Re: [RFC PATCH] tracing: Fix syscall tracepoint use-after-free

From: Jordan Rife
Date: Thu Oct 24 2024 - 13:51:18 EST

> You guys said you have a reproducer, right? Can you please share
> details (I know it's somewhere on another thread, but let's put all
> this in this thread).

For reference, the original syzbot report is here along with links to artifacts.

syz repro:
disk image:

The steps I performed to reproduce locally are roughly as follows:

1. Copy the syz repro script to a file, repro.syz.txt
2. Download the disk image, disk.img
3. Build syzkaller (
4. Start up QEMU using disk.img: qemu-system-x86_64 -m 2G -smp
2,sockets=2,cores=1 -drive file=./disk.raw,format=raw -net
nic,model=e1000 -net user,host=,hostfwd:tcp::10022-:22
-enable-kvm -nographic
5. SCP syzkaller/bin/linux_amd64/syz-execprog and
syzkaller/bin/linux_amd64/syz-executor to root@
6. SCP repro.syz.txt to root@
7. Run './syz-execprog -repeat=0 -procs=5 ./repro.syz.txt' over SSH on

This typically crashes things within 20 seconds or so on my machine.
