Extracting prog: 1m25.393104514s Minimizing prog: 29m41.477116409s Simplifying prog options: 0s Extracting C: 26.483953902s Simplifying C: 5m58.053929107s extracting reproducer from 30 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault single: successfully extracted reproducer found reproducer with 21 syscalls minimizing guilty program testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-perf_event_open detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone detailed listing: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault simplifying C reproducer testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program did not crash testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program did not crash testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: use-after-free Read in do_page_fault a never seen crash title: KASAN: use-after-free Read in do_page_fault, ignore testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault reproducing took 37m31.408119072s repro crashed as (corrupted=true): ================================================================== BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline] BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline] BUG: KASAN: slab-out-of-bounds in do_page_fault+0x66/0x330 arch/x86/mm/fault.c:1528 Read of size 8 at addr ffff8881f5d87ee0 by task kworker/u4:0/7 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 ------------[ cut here ]------------ Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'signal_cache' (offset 288, size 8)! WARNING: CPU: 1 PID: 7 at mm/usercopy.c:80 usercopy_warn+0xaf/0xc0 mm/usercopy.c:75 Modules linked in: CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:usercopy_warn+0xaf/0xc0 mm/usercopy.c:75 Code: c6 05 30 f5 b0 04 01 48 c7 c5 80 92 e3 84 48 0f 44 e8 48 c7 c7 00 91 e3 84 4d 89 e1 41 57 41 56 55 e8 c5 74 a1 ff 48 83 c4 18 <0f> 0b e9 73 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 56 53 4d 89 RSP: 0018:ffff8881f5d87940 EFLAGS: 00010092 RAX: 5192e284fcd3aa00 RBX: ffffffff855a6f73 RCX: ffff8881f5d60fc0 RDX: 0000000080000199 RSI: 0000000080000199 RDI: 0000000000000000 RBP: ffffffff84e39280 R08: ffffffff814d6d92 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff84a73dc0 R13: dffffc0000000000 R14: 0000000000000120 R15: 0000000000000008 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ---[ end trace 5cf5a122dad6c26d ]--- Workqueue: events_unbound toggle_allocation_gate Call Trace: Allocated by task 4241730048: ================================================================================ UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15 index 1237636 is out of range for type 'void *[8192]' CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate Call Trace: ================================================================================ invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205 Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 RSP: 0018:ffff8881f5d87cc0 EFLAGS: 00010012 RAX: ffffffff8248d4bf RBX: 000000005192e284 RCX: ffff8881f5d60fc0 RDX: 0000000080000199 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8881f5d87d78 R08: ffffffff8248d4b6 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1900 R13: ffff8881f5d87d40 R14: ffff8881f5d87d00 R15: 000000000012e284 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Modules linked in: ---[ end trace 5cf5a122dad6c26e ]--- RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205 Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 RSP: 0018:ffff8881f5d87cc0 EFLAGS: 00010012 RAX: ffffffff8248d4bf RBX: 000000005192e284 RCX: ffff8881f5d60fc0 RDX: 0000000080000199 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8881f5d87d78 R08: ffffffff8248d4b6 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1900 R13: ffff8881f5d87d40 R14: ffff8881f5d87d00 R15: 000000000012e284 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 report is corrupted, running repro again testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault report is corrupted, running repro again testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault report is corrupted, running repro again testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone program crashed: KASAN: slab-out-of-bounds Read in do_page_fault final repro crashed as (corrupted=true): ================================================================== BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline] BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline] BUG: KASAN: slab-out-of-bounds in do_page_fault+0x66/0x330 arch/x86/mm/fault.c:1528 Read of size 8 at addr ffff8881f5dc7e40 by task kworker/u4:1/9 CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 ------------[ cut here ]------------ Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'task_struct' (offset 2880, size 8)! WARNING: CPU: 1 PID: 9 at mm/usercopy.c:80 usercopy_warn+0xaf/0xc0 mm/usercopy.c:75 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:usercopy_warn+0xaf/0xc0 mm/usercopy.c:75 Code: c6 05 30 f5 b0 04 01 48 c7 c5 80 92 e3 84 48 0f 44 e8 48 c7 c7 00 91 e3 84 4d 89 e1 41 57 41 56 55 e8 c5 74 a1 ff 48 83 c4 18 <0f> 0b e9 73 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 56 53 4d 89 RSP: 0018:ffff8881f5dc78a0 EFLAGS: 00010096 RAX: 8a1126b4931cc900 RBX: ffffffff855a6f73 RCX: ffff8881f5dc4ec0 RDX: 0000000000000000 RSI: 0000000080000044 RDI: 0000000000000000 RBP: ffffffff84e39280 R08: ffffffff814d6d92 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff84a73c00 R13: dffffc0000000000 R14: 0000000000000b40 R15: 0000000000000008 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ---[ end trace 87ff0bdf3e2b268a ]--- Workqueue: events_unbound toggle_allocation_gate Call Trace: Allocated by task 0: (stack is not available) Freed by task 4291904152: ================================================================================ UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15 index 2091263 is out of range for type 'void *[8192]' CPU: 1 PID: 9 Comm: kworker/u4:1 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate Call Trace: ================================================================================ invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9 Comm: kworker/u4:1 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205 Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 RSP: 0018:ffff8881f5dc7c20 EFLAGS: 00010006 RAX: ffffffff8248d4bf RBX: 00000000ffffe8ff RCX: ffff8881f5dc4ec0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8881f5dc7cd8 R08: ffffffff8248d4b6 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1680 R13: ffff8881f5dc7d80 R14: ffff8881f5dc7c60 R15: 00000000001fe8ff FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Modules linked in: ---[ end trace 87ff0bdf3e2b268b ]--- RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205 Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 RSP: 0018:ffff8881f5dc7c20 EFLAGS: 00010006 RAX: ffffffff8248d4bf RBX: 00000000ffffe8ff RCX: ffff8881f5dc4ec0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8881f5dc7cd8 R08: ffffffff8248d4b6 R09: ffffed103ede5262 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1680 R13: ffff8881f5dc7d80 R14: ffff8881f5dc7c60 R15: 00000000001fe8ff FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0