On Mon, Dec 19, 2022 at 12:04:43AM -0800, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 13e3c7793e2f Merge tag 'for-netdev' of https://git.kernel... > git tree: bpf > console+strace: https://syzkaller.appspot.com/x/log.txt?x=177df7e0480000 > kernel config: https://syzkaller.appspot.com/x/.config?x=b0e91ad4b5f69c47 > dashboard link: https://syzkaller.appspot.com/bug?extid=b8e8c01c8ade4fe6e48f > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15e87100480000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ceeb13880000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/373a99daa295/disk-13e3c779.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/7fa71ed0fe17/vmlinux-13e3c779.xz > kernel image: https://storage.googleapis.com/syzbot-assets/2842ad5c698b/bzImage-13e3c779.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+b8e8c01c8ade4fe6e48f@xxxxxxxxxxxxxxxxxxxxxxxxx > > ================================================================== > BUG: KASAN: use-after-free in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4925 > Read of size 8 at addr ffff8880237d6018 by task syz-executor287/8300 OK, lemme try this.. still think having to repeat the tree it already has is daft.. #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git 13e3c7793e2f diff --git a/kernel/events/core.c b/kernel/events/core.c index eacc3702654d..7da593504c5b 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -12689,7 +12689,8 @@ SYSCALL_DEFINE5(perf_event_open, return event_fd; err_context: - /* event->pmu_ctx freed by free_event() */ + put_pmu_ctx(event->pmu_ctx); + event->pmu_ctx = NULL; /* _free_event() */ err_locked: mutex_unlock(&ctx->mutex); perf_unpin_context(ctx);
