Extracting prog: 1m25.393104514s
Minimizing prog: 29m41.477116409s
Simplifying prog options: 0s
Extracting C: 26.483953902s
Simplifying C: 5m58.053929107s
extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
single: successfully extracted reproducer
found reproducer with 21 syscalls
minimizing guilty program
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-perf_event_open
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$MAP_LOOKUP_ELEM-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x0, 0x2, 0x0, 0x0, 0x800000}, 0x0, 0xaff7fff7ffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_PROG_WITH_BTFID_LOAD-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4225}, [@map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x2, 0x275708be688dbba0, 0x4, 0x10, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40}, @generic={0xfc, 0x1, 0x2, 0x0, 0x10001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000240)='syzkaller\x00', 0x4, 0xee, &(0x7f00000004c0)=""/238, 0x40f00, 0x16, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x10, 0x0, 0x10001}, 0x10, 0x299c7, r6, 0x2, &(0x7f00000009c0)=[r0, r2, r2], &(0x7f0000000a00)=[{0x1, 0x2, 0x9, 0x2}, {0x1, 0x4, 0x5, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-syz_clone-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000080000000000000002000000185200000600000000000000000000000346c0ff0400000018110000", @ANYRES32=r0, @ANYBLOB="00000000002145aedd0200000000000085000000860000001812000028d24619246781a9f37cf2c87e58819838602ffdcd7a8da4e5d384ed4971f09ff1", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000852000000200000095000000000000009500000000000000"], &(0x7f0000000700)='syzkaller\x00', 0xff, 0xc8, &(0x7f0000000bc0)=""/200, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x6, 0x800, 0x7f}, 0x10, 0x0, r3, 0x0, &(0x7f0000000880)=[r0, 0x1, r2, r0, r2, r2], &(0x7f00000008c0), 0x10, 0x60e1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_CREATE-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005000000fd09000084000000000000004395eba6e02247", @ANYRES32, @ANYBLOB="feffffff00"/18, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f00000005c0)}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x8, 0xd, 0x100, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f00000005c0)}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071107100000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4102b100, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=36.595207707s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
simplifying C reproducer
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program did not crash
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program did not crash
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: use-after-free Read in do_page_fault
a never seen crash title: KASAN: use-after-free Read in do_page_fault, ignore
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
reproducing took 37m31.408119072s
repro crashed as (corrupted=true):
==================================================================
BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline]
BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline]
BUG: KASAN: slab-out-of-bounds in do_page_fault+0x66/0x330 arch/x86/mm/fault.c:1528
Read of size 8 at addr ffff8881f5d87ee0 by task kworker/u4:0/7
CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'signal_cache' (offset 288, size 8)!
WARNING: CPU: 1 PID: 7 at mm/usercopy.c:80 usercopy_warn+0xaf/0xc0 mm/usercopy.c:75
Modules linked in:
CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:usercopy_warn+0xaf/0xc0 mm/usercopy.c:75
Code: c6 05 30 f5 b0 04 01 48 c7 c5 80 92 e3 84 48 0f 44 e8 48 c7 c7 00 91 e3 84 4d 89 e1 41 57 41 56 55 e8 c5 74 a1 ff 48 83 c4 18 <0f> 0b e9 73 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 56 53 4d 89
RSP: 0018:ffff8881f5d87940 EFLAGS: 00010092
RAX: 5192e284fcd3aa00 RBX: ffffffff855a6f73 RCX: ffff8881f5d60fc0
RDX: 0000000080000199 RSI: 0000000080000199 RDI: 0000000000000000
RBP: ffffffff84e39280 R08: ffffffff814d6d92 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff84a73dc0
R13: dffffc0000000000 R14: 0000000000000120 R15: 0000000000000008
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
---[ end trace 5cf5a122dad6c26d ]---
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
Allocated by task 4241730048:
================================================================================
UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15
index 1237636 is out of range for type 'void *[8192]'
CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
================================================================================
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205
Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55
RSP: 0018:ffff8881f5d87cc0 EFLAGS: 00010012
RAX: ffffffff8248d4bf RBX: 000000005192e284 RCX: ffff8881f5d60fc0
RDX: 0000000080000199 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881f5d87d78 R08: ffffffff8248d4b6 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1900
R13: ffff8881f5d87d40 R14: ffff8881f5d87d00 R15: 000000000012e284
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 5cf5a122dad6c26e ]---
RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205
Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55
RSP: 0018:ffff8881f5d87cc0 EFLAGS: 00010012
RAX: ffffffff8248d4bf RBX: 000000005192e284 RCX: ffff8881f5d60fc0
RDX: 0000000080000199 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881f5d87d78 R08: ffffffff8248d4b6 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1900
R13: ffff8881f5d87d40 R14: ffff8881f5d87d00 R15: 000000000012e284
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffb00370 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
report is corrupted, running repro again
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
report is corrupted, running repro again
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
report is corrupted, running repro again
testing compiled C program (duration=36.595207707s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_MAP_INFO-bpf$MAP_CREATE-bpf$PROG_LOAD-perf_event_open-bpf$BPF_RAW_TRACEPOINT_OPEN-perf_event_open-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-perf_event_open-syz_clone
program crashed: KASAN: slab-out-of-bounds Read in do_page_fault
final repro crashed as (corrupted=true):
==================================================================
BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline]
BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline]
BUG: KASAN: slab-out-of-bounds in do_page_fault+0x66/0x330 arch/x86/mm/fault.c:1528
Read of size 8 at addr ffff8881f5dc7e40 by task kworker/u4:1/9
CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'task_struct' (offset 2880, size 8)!
WARNING: CPU: 1 PID: 9 at mm/usercopy.c:80 usercopy_warn+0xaf/0xc0 mm/usercopy.c:75
Modules linked in:
CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:usercopy_warn+0xaf/0xc0 mm/usercopy.c:75
Code: c6 05 30 f5 b0 04 01 48 c7 c5 80 92 e3 84 48 0f 44 e8 48 c7 c7 00 91 e3 84 4d 89 e1 41 57 41 56 55 e8 c5 74 a1 ff 48 83 c4 18 <0f> 0b e9 73 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 56 53 4d 89
RSP: 0018:ffff8881f5dc78a0 EFLAGS: 00010096
RAX: 8a1126b4931cc900 RBX: ffffffff855a6f73 RCX: ffff8881f5dc4ec0
RDX: 0000000000000000 RSI: 0000000080000044 RDI: 0000000000000000
RBP: ffffffff84e39280 R08: ffffffff814d6d92 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff84a73c00
R13: dffffc0000000000 R14: 0000000000000b40 R15: 0000000000000008
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
---[ end trace 87ff0bdf3e2b268a ]---
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
Allocated by task 0:
(stack is not available)
Freed by task 4291904152:
================================================================================
UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15
index 2091263 is out of range for type 'void *[8192]'
CPU: 1 PID: 9 Comm: kworker/u4:1 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
================================================================================
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9 Comm: kworker/u4:1 Tainted: G W 5.4.289-syzkaller-00030-gcb850525fc3e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205
Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55
RSP: 0018:ffff8881f5dc7c20 EFLAGS: 00010006
RAX: ffffffff8248d4bf RBX: 00000000ffffe8ff RCX: ffff8881f5dc4ec0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881f5dc7cd8 R08: ffffffff8248d4b6 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1680
R13: ffff8881f5dc7d80 R14: ffff8881f5dc7c60 R15: 00000000001fe8ff
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 87ff0bdf3e2b268b ]---
RIP: 0010:stack_depot_fetch+0x61/0x70 lib/stackdepot.c:205
Code: 48 8d 4c 18 18 49 89 0e 8b 44 18 0c 5b 41 5e 41 5f c3 48 c7 c7 80 ca 07 86 4c 89 fe e8 a8 3a 00 00 41 81 ff ff 1f 00 00 76 c5 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55
RSP: 0018:ffff8881f5dc7c20 EFLAGS: 00010006
RAX: ffffffff8248d4bf RBX: 00000000ffffe8ff RCX: ffff8881f5dc4ec0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881f5dc7cd8 R08: ffffffff8248d4b6 R09: ffffed103ede5262
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f5cf1680
R13: ffff8881f5dc7d80 R14: ffff8881f5dc7c60 R15: 00000000001fe8ff
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd14298 CR3: 00000001f5c2a000 CR4: 00000000003406a0