprobe_init+0x16f/0x210 [ 70.305577][ T8409] perf_uprobe_event_init+0xff/0x1c0 [ 70.310861][ T8409] perf_try_init_event+0x12a/0x560 [ 70.315973][ T8409] perf_event_alloc.part.0+0xe3b/0x3960 [ 70.321520][ T8409] __do_sys_perf_event_open+0x647/0x2e60 [ 70.327333][ T8409] do_syscall_64+0x2d/0x70 [ 70.332735][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.339245][ T8409] [ 70.341584][ T8409] Freed by task 8409: [ 70.345657][ T8409] kasan_save_stack+0x1b/0x40 [ 70.350361][ T8409] kasan_set_track+0x1c/0x30 [ 70.354957][ T8409] kasan_set_free_info+0x20/0x30 [ 70.359996][ T8409] ____kasan_slab_free.part.0+0xe1/0x110 [ 70.365655][ T8409] slab_free_freelist_hook+0x82/0x1d0 [ 70.371395][ T8409] kfree+0xe5/0x7b0 [ 70.375227][ T8409] put_uprobe+0x13b/0x190 [ 70.379746][ T8409] uprobe_apply+0xfc/0x130 [ 70.384170][ T8409] trace_uprobe_register+0x5c9/0x880 [ 70.389468][ T8409] perf_trace_event_init+0x17a/0xa20 [ 70.394755][ T8409] perf_uprobe_init+0x16f/0x210 [ 70.399790][ T8409] perf_uprobe_event_init+0xff/0x1c0 [ 70.405067][ T8409] perf_try_init_event+0x12a/0x560 [ 70.410168][ T8409] perf_event_alloc.part.0+0xe3b/0x3960 [ 70.416073][ T8409] __do_sys_perf_event_open+0x647/0x2e60 [ 70.421733][ T8409] do_syscall_64+0x2d/0x70 [ 70.426164][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.432071][ T8409] [ 70.434390][ T8409] The buggy address belongs to the object at ffff8880123cc400 [ 70.434390][ T8409] which belongs to the cache kmalloc-512 of size 512 [ 70.448450][ T8409] The buggy address is located 360 bytes inside of [ 70.448450][ T8409] 512-byte region [ffff8880123cc400, ffff8880123cc600) [ 70.462249][ T8409] The buggy address belongs to the page: [ 70.467881][ T8409] page:0000000069baa549 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123cc [ 70.478029][ T8409] head:0000000069baa549 order:1 compound_mapcount:0 [ 70.484608][ T8409] flags: 0xfff00000010200(slab|head) [ 70.489990][ T8409] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841c80 [ 70.498669][ T8409] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 70.507258][ T8409] page dumped because: kasan: bad access detected [ 70.513684][ T8409] [ 70.516018][ T8409] Memory state around the buggy address: [ 70.522591][ T8409] ffff8880123cc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.530858][ T8409] ffff8880123cc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.539017][ T8409] >ffff8880123cc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.547077][ T8409] ^ [ 70.554706][ T8409] ffff8880123cc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.562776][ T8409] ffff8880123cc600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.570933][ T8409] ================================================================== [ 70.579100][ T8409] Disabling lock debugging due to kernel taint [ 70.585705][ T8409] Kernel panic - not syncing: panic_on_warn set ... [ 70.594128][ T8409] CPU: 1 PID: 8409 Comm: syz-executor194 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 70.605508][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.615575][ T8409] Call Trace: [ 70.618948][ T8409] dump_stack+0x107/0x163 [ 70.623297][ T8409] ? find_uprobe+0x90/0x150 [ 70.628022][ T8409] panic+0x306/0x73d [ 70.631932][ T8409] ? __warn_printk+0xf3/0xf3 [ 70.636621][ T8409] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 70.642773][ T8409] ? trace_hardirqs_on+0x38/0x1c0 [ 70.647813][ T8409] ? trace_hardirqs_on+0x51/0x1c0 [ 70.652859][ T8409] ? find_uprobe+0x12c/0x150 [ 70.657448][ T8409] ? find_uprobe+0x12c/0x150 [ 70.662048][ T8409] end_report.cold+0x5a/0x5a [ 70.666731][ T8409] kasan_report.cold+0x6a/0xd8 [ 70.671491][ T8409] ? find_uprobe+0x12c/0x150 [ 70.676110][ T8409] find_uprobe+0x12c/0x150 [ 70.680620][ T8409] uprobe_unregister+0x1e/0x70 [ 70.685397][ T8409] __probe_event_disable+0x11e/0x240 [ 70.690689][ T8409] probe_event_disable+0x155/0x1c0 [ 70.695809][ T8409] trace_uprobe_register+0x45a/0x880 [ 70.701110][ T8409] ? trace_uprobe_register+0x3ef/0x880 [ 70.706579][ T8409] ? rcu_read_lock_sched_held+0x3a/0x70 [ 70.712120][ T8409] perf_trace_event_unreg.isra.0+0xac/0x250 [ 70.718006][ T8409] perf_uprobe_destroy+0xbb/0x130 [ 70.723041][ T8409] ? perf_uprobe_init+0x210/0x210 [ 70.728062][ T8409] _free_event+0x2ee/0x1380 [ 70.732563][ T8409] perf_event_release_kernel+0xa24/0xe00 [ 70.738179][ T8409] ? fsnotify_first_mark+0x1f0/0x1f0 [ 70.743462][ T8409] ? __perf_event_exit_context+0x170/0x170 [ 70.749285][ T8409] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 70.755524][ T8409] perf_release+0x33/0x40 [ 70.759860][ T8409] __fput+0x283/0x920 [ 70.763832][ T8409] ? perf_event_release_kernel+0xe00/0xe00 [ 70.769629][ T8409] task_work_run+0xdd/0x190 [ 70.774145][ T8409] do_exit+0xc5c/0x2ae0 [ 70.778291][ T8409] ? mm_update_next_owner+0x7a0/0x7a0 [ 70.783647][ T8409] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 70.789889][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.796135][ T8409] do_group_exit+0x125/0x310 [ 70.800724][ T8409] __x64_sys_exit_group+0x3a/0x50 [ 70.805748][ T8409] do_syscall_64+0x2d/0x70 [ 70.810175][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.816069][ T8409] RIP: 0033:0x43ddc9 [ 70.819945][ T8409] Code: Unable to access opcode bytes at RIP 0x43dd9f. [ 70.826768][ T8409] RSP: 002b:00007fffc1738b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 70.835204][ T8409] RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043ddc9 [ 70.843168][ T8409] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 70.851135][ T8409] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000400488 [ 70.859110][ T8409] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004af2f0 [ 70.867078][ T8409] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 70.875721][ T8409] Kernel Offset: disabled [ 70.880047][ T8409] Rebooting in 86400 seconds..