Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.066404][ T8391] ================================================================== [ 71.074754][ T8391] BUG: KASAN: use-after-free in find_uprobe+0x12c/0x150 [ 71.081694][ T8391] Read of size 8 at addr ffff8881413c6568 by task syz-executor371/8391 [ 71.089925][ T8391] [ 71.092239][ T8391] CPU: 0 PID: 8391 Comm: syz-executor371 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 71.102194][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.112232][ T8391] Call Trace: [ 71.115497][ T8391] dump_stack+0x107/0x163 [ 71.119823][ T8391] ? find_uprobe+0x12c/0x150 [ 71.124410][ T8391] ? find_uprobe+0x12c/0x150 [ 71.128994][ T8391] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.136007][ T8391] ? find_uprobe+0x12c/0x150 [ 71.140583][ T8391] ? find_uprobe+0x12c/0x150 [ 71.145155][ T8391] kasan_report.cold+0x7c/0xd8 [ 71.149903][ T8391] ? find_uprobe+0x12c/0x150 [ 71.154485][ T8391] find_uprobe+0x12c/0x150 [ 71.158887][ T8391] uprobe_unregister+0x1e/0x70 [ 71.163641][ T8391] __probe_event_disable+0x11e/0x240 [ 71.168945][ T8391] probe_event_disable+0x155/0x1c0 [ 71.174051][ T8391] trace_uprobe_register+0x45a/0x880 [ 71.179363][ T8391] ? trace_uprobe_register+0x3ef/0x880 [ 71.184827][ T8391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 71.190371][ T8391] perf_trace_event_unreg.isra.0+0xac/0x250 [ 71.196278][ T8391] perf_uprobe_destroy+0xbb/0x130 [ 71.202097][ T8391] ? perf_uprobe_init+0x210/0x210 [ 71.207174][ T8391] _free_event+0x2ee/0x1380 [ 71.211673][ T8391] perf_event_release_kernel+0xa24/0xe00 [ 71.217294][ T8391] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.222571][ T8391] ? __perf_event_exit_context+0x170/0x170 [ 71.228367][ T8391] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 71.234598][ T8391] perf_release+0x33/0x40 [ 71.238930][ T8391] __fput+0x283/0x920 [ 71.242901][ T8391] ? perf_event_release_kernel+0xe00/0xe00 [ 71.248705][ T8391] task_work_run+0xdd/0x190 [ 71.253201][ T8391] do_exit+0xc5c/0x2ae0 [ 71.257349][ T8391] ? mm_update_next_owner+0x7a0/0x7a0 [ 71.262707][ T8391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.268934][ T8391] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.275171][ T8391] do_group_exit+0x125/0x310 [ 71.279765][ T8391] __x64_sys_exit_group+0x3a/0x50 [ 71.284776][ T8391] do_syscall_64+0x2d/0x70 [ 71.289191][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.295070][ T8391] RIP: 0033:0x43db09 [ 71.298947][ T8391] Code: Unable to access opcode bytes at RIP 0x43dadf. [ 71.305770][ T8391] RSP: 002b:00007ffe5b80a6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.314189][ T8391] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db09 [ 71.322147][ T8391] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 71.330113][ T8391] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 71.338075][ T8391] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 71.346041][ T8391] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 71.354630][ T8391] [ 71.356939][ T8391] Allocated by task 8391: [ 71.361246][ T8391] kasan_save_stack+0x1b/0x40 [ 71.365916][ T8391] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 71.371704][ T8391] __uprobe_register+0x19c/0x850 [ 71.376635][ T8391] probe_event_enable+0x441/0xa00 [ 71.381655][ T8391] trace_uprobe_register+0x443/0x880 [ 71.387019][ T8391] perf_trace_event_init+0x549/0xa20 [ 71.392287][ T8391] perf_uprobe_init+0x16f/0x210 [ 71.397122][ T8391] perf_uprobe_event_init+0xff/0x1c0 [ 71.402401][ T8391] perf_try_init_event+0x12a/0x560 [ 71.407492][ T8391] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.413053][ T8391] __do_sys_perf_event_open+0x647/0x2e60 [ 71.418671][ T8391] do_syscall_64+0x2d/0x70 [ 71.423083][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.428967][ T8391] [ 71.431277][ T8391] Freed by task 8391: [ 71.435242][ T8391] kasan_save_stack+0x1b/0x40 [ 71.439912][ T8391] kasan_set_track+0x1c/0x30 [ 71.444486][ T8391] kasan_set_free_info+0x20/0x30 [ 71.449409][ T8391] ____kasan_slab_free.part.0+0xe1/0x110 [ 71.455681][ T8391] slab_free_freelist_hook+0x82/0x1d0 [ 71.461104][ T8391] kfree+0xe5/0x7b0 [ 71.464896][ T8391] put_uprobe+0x13b/0x190 [ 71.469206][ T8391] uprobe_apply+0xfc/0x130 [ 71.473607][ T8391] trace_uprobe_register+0x5c9/0x880 [ 71.478877][ T8391] perf_trace_event_init+0x17a/0xa20 [ 71.484156][ T8391] perf_uprobe_init+0x16f/0x210 [ 71.488988][ T8391] perf_uprobe_event_init+0xff/0x1c0 [ 71.494254][ T8391] perf_try_init_event+0x12a/0x560 [ 71.499346][ T8391] perf_event_alloc.part.0+0xe3b/0x3960 [ 71.504876][ T8391] __do_sys_perf_event_open+0x647/0x2e60 [ 71.510490][ T8391] do_syscall_64+0x2d/0x70 [ 71.514889][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.520765][ T8391] [ 71.523069][ T8391] The buggy address belongs to the object at ffff8881413c6400 [ 71.523069][ T8391] which belongs to the cache kmalloc-512 of size 512 [ 71.537113][ T8391] The buggy address is located 360 bytes inside of [ 71.537113][ T8391] 512-byte region [ffff8881413c6400, ffff8881413c6600) [ 71.550378][ T8391] The buggy address belongs to the page: [ 71.555991][ T8391] page:0000000014d0e510 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1413c6 [ 71.566213][ T8391] head:0000000014d0e510 order:1 compound_mapcount:0 [ 71.572792][ T8391] flags: 0x57ff00000010200(slab|head) [ 71.578164][ T8391] raw: 057ff00000010200 ffffea0005114e80 0000000400000004 ffff888010841c80 [ 71.586743][ T8391] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 71.595309][ T8391] page dumped because: kasan: bad access detected [ 71.601702][ T8391] [ 71.604011][ T8391] Memory state around the buggy address: [ 71.609638][ T8391] ffff8881413c6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.617693][ T8391] ffff8881413c6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.626355][ T8391] >ffff8881413c6500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.634395][ T8391] ^ [ 71.641829][ T8391] ffff8881413c6580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.649872][ T8391] ffff8881413c6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.657909][ T8391] ================================================================== [ 71.665944][ T8391] Disabling lock debugging due to kernel taint [ 71.673451][ T8391] Kernel panic - not syncing: panic_on_warn set ... [ 71.680045][ T8391] CPU: 0 PID: 8391 Comm: syz-executor371 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 71.691427][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.701496][ T8391] Call Trace: [ 71.707845][ T8391] dump_stack+0x107/0x163 [ 71.712625][ T8391] ? find_uprobe+0x90/0x150 [ 71.717257][ T8391] panic+0x306/0x73d [ 71.721134][ T8391] ? __warn_printk+0xf3/0xf3 [ 71.725708][ T8391] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 71.731848][ T8391] ? trace_hardirqs_on+0x38/0x1c0 [ 71.736858][ T8391] ? trace_hardirqs_on+0x51/0x1c0 [ 71.741875][ T8391] ? find_uprobe+0x12c/0x150 [ 71.746451][ T8391] ? find_uprobe+0x12c/0x150 [ 71.751025][ T8391] end_report.cold+0x5a/0x5a [ 71.755597][ T8391] kasan_report.cold+0x6a/0xd8 [ 71.760343][ T8391] ? find_uprobe+0x12c/0x150 [ 71.764914][ T8391] find_uprobe+0x12c/0x150 [ 71.769321][ T8391] uprobe_unregister+0x1e/0x70 [ 71.774067][ T8391] __probe_event_disable+0x11e/0x240 [ 71.779346][ T8391] probe_event_disable+0x155/0x1c0 [ 71.784437][ T8391] trace_uprobe_register+0x45a/0x880 [ 71.789714][ T8391] ? trace_uprobe_register+0x3ef/0x880 [ 71.795155][ T8391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 71.800678][ T8391] perf_trace_event_unreg.isra.0+0xac/0x250 [ 71.806563][ T8391] perf_uprobe_destroy+0xbb/0x130 [ 71.811565][ T8391] ? perf_uprobe_init+0x210/0x210 [ 71.816569][ T8391] _free_event+0x2ee/0x1380 [ 71.821062][ T8391] perf_event_release_kernel+0xa24/0xe00 [ 71.826688][ T8391] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.831959][ T8391] ? __perf_event_exit_context+0x170/0x170 [ 71.837755][ T8391] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 71.843989][ T8391] perf_release+0x33/0x40 [ 71.848296][ T8391] __fput+0x283/0x920 [ 71.852259][ T8391] ? perf_event_release_kernel+0xe00/0xe00 [ 71.858045][ T8391] task_work_run+0xdd/0x190 [ 71.862529][ T8391] do_exit+0xc5c/0x2ae0 [ 71.866691][ T8391] ? mm_update_next_owner+0x7a0/0x7a0 [ 71.872043][ T8391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.878264][ T8391] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.884487][ T8391] do_group_exit+0x125/0x310 [ 71.889067][ T8391] __x64_sys_exit_group+0x3a/0x50 [ 71.894085][ T8391] do_syscall_64+0x2d/0x70 [ 71.898489][ T8391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.904372][ T8391] RIP: 0033:0x43db09 [ 71.908260][ T8391] Code: Unable to access opcode bytes at RIP 0x43dadf. [ 71.915084][ T8391] RSP: 002b:00007ffe5b80a6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.923488][ T8391] RAX: ffffffffffffffda RBX: 00000000004ae230 RCX: 000000000043db09 [ 71.931440][ T8391] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 71.939402][ T8391] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 71.947354][ T8391] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004ae230 [ 71.955304][ T8391] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 71.963926][ T8391] Kernel Offset: disabled [ 71.968235][ T8391] Rebooting in 86400 seconds..