bisecting cause commit starting from 283ea345934d277e30c841c577e0e2142b4bfcae
building syzkaller on 8c88c9c1c99c8cd8dabc951164c820b9c9f25114
testing commit 283ea345934d277e30c841c577e0e2142b4bfcae with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: OK
run #9: OK
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #5: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
all runs: OK
# git bisect start v5.0 v4.20
Bisecting: 7011 revisions left to test after this (roughly 13 steps)
[af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping
testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
# git bisect bad af7ddd8a627c62a835524b3f5b471edbbbcce025
Bisecting: 3448 revisions left to test after this (roughly 12 steps)
[792bf4d871dea8b69be2aaabdd320d7c6ed15985] Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 792bf4d871dea8b69be2aaabdd320d7c6ed15985 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 792bf4d871dea8b69be2aaabdd320d7c6ed15985
Bisecting: 1729 revisions left to test after this (roughly 11 steps)
[aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c] linux/netlink.h: drop unnecessary extern prefix
testing commit aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c
Bisecting: 835 revisions left to test after this (roughly 10 steps)
[e0c38a4d1f196a4b17d2eba36afff8f656a4f1de] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
testing commit e0c38a4d1f196a4b17d2eba36afff8f656a4f1de with gcc (GCC) 8.1.0
run #0: crashed: WARNING in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
# git bisect bad e0c38a4d1f196a4b17d2eba36afff8f656a4f1de
Bisecting: 384 revisions left to test after this (roughly 9 steps)
[8d6973327ee84c2f40dd9efd8928d4a1186c96e2] Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
testing commit 8d6973327ee84c2f40dd9efd8928d4a1186c96e2 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 8d6973327ee84c2f40dd9efd8928d4a1186c96e2
Bisecting: 222 revisions left to test after this (roughly 8 steps)
[e770454fabde2e0f8fb3e5039a2b6df8f128bc9b] Merge branch 'expand-txtimestamp-selftest'
testing commit e770454fabde2e0f8fb3e5039a2b6df8f128bc9b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e770454fabde2e0f8fb3e5039a2b6df8f128bc9b
Bisecting: 106 revisions left to test after this (roughly 7 steps)
[c3e533692527046fb55020e7fac8c4272644ba45] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit c3e533692527046fb55020e7fac8c4272644ba45 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: WARNING in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in corrupted
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
# git bisect bad c3e533692527046fb55020e7fac8c4272644ba45
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[9df95e8ec568f98d89fe2c72342714296ac6ce27] bpf: sparc64: Enable sparc64 jit to provide bpf_line_info
testing commit 9df95e8ec568f98d89fe2c72342714296ac6ce27 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: WARNING in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #8: crashed: WARNING in corrupted
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
# git bisect bad 9df95e8ec568f98d89fe2c72342714296ac6ce27
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[c101189bc9680675a2686bafe908015a07a0da51] tools: bpftool: fix -Wmissing declaration warnings
testing commit c101189bc9680675a2686bafe908015a07a0da51 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good c101189bc9680675a2686bafe908015a07a0da51
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[be3245e22d227ad68ab97785d506561374daa028] tools: bpftool: attempt to mount tracefs if required for tracelog cmd
testing commit be3245e22d227ad68ab97785d506561374daa028 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in corrupted
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
# git bisect bad be3245e22d227ad68ab97785d506561374daa028
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[cd9de5d3d64b472f67a5ac8520f79ce42f7583b8] tools/bpf: add test_btf unit tests for kind_flag
testing commit cd9de5d3d64b472f67a5ac8520f79ce42f7583b8 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
# git bisect bad cd9de5d3d64b472f67a5ac8520f79ce42f7583b8
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[f97be3ab044cf6dd342fed7668c977ba07a7cd95] bpf: btf: refactor btf_int_bits_seq_show()
testing commit f97be3ab044cf6dd342fed7668c977ba07a7cd95 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #5: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
# git bisect bad f97be3ab044cf6dd342fed7668c977ba07a7cd95
Bisecting: 0 revisions left to test after this (roughly 1 step)
[6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa] bpf: remove useless version check for prog load
testing commit 6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: WARNING in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
# git bisect bad 6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[034565da0fe6cc60c4df26805c8c78d8f365173b] Merge branch 'bpf-bpftool-cleanups'
testing commit 034565da0fe6cc60c4df26805c8c78d8f365173b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 034565da0fe6cc60c4df26805c8c78d8f365173b
6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa is the first bad commit
commit 6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Sun Dec 16 00:49:47 2018 +0100

    bpf: remove useless version check for prog load
    
    Existing libraries and tracing frameworks work around this kernel
    version check by automatically deriving the kernel version from
    uname(3) or similar such that the user does not need to do it
    manually; these workarounds also make the version check useless
    at the same time.
    
    Moreover, most other BPF tracing types enabling bpf_probe_read()-like
    functionality have /not/ adapted this check, and in general these
    days it is well understood anyway that all the tracing programs are
    not stable with regards to future kernels as kernel internal data
    structures are subject to change from release to release.
    
    Back at last netconf we discussed [0] and agreed to remove this
    check from bpf_prog_load() and instead document it here in the uapi
    header that there is no such guarantee for stable API for these
    programs.
    
      [0] http://vger.kernel.org/netconf2018_files/DanielBorkmann_netconf2018.pdf
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Acked-by: Quentin Monnet <quentin.monnet@netronome.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

:040000 040000 c837ab73892a2d54196968f50cd683027d4acccf 77c6842471d3e88b7463614ee74c50818e08bbb3 M	include
:040000 040000 b86a61261d2309c84b07485b6807f0238a373f43 3f765163baf85d9b8049d4ca5278037e03a870a0 M	kernel
:040000 040000 4136b99b51615a5030ba0e0fe075f37e8e365e59 29df9d1161035472579a69e7d5cddf89ff9d1cda M	tools
revisions tested: 20, total time: 4h41m15.816808962s (build: 1h48m3.25833359s, test: 2h47m15.66033473s)
first bad commit: 6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa bpf: remove useless version check for prog load
cc: ["ast@kernel.org" "daniel@iogearbox.net" "joe@wand.net.nz" "joeypabalinas@gmail.com" "john.fastabend@gmail.com" "linux-kernel@vger.kernel.org" "mauricio.vasquez@polito.it" "netdev@vger.kernel.org" "quentin.monnet@netronome.com"]
crash: KASAN: use-after-free Read in bpf_prog_kallsyms_find
==================================================================
BUG: KASAN: use-after-free in bpf_tree_comp kernel/bpf/core.c:559 [inline]
BUG: KASAN: use-after-free in __lt_find include/linux/rbtree_latch.h:115 [inline]
BUG: KASAN: use-after-free in latch_tree_find include/linux/rbtree_latch.h:208 [inline]
BUG: KASAN: use-after-free in bpf_prog_kallsyms_find+0x1d1/0x2e0 kernel/bpf/core.c:633
Read of size 8 at addr ffff8880a8a295c8 by task blkid/2434

CPU: 0 PID: 2434 Comm: blkid Not tainted 4.20.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x16b/0x224 lib/dump_stack.c:113
 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
 bpf_tree_comp kernel/bpf/core.c:559 [inline]
 __lt_find include/linux/rbtree_latch.h:115 [inline]
 latch_tree_find include/linux/rbtree_latch.h:208 [inline]
 bpf_prog_kallsyms_find+0x1d1/0x2e0 kernel/bpf/core.c:633
 is_bpf_text_address+0x48/0xe0 kernel/bpf/core.c:668
 kernel_text_address+0x79/0xf0 kernel/extable.c:152
 __kernel_text_address+0xd/0x40 kernel/extable.c:107
 unwind_get_return_address+0x61/0xa0 arch/x86/kernel/unwind_frame.c:18
 __save_stack_trace+0x8d/0xf0 arch/x86/kernel/stacktrace.c:45
 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60
 save_stack+0x43/0xd0 mm/kasan/kasan.c:448
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
 slab_post_alloc_hook mm/slab.h:444 [inline]
 slab_alloc mm/slab.c:3392 [inline]
 kmem_cache_alloc+0x11b/0x730 mm/slab.c:3552
 ptlock_alloc+0x1d/0x70 mm/memory.c:4555
 ptlock_init include/linux/mm.h:1897 [inline]
 pgtable_page_ctor include/linux/mm.h:1931 [inline]
 pte_alloc_one+0x4e/0x130 arch/x86/mm/pgtable.c:38
 do_fault_around mm/memory.c:3362 [inline]
 do_read_fault mm/memory.c:3403 [inline]
 do_fault mm/memory.c:3534 [inline]
 handle_pte_fault mm/memory.c:3765 [inline]
 __handle_mm_fault+0x2f80/0x4190 mm/memory.c:3889
 handle_mm_fault+0x36f/0x8d0 mm/memory.c:3926
 do_user_addr_fault arch/x86/mm/fault.c:1423 [inline]
 __do_page_fault+0x400/0xa80 arch/x86/mm/fault.c:1489
 do_page_fault+0x64/0x3a7 arch/x86/mm/fault.c:1520
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143
RIP: 0033:0x7ff56c6c0f84
Code: 10 4d 89 4b 18 5b 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 08 48 8b 87 98 02 00 00 48 85 c0 74 5f 48 8b 40 08 <8b> 08 89 8f ec 02 00 00 8b 50 08 44 8b 40 04 8d 72 ff 85 d6 75 72
RSP: 002b:00007fff774dbbc0 EFLAGS: 00010206
RAX: 00007ff56c1042b8 RBX: 00007ff56c8d69a8 RCX: 00007ff56c6ce1d7
RDX: 0000000000000000 RSI: 0000000000000010 RDI: 00007ff56c8d69a8
RBP: 00007fff774dbd30 R08: 0000000070000029 R09: 000000006ffffdff
R10: 000000006ffffeff R11: 0000000000000206 R12: 00007fff774dbe18
R13: 000000006fffff48 R14: 00007fff774dba80 R15: 00007fff774dba20

Allocated by task 2435:
 save_stack+0x43/0xd0 mm/kasan/kasan.c:448
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
 kmem_cache_alloc_trace+0x152/0x750 mm/slab.c:3620
 kmalloc include/linux/slab.h:546 [inline]
 kzalloc include/linux/slab.h:741 [inline]
 bpf_prog_alloc+0xcd/0x270 kernel/bpf/core.c:91
 jit_subprogs kernel/bpf/verifier.c:6443 [inline]
 fixup_call_args kernel/bpf/verifier.c:6573 [inline]
 bpf_check+0x4319/0x74e0 kernel/bpf/verifier.c:6966
 bpf_prog_load+0xa81/0x11b0 kernel/bpf/syscall.c:1532
 __do_sys_bpf+0x874/0x2ed0 kernel/bpf/syscall.c:2613
 __se_sys_bpf kernel/bpf/syscall.c:2575 [inline]
 __x64_sys_bpf+0x6e/0xb0 kernel/bpf/syscall.c:2575
 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 14825:
 save_stack+0x43/0xd0 mm/kasan/kasan.c:448
 set_track mm/kasan/kasan.c:460 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521
 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
 __cache_free mm/slab.c:3498 [inline]
 kfree+0xcf/0x220 mm/slab.c:3817
 bpf_jit_free+0x6f/0x270
 bpf_prog_free_deferred+0x151/0x390 kernel/bpf/core.c:1958
 process_one_work+0x830/0x1670 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

The buggy address belongs to the object at ffff8880a8a29540
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 136 bytes inside of
 512-byte region [ffff8880a8a29540, ffff8880a8a29740)
The buggy address belongs to the page:
page:ffffea0002a28a40 count:1 mapcount:0 mapping:ffff88812c366940 index:0x0
flags: 0x1fffc0000000200(slab)
raw: 01fffc0000000200 ffffea00021f7d08 ffffea0002409f48 ffff88812c366940
raw: 0000000000000000 ffff8880a8a29040 0000000100000006 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880a8a29480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff8880a8a29500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
>ffff8880a8a29580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                              ^
 ffff8880a8a29600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880a8a29680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================