e, BIOS Google 01/25/2024
[   86.372031][ T2833] Call Trace:
[   86.375147][ T2833]  <TASK>
[   86.377923][ T2833]  dump_stack_lvl+0x151/0x1b7
[   86.382439][ T2833]  ? io_uring_drop_tctx_refs+0x190/0x190
[   86.387910][ T2833]  dump_stack+0x15/0x17
[   86.391898][ T2833]  should_fail+0x3c6/0x510
[   86.396153][ T2833]  __should_failslab+0xa4/0xe0
[   86.400753][ T2833]  ? copy_sighand+0x54/0x250
[   86.405176][ T2833]  should_failslab+0x9/0x20
[   86.409516][ T2833]  slab_pre_alloc_hook+0x37/0xd0
[   86.414289][ T2833]  ? copy_sighand+0x54/0x250
[   86.418719][ T2833]  kmem_cache_alloc+0x44/0x200
[   86.423320][ T2833]  copy_sighand+0x54/0x250
[   86.427568][ T2833]  copy_process+0x10d6/0x3290
[   86.432088][ T2833]  ? proc_fail_nth_write+0x20b/0x290
[   86.437208][ T2833]  ? fsnotify_perm+0x6a/0x5d0
[   86.441718][ T2833]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   86.446661][ T2833]  ? vfs_write+0x9ec/0x1110
[   86.451004][ T2833]  kernel_clone+0x21e/0x9e0
[   86.455340][ T2833]  ? file_end_write+0x1c0/0x1c0
[   86.460032][ T2833]  ? create_io_thread+0x1e0/0x1e0
[   86.464887][ T2833]  ? mutex_unlock+0xb2/0x260
[   86.469314][ T2833]  ? __mutex_lock_slowpath+0x10/0x10
[   86.474438][ T2833]  __x64_sys_clone+0x23f/0x290
[   86.479040][ T2833]  ? __do_sys_vfork+0x130/0x130
[   86.483723][ T2833]  ? ksys_write+0x260/0x2c0
[   86.488063][ T2833]  ? debug_smp_processor_id+0x17/0x20
[   86.493270][ T2833]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   86.499174][ T2833]  ? exit_to_user_mode_prepare+0x39/0xa0
[   86.504641][ T2833]  do_syscall_64+0x3d/0xb0
[   86.508894][ T2833]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   86.514621][ T2833] RIP: 0033:0x7fc79465eda9
[   86.518875][ T2833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   86.538318][ T2833] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   86.546564][ T2833] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   86.554375][ T2833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   86.562194][ T2833] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   86.569999][ T2833] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:22 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x0, 0x0, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:22 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 23)

06:47:22 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:22 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = getpid()
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x1, 0x0, 0x4, 0x20, 0x0, 0x6, 0x4, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000000), 0x4}, 0x81, 0x8, 0x8, 0x3, 0x1, 0x5, 0x835, 0x0, 0x10000, 0x0, 0xffffffffffffffff}, r1, 0x2, 0xffffffffffffffff, 0x8) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   86.577809][ T2833] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   86.585622][ T2833]  </TASK>
06:47:22 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x0, 0x0, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:22 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe06}, 0x90)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x5d, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r4, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x47, &(0x7f00000003c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xca, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000600), 0x8)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0), &(0x7f00000002c0), 0xa7c, r8, 0x0, 0x2}, 0x38)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0x8, 0x8}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r4}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000040)=@raw=[@ldst={0x2, 0x3, 0x1, 0x8, 0x8, 0x80}, @map_val={0x18, 0x6, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x7f}], &(0x7f0000000080)='GPL\x00', 0x821, 0x47, &(0x7f0000000280)=""/71, 0x40f00, 0x50, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000640)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x1, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000007c0)=[r8, r9, r10], &(0x7f0000000800)=[{0x1, 0x4, 0xc, 0x6}, {0x5, 0x4, 0xf, 0x9}, {0x5, 0x3, 0x7, 0x1}, {0x3, 0x2, 0xc, 0x7}, {0x6, 0x1, 0x8, 0x2}], 0x10, 0x40}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x40305828, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x9, 0x0, 0xd}})
r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5}, 0x48)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0xbf25}, 0x48)
close(r13)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1d, &(0x7f00000000c0)=@raw=[@alu={0x7, 0x1, 0xa, 0xa, 0x1, 0x0, 0xfffffffffffffffc}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2400}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1ff}, @map_val={0x18, 0x4, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xb2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x81, &(0x7f00000002c0)=""/129, 0x41100, 0x75, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x2, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xe, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000780)=[r7, r11, r12, 0xffffffffffffffff, r13], &(0x7f00000007c0)=[{0x0, 0x5, 0x7, 0x4}, {0x5, 0x2, 0x7, 0x1}, {0x3, 0x1, 0x5, 0xc}, {0x5, 0x1, 0xc}, {0x4, 0x5, 0x5, 0xb}], 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   86.625135][ T2853] FAULT_INJECTION: forcing a failure.
[   86.625135][ T2853] name failslab, interval 1, probability 0, space 0, times 0
[   86.663272][ T2853] CPU: 1 PID: 2853 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   86.673345][ T2853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   86.683240][ T2853] Call Trace:
[   86.686359][ T2853]  <TASK>
[   86.689137][ T2853]  dump_stack_lvl+0x151/0x1b7
[   86.693649][ T2853]  ? io_uring_drop_tctx_refs+0x190/0x190
[   86.699120][ T2853]  dump_stack+0x15/0x17
[   86.703110][ T2853]  should_fail+0x3c6/0x510
[   86.707367][ T2853]  __should_failslab+0xa4/0xe0
[   86.711961][ T2853]  ? vm_area_dup+0x26/0x230
[   86.716301][ T2853]  should_failslab+0x9/0x20
[   86.720650][ T2853]  slab_pre_alloc_hook+0x37/0xd0
[   86.725419][ T2853]  ? vm_area_dup+0x26/0x230
[   86.729754][ T2853]  kmem_cache_alloc+0x44/0x200
[   86.734355][ T2853]  vm_area_dup+0x26/0x230
[   86.738521][ T2853]  copy_mm+0x9a1/0x13e0
[   86.742515][ T2853]  ? copy_signal+0x610/0x610
[   86.746947][ T2853]  ? __init_rwsem+0xd6/0x1c0
[   86.751370][ T2853]  ? copy_signal+0x4e3/0x610
[   86.755795][ T2853]  copy_process+0x1149/0x3290
[   86.760309][ T2853]  ? proc_fail_nth_write+0x20b/0x290
[   86.765429][ T2853]  ? fsnotify_perm+0x6a/0x5d0
[   86.769943][ T2853]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   86.774889][ T2853]  ? vfs_write+0x9ec/0x1110
[   86.779230][ T2853]  kernel_clone+0x21e/0x9e0
[   86.783569][ T2853]  ? file_end_write+0x1c0/0x1c0
[   86.788260][ T2853]  ? create_io_thread+0x1e0/0x1e0
[   86.793115][ T2853]  ? mutex_unlock+0xb2/0x260
[   86.797550][ T2853]  ? __mutex_lock_slowpath+0x10/0x10
[   86.802664][ T2853]  __x64_sys_clone+0x23f/0x290
[   86.807264][ T2853]  ? __do_sys_vfork+0x130/0x130
[   86.811948][ T2853]  ? ksys_write+0x260/0x2c0
[   86.816290][ T2853]  ? debug_smp_processor_id+0x17/0x20
[   86.821497][ T2853]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   86.827401][ T2853]  ? exit_to_user_mode_prepare+0x39/0xa0
[   86.832865][ T2853]  do_syscall_64+0x3d/0xb0
[   86.837121][ T2853]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   86.842848][ T2853] RIP: 0033:0x7fc79465eda9
[   86.847103][ T2853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   86.866548][ T2853] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:23 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x0, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%+9llu \x00'}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x4, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf4, &(0x7f0000000380)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), <r5=>0x0, 0x8, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000400), &(0x7f0000001a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001cc0)=r5, 0x4)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xfffff8c0, 0x40, 0x6, 0x204, 0xffffffffffffffff, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x6}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x0, 0x11, &(0x7f00000008c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7ff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}], &(0x7f0000000980)='GPL\x00', 0x3ff, 0x8e, &(0x7f00000009c0)=""/142, 0x41000, 0x40, '\x00', r4, 0x0, r7, 0x8, &(0x7f0000000a80)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x5, 0x3, 0x7, 0x1000}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000b00)=[r6, r2], &(0x7f0000000b40)=[{0x0, 0x1, 0x0, 0xb}, {0x0, 0x5, 0xf, 0xa}], 0x10, 0x80000001}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0x0, 0x1, 0x0, r2}]}, &(0x7f0000000100)='syzkaller\x00', 0x9eba, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x31, '\x00', r3, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x0, 0x9, 0x6}, 0x10, r5, r0, 0x4, &(0x7f0000000780)=[r6, r7, r8], &(0x7f00000007c0)=[{0x1, 0x4, 0x10, 0x7}, {0x0, 0x4, 0xffff, 0x8}, {0x3, 0x5, 0x0, 0x3}, {0x4, 0x3, 0x0, 0xd}], 0x10, 0xfffffffe}, 0x90)

06:47:23 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 24)

[   86.874793][ T2853] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   86.882601][ T2853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   86.890410][ T2853] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   86.898227][ T2853] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   86.906034][ T2853] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   86.913850][ T2853]  </TASK>
06:47:23 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe06}, 0x90) (async)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x5d, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x8}, 0xc) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r4, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x47, &(0x7f00000003c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xca, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000600), 0x8) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0), &(0x7f00000002c0), 0xa7c, r8, 0x0, 0x2}, 0x38) (async)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0x8, 0x8}, 0xc) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r4}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000040)=@raw=[@ldst={0x2, 0x3, 0x1, 0x8, 0x8, 0x80}, @map_val={0x18, 0x6, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x7f}], &(0x7f0000000080)='GPL\x00', 0x821, 0x47, &(0x7f0000000280)=""/71, 0x40f00, 0x50, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000640)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x1, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000007c0)=[r8, r9, r10], &(0x7f0000000800)=[{0x1, 0x4, 0xc, 0x6}, {0x5, 0x4, 0xf, 0x9}, {0x5, 0x3, 0x7, 0x1}, {0x3, 0x2, 0xc, 0x7}, {0x6, 0x1, 0x8, 0x2}], 0x10, 0x40}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x40305828, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x9, 0x0, 0xd}})
r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5}, 0x48) (async)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0xbf25}, 0x48)
close(r13) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1d, &(0x7f00000000c0)=@raw=[@alu={0x7, 0x1, 0xa, 0xa, 0x1, 0x0, 0xfffffffffffffffc}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2400}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1ff}, @map_val={0x18, 0x4, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xb2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x81, &(0x7f00000002c0)=""/129, 0x41100, 0x75, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x2, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xe, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000780)=[r7, r11, r12, 0xffffffffffffffff, r13], &(0x7f00000007c0)=[{0x0, 0x5, 0x7, 0x4}, {0x5, 0x2, 0x7, 0x1}, {0x3, 0x1, 0x5, 0xc}, {0x5, 0x1, 0xc}, {0x4, 0x5, 0x5, 0xb}], 0x10, 0x1}, 0x90) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 32)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x0, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   86.964685][ T2878] FAULT_INJECTION: forcing a failure.
[   86.964685][ T2878] name failslab, interval 1, probability 0, space 0, times 0
[   86.993239][ T2878] CPU: 1 PID: 2878 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   87.003309][ T2878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   87.013203][ T2878] Call Trace:
[   87.016327][ T2878]  <TASK>
[   87.019105][ T2878]  dump_stack_lvl+0x151/0x1b7
[   87.023625][ T2878]  ? io_uring_drop_tctx_refs+0x190/0x190
[   87.029085][ T2878]  ? avc_denied+0x1b0/0x1b0
[   87.033427][ T2878]  dump_stack+0x15/0x17
[   87.037416][ T2878]  should_fail+0x3c6/0x510
[   87.041678][ T2878]  __should_failslab+0xa4/0xe0
[   87.046276][ T2878]  ? vm_area_dup+0x26/0x230
[   87.050611][ T2878]  should_failslab+0x9/0x20
[   87.054955][ T2878]  slab_pre_alloc_hook+0x37/0xd0
[   87.059732][ T2878]  ? vm_area_dup+0x26/0x230
[   87.064151][ T2878]  kmem_cache_alloc+0x44/0x200
[   87.068752][ T2878]  vm_area_dup+0x26/0x230
[   87.072918][ T2878]  copy_mm+0x9a1/0x13e0
[   87.076911][ T2878]  ? copy_signal+0x610/0x610
[   87.081335][ T2878]  ? __init_rwsem+0xd6/0x1c0
[   87.085761][ T2878]  ? copy_signal+0x4e3/0x610
[   87.090195][ T2878]  copy_process+0x1149/0x3290
[   87.094702][ T2878]  ? proc_fail_nth_write+0x20b/0x290
[   87.099834][ T2878]  ? fsnotify_perm+0x6a/0x5d0
[   87.104336][ T2878]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   87.109291][ T2878]  ? vfs_write+0x9ec/0x1110
[   87.113625][ T2878]  kernel_clone+0x21e/0x9e0
[   87.117965][ T2878]  ? file_end_write+0x1c0/0x1c0
[   87.122649][ T2878]  ? create_io_thread+0x1e0/0x1e0
[   87.127510][ T2878]  ? mutex_unlock+0xb2/0x260
[   87.131940][ T2878]  ? __mutex_lock_slowpath+0x10/0x10
[   87.137059][ T2878]  __x64_sys_clone+0x23f/0x290
[   87.141664][ T2878]  ? __do_sys_vfork+0x130/0x130
[   87.146341][ T2878]  ? ksys_write+0x260/0x2c0
[   87.150683][ T2878]  ? debug_smp_processor_id+0x17/0x20
[   87.155888][ T2878]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   87.161793][ T2878]  ? exit_to_user_mode_prepare+0x39/0xa0
[   87.167262][ T2878]  do_syscall_64+0x3d/0xb0
[   87.171512][ T2878]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   87.177241][ T2878] RIP: 0033:0x7fc79465eda9
[   87.181494][ T2878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   87.201026][ T2878] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:23 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 25)

[   87.209269][ T2878] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   87.217088][ T2878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   87.224890][ T2878] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   87.232704][ T2878] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   87.240514][ T2878] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   87.248331][ T2878]  </TASK>
[   87.416489][ T2892] FAULT_INJECTION: forcing a failure.
[   87.416489][ T2892] name failslab, interval 1, probability 0, space 0, times 0
[   87.440529][ T2892] CPU: 1 PID: 2892 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   87.450619][ T2892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   87.460493][ T2892] Call Trace:
[   87.463618][ T2892]  <TASK>
06:47:23 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x0, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%+9llu \x00'}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x4, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf4, &(0x7f0000000380)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), <r5=>0x0, 0x8, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000400), &(0x7f0000001a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001cc0)=r5, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xfffff8c0, 0x40, 0x6, 0x204, 0xffffffffffffffff, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x6}, 0x48) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xfffff8c0, 0x40, 0x6, 0x204, 0xffffffffffffffff, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x6}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x0, 0x11, &(0x7f00000008c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7ff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}], &(0x7f0000000980)='GPL\x00', 0x3ff, 0x8e, &(0x7f00000009c0)=""/142, 0x41000, 0x40, '\x00', r4, 0x0, r7, 0x8, &(0x7f0000000a80)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x5, 0x3, 0x7, 0x1000}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000b00)=[r6, r2], &(0x7f0000000b40)=[{0x0, 0x1, 0x0, 0xb}, {0x0, 0x5, 0xf, 0xa}], 0x10, 0x80000001}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0x0, 0x1, 0x0, r2}]}, &(0x7f0000000100)='syzkaller\x00', 0x9eba, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x31, '\x00', r3, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x0, 0x9, 0x6}, 0x10, r5, r0, 0x4, &(0x7f0000000780)=[r6, r7, r8], &(0x7f00000007c0)=[{0x1, 0x4, 0x10, 0x7}, {0x0, 0x4, 0xffff, 0x8}, {0x3, 0x5, 0x0, 0x3}, {0x4, 0x3, 0x0, 0xd}], 0x10, 0xfffffffe}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0x0, 0x1, 0x0, r2}]}, &(0x7f0000000100)='syzkaller\x00', 0x9eba, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x31, '\x00', r3, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x0, 0x9, 0x6}, 0x10, r5, r0, 0x4, &(0x7f0000000780)=[r6, r7, r8], &(0x7f00000007c0)=[{0x1, 0x4, 0x10, 0x7}, {0x0, 0x4, 0xffff, 0x8}, {0x3, 0x5, 0x0, 0x3}, {0x4, 0x3, 0x0, 0xd}], 0x10, 0xfffffffe}, 0x90)

[   87.466395][ T2892]  dump_stack_lvl+0x151/0x1b7
[   87.470912][ T2892]  ? io_uring_drop_tctx_refs+0x190/0x190
[   87.476462][ T2892]  dump_stack+0x15/0x17
[   87.480454][ T2892]  should_fail+0x3c6/0x510
[   87.484705][ T2892]  __should_failslab+0xa4/0xe0
[   87.489304][ T2892]  should_failslab+0x9/0x20
[   87.493645][ T2892]  slab_pre_alloc_hook+0x37/0xd0
[   87.498423][ T2892]  kmem_cache_alloc_trace+0x48/0x210
[   87.503540][ T2892]  ? mm_init+0x39a/0x970
[   87.507618][ T2892]  mm_init+0x39a/0x970
[   87.511527][ T2892]  copy_mm+0x1e3/0x13e0
[   87.515518][ T2892]  ? _raw_spin_lock+0xa4/0x1b0
[   87.520123][ T2892]  ? copy_signal+0x610/0x610
[   87.524544][ T2892]  ? __kasan_check_write+0x14/0x20
[   87.529490][ T2892]  ? __init_rwsem+0xd6/0x1c0
[   87.533919][ T2892]  ? copy_signal+0x4e3/0x610
[   87.538345][ T2892]  copy_process+0x1149/0x3290
[   87.542859][ T2892]  ? proc_fail_nth_write+0x20b/0x290
[   87.547980][ T2892]  ? fsnotify_perm+0x6a/0x5d0
[   87.552496][ T2892]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   87.557440][ T2892]  ? vfs_write+0x9ec/0x1110
[   87.561778][ T2892]  kernel_clone+0x21e/0x9e0
[   87.566120][ T2892]  ? file_end_write+0x1c0/0x1c0
[   87.570805][ T2892]  ? create_io_thread+0x1e0/0x1e0
[   87.575665][ T2892]  ? mutex_unlock+0xb2/0x260
[   87.580104][ T2892]  ? __mutex_lock_slowpath+0x10/0x10
[   87.585220][ T2892]  __x64_sys_clone+0x23f/0x290
[   87.589814][ T2892]  ? __do_sys_vfork+0x130/0x130
[   87.594502][ T2892]  ? ksys_write+0x260/0x2c0
[   87.598843][ T2892]  ? debug_smp_processor_id+0x17/0x20
[   87.604051][ T2892]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   87.609951][ T2892]  ? exit_to_user_mode_prepare+0x39/0xa0
[   87.615419][ T2892]  do_syscall_64+0x3d/0xb0
[   87.619674][ T2892]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   87.625401][ T2892] RIP: 0033:0x7fc79465eda9
[   87.629651][ T2892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   87.649098][ T2892] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   87.657337][ T2892] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:23 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 26)

06:47:23 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:23 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   87.665153][ T2892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   87.672963][ T2892] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   87.680774][ T2892] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   87.688585][ T2892] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   87.696400][ T2892]  </TASK>
06:47:24 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe06}, 0x90)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x5d, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x5d, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r4, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x47, &(0x7f00000003c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xca, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r4, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x47, &(0x7f00000003c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xca, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
bpf$ITER_CREATE(0x21, &(0x7f0000000600), 0x8) (async)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000600), 0x8)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0), &(0x7f00000002c0), 0xa7c, r8, 0x0, 0x2}, 0x38)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0x8, 0x8}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r4}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000040)=@raw=[@ldst={0x2, 0x3, 0x1, 0x8, 0x8, 0x80}, @map_val={0x18, 0x6, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x7f}], &(0x7f0000000080)='GPL\x00', 0x821, 0x47, &(0x7f0000000280)=""/71, 0x40f00, 0x50, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000640)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x1, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000007c0)=[r8, r9, r10], &(0x7f0000000800)=[{0x1, 0x4, 0xc, 0x6}, {0x5, 0x4, 0xf, 0x9}, {0x5, 0x3, 0x7, 0x1}, {0x3, 0x2, 0xc, 0x7}, {0x6, 0x1, 0x8, 0x2}], 0x10, 0x40}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x40305828, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x9, 0x0, 0xd}})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5}, 0x48) (async)
r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5}, 0x48)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0xbf25}, 0x48)
close(r13) (async)
close(r13)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1d, &(0x7f00000000c0)=@raw=[@alu={0x7, 0x1, 0xa, 0xa, 0x1, 0x0, 0xfffffffffffffffc}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2400}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1ff}, @map_val={0x18, 0x4, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xb2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x81, &(0x7f00000002c0)=""/129, 0x41100, 0x75, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x2, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xe, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000780)=[r7, r11, r12, 0xffffffffffffffff, r13], &(0x7f00000007c0)=[{0x0, 0x5, 0x7, 0x4}, {0x5, 0x2, 0x7, 0x1}, {0x3, 0x1, 0x5, 0xc}, {0x5, 0x1, 0xc}, {0x4, 0x5, 0x5, 0xb}], 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   87.794378][ T2910] FAULT_INJECTION: forcing a failure.
[   87.794378][ T2910] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   87.807602][ T2910] CPU: 1 PID: 2910 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   87.817678][ T2910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   87.827573][ T2910] Call Trace:
[   87.830683][ T2910]  <TASK>
[   87.833459][ T2910]  dump_stack_lvl+0x151/0x1b7
[   87.837978][ T2910]  ? io_uring_drop_tctx_refs+0x190/0x190
[   87.843438][ T2910]  ? stack_trace_save+0x113/0x1c0
[   87.848298][ T2910]  ? stack_trace_snprint+0xf0/0xf0
[   87.853248][ T2910]  ? stack_trace_snprint+0xf0/0xf0
[   87.858194][ T2910]  dump_stack+0x15/0x17
[   87.862185][ T2910]  should_fail+0x3c6/0x510
[   87.866437][ T2910]  should_fail_alloc_page+0x5a/0x80
[   87.871477][ T2910]  prepare_alloc_pages+0x15c/0x700
[   87.876421][ T2910]  ? __alloc_pages_bulk+0xe40/0xe40
[   87.881456][ T2910]  ? __kasan_check_write+0x14/0x20
[   87.886404][ T2910]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[   87.892140][ T2910]  __alloc_pages+0x18c/0x8f0
[   87.896564][ T2910]  ? prep_new_page+0x110/0x110
[   87.901155][ T2910]  ? pcpu_alloc+0xda0/0x13e0
[   87.905585][ T2910]  __get_free_pages+0x10/0x30
[   87.911232][ T2910]  pgd_alloc+0x21/0x2c0
[   87.915219][ T2910]  mm_init+0x5c7/0x970
[   87.919126][ T2910]  copy_mm+0x1e3/0x13e0
[   87.923125][ T2910]  ? _raw_spin_lock+0xa4/0x1b0
[   87.927716][ T2910]  ? copy_signal+0x610/0x610
[   87.932143][ T2910]  ? __kasan_check_write+0x14/0x20
[   87.937090][ T2910]  ? __init_rwsem+0xd6/0x1c0
[   87.941517][ T2910]  ? copy_signal+0x4e3/0x610
[   87.945957][ T2910]  copy_process+0x1149/0x3290
[   87.950461][ T2910]  ? proc_fail_nth_write+0x20b/0x290
[   87.955586][ T2910]  ? fsnotify_perm+0x6a/0x5d0
[   87.960092][ T2910]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   87.965044][ T2910]  ? vfs_write+0x9ec/0x1110
[   87.969382][ T2910]  kernel_clone+0x21e/0x9e0
[   87.973720][ T2910]  ? file_end_write+0x1c0/0x1c0
[   87.978432][ T2910]  ? create_io_thread+0x1e0/0x1e0
[   87.983266][ T2910]  ? mutex_unlock+0xb2/0x260
[   87.987694][ T2910]  ? __mutex_lock_slowpath+0x10/0x10
[   87.992819][ T2910]  __x64_sys_clone+0x23f/0x290
[   87.997418][ T2910]  ? __do_sys_vfork+0x130/0x130
[   88.002098][ T2910]  ? ksys_write+0x260/0x2c0
[   88.006439][ T2910]  ? debug_smp_processor_id+0x17/0x20
[   88.011645][ T2910]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   88.017548][ T2910]  ? exit_to_user_mode_prepare+0x39/0xa0
[   88.023017][ T2910]  do_syscall_64+0x3d/0xb0
[   88.027372][ T2910]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   88.033097][ T2910] RIP: 0033:0x7fc79465eda9
[   88.037351][ T2910] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   88.056792][ T2910] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   88.065039][ T2910] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   88.072850][ T2910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   88.080659][ T2910] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:24 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%+9llu \x00'}, 0x20) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x4, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf4, &(0x7f0000000380)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), <r5=>0x0, 0x8, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000400), &(0x7f0000001a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001cc0)=r5, 0x4)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xfffff8c0, 0x40, 0x6, 0x204, 0xffffffffffffffff, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x6}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x0, 0x11, &(0x7f00000008c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7ff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}], &(0x7f0000000980)='GPL\x00', 0x3ff, 0x8e, &(0x7f00000009c0)=""/142, 0x41000, 0x40, '\x00', r4, 0x0, r7, 0x8, &(0x7f0000000a80)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x5, 0x3, 0x7, 0x1000}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000b00)=[r6, r2], &(0x7f0000000b40)=[{0x0, 0x1, 0x0, 0xb}, {0x0, 0x5, 0xf, 0xa}], 0x10, 0x80000001}, 0x90) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0x0, 0x1, 0x0, r2}]}, &(0x7f0000000100)='syzkaller\x00', 0x9eba, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x31, '\x00', r3, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x0, 0x9, 0x6}, 0x10, r5, r0, 0x4, &(0x7f0000000780)=[r6, r7, r8], &(0x7f00000007c0)=[{0x1, 0x4, 0x10, 0x7}, {0x0, 0x4, 0xffff, 0x8}, {0x3, 0x5, 0x0, 0x3}, {0x4, 0x3, 0x0, 0xd}], 0x10, 0xfffffffe}, 0x90)

06:47:24 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 27)

06:47:24 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:24 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   88.088473][ T2910] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   88.096286][ T2910] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   88.104098][ T2910]  </TASK>
06:47:24 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   88.169438][ T2931] FAULT_INJECTION: forcing a failure.
[   88.169438][ T2931] name failslab, interval 1, probability 0, space 0, times 0
[   88.188407][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.197971][ T2931] CPU: 0 PID: 2931 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   88.217139][ T2931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   88.227033][ T2931] Call Trace:
[   88.230156][ T2931]  <TASK>
[   88.232932][ T2931]  dump_stack_lvl+0x151/0x1b7
[   88.234098][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.237443][ T2931]  ? io_uring_drop_tctx_refs+0x190/0x190
[   88.237470][ T2931]  ? __alloc_pages+0x27e/0x8f0
[   88.237491][ T2931]  dump_stack+0x15/0x17
[   88.237508][ T2931]  should_fail+0x3c6/0x510
[   88.264878][ T2931]  __should_failslab+0xa4/0xe0
06:47:24 executing program 0:
r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)={[{0x2d, 'cpuacct'}, {0x2b, 'io'}, {0x0, 'net_prio'}, {0x2d, 'hugetlb'}, {0x2d, 'rdma'}]}, 0x26)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   88.268081][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.269469][ T2931]  ? vm_area_dup+0x26/0x230
[   88.269495][ T2931]  should_failslab+0x9/0x20
[   88.287266][ T2931]  slab_pre_alloc_hook+0x37/0xd0
[   88.292041][ T2931]  ? vm_area_dup+0x26/0x230
[   88.296379][ T2931]  kmem_cache_alloc+0x44/0x200
[   88.300976][ T2931]  vm_area_dup+0x26/0x230
[   88.305147][ T2931]  copy_mm+0x9a1/0x13e0
[   88.309135][ T2931]  ? copy_signal+0x610/0x610
[   88.313561][ T2931]  ? __init_rwsem+0xd6/0x1c0
[   88.317989][ T2931]  ? copy_signal+0x4e3/0x610
[   88.322415][ T2931]  copy_process+0x1149/0x3290
[   88.326928][ T2931]  ? proc_fail_nth_write+0x20b/0x290
[   88.332048][ T2931]  ? fsnotify_perm+0x6a/0x5d0
[   88.336562][ T2931]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   88.341505][ T2931]  ? vfs_write+0x9ec/0x1110
[   88.345848][ T2931]  kernel_clone+0x21e/0x9e0
[   88.350187][ T2931]  ? file_end_write+0x1c0/0x1c0
[   88.354880][ T2931]  ? create_io_thread+0x1e0/0x1e0
[   88.359738][ T2931]  ? mutex_unlock+0xb2/0x260
[   88.364167][ T2931]  ? __mutex_lock_slowpath+0x10/0x10
[   88.369284][ T2931]  __x64_sys_clone+0x23f/0x290
[   88.373100][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.373886][ T2931]  ? __do_sys_vfork+0x130/0x130
[   88.373912][ T2931]  ? ksys_write+0x260/0x2c0
[   88.392031][ T2931]  ? debug_smp_processor_id+0x17/0x20
[   88.397752][ T2931]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   88.403653][ T2931]  ? exit_to_user_mode_prepare+0x39/0xa0
[   88.405816][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.409122][ T2931]  do_syscall_64+0x3d/0xb0
[   88.409144][ T2931]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   88.409165][ T2931] RIP: 0033:0x7fc79465eda9
[   88.432472][ T2931] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   88.435208][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.451911][ T2931] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:24 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:24 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 28)

06:47:24 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:24 executing program 0:
r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)={[{0x2d, 'cpuacct'}, {0x2b, 'io'}, {0x0, 'net_prio'}, {0x2d, 'hugetlb'}, {0x2d, 'rdma'}]}, 0x26)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:24 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   88.451936][ T2931] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   88.451949][ T2931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   88.451961][ T2931] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   88.451972][ T2931] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   88.451983][ T2931] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   88.477564][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.485072][ T2931]  </TASK>
06:47:24 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   88.556712][ T2948] FAULT_INJECTION: forcing a failure.
[   88.556712][ T2948] name failslab, interval 1, probability 0, space 0, times 0
[   88.572093][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.572688][ T2948] CPU: 1 PID: 2948 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   88.591868][ T2948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   88.601756][ T2948] Call Trace:
[   88.604887][ T2948]  <TASK>
[   88.607659][ T2948]  dump_stack_lvl+0x151/0x1b7
[   88.612174][ T2948]  ? io_uring_drop_tctx_refs+0x190/0x190
[   88.617645][ T2948]  ? avc_denied+0x1b0/0x1b0
[   88.621980][ T2948]  dump_stack+0x15/0x17
[   88.625976][ T2948]  should_fail+0x3c6/0x510
[   88.630225][ T2948]  __should_failslab+0xa4/0xe0
[   88.634824][ T2948]  ? vm_area_dup+0x26/0x230
[   88.639162][ T2948]  should_failslab+0x9/0x20
[   88.643503][ T2948]  slab_pre_alloc_hook+0x37/0xd0
[   88.648278][ T2948]  ? vm_area_dup+0x26/0x230
[   88.652614][ T2948]  kmem_cache_alloc+0x44/0x200
[   88.657219][ T2948]  vm_area_dup+0x26/0x230
[   88.661383][ T2948]  copy_mm+0x9a1/0x13e0
[   88.665389][ T2948]  ? copy_signal+0x610/0x610
[   88.669807][ T2948]  ? __init_rwsem+0xd6/0x1c0
[   88.674227][ T2948]  ? copy_signal+0x4e3/0x610
[   88.678656][ T2948]  copy_process+0x1149/0x3290
[   88.683170][ T2948]  ? proc_fail_nth_write+0x20b/0x290
[   88.688290][ T2948]  ? fsnotify_perm+0x6a/0x5d0
[   88.692811][ T2948]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   88.697749][ T2948]  ? vfs_write+0x9ec/0x1110
[   88.702089][ T2948]  kernel_clone+0x21e/0x9e0
[   88.706429][ T2948]  ? file_end_write+0x1c0/0x1c0
[   88.711115][ T2948]  ? create_io_thread+0x1e0/0x1e0
[   88.715978][ T2948]  ? mutex_unlock+0xb2/0x260
[   88.720404][ T2948]  ? __mutex_lock_slowpath+0x10/0x10
[   88.725525][ T2948]  __x64_sys_clone+0x23f/0x290
[   88.730123][ T2948]  ? __do_sys_vfork+0x130/0x130
[   88.734809][ T2948]  ? ksys_write+0x260/0x2c0
[   88.739150][ T2948]  ? debug_smp_processor_id+0x17/0x20
[   88.744359][ T2948]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   88.750285][ T2948]  ? exit_to_user_mode_prepare+0x39/0xa0
[   88.755819][ T2948]  do_syscall_64+0x3d/0xb0
[   88.760068][ T2948]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   88.765796][ T2948] RIP: 0033:0x7fc79465eda9
[   88.770062][ T2948] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   88.789592][ T2948] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   88.797822][ T2948] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:25 executing program 0:
r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)={[{0x2d, 'cpuacct'}, {0x2b, 'io'}, {0x0, 'net_prio'}, {0x2d, 'hugetlb'}, {0x2d, 'rdma'}]}, 0x26)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async)
write$cgroup_subtree(r0, &(0x7f0000000040)={[{0x2d, 'cpuacct'}, {0x2b, 'io'}, {0x0, 'net_prio'}, {0x2d, 'hugetlb'}, {0x2d, 'rdma'}]}, 0x26) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 29)

[   88.805634][ T2948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   88.813445][ T2948] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   88.821257][ T2948] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   88.829072][ T2948] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   88.836888][ T2948]  </TASK>
06:47:25 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x20, 0x10}, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000300)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x7c, &(0x7f0000000400)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x7c, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x5, <r5=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x2b, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x72e1}}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xd}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, @jmp={0x5, 0x1, 0x2, 0x5, 0x5, 0x4, 0x10}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8f3a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0xb, &(0x7f00000002c0)=""/11, 0x40f00, 0x0, '\x00', r3, 0x17, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xf, 0x37, 0x5}, 0x10, r5, r0, 0x2, &(0x7f0000000800)=[r6], &(0x7f0000000840)=[{0x0, 0x4, 0x1}, {0x4, 0x4, 0xc, 0x7}], 0x10, 0x6}, 0x90)

[   88.863720][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
06:47:25 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   88.878614][ T2924] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   88.941255][ T2969] FAULT_INJECTION: forcing a failure.
[   88.941255][ T2969] name failslab, interval 1, probability 0, space 0, times 0
06:47:25 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x0, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x20, 0x10}, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000300)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x7c, &(0x7f0000000400)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x7c, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x5}, 0x8) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x5, <r5=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x2b, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x72e1}}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xd}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, @jmp={0x5, 0x1, 0x2, 0x5, 0x5, 0x4, 0x10}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8f3a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0xb, &(0x7f00000002c0)=""/11, 0x40f00, 0x0, '\x00', r3, 0x17, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xf, 0x37, 0x5}, 0x10, r5, r0, 0x2, &(0x7f0000000800)=[r6], &(0x7f0000000840)=[{0x0, 0x4, 0x1}, {0x4, 0x4, 0xc, 0x7}], 0x10, 0x6}, 0x90)

[   88.984056][ T2969] CPU: 0 PID: 2969 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   88.994144][ T2969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   89.004034][ T2969] Call Trace:
[   89.007157][ T2969]  <TASK>
[   89.009944][ T2969]  dump_stack_lvl+0x151/0x1b7
[   89.014450][ T2969]  ? io_uring_drop_tctx_refs+0x190/0x190
[   89.019921][ T2969]  dump_stack+0x15/0x17
[   89.023915][ T2969]  should_fail+0x3c6/0x510
[   89.028156][ T2969]  __should_failslab+0xa4/0xe0
[   89.032755][ T2969]  ? anon_vma_fork+0x1df/0x4e0
[   89.037357][ T2969]  should_failslab+0x9/0x20
[   89.041704][ T2969]  slab_pre_alloc_hook+0x37/0xd0
[   89.046467][ T2969]  ? anon_vma_fork+0x1df/0x4e0
[   89.051075][ T2969]  kmem_cache_alloc+0x44/0x200
[   89.055673][ T2969]  anon_vma_fork+0x1df/0x4e0
[   89.060097][ T2969]  copy_mm+0xa3a/0x13e0
[   89.064089][ T2969]  ? copy_signal+0x610/0x610
[   89.068514][ T2969]  ? __init_rwsem+0xd6/0x1c0
[   89.072946][ T2969]  ? copy_signal+0x4e3/0x610
[   89.077369][ T2969]  copy_process+0x1149/0x3290
[   89.081885][ T2969]  ? proc_fail_nth_write+0x20b/0x290
[   89.087007][ T2969]  ? fsnotify_perm+0x6a/0x5d0
[   89.091516][ T2969]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   89.096460][ T2969]  ? vfs_write+0x9ec/0x1110
[   89.100801][ T2969]  kernel_clone+0x21e/0x9e0
[   89.105143][ T2969]  ? file_end_write+0x1c0/0x1c0
[   89.109834][ T2969]  ? create_io_thread+0x1e0/0x1e0
[   89.114693][ T2969]  ? mutex_unlock+0xb2/0x260
[   89.119113][ T2969]  ? __mutex_lock_slowpath+0x10/0x10
[   89.124235][ T2969]  __x64_sys_clone+0x23f/0x290
[   89.128836][ T2969]  ? __do_sys_vfork+0x130/0x130
[   89.133523][ T2969]  ? ksys_write+0x260/0x2c0
[   89.137863][ T2969]  ? debug_smp_processor_id+0x17/0x20
[   89.143068][ T2969]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   89.148972][ T2969]  ? exit_to_user_mode_prepare+0x39/0xa0
[   89.154534][ T2969]  do_syscall_64+0x3d/0xb0
[   89.158781][ T2969]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   89.164507][ T2969] RIP: 0033:0x7fc79465eda9
[   89.168766][ T2969] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   89.188202][ T2969] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   89.196447][ T2969] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   89.204352][ T2969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   89.212159][ T2969] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   89.219968][ T2969] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 30)

06:47:25 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   89.227782][ T2969] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   89.235597][ T2969]  </TASK>
06:47:25 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x0, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   89.274385][ T2998] FAULT_INJECTION: forcing a failure.
[   89.274385][ T2998] name failslab, interval 1, probability 0, space 0, times 0
[   89.287134][ T2998] CPU: 0 PID: 2998 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   89.297193][ T2998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   89.307090][ T2998] Call Trace:
[   89.310211][ T2998]  <TASK>
[   89.312995][ T2998]  dump_stack_lvl+0x151/0x1b7
[   89.317502][ T2998]  ? io_uring_drop_tctx_refs+0x190/0x190
[   89.322976][ T2998]  dump_stack+0x15/0x17
[   89.326968][ T2998]  should_fail+0x3c6/0x510
[   89.331219][ T2998]  __should_failslab+0xa4/0xe0
[   89.335817][ T2998]  ? anon_vma_fork+0xf7/0x4e0
[   89.340330][ T2998]  should_failslab+0x9/0x20
[   89.344667][ T2998]  slab_pre_alloc_hook+0x37/0xd0
[   89.349443][ T2998]  ? anon_vma_fork+0xf7/0x4e0
[   89.353952][ T2998]  kmem_cache_alloc+0x44/0x200
[   89.358554][ T2998]  anon_vma_fork+0xf7/0x4e0
[   89.362894][ T2998]  ? anon_vma_name+0x4c/0x70
[   89.367320][ T2998]  ? vm_area_dup+0x17a/0x230
[   89.371754][ T2998]  copy_mm+0xa3a/0x13e0
[   89.375741][ T2998]  ? copy_signal+0x610/0x610
[   89.380166][ T2998]  ? __init_rwsem+0xd6/0x1c0
[   89.384595][ T2998]  ? copy_signal+0x4e3/0x610
[   89.389019][ T2998]  copy_process+0x1149/0x3290
[   89.393537][ T2998]  ? proc_fail_nth_write+0x20b/0x290
[   89.398651][ T2998]  ? fsnotify_perm+0x6a/0x5d0
[   89.403165][ T2998]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   89.408113][ T2998]  ? vfs_write+0x9ec/0x1110
[   89.412453][ T2998]  kernel_clone+0x21e/0x9e0
[   89.416797][ T2998]  ? file_end_write+0x1c0/0x1c0
[   89.421478][ T2998]  ? create_io_thread+0x1e0/0x1e0
[   89.426340][ T2998]  ? mutex_unlock+0xb2/0x260
[   89.430766][ T2998]  ? __mutex_lock_slowpath+0x10/0x10
[   89.435891][ T2998]  __x64_sys_clone+0x23f/0x290
[   89.440486][ T2998]  ? __do_sys_vfork+0x130/0x130
[   89.445173][ T2998]  ? ksys_write+0x260/0x2c0
[   89.449513][ T2998]  ? debug_smp_processor_id+0x17/0x20
[   89.454724][ T2998]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   89.460622][ T2998]  ? exit_to_user_mode_prepare+0x39/0xa0
[   89.466096][ T2998]  do_syscall_64+0x3d/0xb0
[   89.470343][ T2998]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   89.476077][ T2998] RIP: 0033:0x7fc79465eda9
[   89.480327][ T2998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   89.499769][ T2998] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   89.508099][ T2998] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   89.515914][ T2998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:25 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x20, 0x10}, 0xc) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000300)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x7c, &(0x7f0000000400)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x7c, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640), 0x4) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x5, <r5=>0x0}, 0x8) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x2b, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x72e1}}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xd}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, @jmp={0x5, 0x1, 0x2, 0x5, 0x5, 0x4, 0x10}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8f3a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0xb, &(0x7f00000002c0)=""/11, 0x40f00, 0x0, '\x00', r3, 0x17, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xf, 0x37, 0x5}, 0x10, r5, r0, 0x2, &(0x7f0000000800)=[r6], &(0x7f0000000840)=[{0x0, 0x4, 0x1}, {0x4, 0x4, 0xc, 0x7}], 0x10, 0x6}, 0x90)

06:47:25 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:25 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 31)

06:47:25 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x0, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   89.523724][ T2998] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   89.531534][ T2998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   89.539343][ T2998] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   89.547682][ T2998]  </TASK>
06:47:25 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:25 executing program 0:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, r0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r2, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000bc0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYRES32=r4], &(0x7f00000003c0)='GPL\x00', 0x1, 0xe6, &(0x7f0000000780)=""/230, 0x41000, 0x10, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0x10000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r2, r6, r2], 0x0, 0x10, 0x1}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x13, 0x5, 0x16f2, 0x3, 0x1, r6, 0x4, '\x00', 0x0, r2, 0x0, 0x1}, 0x48)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=r4, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000fdffffff6d8af0ff00000000bfa1000000000000070100ffffbfa40000fcf90457a354bb6ec563ffffb7020000080000e8de2300000000004ebfcf6c0bdf8b56605233d7a11a20f1e6e276cafde5965f66876ba69e6334a4905514a2426cddb09a997c933dfe9655812e1f254b728fe7f079e68306c83e72507972a854812911ffc176c3de4fd2", @ANYRES32=0x1, @ANYRES8=r5], &(0x7f00000000c0)='GPL\x00', 0x200, 0x69, &(0x7f0000000100)=""/105, 0x41100, 0x22, '\x00', r3, 0x26, r7, 0x8, &(0x7f0000000180)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x6, 0x9, 0x8, 0x66}, 0x10, r4, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)

06:47:25 executing program 4:
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:25 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0x0, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:25 executing program 0:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, r0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r2, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000bc0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYRES32=r4], &(0x7f00000003c0)='GPL\x00', 0x1, 0xe6, &(0x7f0000000780)=""/230, 0x41000, 0x10, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0x10000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r2, r6, r2], 0x0, 0x10, 0x1}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x13, 0x5, 0x16f2, 0x3, 0x1, r6, 0x4, '\x00', 0x0, r2, 0x0, 0x1}, 0x48) (async)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=r4, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000fdffffff6d8af0ff00000000bfa1000000000000070100ffffbfa40000fcf90457a354bb6ec563ffffb7020000080000e8de2300000000004ebfcf6c0bdf8b56605233d7a11a20f1e6e276cafde5965f66876ba69e6334a4905514a2426cddb09a997c933dfe9655812e1f254b728fe7f079e68306c83e72507972a854812911ffc176c3de4fd2", @ANYRES32=0x1, @ANYRES8=r5], &(0x7f00000000c0)='GPL\x00', 0x200, 0x69, &(0x7f0000000100)=""/105, 0x41100, 0x22, '\x00', r3, 0x26, r7, 0x8, &(0x7f0000000180)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x6, 0x9, 0x8, 0x66}, 0x10, r4, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)

[   89.613476][ T3029] FAULT_INJECTION: forcing a failure.
[   89.613476][ T3029] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   89.633575][ T3029] CPU: 0 PID: 3029 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   89.643647][ T3029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   89.653545][ T3029] Call Trace:
[   89.656666][ T3029]  <TASK>
[   89.659444][ T3029]  dump_stack_lvl+0x151/0x1b7
[   89.663962][ T3029]  ? io_uring_drop_tctx_refs+0x190/0x190
[   89.669426][ T3029]  dump_stack+0x15/0x17
[   89.673418][ T3029]  should_fail+0x3c6/0x510
[   89.677668][ T3029]  should_fail_alloc_page+0x5a/0x80
[   89.682704][ T3029]  prepare_alloc_pages+0x15c/0x700
[   89.687647][ T3029]  ? __alloc_pages_bulk+0xe40/0xe40
[   89.692682][ T3029]  __alloc_pages+0x18c/0x8f0
[   89.697109][ T3029]  ? prep_new_page+0x110/0x110
[   89.701708][ T3029]  ? __alloc_pages+0x27e/0x8f0
[   89.706314][ T3029]  ? __kasan_check_write+0x14/0x20
[   89.711255][ T3029]  ? _raw_spin_lock+0xa4/0x1b0
[   89.715859][ T3029]  __pmd_alloc+0xb1/0x550
[   89.720022][ T3029]  ? __pud_alloc+0x260/0x260
[   89.724448][ T3029]  ? __pud_alloc+0x213/0x260
[   89.728877][ T3029]  ? do_handle_mm_fault+0x2330/0x2330
[   89.734083][ T3029]  ? __stack_depot_save+0x34/0x470
[   89.739033][ T3029]  ? anon_vma_clone+0x9a/0x500
[   89.743896][ T3029]  copy_page_range+0x2b3d/0x2f90
[   89.748669][ T3029]  ? __kasan_slab_alloc+0xb1/0xe0
[   89.753523][ T3029]  ? slab_post_alloc_hook+0x53/0x2c0
[   89.758646][ T3029]  ? copy_mm+0xa3a/0x13e0
[   89.762810][ T3029]  ? copy_process+0x1149/0x3290
[   89.767499][ T3029]  ? kernel_clone+0x21e/0x9e0
[   89.772011][ T3029]  ? do_syscall_64+0x3d/0xb0
[   89.776436][ T3029]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   89.782346][ T3029]  ? pfn_valid+0x1e0/0x1e0
[   89.786593][ T3029]  ? rwsem_write_trylock+0x15b/0x290
[   89.791711][ T3029]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   89.797962][ T3029]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   89.803516][ T3029]  ? __rb_insert_augmented+0x5de/0x610
[   89.808828][ T3029]  copy_mm+0xc7e/0x13e0
[   89.812811][ T3029]  ? copy_signal+0x610/0x610
[   89.817234][ T3029]  ? __init_rwsem+0xd6/0x1c0
[   89.821659][ T3029]  ? copy_signal+0x4e3/0x610
[   89.826090][ T3029]  copy_process+0x1149/0x3290
[   89.830599][ T3029]  ? proc_fail_nth_write+0x20b/0x290
[   89.835720][ T3029]  ? fsnotify_perm+0x6a/0x5d0
[   89.840238][ T3029]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   89.845178][ T3029]  ? vfs_write+0x9ec/0x1110
[   89.849517][ T3029]  kernel_clone+0x21e/0x9e0
[   89.853865][ T3029]  ? file_end_write+0x1c0/0x1c0
[   89.858545][ T3029]  ? create_io_thread+0x1e0/0x1e0
[   89.863404][ T3029]  ? mutex_unlock+0xb2/0x260
[   89.867834][ T3029]  ? __mutex_lock_slowpath+0x10/0x10
[   89.872953][ T3029]  __x64_sys_clone+0x23f/0x290
[   89.877555][ T3029]  ? __do_sys_vfork+0x130/0x130
[   89.882238][ T3029]  ? ksys_write+0x260/0x2c0
[   89.886752][ T3029]  ? debug_smp_processor_id+0x17/0x20
[   89.891961][ T3029]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   89.897864][ T3029]  ? exit_to_user_mode_prepare+0x39/0xa0
[   89.903337][ T3029]  do_syscall_64+0x3d/0xb0
[   89.907585][ T3029]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   89.913312][ T3029] RIP: 0033:0x7fc79465eda9
[   89.917566][ T3029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   89.937008][ T3029] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   89.945263][ T3029] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   89.953072][ T3029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:26 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 32)

06:47:26 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:26 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0x0, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:26 executing program 0:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, r0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (rerun: 64)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r2, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000bc0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) (async)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYRES32=r4], &(0x7f00000003c0)='GPL\x00', 0x1, 0xe6, &(0x7f0000000780)=""/230, 0x41000, 0x10, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0x10000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r2, r6, r2], 0x0, 0x10, 0x1}, 0x90) (async, rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x13, 0x5, 0x16f2, 0x3, 0x1, r6, 0x4, '\x00', 0x0, r2, 0x0, 0x1}, 0x48) (rerun: 32)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=r4, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000fdffffff6d8af0ff00000000bfa1000000000000070100ffffbfa40000fcf90457a354bb6ec563ffffb7020000080000e8de2300000000004ebfcf6c0bdf8b56605233d7a11a20f1e6e276cafde5965f66876ba69e6334a4905514a2426cddb09a997c933dfe9655812e1f254b728fe7f079e68306c83e72507972a854812911ffc176c3de4fd2", @ANYRES32=0x1, @ANYRES8=r5], &(0x7f00000000c0)='GPL\x00', 0x200, 0x69, &(0x7f0000000100)=""/105, 0x41100, 0x22, '\x00', r3, 0x26, r7, 0x8, &(0x7f0000000180)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x6, 0x9, 0x8, 0x66}, 0x10, r4, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)

06:47:26 executing program 4:
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   89.960874][ T3029] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   89.968685][ T3029] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   89.976498][ T3029] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   89.984313][ T3029]  </TASK>
06:47:26 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   90.042627][ T3058] FAULT_INJECTION: forcing a failure.
[   90.042627][ T3058] name failslab, interval 1, probability 0, space 0, times 0
[   90.055170][ T3058] CPU: 1 PID: 3058 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   90.065235][ T3058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   90.075305][ T3058] Call Trace:
[   90.078427][ T3058]  <TASK>
[   90.081201][ T3058]  dump_stack_lvl+0x151/0x1b7
[   90.085714][ T3058]  ? io_uring_drop_tctx_refs+0x190/0x190
[   90.091183][ T3058]  dump_stack+0x15/0x17
[   90.095173][ T3058]  should_fail+0x3c6/0x510
[   90.099427][ T3058]  __should_failslab+0xa4/0xe0
[   90.104025][ T3058]  ? anon_vma_fork+0x1df/0x4e0
[   90.108626][ T3058]  should_failslab+0x9/0x20
[   90.112965][ T3058]  slab_pre_alloc_hook+0x37/0xd0
[   90.117741][ T3058]  ? anon_vma_fork+0x1df/0x4e0
[   90.122338][ T3058]  kmem_cache_alloc+0x44/0x200
[   90.126941][ T3058]  anon_vma_fork+0x1df/0x4e0
[   90.131369][ T3058]  copy_mm+0xa3a/0x13e0
[   90.135360][ T3058]  ? copy_signal+0x610/0x610
[   90.139787][ T3058]  ? __init_rwsem+0xd6/0x1c0
[   90.144211][ T3058]  ? copy_signal+0x4e3/0x610
[   90.148641][ T3058]  copy_process+0x1149/0x3290
[   90.153152][ T3058]  ? proc_fail_nth_write+0x20b/0x290
[   90.158270][ T3058]  ? fsnotify_perm+0x6a/0x5d0
[   90.162791][ T3058]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   90.167731][ T3058]  ? vfs_write+0x9ec/0x1110
[   90.172072][ T3058]  kernel_clone+0x21e/0x9e0
[   90.176411][ T3058]  ? file_end_write+0x1c0/0x1c0
[   90.181102][ T3058]  ? create_io_thread+0x1e0/0x1e0
[   90.185959][ T3058]  ? mutex_unlock+0xb2/0x260
[   90.190384][ T3058]  ? __mutex_lock_slowpath+0x10/0x10
[   90.195509][ T3058]  __x64_sys_clone+0x23f/0x290
[   90.200106][ T3058]  ? __do_sys_vfork+0x130/0x130
[   90.204792][ T3058]  ? ksys_write+0x260/0x2c0
[   90.209133][ T3058]  ? debug_smp_processor_id+0x17/0x20
[   90.214340][ T3058]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   90.220249][ T3058]  ? exit_to_user_mode_prepare+0x39/0xa0
[   90.225717][ T3058]  do_syscall_64+0x3d/0xb0
[   90.229968][ T3058]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   90.235690][ T3058] RIP: 0033:0x7fc79465eda9
[   90.239949][ T3058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   90.259389][ T3058] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   90.267636][ T3058] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   90.275442][ T3058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   90.283255][ T3058] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:26 executing program 4:
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:26 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0x0, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:26 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 33)

[   90.291068][ T3058] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   90.298880][ T3058] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   90.306694][ T3058]  </TASK>
[   90.334779][ T3068] FAULT_INJECTION: forcing a failure.
[   90.334779][ T3068] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   90.349369][ T3068] CPU: 1 PID: 3068 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   90.359434][ T3068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   90.369324][ T3068] Call Trace:
[   90.372446][ T3068]  <TASK>
[   90.375311][ T3068]  dump_stack_lvl+0x151/0x1b7
[   90.379824][ T3068]  ? io_uring_drop_tctx_refs+0x190/0x190
[   90.385297][ T3068]  dump_stack+0x15/0x17
[   90.389293][ T3068]  should_fail+0x3c6/0x510
[   90.393542][ T3068]  should_fail_alloc_page+0x5a/0x80
[   90.398571][ T3068]  prepare_alloc_pages+0x15c/0x700
[   90.403521][ T3068]  ? __alloc_pages_bulk+0xe40/0xe40
[   90.408555][ T3068]  __alloc_pages+0x18c/0x8f0
[   90.412980][ T3068]  ? prep_new_page+0x110/0x110
[   90.417580][ T3068]  ? __alloc_pages+0x27e/0x8f0
[   90.422178][ T3068]  ? __kasan_check_write+0x14/0x20
[   90.427130][ T3068]  ? _raw_spin_lock+0xa4/0x1b0
[   90.431727][ T3068]  __pmd_alloc+0xb1/0x550
[   90.435897][ T3068]  ? __pud_alloc+0x260/0x260
[   90.440317][ T3068]  ? __pud_alloc+0x213/0x260
[   90.444745][ T3068]  ? do_handle_mm_fault+0x2330/0x2330
[   90.449960][ T3068]  ? __stack_depot_save+0x34/0x470
[   90.455037][ T3068]  ? anon_vma_clone+0x9a/0x500
[   90.459634][ T3068]  copy_page_range+0x2b3d/0x2f90
[   90.464409][ T3068]  ? __kasan_slab_alloc+0xb1/0xe0
[   90.469267][ T3068]  ? slab_post_alloc_hook+0x53/0x2c0
[   90.474391][ T3068]  ? copy_mm+0xa3a/0x13e0
[   90.478553][ T3068]  ? copy_process+0x1149/0x3290
[   90.483241][ T3068]  ? kernel_clone+0x21e/0x9e0
[   90.487754][ T3068]  ? do_syscall_64+0x3d/0xb0
[   90.492181][ T3068]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   90.498095][ T3068]  ? pfn_valid+0x1e0/0x1e0
[   90.502341][ T3068]  ? rwsem_write_trylock+0x15b/0x290
[   90.507457][ T3068]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   90.513709][ T3068]  copy_mm+0xc7e/0x13e0
[   90.517706][ T3068]  ? copy_signal+0x610/0x610
[   90.522130][ T3068]  ? __init_rwsem+0xd6/0x1c0
[   90.526555][ T3068]  ? copy_signal+0x4e3/0x610
[   90.530981][ T3068]  copy_process+0x1149/0x3290
[   90.535510][ T3068]  ? proc_fail_nth_write+0x20b/0x290
[   90.540613][ T3068]  ? fsnotify_perm+0x6a/0x5d0
[   90.545131][ T3068]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   90.550074][ T3068]  ? vfs_write+0x9ec/0x1110
[   90.554412][ T3068]  kernel_clone+0x21e/0x9e0
[   90.558754][ T3068]  ? file_end_write+0x1c0/0x1c0
[   90.563441][ T3068]  ? create_io_thread+0x1e0/0x1e0
[   90.568297][ T3068]  ? mutex_unlock+0xb2/0x260
[   90.572729][ T3068]  ? __mutex_lock_slowpath+0x10/0x10
[   90.577852][ T3068]  __x64_sys_clone+0x23f/0x290
[   90.582448][ T3068]  ? __do_sys_vfork+0x130/0x130
[   90.587133][ T3068]  ? ksys_write+0x260/0x2c0
[   90.591476][ T3068]  ? debug_smp_processor_id+0x17/0x20
[   90.596681][ T3068]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   90.602582][ T3068]  ? exit_to_user_mode_prepare+0x39/0xa0
[   90.608054][ T3068]  do_syscall_64+0x3d/0xb0
[   90.612304][ T3068]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   90.618032][ T3068] RIP: 0033:0x7fc79465eda9
[   90.622287][ T3068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   90.641727][ T3068] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   90.649979][ T3068] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   90.657785][ T3068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   90.665597][ T3068] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   90.673407][ T3068] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:26 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:26 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 34)

06:47:26 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x41, &(0x7f0000000440)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf5, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x156, 0x156, 0x7, [@union={0xb, 0x5, 0x0, 0x5, 0x1, 0x0, [{0xc, 0x5, 0x6}, {0x3, 0x5, 0x3}, {0x6, 0x2, 0x2e6}, {0x6, 0x5, 0x800}, {0xc, 0x0, 0x1000}]}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x5, 0x4}, {0x1, 0x2}, {0x3, 0x3}, {0xb, 0x3}, {0x6, 0x2}]}, @volatile={0x3, 0x0, 0x0, 0x9, 0x3}, @var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x5f, 0x6}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @var={0xe, 0x0, 0x0, 0xe, 0x5, 0x1}, @datasec={0x2, 0x2, 0x0, 0xf, 0x2, [{0x2, 0x5, 0x3}, {0x2, 0x5d0, 0xc}], "85d1"}, @struct={0x0, 0x8, 0x0, 0x4, 0x1, 0x0, [{0xc, 0x3, 0x2}, {0x7, 0x2}, {0x1, 0x1}, {0x6, 0x2, 0x100}, {0xc, 0x0, 0x3}, {0x0, 0x3, 0x1d}, {0x4, 0x4, 0x4}, {0x9}]}]}, {0x0, [0x5f, 0x0, 0xedb264b6edd55a80, 0x0, 0x2e]}}, &(0x7f0000000800)=""/54, 0x177, 0x36, 0x1, 0x80}, 0x20)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0x8}, 0xc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = getpid()
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x11, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x6}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x4}}, [@map_idx={0x18, 0x9, 0x5, 0x0, 0x1}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$unix(r5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r8, r8, r10, r5, r5, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0x0, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r6, 0xffffffffffffffff, 0xffffffffffffffff, r9]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xee01, 0xee00}}}], 0xa0, 0x800}, 0x20004005)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7020000200000008500000086000000956a337d08861cf91b6489d34fdc1ab7a69ddb5382dae3549e57ce8087cb4642877bd5efcb082c958e4e4f432f2461b26e89cb51988bec67ca882a601e7f603b1126b32f32422479edb5394d45f3d9d33ece513021b697f50ae1861dc71adfb209acba0d8962ec723641a94ccdf162721de0110858c6e4862aee390e4ca5178fea06cc7e0a098ebf719ece469c4dbfa9"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x7, &(0x7f0000000bc0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xdc6b95de53f8b896, 0x1, 0x0, r1}], &(0x7f0000000c00)='GPL\x00', 0x7ff, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c40)={0x4, 0xc, 0xa5, 0x5}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000d40), &(0x7f0000000e40)=[{0x0, 0x2, 0xe, 0x2}, {0x1, 0x5, 0x4, 0x4}], 0x10, 0x4}, 0x90)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xb, 0x6, 0x7, 0xffffff01, 0x42, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x1d, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6b5, 0x0, 0x0, 0x0, 0x3ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x36}, @call={0x85, 0x0, 0x0, 0xa9}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fffffff}}, @exit, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff8}}]}, &(0x7f0000000280)='GPL\x00', 0x1, 0xbf, &(0x7f00000002c0)=""/191, 0x1e00, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000880)={0x5, 0xcf8}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x800, 0x2}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000009c0)=[r4, r5, r11, r12], &(0x7f0000000a00)=[{0x1, 0x1, 0x1, 0x2}, {0x2, 0x3, 0x9, 0x6}, {0x0, 0x3, 0xf}, {0x1, 0x5, 0x8, 0x1}], 0x10, 0x3}, 0x90)

06:47:26 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x0, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   90.681221][ T3068] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   90.689038][ T3068]  </TASK>
06:47:27 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x41, &(0x7f0000000440)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf5, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x156, 0x156, 0x7, [@union={0xb, 0x5, 0x0, 0x5, 0x1, 0x0, [{0xc, 0x5, 0x6}, {0x3, 0x5, 0x3}, {0x6, 0x2, 0x2e6}, {0x6, 0x5, 0x800}, {0xc, 0x0, 0x1000}]}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x5, 0x4}, {0x1, 0x2}, {0x3, 0x3}, {0xb, 0x3}, {0x6, 0x2}]}, @volatile={0x3, 0x0, 0x0, 0x9, 0x3}, @var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x5f, 0x6}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @var={0xe, 0x0, 0x0, 0xe, 0x5, 0x1}, @datasec={0x2, 0x2, 0x0, 0xf, 0x2, [{0x2, 0x5, 0x3}, {0x2, 0x5d0, 0xc}], "85d1"}, @struct={0x0, 0x8, 0x0, 0x4, 0x1, 0x0, [{0xc, 0x3, 0x2}, {0x7, 0x2}, {0x1, 0x1}, {0x6, 0x2, 0x100}, {0xc, 0x0, 0x3}, {0x0, 0x3, 0x1d}, {0x4, 0x4, 0x4}, {0x9}]}]}, {0x0, [0x5f, 0x0, 0xedb264b6edd55a80, 0x0, 0x2e]}}, &(0x7f0000000800)=""/54, 0x177, 0x36, 0x1, 0x80}, 0x20) (async)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0x8}, 0xc) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) (async)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r7 = getpid() (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x11, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x6}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x4}}, [@map_idx={0x18, 0x9, 0x5, 0x0, 0x1}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$unix(r5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r8, r8, r10, r5, r5, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0x0, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r6, 0xffffffffffffffff, 0xffffffffffffffff, r9]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xee01, 0xee00}}}], 0xa0, 0x800}, 0x20004005)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7020000200000008500000086000000956a337d08861cf91b6489d34fdc1ab7a69ddb5382dae3549e57ce8087cb4642877bd5efcb082c958e4e4f432f2461b26e89cb51988bec67ca882a601e7f603b1126b32f32422479edb5394d45f3d9d33ece513021b697f50ae1861dc71adfb209acba0d8962ec723641a94ccdf162721de0110858c6e4862aee390e4ca5178fea06cc7e0a098ebf719ece469c4dbfa9"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x7, &(0x7f0000000bc0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xdc6b95de53f8b896, 0x1, 0x0, r1}], &(0x7f0000000c00)='GPL\x00', 0x7ff, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c40)={0x4, 0xc, 0xa5, 0x5}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000d40), &(0x7f0000000e40)=[{0x0, 0x2, 0xe, 0x2}, {0x1, 0x5, 0x4, 0x4}], 0x10, 0x4}, 0x90)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xb, 0x6, 0x7, 0xffffff01, 0x42, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x1d, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6b5, 0x0, 0x0, 0x0, 0x3ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x36}, @call={0x85, 0x0, 0x0, 0xa9}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fffffff}}, @exit, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff8}}]}, &(0x7f0000000280)='GPL\x00', 0x1, 0xbf, &(0x7f00000002c0)=""/191, 0x1e00, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000880)={0x5, 0xcf8}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x800, 0x2}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000009c0)=[r4, r5, r11, r12], &(0x7f0000000a00)=[{0x1, 0x1, 0x1, 0x2}, {0x2, 0x3, 0x9, 0x6}, {0x0, 0x3, 0xf}, {0x1, 0x5, 0x8, 0x1}], 0x10, 0x3}, 0x90)

06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x0, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   90.742006][ T3081] FAULT_INJECTION: forcing a failure.
[   90.742006][ T3081] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:47:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x41, &(0x7f0000000440)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf5, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x156, 0x156, 0x7, [@union={0xb, 0x5, 0x0, 0x5, 0x1, 0x0, [{0xc, 0x5, 0x6}, {0x3, 0x5, 0x3}, {0x6, 0x2, 0x2e6}, {0x6, 0x5, 0x800}, {0xc, 0x0, 0x1000}]}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x5, 0x4}, {0x1, 0x2}, {0x3, 0x3}, {0xb, 0x3}, {0x6, 0x2}]}, @volatile={0x3, 0x0, 0x0, 0x9, 0x3}, @var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x5f, 0x6}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @var={0xe, 0x0, 0x0, 0xe, 0x5, 0x1}, @datasec={0x2, 0x2, 0x0, 0xf, 0x2, [{0x2, 0x5, 0x3}, {0x2, 0x5d0, 0xc}], "85d1"}, @struct={0x0, 0x8, 0x0, 0x4, 0x1, 0x0, [{0xc, 0x3, 0x2}, {0x7, 0x2}, {0x1, 0x1}, {0x6, 0x2, 0x100}, {0xc, 0x0, 0x3}, {0x0, 0x3, 0x1d}, {0x4, 0x4, 0x4}, {0x9}]}]}, {0x0, [0x5f, 0x0, 0xedb264b6edd55a80, 0x0, 0x2e]}}, &(0x7f0000000800)=""/54, 0x177, 0x36, 0x1, 0x80}, 0x20) (async)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0x8}, 0xc) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) (async)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = getpid()
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x11, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x6}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x4}}, [@map_idx={0x18, 0x9, 0x5, 0x0, 0x1}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$unix(r5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r8, r8, r10, r5, r5, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0x0, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r6, 0xffffffffffffffff, 0xffffffffffffffff, r9]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xee01, 0xee00}}}], 0xa0, 0x800}, 0x20004005) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7020000200000008500000086000000956a337d08861cf91b6489d34fdc1ab7a69ddb5382dae3549e57ce8087cb4642877bd5efcb082c958e4e4f432f2461b26e89cb51988bec67ca882a601e7f603b1126b32f32422479edb5394d45f3d9d33ece513021b697f50ae1861dc71adfb209acba0d8962ec723641a94ccdf162721de0110858c6e4862aee390e4ca5178fea06cc7e0a098ebf719ece469c4dbfa9"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x7, &(0x7f0000000bc0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xdc6b95de53f8b896, 0x1, 0x0, r1}], &(0x7f0000000c00)='GPL\x00', 0x7ff, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c40)={0x4, 0xc, 0xa5, 0x5}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000d40), &(0x7f0000000e40)=[{0x0, 0x2, 0xe, 0x2}, {0x1, 0x5, 0x4, 0x4}], 0x10, 0x4}, 0x90) (async)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xb, 0x6, 0x7, 0xffffff01, 0x42, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x1d, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6b5, 0x0, 0x0, 0x0, 0x3ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x36}, @call={0x85, 0x0, 0x0, 0xa9}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fffffff}}, @exit, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff8}}]}, &(0x7f0000000280)='GPL\x00', 0x1, 0xbf, &(0x7f00000002c0)=""/191, 0x1e00, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000880)={0x5, 0xcf8}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x800, 0x2}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000009c0)=[r4, r5, r11, r12], &(0x7f0000000a00)=[{0x1, 0x1, 0x1, 0x2}, {0x2, 0x3, 0x9, 0x6}, {0x0, 0x3, 0xf}, {0x1, 0x5, 0x8, 0x1}], 0x10, 0x3}, 0x90)

[   90.810689][ T3081] CPU: 1 PID: 3081 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   90.820848][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   90.830750][ T3081] Call Trace:
[   90.833886][ T3081]  <TASK>
[   90.836649][ T3081]  dump_stack_lvl+0x151/0x1b7
[   90.841161][ T3081]  ? io_uring_drop_tctx_refs+0x190/0x190
[   90.846631][ T3081]  dump_stack+0x15/0x17
[   90.850619][ T3081]  should_fail+0x3c6/0x510
[   90.854873][ T3081]  should_fail_alloc_page+0x5a/0x80
[   90.859903][ T3081]  prepare_alloc_pages+0x15c/0x700
[   90.864853][ T3081]  ? __alloc_pages_bulk+0xe40/0xe40
[   90.869903][ T3081]  __alloc_pages+0x18c/0x8f0
[   90.874320][ T3081]  ? prep_new_page+0x110/0x110
[   90.878911][ T3081]  ? __alloc_pages+0x27e/0x8f0
[   90.883516][ T3081]  ? __kasan_check_write+0x14/0x20
[   90.888464][ T3081]  ? _raw_spin_lock+0xa4/0x1b0
[   90.893062][ T3081]  pte_alloc_one+0x73/0x1b0
[   90.897408][ T3081]  ? pfn_modify_allowed+0x2f0/0x2f0
[   90.902435][ T3081]  ? __pmd_alloc+0x48d/0x550
[   90.906860][ T3081]  __pte_alloc+0x86/0x350
[   90.911028][ T3081]  ? __pud_alloc+0x260/0x260
[   90.915453][ T3081]  ? __pud_alloc+0x213/0x260
[   90.919879][ T3081]  ? free_pgtables+0x280/0x280
[   90.924477][ T3081]  ? do_handle_mm_fault+0x2330/0x2330
[   90.929688][ T3081]  ? __stack_depot_save+0x34/0x470
[   90.934633][ T3081]  ? anon_vma_clone+0x9a/0x500
[   90.939231][ T3081]  copy_page_range+0x28a8/0x2f90
[   90.944005][ T3081]  ? __kasan_slab_alloc+0xb1/0xe0
[   90.948866][ T3081]  ? slab_post_alloc_hook+0x53/0x2c0
[   90.953988][ T3081]  ? kernel_clone+0x21e/0x9e0
[   90.958502][ T3081]  ? do_syscall_64+0x3d/0xb0
[   90.962927][ T3081]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   90.968833][ T3081]  ? pfn_valid+0x1e0/0x1e0
[   90.973087][ T3081]  ? rwsem_write_trylock+0x15b/0x290
[   90.978204][ T3081]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   90.984455][ T3081]  copy_mm+0xc7e/0x13e0
[   90.988447][ T3081]  ? copy_signal+0x610/0x610
[   90.992869][ T3081]  ? __init_rwsem+0xd6/0x1c0
[   90.997300][ T3081]  ? copy_signal+0x4e3/0x610
[   91.001734][ T3081]  copy_process+0x1149/0x3290
[   91.006249][ T3081]  ? proc_fail_nth_write+0x20b/0x290
[   91.011358][ T3081]  ? fsnotify_perm+0x6a/0x5d0
[   91.015872][ T3081]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   91.020820][ T3081]  ? vfs_write+0x9ec/0x1110
[   91.025163][ T3081]  kernel_clone+0x21e/0x9e0
[   91.029499][ T3081]  ? file_end_write+0x1c0/0x1c0
[   91.034186][ T3081]  ? create_io_thread+0x1e0/0x1e0
[   91.039044][ T3081]  ? mutex_unlock+0xb2/0x260
[   91.043471][ T3081]  ? __mutex_lock_slowpath+0x10/0x10
[   91.048596][ T3081]  __x64_sys_clone+0x23f/0x290
[   91.053193][ T3081]  ? __do_sys_vfork+0x130/0x130
[   91.057880][ T3081]  ? ksys_write+0x260/0x2c0
[   91.062224][ T3081]  ? debug_smp_processor_id+0x17/0x20
[   91.067427][ T3081]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   91.073330][ T3081]  ? exit_to_user_mode_prepare+0x39/0xa0
[   91.078801][ T3081]  do_syscall_64+0x3d/0xb0
[   91.083051][ T3081]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   91.088780][ T3081] RIP: 0033:0x7fc79465eda9
[   91.093033][ T3081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   91.112483][ T3081] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   91.120720][ T3081] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   91.128532][ T3081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   91.136342][ T3081] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   91.144155][ T3081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   91.151972][ T3081] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
06:47:27 executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x2001000000000, 0x0, 0x0, 0x0)

06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x0, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x97, 0x97, 0x6, [@func={0x7, 0x0, 0x0, 0xc, 0x3}, @datasec={0xd, 0x8, 0x0, 0xf, 0x3, [{0x5, 0xae2e, 0x9}, {0x3, 0x80000000, 0x6}, {0x3, 0x1ca, 0x3b}, {0x3, 0x8000, 0x6}, {0x2, 0x2f9, 0x4}, {0x5, 0x30, 0x9}, {0x1, 0xffffffff, 0x6e}, {0x3, 0x2, 0x8}], 'qB1'}, @var={0xd, 0x0, 0x0, 0xe, 0x1}, @fwd={0x3}]}, {0x0, [0x61, 0x70aa3e61a76745c8, 0x5f, 0x0]}}, &(0x7f0000001580)=""/47, 0xb6, 0x2f, 0x1, 0x5}, 0x20)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001680)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001740)=@o_path={&(0x7f0000001700)='.\x00', 0x0, 0x0, r0}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=@base={0x1a, 0x1, 0x1e2, 0x8, 0x1088, 0x1, 0x3, '\x00', r1, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x687, 0x0, 0x3ae, 0x200, r7, 0xfff, '\x00', 0x0, r7, 0x2, 0x4, 0x2, 0xe}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x1d, 0x7, 0x8, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r9, &(0x7f00000000c0), &(0x7f0000000100)=""/66}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001840)={0x18, 0x2, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffffffffffff}], &(0x7f0000000480)='GPL\x00', 0xffffff83, 0x1000, &(0x7f00000004c0)=""/4096, 0x41100, 0x4b, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000001600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001640)={0x1, 0x1, 0x1, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001800)=[r3, r4, 0xffffffffffffffff, r5, r7, r9], 0x0, 0x10, 0x5}, 0x90)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@ifindex=r1, 0x20, 0x1, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000340)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
syz_clone(0x1000, &(0x7f0000000000)="ea391c191563ce5e084f091dad5b4ea9de79ddf812b9c847b7374e322a806fd71abe57b5fa25ef9af414b5242bd5d043e22d813eb02ec0ed6861db055993ad47559cb23f043ffc49b30fd12a", 0x4c, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="2961321b90fff49e4885499f973195ce27ae68be94d3cce99a52cc9cc8a994bc72b86cf7ffb05d990362029b4a5ea443e4ada87c2cb7087718cd0b137b173a2479bade861e584f6c67aa368170fe42b7ef1356b9a42ffa4e602e4cf45fac9c2d0feb5041f4158995996d46e0cc")

06:47:27 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 35)

[   91.159778][ T3081]  </TASK>
06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x93, 0x93, 0x9, [@datasec={0x3, 0xa, 0x0, 0xf, 0x3, [{0x3, 0x68, 0x4c4}, {0x4, 0x7fff, 0x4}, {0x2, 0x9, 0xffff0001}, {0x4, 0xf77e8b7f, 0x20}, {0x1, 0x508, 0xda4}, {0x2, 0x80, 0x70}, {0x3, 0x5, 0x7fffffff}, {0x3, 0x9, 0x2}, {0x2, 0x3, 0x68}, {0x1, 0x9, 0x6}], "4f4e8a"}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}]}, {0x0, [0x61, 0x2e, 0x0, 0x61, 0x2e, 0x5f, 0x2e]}}, &(0x7f0000000880)=""/252, 0xb5, 0xfc, 0x0, 0xffff}, 0x20)
r3 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x0, 0x3f, 0x0, 0x40, 0x0, 0xfff, 0x44000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9000, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000ac0)=@bpf_tracing={0x1a, 0x13, &(0x7f0000000e80)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000efc3e4ac8fdcc018053dac2ffacb390000000085100000feffffff180000005f9c4c3900000000fe0000002146090008000000bf91000000000000b7020000010000008500000084000000b70000000800000095000000"], &(0x7f0000000340)='syzkaller\x00', 0xffff, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x19, r5, 0x8, &(0x7f0000000940)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x0, 0x8}, 0x10, 0x2fff3, r5, 0x0, &(0x7f00000009c0)=[r5, r5], 0x0, 0x10, 0x2}, 0x90)
openat$cgroup_ro(r5, 0x0, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x3, <r6=>0x0}, 0x8)
r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./file0\x00', 0x0, 0x8, r3}, 0x18)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4d}, [@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x39}, @ldst={0x1, 0x1, 0x4, 0x8, 0x7, 0xc, 0x4}, @alu={0x4, 0x0, 0x9, 0x4, 0xa, 0x100, 0x4}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x78d146ad988ddcb1, 0x1, 0x0, r5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @generic={0x0, 0x2, 0xc, 0x5f, 0x5}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0xa2, &(0x7f0000000640)=""/162, 0x41000, 0x4, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x9, 0x3}, 0x10, r6, r4, 0x0, &(0x7f0000000800)=[r7, r8]}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f00000005c0)=[0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0xf6, &(0x7f0000000640)=[{}], 0x8, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@bloom_filter={0x1e, 0xfffffffe, 0x259b, 0x5, 0xa, 0x1, 0x3, '\x00', r9, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1e, 0x17, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@exit, @tail_call, @map_idx={0x18, 0x1, 0x5, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7, 0x93, &(0x7f0000000400)=""/147, 0x40f00, 0x2, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0x9, 0x8, 0x1}, 0x10, r10, 0xffffffffffffffff, 0x6, &(0x7f0000000900)=[r11, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000940)=[{0x5, 0x2, 0x7, 0x2}, {0x1, 0x5, 0x2}, {0x5, 0x3, 0x5, 0x9}, {0x4, 0x3, 0xa}, {0x2, 0x5, 0xb, 0x8}, {0x0, 0x1, 0x7, 0x4}]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa5a79b1ef4cac023, 0x14, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x38000000}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x5, 0x2, 0x2, 0x1, 0x4, 0x10, 0x15}]}, &(0x7f0000000680)='GPL\x00', 0x9, 0xec, &(0x7f00000006c0)=""/236, 0x41100, 0x50, '\x00', 0x0, 0x37, r2, 0x8, &(0x7f00000009c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x3, 0x7f, 0x6}, 0x10, r6, r0, 0x5, &(0x7f0000000a40)=[r11], &(0x7f0000000a80)=[{0x4, 0x5, 0x9, 0x1}, {0x3, 0x4, 0xe, 0xa}, {0x3, 0x2, 0xf}, {0x4, 0x2, 0x8, 0xb}, {0x5, 0x2, 0x10, 0x5}], 0x10, 0x100}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000c00)=@generic={&(0x7f0000000bc0)='./file0\x00'}, 0x18)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1c, 0x10001, 0x55f, 0xc45, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x9}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x0, 0x8e, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0xb3, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x7, 0x0, 0x1f, 0x9f, 0x56, r12, 0x1, '\x00', r13, r14, 0x4, 0x4, 0x1}, 0x48)

06:47:27 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async, rerun: 32)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10) (rerun: 32)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x97, 0x97, 0x6, [@func={0x7, 0x0, 0x0, 0xc, 0x3}, @datasec={0xd, 0x8, 0x0, 0xf, 0x3, [{0x5, 0xae2e, 0x9}, {0x3, 0x80000000, 0x6}, {0x3, 0x1ca, 0x3b}, {0x3, 0x8000, 0x6}, {0x2, 0x2f9, 0x4}, {0x5, 0x30, 0x9}, {0x1, 0xffffffff, 0x6e}, {0x3, 0x2, 0x8}], 'qB1'}, @var={0xd, 0x0, 0x0, 0xe, 0x1}, @fwd={0x3}]}, {0x0, [0x61, 0x70aa3e61a76745c8, 0x5f, 0x0]}}, &(0x7f0000001580)=""/47, 0xb6, 0x2f, 0x1, 0x5}, 0x20) (async)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001680)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001740)=@o_path={&(0x7f0000001700)='.\x00', 0x0, 0x0, r0}, 0x18) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=@base={0x1a, 0x1, 0x1e2, 0x8, 0x1088, 0x1, 0x3, '\x00', r1, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x687, 0x0, 0x3ae, 0x200, r7, 0xfff, '\x00', 0x0, r7, 0x2, 0x4, 0x2, 0xe}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x1d, 0x7, 0x8, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r9, &(0x7f00000000c0), &(0x7f0000000100)=""/66}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001840)={0x18, 0x2, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffffffffffff}], &(0x7f0000000480)='GPL\x00', 0xffffff83, 0x1000, &(0x7f00000004c0)=""/4096, 0x41100, 0x4b, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000001600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001640)={0x1, 0x1, 0x1, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001800)=[r3, r4, 0xffffffffffffffff, r5, r7, r9], 0x0, 0x10, 0x5}, 0x90)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@ifindex=r1, 0x20, 0x1, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000340)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
syz_clone(0x1000, &(0x7f0000000000)="ea391c191563ce5e084f091dad5b4ea9de79ddf812b9c847b7374e322a806fd71abe57b5fa25ef9af414b5242bd5d043e22d813eb02ec0ed6861db055993ad47559cb23f043ffc49b30fd12a", 0x4c, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="2961321b90fff49e4885499f973195ce27ae68be94d3cce99a52cc9cc8a994bc72b86cf7ffb05d990362029b4a5ea443e4ada87c2cb7087718cd0b137b173a2479bade861e584f6c67aa368170fe42b7ef1356b9a42ffa4e602e4cf45fac9c2d0feb5041f4158995996d46e0cc")

06:47:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x93, 0x93, 0x9, [@datasec={0x3, 0xa, 0x0, 0xf, 0x3, [{0x3, 0x68, 0x4c4}, {0x4, 0x7fff, 0x4}, {0x2, 0x9, 0xffff0001}, {0x4, 0xf77e8b7f, 0x20}, {0x1, 0x508, 0xda4}, {0x2, 0x80, 0x70}, {0x3, 0x5, 0x7fffffff}, {0x3, 0x9, 0x2}, {0x2, 0x3, 0x68}, {0x1, 0x9, 0x6}], "4f4e8a"}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}]}, {0x0, [0x61, 0x2e, 0x0, 0x61, 0x2e, 0x5f, 0x2e]}}, &(0x7f0000000880)=""/252, 0xb5, 0xfc, 0x0, 0xffff}, 0x20) (async)
r3 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x0, 0x3f, 0x0, 0x40, 0x0, 0xfff, 0x44000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9000, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000ac0)=@bpf_tracing={0x1a, 0x13, &(0x7f0000000e80)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000efc3e4ac8fdcc018053dac2ffacb390000000085100000feffffff180000005f9c4c3900000000fe0000002146090008000000bf91000000000000b7020000010000008500000084000000b70000000800000095000000"], &(0x7f0000000340)='syzkaller\x00', 0xffff, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x19, r5, 0x8, &(0x7f0000000940)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x0, 0x8}, 0x10, 0x2fff3, r5, 0x0, &(0x7f00000009c0)=[r5, r5], 0x0, 0x10, 0x2}, 0x90) (async)
openat$cgroup_ro(r5, 0x0, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x3, <r6=>0x0}, 0x8)
r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./file0\x00', 0x0, 0x8, r3}, 0x18) (async)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4d}, [@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x39}, @ldst={0x1, 0x1, 0x4, 0x8, 0x7, 0xc, 0x4}, @alu={0x4, 0x0, 0x9, 0x4, 0xa, 0x100, 0x4}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x78d146ad988ddcb1, 0x1, 0x0, r5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @generic={0x0, 0x2, 0xc, 0x5f, 0x5}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0xa2, &(0x7f0000000640)=""/162, 0x41000, 0x4, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x9, 0x3}, 0x10, r6, r4, 0x0, &(0x7f0000000800)=[r7, r8]}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f00000005c0)=[0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0xf6, &(0x7f0000000640)=[{}], 0x8, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@bloom_filter={0x1e, 0xfffffffe, 0x259b, 0x5, 0xa, 0x1, 0x3, '\x00', r9, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1e, 0x17, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@exit, @tail_call, @map_idx={0x18, 0x1, 0x5, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7, 0x93, &(0x7f0000000400)=""/147, 0x40f00, 0x2, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0x9, 0x8, 0x1}, 0x10, r10, 0xffffffffffffffff, 0x6, &(0x7f0000000900)=[r11, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000940)=[{0x5, 0x2, 0x7, 0x2}, {0x1, 0x5, 0x2}, {0x5, 0x3, 0x5, 0x9}, {0x4, 0x3, 0xa}, {0x2, 0x5, 0xb, 0x8}, {0x0, 0x1, 0x7, 0x4}]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa5a79b1ef4cac023, 0x14, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x38000000}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x5, 0x2, 0x2, 0x1, 0x4, 0x10, 0x15}]}, &(0x7f0000000680)='GPL\x00', 0x9, 0xec, &(0x7f00000006c0)=""/236, 0x41100, 0x50, '\x00', 0x0, 0x37, r2, 0x8, &(0x7f00000009c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x3, 0x7f, 0x6}, 0x10, r6, r0, 0x5, &(0x7f0000000a40)=[r11], &(0x7f0000000a80)=[{0x4, 0x5, 0x9, 0x1}, {0x3, 0x4, 0xe, 0xa}, {0x3, 0x2, 0xf}, {0x4, 0x2, 0x8, 0xb}, {0x5, 0x2, 0x10, 0x5}], 0x10, 0x100}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000c00)=@generic={&(0x7f0000000bc0)='./file0\x00'}, 0x18) (async)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1c, 0x10001, 0x55f, 0xc45, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x9}, 0x48) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x0, 0x8e, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0xb3, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x7, 0x0, 0x1f, 0x9f, 0x56, r12, 0x1, '\x00', r13, r14, 0x4, 0x4, 0x1}, 0x48)

06:47:27 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), 0x0, &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x97, 0x97, 0x6, [@func={0x7, 0x0, 0x0, 0xc, 0x3}, @datasec={0xd, 0x8, 0x0, 0xf, 0x3, [{0x5, 0xae2e, 0x9}, {0x3, 0x80000000, 0x6}, {0x3, 0x1ca, 0x3b}, {0x3, 0x8000, 0x6}, {0x2, 0x2f9, 0x4}, {0x5, 0x30, 0x9}, {0x1, 0xffffffff, 0x6e}, {0x3, 0x2, 0x8}], 'qB1'}, @var={0xd, 0x0, 0x0, 0xe, 0x1}, @fwd={0x3}]}, {0x0, [0x61, 0x70aa3e61a76745c8, 0x5f, 0x0]}}, &(0x7f0000001580)=""/47, 0xb6, 0x2f, 0x1, 0x5}, 0x20)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001680)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48) (async)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001680)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001740)=@o_path={&(0x7f0000001700)='.\x00', 0x0, 0x0, r0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000001780)=@base={0x1a, 0x1, 0x1e2, 0x8, 0x1088, 0x1, 0x3, '\x00', r1, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=@base={0x1a, 0x1, 0x1e2, 0x8, 0x1088, 0x1, 0x3, '\x00', r1, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x687, 0x0, 0x3ae, 0x200, r7, 0xfff, '\x00', 0x0, r7, 0x2, 0x4, 0x2, 0xe}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x1d, 0x7, 0x8, 0x0, 0x1}, 0x48) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x1d, 0x7, 0x8, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r9, &(0x7f00000000c0), &(0x7f0000000100)=""/66}, 0x20) (async)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r9, &(0x7f00000000c0), &(0x7f0000000100)=""/66}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001840)={0x18, 0x2, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffffffffffff}], &(0x7f0000000480)='GPL\x00', 0xffffff83, 0x1000, &(0x7f00000004c0)=""/4096, 0x41100, 0x4b, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000001600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001640)={0x1, 0x1, 0x1, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001800)=[r3, r4, 0xffffffffffffffff, r5, r7, r9], 0x0, 0x10, 0x5}, 0x90)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@ifindex=r1, 0x20, 0x1, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000340)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
syz_clone(0x1000, &(0x7f0000000000)="ea391c191563ce5e084f091dad5b4ea9de79ddf812b9c847b7374e322a806fd71abe57b5fa25ef9af414b5242bd5d043e22d813eb02ec0ed6861db055993ad47559cb23f043ffc49b30fd12a", 0x4c, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="2961321b90fff49e4885499f973195ce27ae68be94d3cce99a52cc9cc8a994bc72b86cf7ffb05d990362029b4a5ea443e4ada87c2cb7087718cd0b137b173a2479bade861e584f6c67aa368170fe42b7ef1356b9a42ffa4e602e4cf45fac9c2d0feb5041f4158995996d46e0cc")

06:47:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x93, 0x93, 0x9, [@datasec={0x3, 0xa, 0x0, 0xf, 0x3, [{0x3, 0x68, 0x4c4}, {0x4, 0x7fff, 0x4}, {0x2, 0x9, 0xffff0001}, {0x4, 0xf77e8b7f, 0x20}, {0x1, 0x508, 0xda4}, {0x2, 0x80, 0x70}, {0x3, 0x5, 0x7fffffff}, {0x3, 0x9, 0x2}, {0x2, 0x3, 0x68}, {0x1, 0x9, 0x6}], "4f4e8a"}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}]}, {0x0, [0x61, 0x2e, 0x0, 0x61, 0x2e, 0x5f, 0x2e]}}, &(0x7f0000000880)=""/252, 0xb5, 0xfc, 0x0, 0xffff}, 0x20)
r3 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x0, 0x3f, 0x0, 0x40, 0x0, 0xfff, 0x44000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9000, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000ac0)=@bpf_tracing={0x1a, 0x13, &(0x7f0000000e80)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000efc3e4ac8fdcc018053dac2ffacb390000000085100000feffffff180000005f9c4c3900000000fe0000002146090008000000bf91000000000000b7020000010000008500000084000000b70000000800000095000000"], &(0x7f0000000340)='syzkaller\x00', 0xffff, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x19, r5, 0x8, &(0x7f0000000940)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x0, 0x8}, 0x10, 0x2fff3, r5, 0x0, &(0x7f00000009c0)=[r5, r5], 0x0, 0x10, 0x2}, 0x90)
openat$cgroup_ro(r5, 0x0, 0x0, 0x0) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x3, <r6=>0x0}, 0x8) (async)
r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./file0\x00', 0x0, 0x8, r3}, 0x18) (async)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4d}, [@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x39}, @ldst={0x1, 0x1, 0x4, 0x8, 0x7, 0xc, 0x4}, @alu={0x4, 0x0, 0x9, 0x4, 0xa, 0x100, 0x4}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x78d146ad988ddcb1, 0x1, 0x0, r5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @generic={0x0, 0x2, 0xc, 0x5f, 0x5}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0xa2, &(0x7f0000000640)=""/162, 0x41000, 0x4, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x9, 0x3}, 0x10, r6, r4, 0x0, &(0x7f0000000800)=[r7, r8]}, 0x90) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f00000005c0)=[0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0xf6, &(0x7f0000000640)=[{}], 0x8, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@bloom_filter={0x1e, 0xfffffffe, 0x259b, 0x5, 0xa, 0x1, 0x3, '\x00', r9, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x4}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1e, 0x17, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@exit, @tail_call, @map_idx={0x18, 0x1, 0x5, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7, 0x93, &(0x7f0000000400)=""/147, 0x40f00, 0x2, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0x9, 0x8, 0x1}, 0x10, r10, 0xffffffffffffffff, 0x6, &(0x7f0000000900)=[r11, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000940)=[{0x5, 0x2, 0x7, 0x2}, {0x1, 0x5, 0x2}, {0x5, 0x3, 0x5, 0x9}, {0x4, 0x3, 0xa}, {0x2, 0x5, 0xb, 0x8}, {0x0, 0x1, 0x7, 0x4}]}, 0x90) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa5a79b1ef4cac023, 0x14, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x38000000}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x5, 0x2, 0x2, 0x1, 0x4, 0x10, 0x15}]}, &(0x7f0000000680)='GPL\x00', 0x9, 0xec, &(0x7f00000006c0)=""/236, 0x41100, 0x50, '\x00', 0x0, 0x37, r2, 0x8, &(0x7f00000009c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x3, 0x7f, 0x6}, 0x10, r6, r0, 0x5, &(0x7f0000000a40)=[r11], &(0x7f0000000a80)=[{0x4, 0x5, 0x9, 0x1}, {0x3, 0x4, 0xe, 0xa}, {0x3, 0x2, 0xf}, {0x4, 0x2, 0x8, 0xb}, {0x5, 0x2, 0x10, 0x5}], 0x10, 0x100}, 0x90) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000c00)=@generic={&(0x7f0000000bc0)='./file0\x00'}, 0x18) (async, rerun: 64)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1c, 0x10001, 0x55f, 0xc45, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x9}, 0x48) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x0, 0x8e, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0xb3, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async, rerun: 32)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x7, 0x0, 0x1f, 0x9f, 0x56, r12, 0x1, '\x00', r13, r14, 0x4, 0x4, 0x1}, 0x48)

06:47:27 executing program 2:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 1)

06:47:27 executing program 2:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 2:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   91.368046][ T3179] FAULT_INJECTION: forcing a failure.
[   91.368046][ T3179] name failslab, interval 1, probability 0, space 0, times 0
[   91.404015][ T3179] CPU: 0 PID: 3179 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   91.414089][ T3179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   91.424077][ T3179] Call Trace:
[   91.427192][ T3179]  <TASK>
[   91.430059][ T3179]  dump_stack_lvl+0x151/0x1b7
[   91.434571][ T3179]  ? io_uring_drop_tctx_refs+0x190/0x190
[   91.440039][ T3179]  dump_stack+0x15/0x17
[   91.444033][ T3179]  should_fail+0x3c6/0x510
[   91.448287][ T3179]  __should_failslab+0xa4/0xe0
[   91.452971][ T3179]  ? dup_task_struct+0x53/0xc60
[   91.457658][ T3179]  should_failslab+0x9/0x20
[   91.462002][ T3179]  slab_pre_alloc_hook+0x37/0xd0
[   91.466774][ T3179]  ? dup_task_struct+0x53/0xc60
[   91.472588][ T3179]  kmem_cache_alloc+0x44/0x200
[   91.477183][ T3179]  dup_task_struct+0x53/0xc60
[   91.481698][ T3179]  ? __kasan_check_write+0x14/0x20
[   91.486645][ T3179]  copy_process+0x5c4/0x3290
[   91.491073][ T3179]  ? __kasan_check_write+0x14/0x20
[   91.496018][ T3179]  ? proc_fail_nth_write+0x20b/0x290
[   91.501139][ T3179]  ? selinux_file_permission+0x2c4/0x570
[   91.506608][ T3179]  ? fsnotify_perm+0x6a/0x5d0
[   91.511121][ T3179]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   91.516070][ T3179]  ? vfs_write+0x9ec/0x1110
[   91.520408][ T3179]  kernel_clone+0x21e/0x9e0
[   91.524745][ T3179]  ? file_end_write+0x1c0/0x1c0
[   91.529431][ T3179]  ? create_io_thread+0x1e0/0x1e0
[   91.534291][ T3179]  ? mutex_unlock+0xb2/0x260
[   91.538719][ T3179]  ? __mutex_lock_slowpath+0x10/0x10
[   91.543842][ T3179]  __x64_sys_clone+0x23f/0x290
[   91.548440][ T3179]  ? __do_sys_vfork+0x130/0x130
[   91.553125][ T3179]  ? ksys_write+0x260/0x2c0
[   91.557469][ T3179]  ? debug_smp_processor_id+0x17/0x20
[   91.562677][ T3179]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   91.568577][ T3179]  ? exit_to_user_mode_prepare+0x39/0xa0
[   91.574045][ T3179]  do_syscall_64+0x3d/0xb0
[   91.578297][ T3179]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   91.584029][ T3179] RIP: 0033:0x7fc368450da9
[   91.588283][ T3179] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   91.607731][ T3179] RSP: 002b:00007fc3671d2078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='blkio.bfq.time\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000006c0)={0x5, 0x80, 0x1f, 0x7f, 0x14, 0xdc, 0x0, 0x2, 0x1000, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x320ddeefb0f3916d, @perf_config_ext={0x1, 0xd393}, 0x4020, 0x8, 0xbc000000, 0x0, 0x5, 0x101, 0x1ff, 0x0, 0xffffffff, 0x0, 0xfffffffffffff1e6}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xa)
openat$cgroup_procs(r0, &(0x7f0000000700)='cgroup.threads\x00', 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
perf_event_open$cgroup(&(0x7f0000000780)={0x5, 0x80, 0x7, 0x1, 0x2, 0x9, 0x0, 0x4, 0x20000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x4, 0x3}, 0x110904, 0x2, 0xc55, 0x0, 0x80000000, 0xac7, 0x0, 0x0, 0x9, 0x0, 0x7aa9}, r1, 0xf, r1, 0x1)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x87, &(0x7f0000000280)=[{}, {}], 0x10, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa, 0xc, 0x3, [@volatile={0x4, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x30]}}, &(0x7f0000000500)=""/148, 0x27, 0x94, 0x1, 0xa}, 0xffffffffffffff36)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000000c0)=@raw=[@map_val={0x18, 0x3, 0x2, 0x0, r3}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x5}], &(0x7f0000000100)='GPL\x00', 0x800, 0x53, &(0x7f0000000140)=""/83, 0x41100, 0xe, '\x00', r4, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000600)=[{0x0, 0x4, 0xf, 0xa}, {0x4, 0x2, 0xa, 0xe}, {0x1, 0x2, 0xe, 0xc}, {0x5, 0x5, 0x5, 0x8}], 0x10, 0x4}, 0x90)

[   91.615966][ T3179] RAX: ffffffffffffffda RBX: 00007fc36857ef80 RCX: 00007fc368450da9
[   91.623781][ T3179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   91.631588][ T3179] RBP: 00007fc3671d2120 R08: 0000000020000540 R09: 0000000020000540
[   91.639401][ T3179] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   91.647225][ T3179] R13: 000000000000000b R14: 00007fc36857ef80 R15: 00007ffd99bee8b8
[   91.655031][ T3179]  </TASK>
06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:27 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   91.749032][ T3188] FAULT_INJECTION: forcing a failure.
[   91.749032][ T3188] name failslab, interval 1, probability 0, space 0, times 0
[   91.775651][ T3188] CPU: 1 PID: 3188 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   91.785726][ T3188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   91.795623][ T3188] Call Trace:
[   91.798742][ T3188]  <TASK>
[   91.801521][ T3188]  dump_stack_lvl+0x151/0x1b7
[   91.806035][ T3188]  ? io_uring_drop_tctx_refs+0x190/0x190
[   91.811591][ T3188]  dump_stack+0x15/0x17
[   91.815589][ T3188]  should_fail+0x3c6/0x510
[   91.819835][ T3188]  __should_failslab+0xa4/0xe0
[   91.824434][ T3188]  ? vm_area_dup+0x26/0x230
[   91.828775][ T3188]  should_failslab+0x9/0x20
[   91.833112][ T3188]  slab_pre_alloc_hook+0x37/0xd0
[   91.837889][ T3188]  ? vm_area_dup+0x26/0x230
[   91.842225][ T3188]  kmem_cache_alloc+0x44/0x200
[   91.846827][ T3188]  vm_area_dup+0x26/0x230
[   91.850992][ T3188]  copy_mm+0x9a1/0x13e0
[   91.854991][ T3188]  ? copy_signal+0x610/0x610
[   91.859417][ T3188]  ? __init_rwsem+0xd6/0x1c0
[   91.863851][ T3188]  ? copy_signal+0x4e3/0x610
[   91.868264][ T3188]  copy_process+0x1149/0x3290
[   91.872780][ T3188]  ? proc_fail_nth_write+0x20b/0x290
[   91.877898][ T3188]  ? fsnotify_perm+0x6a/0x5d0
[   91.882414][ T3188]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   91.887362][ T3188]  ? vfs_write+0x9ec/0x1110
[   91.891709][ T3188]  kernel_clone+0x21e/0x9e0
[   91.896040][ T3188]  ? file_end_write+0x1c0/0x1c0
[   91.900727][ T3188]  ? create_io_thread+0x1e0/0x1e0
[   91.905585][ T3188]  ? mutex_unlock+0xb2/0x260
[   91.910014][ T3188]  ? __mutex_lock_slowpath+0x10/0x10
[   91.915134][ T3188]  __x64_sys_clone+0x23f/0x290
[   91.919741][ T3188]  ? __do_sys_vfork+0x130/0x130
[   91.924421][ T3188]  ? ksys_write+0x260/0x2c0
[   91.928764][ T3188]  ? debug_smp_processor_id+0x17/0x20
[   91.933968][ T3188]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   91.939873][ T3188]  ? exit_to_user_mode_prepare+0x39/0xa0
[   91.945339][ T3188]  do_syscall_64+0x3d/0xb0
[   91.949590][ T3188]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   91.955319][ T3188] RIP: 0033:0x7fc79465eda9
[   91.959595][ T3188] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   91.979015][ T3188] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   91.987260][ T3188] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:28 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='blkio.bfq.time\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000006c0)={0x5, 0x80, 0x1f, 0x7f, 0x14, 0xdc, 0x0, 0x2, 0x1000, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x320ddeefb0f3916d, @perf_config_ext={0x1, 0xd393}, 0x4020, 0x8, 0xbc000000, 0x0, 0x5, 0x101, 0x1ff, 0x0, 0xffffffff, 0x0, 0xfffffffffffff1e6}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xa) (async)
openat$cgroup_procs(r0, &(0x7f0000000700)='cgroup.threads\x00', 0x2, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
perf_event_open$cgroup(&(0x7f0000000780)={0x5, 0x80, 0x7, 0x1, 0x2, 0x9, 0x0, 0x4, 0x20000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x4, 0x3}, 0x110904, 0x2, 0xc55, 0x0, 0x80000000, 0xac7, 0x0, 0x0, 0x9, 0x0, 0x7aa9}, r1, 0xf, r1, 0x1) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x87, &(0x7f0000000280)=[{}, {}], 0x10, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa, 0xc, 0x3, [@volatile={0x4, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x30]}}, &(0x7f0000000500)=""/148, 0x27, 0x94, 0x1, 0xa}, 0xffffffffffffff36)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000000c0)=@raw=[@map_val={0x18, 0x3, 0x2, 0x0, r3}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x5}], &(0x7f0000000100)='GPL\x00', 0x800, 0x53, &(0x7f0000000140)=""/83, 0x41100, 0xe, '\x00', r4, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000600)=[{0x0, 0x4, 0xf, 0xa}, {0x4, 0x2, 0xa, 0xe}, {0x1, 0x2, 0xe, 0xc}, {0x5, 0x5, 0x5, 0x8}], 0x10, 0x4}, 0x90)

06:47:28 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 2)

06:47:28 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:28 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 36)

[   91.995074][ T3188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   92.002885][ T3188] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   92.010697][ T3188] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   92.018504][ T3188] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   92.026333][ T3188]  </TASK>
[   92.062439][ T3220] FAULT_INJECTION: forcing a failure.
[   92.062439][ T3220] name failslab, interval 1, probability 0, space 0, times 0
[   92.083595][ T3226] FAULT_INJECTION: forcing a failure.
[   92.083595][ T3226] name failslab, interval 1, probability 0, space 0, times 0
[   92.093519][ T3220] CPU: 0 PID: 3220 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   92.106079][ T3220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   92.115978][ T3220] Call Trace:
[   92.119098][ T3220]  <TASK>
[   92.121888][ T3220]  dump_stack_lvl+0x151/0x1b7
[   92.126390][ T3220]  ? io_uring_drop_tctx_refs+0x190/0x190
[   92.131855][ T3220]  ? __kasan_slab_alloc+0xc3/0xe0
[   92.136714][ T3220]  ? __kasan_slab_alloc+0xb1/0xe0
[   92.141579][ T3220]  ? slab_post_alloc_hook+0x53/0x2c0
[   92.146704][ T3220]  ? dup_task_struct+0x53/0xc60
[   92.151380][ T3220]  ? copy_process+0x5c4/0x3290
[   92.155981][ T3220]  ? kernel_clone+0x21e/0x9e0
[   92.160494][ T3220]  dump_stack+0x15/0x17
[   92.164494][ T3220]  should_fail+0x3c6/0x510
[   92.168740][ T3220]  __should_failslab+0xa4/0xe0
[   92.173340][ T3220]  should_failslab+0x9/0x20
[   92.177756][ T3220]  slab_pre_alloc_hook+0x37/0xd0
[   92.182453][ T3220]  kmem_cache_alloc_trace+0x48/0x210
[   92.187579][ T3220]  ? __get_vm_area_node+0x117/0x360
[   92.192611][ T3220]  __get_vm_area_node+0x117/0x360
[   92.197473][ T3220]  __vmalloc_node_range+0xe2/0x8d0
[   92.202425][ T3220]  ? copy_process+0x5c4/0x3290
[   92.207018][ T3220]  ? slab_post_alloc_hook+0x72/0x2c0
[   92.212136][ T3220]  ? dup_task_struct+0x53/0xc60
[   92.216827][ T3220]  ? dup_task_struct+0x53/0xc60
[   92.221519][ T3220]  dup_task_struct+0x416/0xc60
[   92.226114][ T3220]  ? copy_process+0x5c4/0x3290
[   92.230712][ T3220]  ? __kasan_check_write+0x14/0x20
[   92.235662][ T3220]  copy_process+0x5c4/0x3290
[   92.240085][ T3220]  ? __kasan_check_write+0x14/0x20
[   92.245031][ T3220]  ? proc_fail_nth_write+0x20b/0x290
[   92.250158][ T3220]  ? selinux_file_permission+0x2c4/0x570
[   92.255619][ T3220]  ? fsnotify_perm+0x6a/0x5d0
[   92.260131][ T3220]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   92.265081][ T3220]  ? vfs_write+0x9ec/0x1110
[   92.269421][ T3220]  kernel_clone+0x21e/0x9e0
[   92.273759][ T3220]  ? file_end_write+0x1c0/0x1c0
[   92.278445][ T3220]  ? create_io_thread+0x1e0/0x1e0
[   92.283305][ T3220]  ? mutex_unlock+0xb2/0x260
[   92.287733][ T3220]  ? __mutex_lock_slowpath+0x10/0x10
[   92.292855][ T3220]  __x64_sys_clone+0x23f/0x290
[   92.297453][ T3220]  ? __do_sys_vfork+0x130/0x130
[   92.302139][ T3220]  ? ksys_write+0x260/0x2c0
[   92.306489][ T3220]  ? debug_smp_processor_id+0x17/0x20
[   92.311689][ T3220]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   92.317591][ T3220]  ? exit_to_user_mode_prepare+0x39/0xa0
[   92.323058][ T3220]  do_syscall_64+0x3d/0xb0
[   92.327314][ T3220]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   92.333039][ T3220] RIP: 0033:0x7fc368450da9
[   92.337295][ T3220] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.356738][ T3220] RSP: 002b:00007fc3671d2078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   92.364979][ T3220] RAX: ffffffffffffffda RBX: 00007fc36857ef80 RCX: 00007fc368450da9
[   92.372793][ T3220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   92.380603][ T3220] RBP: 00007fc3671d2120 R08: 0000000020000540 R09: 0000000020000540
[   92.388411][ T3220] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   92.396225][ T3220] R13: 000000000000000b R14: 00007fc36857ef80 R15: 00007ffd99bee8b8
[   92.404040][ T3220]  </TASK>
[   92.408021][ T3226] CPU: 1 PID: 3226 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   92.418087][ T3226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   92.427978][ T3226] Call Trace:
[   92.431120][ T3226]  <TASK>
[   92.433882][ T3226]  dump_stack_lvl+0x151/0x1b7
[   92.438394][ T3226]  ? io_uring_drop_tctx_refs+0x190/0x190
[   92.443865][ T3226]  dump_stack+0x15/0x17
[   92.447855][ T3226]  should_fail+0x3c6/0x510
[   92.452109][ T3226]  __should_failslab+0xa4/0xe0
[   92.456709][ T3226]  ? vm_area_dup+0x26/0x230
[   92.461047][ T3226]  should_failslab+0x9/0x20
[   92.465396][ T3226]  slab_pre_alloc_hook+0x37/0xd0
[   92.470160][ T3226]  ? vm_area_dup+0x26/0x230
[   92.474510][ T3226]  kmem_cache_alloc+0x44/0x200
[   92.479099][ T3226]  vm_area_dup+0x26/0x230
[   92.483268][ T3226]  copy_mm+0x9a1/0x13e0
[   92.487260][ T3226]  ? copy_signal+0x610/0x610
[   92.491687][ T3226]  ? __init_rwsem+0xd6/0x1c0
[   92.496111][ T3226]  ? copy_signal+0x4e3/0x610
[   92.500545][ T3226]  copy_process+0x1149/0x3290
[   92.505051][ T3226]  ? proc_fail_nth_write+0x20b/0x290
[   92.510174][ T3226]  ? fsnotify_perm+0x6a/0x5d0
[   92.514688][ T3226]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   92.519635][ T3226]  ? vfs_write+0x9ec/0x1110
[   92.523974][ T3226]  kernel_clone+0x21e/0x9e0
[   92.528313][ T3226]  ? file_end_write+0x1c0/0x1c0
[   92.533007][ T3226]  ? create_io_thread+0x1e0/0x1e0
[   92.537874][ T3226]  ? mutex_unlock+0xb2/0x260
[   92.542286][ T3226]  ? __mutex_lock_slowpath+0x10/0x10
[   92.547408][ T3226]  __x64_sys_clone+0x23f/0x290
[   92.552006][ T3226]  ? __do_sys_vfork+0x130/0x130
[   92.556696][ T3226]  ? ksys_write+0x260/0x2c0
[   92.561036][ T3226]  ? debug_smp_processor_id+0x17/0x20
[   92.566241][ T3226]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   92.572156][ T3226]  ? exit_to_user_mode_prepare+0x39/0xa0
[   92.577624][ T3226]  do_syscall_64+0x3d/0xb0
[   92.581869][ T3226]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   92.587597][ T3226] RIP: 0033:0x7fc79465eda9
[   92.591849][ T3226] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.611289][ T3226] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   92.619880][ T3226] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   92.627693][ T3226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   92.635503][ T3226] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   92.643315][ T3226] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   92.651126][ T3226] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   92.658942][ T3226]  </TASK>
06:47:28 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:28 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r2=>r1, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r3, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x50, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x1)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x39, 0x7, 0xfff, 0x0, 0xa88, r3, 0x4, '\x00', 0x0, r4, 0x3, 0x4, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   92.665772][ T3220] warn_alloc: 4 callbacks suppressed
[   92.665790][ T3220] syz-executor.3: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0
[   92.720223][ T3220] CPU: 1 PID: 3220 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   92.730303][ T3220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   92.740198][ T3220] Call Trace:
[   92.743328][ T3220]  <TASK>
[   92.746098][ T3220]  dump_stack_lvl+0x151/0x1b7
[   92.750623][ T3220]  ? io_uring_drop_tctx_refs+0x190/0x190
[   92.756105][ T3220]  ? pr_cont_kernfs_name+0xf0/0x100
[   92.761117][ T3220]  dump_stack+0x15/0x17
[   92.765105][ T3220]  warn_alloc+0x21a/0x390
[   92.769273][ T3220]  ? should_failslab+0x9/0x20
[   92.773782][ T3220]  ? zone_watermark_ok_safe+0x270/0x270
[   92.779163][ T3220]  ? __get_vm_area_node+0x347/0x360
[   92.784198][ T3220]  __vmalloc_node_range+0x2c1/0x8d0
[   92.789231][ T3220]  ? slab_post_alloc_hook+0x72/0x2c0
[   92.794350][ T3220]  ? dup_task_struct+0x53/0xc60
[   92.799136][ T3220]  ? dup_task_struct+0x53/0xc60
[   92.803826][ T3220]  dup_task_struct+0x416/0xc60
[   92.808421][ T3220]  ? copy_process+0x5c4/0x3290
[   92.813021][ T3220]  ? __kasan_check_write+0x14/0x20
[   92.817972][ T3220]  copy_process+0x5c4/0x3290
[   92.822400][ T3220]  ? __kasan_check_write+0x14/0x20
[   92.827343][ T3220]  ? proc_fail_nth_write+0x20b/0x290
[   92.832467][ T3220]  ? selinux_file_permission+0x2c4/0x570
[   92.837931][ T3220]  ? fsnotify_perm+0x6a/0x5d0
[   92.842445][ T3220]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   92.847392][ T3220]  ? vfs_write+0x9ec/0x1110
[   92.851734][ T3220]  kernel_clone+0x21e/0x9e0
[   92.856077][ T3220]  ? file_end_write+0x1c0/0x1c0
[   92.860759][ T3220]  ? create_io_thread+0x1e0/0x1e0
[   92.865620][ T3220]  ? mutex_unlock+0xb2/0x260
[   92.870053][ T3220]  ? __mutex_lock_slowpath+0x10/0x10
[   92.875165][ T3220]  __x64_sys_clone+0x23f/0x290
[   92.879780][ T3220]  ? __do_sys_vfork+0x130/0x130
[   92.884464][ T3220]  ? ksys_write+0x260/0x2c0
[   92.888799][ T3220]  ? debug_smp_processor_id+0x17/0x20
[   92.894003][ T3220]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   92.899904][ T3220]  ? exit_to_user_mode_prepare+0x39/0xa0
[   92.905372][ T3220]  do_syscall_64+0x3d/0xb0
[   92.909625][ T3220]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   92.915352][ T3220] RIP: 0033:0x7fc368450da9
[   92.919610][ T3220] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.939048][ T3220] RSP: 002b:00007fc3671d2078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   92.947292][ T3220] RAX: ffffffffffffffda RBX: 00007fc36857ef80 RCX: 00007fc368450da9
[   92.955105][ T3220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   92.962914][ T3220] RBP: 00007fc3671d2120 R08: 0000000020000540 R09: 0000000020000540
06:47:29 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:29 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 37)

06:47:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r2=>r1, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r3, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x50, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x1) (async)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x39, 0x7, 0xfff, 0x0, 0xa88, r3, 0x4, '\x00', 0x0, r4, 0x3, 0x4, 0x2}, 0x48) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:29 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='blkio.bfq.time\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000006c0)={0x5, 0x80, 0x1f, 0x7f, 0x14, 0xdc, 0x0, 0x2, 0x1000, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x320ddeefb0f3916d, @perf_config_ext={0x1, 0xd393}, 0x4020, 0x8, 0xbc000000, 0x0, 0x5, 0x101, 0x1ff, 0x0, 0xffffffff, 0x0, 0xfffffffffffff1e6}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xa)
openat$cgroup_procs(r0, &(0x7f0000000700)='cgroup.threads\x00', 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
perf_event_open$cgroup(&(0x7f0000000780)={0x5, 0x80, 0x7, 0x1, 0x2, 0x9, 0x0, 0x4, 0x20000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x4, 0x3}, 0x110904, 0x2, 0xc55, 0x0, 0x80000000, 0xac7, 0x0, 0x0, 0x9, 0x0, 0x7aa9}, r1, 0xf, r1, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x87, &(0x7f0000000280)=[{}, {}], 0x10, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa, 0xc, 0x3, [@volatile={0x4, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x30]}}, &(0x7f0000000500)=""/148, 0x27, 0x94, 0x1, 0xa}, 0xffffffffffffff36) (async)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa, 0xc, 0x3, [@volatile={0x4, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x30]}}, &(0x7f0000000500)=""/148, 0x27, 0x94, 0x1, 0xa}, 0xffffffffffffff36)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000000c0)=@raw=[@map_val={0x18, 0x3, 0x2, 0x0, r3}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x5}], &(0x7f0000000100)='GPL\x00', 0x800, 0x53, &(0x7f0000000140)=""/83, 0x41100, 0xe, '\x00', r4, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000600)=[{0x0, 0x4, 0xf, 0xa}, {0x4, 0x2, 0xa, 0xe}, {0x1, 0x2, 0xe, 0xc}, {0x5, 0x5, 0x5, 0x8}], 0x10, 0x4}, 0x90)

[   92.970728][ T3220] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   92.978542][ T3220] R13: 000000000000000b R14: 00007fc36857ef80 R15: 00007ffd99bee8b8
[   92.986352][ T3220]  </TASK>
06:47:29 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   93.023505][ T3250] FAULT_INJECTION: forcing a failure.
[   93.023505][ T3250] name failslab, interval 1, probability 0, space 0, times 0
[   93.042483][ T3250] CPU: 0 PID: 3250 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   93.052563][ T3250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   93.062455][ T3250] Call Trace:
[   93.065576][ T3250]  <TASK>
[   93.068356][ T3250]  dump_stack_lvl+0x151/0x1b7
06:47:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r2=>r1, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r3, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x50, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async)
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x1) (async)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x39, 0x7, 0xfff, 0x0, 0xa88, r3, 0x4, '\x00', 0x0, r4, 0x3, 0x4, 0x2}, 0x48) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   93.072870][ T3250]  ? io_uring_drop_tctx_refs+0x190/0x190
[   93.078337][ T3250]  dump_stack+0x15/0x17
[   93.082327][ T3250]  should_fail+0x3c6/0x510
[   93.086583][ T3250]  __should_failslab+0xa4/0xe0
[   93.091181][ T3250]  ? vm_area_dup+0x26/0x230
[   93.095555][ T3250]  should_failslab+0x9/0x20
[   93.099860][ T3250]  slab_pre_alloc_hook+0x37/0xd0
[   93.104644][ T3250]  ? vm_area_dup+0x26/0x230
[   93.108974][ T3250]  kmem_cache_alloc+0x44/0x200
[   93.113576][ T3250]  vm_area_dup+0x26/0x230
[   93.117743][ T3250]  copy_mm+0x9a1/0x13e0
[   93.121735][ T3250]  ? copy_signal+0x610/0x610
[   93.126160][ T3250]  ? __init_rwsem+0xd6/0x1c0
[   93.130588][ T3250]  ? copy_signal+0x4e3/0x610
[   93.135011][ T3250]  copy_process+0x1149/0x3290
[   93.139529][ T3250]  ? proc_fail_nth_write+0x20b/0x290
[   93.144651][ T3250]  ? fsnotify_perm+0x6a/0x5d0
[   93.149159][ T3250]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   93.154113][ T3250]  ? vfs_write+0x9ec/0x1110
[   93.158448][ T3250]  kernel_clone+0x21e/0x9e0
[   93.162794][ T3250]  ? file_end_write+0x1c0/0x1c0
[   93.167488][ T3250]  ? create_io_thread+0x1e0/0x1e0
[   93.172331][ T3250]  ? mutex_unlock+0xb2/0x260
[   93.176772][ T3250]  ? __mutex_lock_slowpath+0x10/0x10
[   93.181882][ T3250]  __x64_sys_clone+0x23f/0x290
[   93.186484][ T3250]  ? __do_sys_vfork+0x130/0x130
[   93.191254][ T3250]  ? ksys_write+0x260/0x2c0
[   93.195603][ T3250]  ? debug_smp_processor_id+0x17/0x20
[   93.200803][ T3250]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   93.206708][ T3250]  ? exit_to_user_mode_prepare+0x39/0xa0
[   93.212174][ T3250]  do_syscall_64+0x3d/0xb0
[   93.216424][ T3250]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   93.222153][ T3250] RIP: 0033:0x7fc79465eda9
[   93.226406][ T3250] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   93.245852][ T3250] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   93.254096][ T3250] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   93.261907][ T3250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:29 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   93.269804][ T3250] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   93.277616][ T3250] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   93.285427][ T3250] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   93.293245][ T3250]  </TASK>
[   93.301543][ T3220] Mem-Info:
[   93.308300][ T3220] active_anon:6330 inactive_anon:149335 isolated_anon:0
[   93.308300][ T3220]  active_file:3454 inactive_file:22536 isolated_file:0
06:47:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)

06:47:29 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x73, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x44, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0)={r2}, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
write$cgroup_int(r5, &(0x7f00000001c0), 0xfffffdef)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0xa, 0x0, 0x1f, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000440)=[0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)={@cgroup=r5, r1, 0x12, 0x2000, 0x0, @prog_id=r2, r6}, 0x20)

06:47:29 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 38)

[   93.308300][ T3220]  unevictable:0 dirty:4881 writeback:25
[   93.308300][ T3220]  slab_reclaimable:9013 slab_unreclaimable:73252
[   93.308300][ T3220]  mapped:26923 shmem:8954 pagetables:852 bounce:0
[   93.308300][ T3220]  kernel_misc_reclaimable:0
[   93.308300][ T3220]  free:1415399 free_pcp:13602 free_cma:0
06:47:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)

06:47:29 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)

[   93.384298][ T3269] FAULT_INJECTION: forcing a failure.
[   93.384298][ T3269] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:47:29 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   93.436946][ T3220] Node 0 active_anon:25320kB inactive_anon:597140kB active_file:13816kB inactive_file:81544kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:103592kB dirty:17124kB writeback:3400kB shmem:35816kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:4616kB pagetables:3308kB all_unreclaimable? no
[   93.468686][ T3269] CPU: 1 PID: 3269 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   93.476698][ T3220] DMA32 free:2976724kB min:62592kB low:78240kB high:93888kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2981436kB mlocked:0kB bounce:0kB free_pcp:4712kB local_pcp:56kB free_cma:0kB
[   93.478839][ T3269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   93.478854][ T3269] Call Trace:
[   93.478860][ T3269]  <TASK>
[   93.478867][ T3269]  dump_stack_lvl+0x151/0x1b7
[   93.506181][ T3220] lowmem_reserve[]:
[   93.515640][ T3269]  ? io_uring_drop_tctx_refs+0x190/0x190
[   93.518933][ T3220]  0
[   93.521538][ T3269]  dump_stack+0x15/0x17
[   93.521558][ T3269]  should_fail+0x3c6/0x510
[   93.536238][ T3220]  3941
[   93.537512][ T3269]  should_fail_alloc_page+0x5a/0x80
[   93.541520][ T3220]  3941
[   93.545761][ T3269]  prepare_alloc_pages+0x15c/0x700
[   93.545782][ T3269]  ? __alloc_pages_bulk+0xe40/0xe40
[   93.549792][ T3220] 
[   93.553396][ T3269]  __alloc_pages+0x18c/0x8f0
[   93.566154][ T3220] Normal free:2684872kB min:84860kB low:106072kB high:127284kB reserved_highatomic:0KB active_anon:25320kB inactive_anon:597240kB active_file:13816kB inactive_file:78144kB unevictable:0kB writepending:20504kB present:5242880kB managed:4035848kB mlocked:0kB bounce:0kB free_pcp:62880kB local_pcp:23592kB free_cma:0kB
[   93.568148][ T3269]  ? prep_new_page+0x110/0x110
[   93.568177][ T3269]  get_zeroed_page+0x1b/0x40
[   93.572600][ T3220] lowmem_reserve[]:
[   93.601911][ T3269]  __pud_alloc+0x8b/0x260
[   93.601932][ T3269]  ? stack_trace_snprint+0xf0/0xf0
[   93.601950][ T3269]  ? do_handle_mm_fault+0x2330/0x2330
[   93.601965][ T3269]  ? __stack_depot_save+0x34/0x470
[   93.616252][ T3220]  0
[   93.618747][ T3269]  ? anon_vma_clone+0x9a/0x500
[   93.626298][ T3220]  0
[   93.628904][ T3269]  copy_page_range+0x2bcf/0x2f90
[   93.637330][ T3220]  0
[   93.640793][ T3269]  ? __kasan_slab_alloc+0xb1/0xe0
[   93.646309][ T3220] 
[   93.647910][ T3269]  ? slab_post_alloc_hook+0x53/0x2c0
[   93.650280][ T3220] DMA32: 
[   93.655115][ T3269]  ? copy_mm+0xa3a/0x13e0
[   93.660819][ T3220] 3*4kB 
[   93.662409][ T3269]  ? copy_process+0x1149/0x3290
[   93.666299][ T3220] (M) 
[   93.669348][ T3269]  ? kernel_clone+0x21e/0x9e0
[   93.675288][ T3220] 1*8kB 
[   93.676730][ T3269]  ? __x64_sys_clone+0x23f/0x290
[   93.676754][ T3269]  ? do_syscall_64+0x3d/0xb0
[   93.679778][ T3220] (M) 
[   93.683757][ T3269]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   93.690811][ T3220] 2*16kB 
[   93.691232][ T3269]  ? pfn_valid+0x1e0/0x1e0
[   93.698909][ T3220] (M) 
[   93.704066][ T3269]  ? rwsem_write_trylock+0x15b/0x290
[   93.711179][ T3220] 3*32kB 
[   93.713614][ T3269]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   93.723075][ T3220] (M) 
[   93.727768][ T3269]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   93.727794][ T3269]  ? __rb_insert_augmented+0x5de/0x610
[   93.736120][ T3220] 3*64kB 
[   93.741131][ T3269]  copy_mm+0xc7e/0x13e0
[   93.741169][ T3220] (M) 
[   93.743907][ T3269]  ? copy_signal+0x610/0x610
[   93.750164][ T3220] 3*128kB 
[   93.750413][ T3269]  ? __init_rwsem+0xd6/0x1c0
[   93.757026][ T3220] (M) 
[   93.757703][ T3269]  ? copy_signal+0x4e3/0x610
[   93.764317][ T3220] 3*256kB 
[   93.764648][ T3269]  copy_process+0x1149/0x3290
[   93.772352][ T3220] (M) 
[   93.776459][ T3269]  ? proc_fail_nth_write+0x20b/0x290
[   93.776484][ T3269]  ? fsnotify_perm+0x6a/0x5d0
[   93.786117][ T3220] 3*512kB 
[   93.788607][ T3269]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   93.788645][ T3220] (M) 
[   93.791466][ T3269]  ? vfs_write+0x9ec/0x1110
[   93.791487][ T3269]  kernel_clone+0x21e/0x9e0
[   93.796865][ T3220] 4*1024kB 
[   93.798938][ T3269]  ? file_end_write+0x1c0/0x1c0
[   93.798959][ T3269]  ? create_io_thread+0x1e0/0x1e0
[   93.803301][ T3220] (UM) 
[   93.807610][ T3269]  ? mutex_unlock+0xb2/0x260
[   93.807630][ T3269]  ? __mutex_lock_slowpath+0x10/0x10
[   93.816126][ T3220] 4*2048kB 
[   93.820111][ T3269]  __x64_sys_clone+0x23f/0x290
[   93.822744][ T3220] (UM) 
[   93.827141][ T3269]  ? __do_sys_vfork+0x130/0x130
[   93.827161][ T3269]  ? ksys_write+0x260/0x2c0
[   93.832665][ T3220] 723*4096kB 
[   93.835306][ T3269]  ? debug_smp_processor_id+0x17/0x20
[   93.843418][ T3220] (M) 
[   93.847190][ T3269]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   93.847216][ T3269]  ? exit_to_user_mode_prepare+0x39/0xa0
[   93.847234][ T3269]  do_syscall_64+0x3d/0xb0
[   93.847250][ T3269]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   93.851878][ T3220] = 2976724kB
06:47:30 executing program 4:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={&(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)=""/38, 0x26}}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   93.854655][ T3269] RIP: 0033:0x7fc79465eda9
[   93.854673][ T3269] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   93.860072][ T3220] Normal: 
[   93.862384][ T3269] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   93.862407][ T3269] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   93.868481][ T3220] 2822*4kB 
06:47:30 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   93.873747][ T3269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   93.873761][ T3269] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   93.878231][ T3220] (UME) 
[   93.883734][ T3269] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   93.883748][ T3269] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   93.887067][ T3220] 848*8kB 
[   93.891111][ T3269]  </TASK>
06:47:30 executing program 4:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={&(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)=""/38, 0x26}}, 0x10) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:30 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 39)

06:47:30 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   94.007069][ T3220] (UME) 557*16kB (UME) 197*32kB (UME) 93*64kB (UME) 59*128kB (UME) 13*256kB (UM) 4*512kB (UE) 1*1024kB (E) 3*2048kB (UM) 641*4096kB (M) = 2684872kB
[   94.034150][ T3220] 26628 total pagecache pages
[   94.048847][ T3220] 0 pages in swap cache
[   94.057454][ T3301] FAULT_INJECTION: forcing a failure.
[   94.057454][ T3301] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   94.059062][ T3220] Swap cache stats: add 0, delete 0, find 0/0
[   94.074127][ T3301] CPU: 1 PID: 3301 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   94.086446][ T3301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   94.096341][ T3301] Call Trace:
[   94.099459][ T3301]  <TASK>
[   94.102237][ T3301]  dump_stack_lvl+0x151/0x1b7
[   94.106758][ T3301]  ? io_uring_drop_tctx_refs+0x190/0x190
[   94.112230][ T3301]  dump_stack+0x15/0x17
[   94.116148][ T3220] Free swap  = 124996kB
[   94.116211][ T3301]  should_fail+0x3c6/0x510
[   94.120263][ T3220] Total swap = 124996kB
[   94.124459][ T3301]  should_fail_alloc_page+0x5a/0x80
[   94.128597][ T3220] 2097051 pages RAM
[   94.133483][ T3301]  prepare_alloc_pages+0x15c/0x700
[   94.142083][ T3301]  ? __alloc_pages_bulk+0xe40/0xe40
[   94.146126][ T3220] 0 pages HighMem/MovableOnly
[   94.147130][ T3301]  __alloc_pages+0x18c/0x8f0
06:47:30 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:30 executing program 4:
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={&(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)=""/38, 0x26}}, 0x10) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) (async, rerun: 32)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32)

[   94.151662][ T3220] 342730 pages reserved
[   94.156050][ T3301]  ? prep_new_page+0x110/0x110
[   94.156069][ T3301]  ? __alloc_pages+0x27e/0x8f0
[   94.166108][ T3220] 0 pages cma reserved
[   94.169245][ T3301]  ? __kasan_check_write+0x14/0x20
[   94.178099][ T3301]  ? _raw_spin_lock+0xa4/0x1b0
[   94.182705][ T3301]  __pmd_alloc+0xb1/0x550
[   94.186864][ T3301]  ? __pud_alloc+0x260/0x260
[   94.191287][ T3301]  ? __pud_alloc+0x213/0x260
[   94.195718][ T3301]  ? do_handle_mm_fault+0x2330/0x2330
[   94.200922][ T3301]  ? __stack_depot_save+0x34/0x470
[   94.205871][ T3301]  ? anon_vma_clone+0x9a/0x500
[   94.210475][ T3301]  copy_page_range+0x2b3d/0x2f90
[   94.215250][ T3301]  ? __kasan_slab_alloc+0xb1/0xe0
[   94.220977][ T3301]  ? slab_post_alloc_hook+0x53/0x2c0
[   94.226098][ T3301]  ? copy_mm+0xa3a/0x13e0
[   94.230259][ T3301]  ? copy_process+0x1149/0x3290
[   94.234949][ T3301]  ? kernel_clone+0x21e/0x9e0
[   94.239464][ T3301]  ? do_syscall_64+0x3d/0xb0
[   94.243886][ T3301]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   94.249792][ T3301]  ? pfn_valid+0x1e0/0x1e0
[   94.254038][ T3301]  ? rwsem_write_trylock+0x15b/0x290
[   94.259159][ T3301]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   94.265418][ T3301]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   94.270965][ T3301]  ? __rb_insert_augmented+0x5de/0x610
[   94.276259][ T3301]  copy_mm+0xc7e/0x13e0
[   94.280253][ T3301]  ? copy_signal+0x610/0x610
[   94.284678][ T3301]  ? __init_rwsem+0xd6/0x1c0
[   94.289108][ T3301]  ? copy_signal+0x4e3/0x610
[   94.293537][ T3301]  copy_process+0x1149/0x3290
[   94.298047][ T3301]  ? proc_fail_nth_write+0x20b/0x290
[   94.303169][ T3301]  ? fsnotify_perm+0x6a/0x5d0
[   94.307705][ T3301]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   94.312626][ T3301]  ? vfs_write+0x9ec/0x1110
[   94.316967][ T3301]  kernel_clone+0x21e/0x9e0
[   94.321303][ T3301]  ? file_end_write+0x1c0/0x1c0
[   94.325994][ T3301]  ? create_io_thread+0x1e0/0x1e0
[   94.330852][ T3301]  ? mutex_unlock+0xb2/0x260
[   94.335366][ T3301]  ? __mutex_lock_slowpath+0x10/0x10
[   94.340492][ T3301]  __x64_sys_clone+0x23f/0x290
[   94.345086][ T3301]  ? __do_sys_vfork+0x130/0x130
[   94.349775][ T3301]  ? ksys_write+0x260/0x2c0
[   94.354119][ T3301]  ? debug_smp_processor_id+0x17/0x20
[   94.359323][ T3301]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   94.365229][ T3301]  ? exit_to_user_mode_prepare+0x39/0xa0
[   94.370697][ T3301]  do_syscall_64+0x3d/0xb0
[   94.374944][ T3301]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   94.380758][ T3301] RIP: 0033:0x7fc79465eda9
[   94.385021][ T3301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:30 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   94.404455][ T3301] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   94.412698][ T3301] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   94.420512][ T3301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   94.428319][ T3301] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   94.436135][ T3301] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   94.443944][ T3301] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   94.451762][ T3301]  </TASK>
06:47:30 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x73, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x44, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (rerun: 64)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0)={r2}, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
write$cgroup_int(r5, &(0x7f00000001c0), 0xfffffdef)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0xa, 0x0, 0x1f, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000440)=[0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)={@cgroup=r5, r1, 0x12, 0x2000, 0x0, @prog_id=r2, r6}, 0x20)

06:47:30 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 40)

[   94.464128][   T30] audit: type=1400 audit(1709880450.706:116): avc:  denied  { unlink } for  pid=82 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
06:47:30 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:30 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025102, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   94.518125][ T3320] FAULT_INJECTION: forcing a failure.
[   94.518125][ T3320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   94.582699][ T3320] CPU: 1 PID: 3320 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   94.592776][ T3320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   94.602671][ T3320] Call Trace:
[   94.605789][ T3320]  <TASK>
[   94.608569][ T3320]  dump_stack_lvl+0x151/0x1b7
[   94.613082][ T3320]  ? io_uring_drop_tctx_refs+0x190/0x190
[   94.618552][ T3320]  dump_stack+0x15/0x17
[   94.622543][ T3320]  should_fail+0x3c6/0x510
[   94.626794][ T3320]  should_fail_alloc_page+0x5a/0x80
[   94.631827][ T3320]  prepare_alloc_pages+0x15c/0x700
[   94.636780][ T3320]  ? __alloc_pages_bulk+0xe40/0xe40
[   94.641810][ T3320]  __alloc_pages+0x18c/0x8f0
[   94.646238][ T3320]  ? prep_new_page+0x110/0x110
[   94.650842][ T3320]  ? __alloc_pages+0x27e/0x8f0
[   94.655438][ T3320]  ? __kasan_check_write+0x14/0x20
[   94.660381][ T3320]  ? _raw_spin_lock+0xa4/0x1b0
[   94.664985][ T3320]  pte_alloc_one+0x73/0x1b0
[   94.669323][ T3320]  ? pfn_modify_allowed+0x2f0/0x2f0
[   94.674445][ T3320]  ? __pmd_alloc+0x48d/0x550
[   94.678870][ T3320]  __pte_alloc+0x86/0x350
[   94.683037][ T3320]  ? __pud_alloc+0x260/0x260
[   94.687465][ T3320]  ? __pud_alloc+0x213/0x260
[   94.691894][ T3320]  ? free_pgtables+0x280/0x280
[   94.696491][ T3320]  ? do_handle_mm_fault+0x2330/0x2330
[   94.701697][ T3320]  ? __stack_depot_save+0x34/0x470
[   94.706643][ T3320]  ? anon_vma_clone+0x9a/0x500
[   94.711245][ T3320]  copy_page_range+0x28a8/0x2f90
[   94.716017][ T3320]  ? __kasan_slab_alloc+0xb1/0xe0
[   94.720879][ T3320]  ? slab_post_alloc_hook+0x53/0x2c0
[   94.726000][ T3320]  ? kernel_clone+0x21e/0x9e0
[   94.730515][ T3320]  ? do_syscall_64+0x3d/0xb0
[   94.734941][ T3320]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   94.740853][ T3320]  ? pfn_valid+0x1e0/0x1e0
[   94.745095][ T3320]  ? rwsem_write_trylock+0x15b/0x290
[   94.750214][ T3320]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   94.756472][ T3320]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   94.762280][ T3320]  ? __rb_insert_augmented+0x5de/0x610
[   94.767840][ T3320]  copy_mm+0xc7e/0x13e0
[   94.771834][ T3320]  ? copy_signal+0x610/0x610
[   94.776254][ T3320]  ? __init_rwsem+0xd6/0x1c0
[   94.780681][ T3320]  ? copy_signal+0x4e3/0x610
[   94.785107][ T3320]  copy_process+0x1149/0x3290
[   94.789670][ T3320]  ? proc_fail_nth_write+0x20b/0x290
[   94.794740][ T3320]  ? fsnotify_perm+0x6a/0x5d0
[   94.799256][ T3320]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   94.804311][ T3320]  ? vfs_write+0x9ec/0x1110
[   94.808745][ T3320]  kernel_clone+0x21e/0x9e0
[   94.813076][ T3320]  ? file_end_write+0x1c0/0x1c0
[   94.817763][ T3320]  ? create_io_thread+0x1e0/0x1e0
[   94.822624][ T3320]  ? mutex_unlock+0xb2/0x260
[   94.827050][ T3320]  ? __mutex_lock_slowpath+0x10/0x10
[   94.832174][ T3320]  __x64_sys_clone+0x23f/0x290
[   94.836772][ T3320]  ? __do_sys_vfork+0x130/0x130
[   94.841458][ T3320]  ? ksys_write+0x260/0x2c0
[   94.845804][ T3320]  ? debug_smp_processor_id+0x17/0x20
[   94.851179][ T3320]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   94.857094][ T3320]  ? exit_to_user_mode_prepare+0x39/0xa0
[   94.862555][ T3320]  do_syscall_64+0x3d/0xb0
[   94.866805][ T3320]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   94.872536][ T3320] RIP: 0033:0x7fc79465eda9
[   94.876872][ T3320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   94.896320][ T3320] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   94.904556][ T3320] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   94.912368][ T3320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   94.920182][ T3320] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025107, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025108, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 41)

[   94.927993][ T3320] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   94.935802][ T3320] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   94.943619][ T3320]  </TASK>
06:47:31 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   95.001633][ T3350] FAULT_INJECTION: forcing a failure.
[   95.001633][ T3350] name failslab, interval 1, probability 0, space 0, times 0
[   95.022230][ T3350] CPU: 1 PID: 3350 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   95.032304][ T3350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   95.042198][ T3350] Call Trace:
[   95.045320][ T3350]  <TASK>
[   95.048096][ T3350]  dump_stack_lvl+0x151/0x1b7
[   95.052608][ T3350]  ? io_uring_drop_tctx_refs+0x190/0x190
[   95.058081][ T3350]  dump_stack+0x15/0x17
[   95.062077][ T3350]  should_fail+0x3c6/0x510
[   95.066324][ T3350]  __should_failslab+0xa4/0xe0
[   95.070922][ T3350]  ? anon_vma_clone+0x9a/0x500
[   95.075526][ T3350]  should_failslab+0x9/0x20
[   95.079868][ T3350]  slab_pre_alloc_hook+0x37/0xd0
[   95.084638][ T3350]  ? anon_vma_clone+0x9a/0x500
[   95.089241][ T3350]  kmem_cache_alloc+0x44/0x200
[   95.093835][ T3350]  anon_vma_clone+0x9a/0x500
[   95.098263][ T3350]  anon_vma_fork+0x91/0x4e0
[   95.102601][ T3350]  ? anon_vma_name+0x4c/0x70
[   95.107029][ T3350]  ? vm_area_dup+0x17a/0x230
[   95.111459][ T3350]  copy_mm+0xa3a/0x13e0
[   95.115449][ T3350]  ? copy_signal+0x610/0x610
[   95.119877][ T3350]  ? __init_rwsem+0xd6/0x1c0
[   95.124300][ T3350]  ? copy_signal+0x4e3/0x610
[   95.128728][ T3350]  copy_process+0x1149/0x3290
[   95.133247][ T3350]  ? proc_fail_nth_write+0x20b/0x290
[   95.138363][ T3350]  ? fsnotify_perm+0x6a/0x5d0
[   95.142877][ T3350]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   95.147821][ T3350]  ? vfs_write+0x9ec/0x1110
[   95.152162][ T3350]  kernel_clone+0x21e/0x9e0
[   95.156502][ T3350]  ? file_end_write+0x1c0/0x1c0
[   95.161191][ T3350]  ? create_io_thread+0x1e0/0x1e0
[   95.166049][ T3350]  ? mutex_unlock+0xb2/0x260
[   95.170477][ T3350]  ? __mutex_lock_slowpath+0x10/0x10
[   95.175603][ T3350]  __x64_sys_clone+0x23f/0x290
[   95.180197][ T3350]  ? __do_sys_vfork+0x130/0x130
[   95.184884][ T3350]  ? ksys_write+0x260/0x2c0
[   95.189224][ T3350]  ? debug_smp_processor_id+0x17/0x20
[   95.194430][ T3350]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   95.200340][ T3350]  ? exit_to_user_mode_prepare+0x39/0xa0
[   95.205800][ T3350]  do_syscall_64+0x3d/0xb0
[   95.210053][ T3350]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   95.215782][ T3350] RIP: 0033:0x7fc79465eda9
[   95.220037][ T3350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   95.239657][ T3350] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025109, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='qrtr_ns_server_add\x00', r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:31 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 42)

06:47:31 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   95.247906][ T3350] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   95.255713][ T3350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   95.263521][ T3350] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   95.271417][ T3350] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   95.279228][ T3350] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   95.287043][ T3350]  </TASK>
06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='qrtr_ns_server_add\x00', r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:31 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x73, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x44, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0)={r2}, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
write$cgroup_int(r5, &(0x7f00000001c0), 0xfffffdef)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0xa, 0x0, 0x1f, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000440)=[0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)={@cgroup=r5, r1, 0x12, 0x2000, 0x0, @prog_id=r2, r6}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x73, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x44, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0)={r2}, 0x4) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10) (async)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) (async)
write$cgroup_int(r5, &(0x7f00000001c0), 0xfffffdef) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0xa, 0x0, 0x1f, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000440)=[0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0]}, 0x40) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)={@cgroup=r5, r1, 0x12, 0x2000, 0x0, @prog_id=r2, r6}, 0x20) (async)

[   95.341847][ T3370] FAULT_INJECTION: forcing a failure.
[   95.341847][ T3370] name failslab, interval 1, probability 0, space 0, times 0
[   95.365915][ T3370] CPU: 0 PID: 3370 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   95.375987][ T3370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   95.385879][ T3370] Call Trace:
[   95.389002][ T3370]  <TASK>
[   95.391779][ T3370]  dump_stack_lvl+0x151/0x1b7
[   95.396296][ T3370]  ? io_uring_drop_tctx_refs+0x190/0x190
[   95.401767][ T3370]  dump_stack+0x15/0x17
[   95.405753][ T3370]  should_fail+0x3c6/0x510
[   95.410011][ T3370]  __should_failslab+0xa4/0xe0
[   95.414608][ T3370]  ? anon_vma_fork+0x1df/0x4e0
[   95.419208][ T3370]  should_failslab+0x9/0x20
[   95.423549][ T3370]  slab_pre_alloc_hook+0x37/0xd0
[   95.428318][ T3370]  ? anon_vma_fork+0x1df/0x4e0
[   95.432922][ T3370]  kmem_cache_alloc+0x44/0x200
[   95.437521][ T3370]  anon_vma_fork+0x1df/0x4e0
[   95.441947][ T3370]  copy_mm+0xa3a/0x13e0
[   95.445939][ T3370]  ? copy_signal+0x610/0x610
[   95.450371][ T3370]  ? __init_rwsem+0xd6/0x1c0
[   95.454793][ T3370]  ? copy_signal+0x4e3/0x610
[   95.459225][ T3370]  copy_process+0x1149/0x3290
[   95.463734][ T3370]  ? proc_fail_nth_write+0x20b/0x290
[   95.468855][ T3370]  ? fsnotify_perm+0x6a/0x5d0
[   95.473372][ T3370]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   95.478327][ T3370]  ? vfs_write+0x9ec/0x1110
[   95.482657][ T3370]  kernel_clone+0x21e/0x9e0
[   95.486994][ T3370]  ? file_end_write+0x1c0/0x1c0
[   95.491679][ T3370]  ? create_io_thread+0x1e0/0x1e0
[   95.496538][ T3370]  ? mutex_unlock+0xb2/0x260
[   95.500966][ T3370]  ? __mutex_lock_slowpath+0x10/0x10
[   95.506089][ T3370]  __x64_sys_clone+0x23f/0x290
[   95.510686][ T3370]  ? __do_sys_vfork+0x130/0x130
[   95.515372][ T3370]  ? ksys_write+0x260/0x2c0
[   95.519714][ T3370]  ? debug_smp_processor_id+0x17/0x20
[   95.524927][ T3370]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   95.530920][ T3370]  ? exit_to_user_mode_prepare+0x39/0xa0
[   95.536382][ T3370]  do_syscall_64+0x3d/0xb0
[   95.540633][ T3370]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   95.546361][ T3370] RIP: 0033:0x7fc79465eda9
[   95.550614][ T3370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   95.570058][ T3370] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   95.578299][ T3370] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:31 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='qrtr_ns_server_add\x00', r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:31 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 43)

06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x7, 0x0, 0x0, &(0x7f0000000540))

[   95.586109][ T3370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   95.593921][ T3370] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   95.601731][ T3370] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   95.609546][ T3370] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   95.617359][ T3370]  </TASK>
06:47:31 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x93, <r2=>0x0}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map, 0x2e, 0x0, 0x20, &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@ifindex=r1, r0, 0x7, 0x0, 0x0, @prog_id=r2, r3}, 0x20)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:31 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff]}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 0:
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000000))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0x2b, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:31 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x93, <r2=>0x0}, 0x8) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map, 0x2e, 0x0, 0x20, &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@ifindex=r1, r0, 0x7, 0x0, 0x0, @prog_id=r2, r3}, 0x20) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   95.668043][ T3395] FAULT_INJECTION: forcing a failure.
[   95.668043][ T3395] name failslab, interval 1, probability 0, space 0, times 0
06:47:31 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x8, 0x0, 0x0, &(0x7f0000000540))

[   95.731321][ T3395] CPU: 0 PID: 3395 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   95.741394][ T3395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   95.751284][ T3395] Call Trace:
[   95.754410][ T3395]  <TASK>
[   95.757274][ T3395]  dump_stack_lvl+0x151/0x1b7
[   95.761874][ T3395]  ? io_uring_drop_tctx_refs+0x190/0x190
[   95.767344][ T3395]  dump_stack+0x15/0x17
[   95.771334][ T3395]  should_fail+0x3c6/0x510
[   95.775585][ T3395]  __should_failslab+0xa4/0xe0
[   95.780188][ T3395]  ? vm_area_dup+0x26/0x230
[   95.784526][ T3395]  should_failslab+0x9/0x20
[   95.788866][ T3395]  slab_pre_alloc_hook+0x37/0xd0
[   95.793639][ T3395]  ? vm_area_dup+0x26/0x230
[   95.797985][ T3395]  kmem_cache_alloc+0x44/0x200
[   95.802581][ T3395]  vm_area_dup+0x26/0x230
[   95.806746][ T3395]  copy_mm+0x9a1/0x13e0
[   95.810739][ T3395]  ? copy_signal+0x610/0x610
[   95.815163][ T3395]  ? __init_rwsem+0xd6/0x1c0
[   95.819590][ T3395]  ? copy_signal+0x4e3/0x610
[   95.824019][ T3395]  copy_process+0x1149/0x3290
[   95.828533][ T3395]  ? proc_fail_nth_write+0x20b/0x290
[   95.833649][ T3395]  ? fsnotify_perm+0x6a/0x5d0
[   95.838166][ T3395]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   95.843112][ T3395]  ? vfs_write+0x9ec/0x1110
[   95.847461][ T3395]  kernel_clone+0x21e/0x9e0
[   95.851791][ T3395]  ? file_end_write+0x1c0/0x1c0
[   95.856478][ T3395]  ? create_io_thread+0x1e0/0x1e0
[   95.861339][ T3395]  ? mutex_unlock+0xb2/0x260
[   95.865766][ T3395]  ? __mutex_lock_slowpath+0x10/0x10
[   95.870885][ T3395]  __x64_sys_clone+0x23f/0x290
[   95.875488][ T3395]  ? __do_sys_vfork+0x130/0x130
[   95.880173][ T3395]  ? ksys_write+0x260/0x2c0
[   95.884516][ T3395]  ? debug_smp_processor_id+0x17/0x20
[   95.889726][ T3395]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   95.895622][ T3395]  ? exit_to_user_mode_prepare+0x39/0xa0
[   95.901090][ T3395]  do_syscall_64+0x3d/0xb0
[   95.905343][ T3395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   95.911070][ T3395] RIP: 0033:0x7fc79465eda9
[   95.915329][ T3395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   95.934777][ T3395] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   95.943011][ T3395] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   95.950866][ T3395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   95.958632][ T3395] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   95.966449][ T3395] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   95.974255][ T3395] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
06:47:32 executing program 0:
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000000)) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0x2b, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) (rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:32 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff]}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:32 executing program 0:
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000000)) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0x2b, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   95.982071][ T3395]  </TASK>
06:47:32 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 44)

06:47:32 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1e68}, [@generic={0x7f, 0x4, 0x8, 0x4, 0x7f}, @ldst={0x0, 0x2, 0x4, 0x5, 0x5, 0xfffffffffffffff0, 0x8}]}, 0x0, 0x0, 0xd5, &(0x7f00000009c0)=""/213, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000007c0)={0x1, 0x10, 0x0, 0x79}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[0xffffffffffffffff, r1, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0], &(0x7f00000008c0)=[{0x0, 0x0, 0x3}, {0x5, 0x3, 0x0, 0x6}, {0x0, 0x5, 0x8, 0x7}]}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x42, 0x748, 0x4, 0x5f0, r1, 0x8, '\x00', r2, r3, 0x0, 0x2, 0x2, 0x2}, 0x48)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:32 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x93, <r2=>0x0}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map, 0x2e, 0x0, 0x20, &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map, 0x2e, 0x0, 0x20, &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@ifindex=r1, r0, 0x7, 0x0, 0x0, @prog_id=r2, r3}, 0x20)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   96.043598][ T3438] FAULT_INJECTION: forcing a failure.
[   96.043598][ T3438] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   96.057674][ T3438] CPU: 1 PID: 3438 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   96.067737][ T3438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   96.077631][ T3438] Call Trace:
[   96.080861][ T3438]  <TASK>
[   96.083638][ T3438]  dump_stack_lvl+0x151/0x1b7
[   96.088156][ T3438]  ? io_uring_drop_tctx_refs+0x190/0x190
[   96.093617][ T3438]  dump_stack+0x15/0x17
[   96.097610][ T3438]  should_fail+0x3c6/0x510
[   96.101865][ T3438]  should_fail_alloc_page+0x5a/0x80
[   96.106898][ T3438]  prepare_alloc_pages+0x15c/0x700
[   96.111851][ T3438]  ? __alloc_pages_bulk+0xe40/0xe40
[   96.116881][ T3438]  __alloc_pages+0x18c/0x8f0
[   96.121410][ T3438]  ? prep_new_page+0x110/0x110
[   96.125992][ T3438]  ? __alloc_pages+0x27e/0x8f0
[   96.130593][ T3438]  ? __kasan_check_write+0x14/0x20
[   96.135553][ T3438]  ? _raw_spin_lock+0xa4/0x1b0
[   96.140139][ T3438]  __pmd_alloc+0xb1/0x550
[   96.144310][ T3438]  ? __pud_alloc+0x260/0x260
[   96.148733][ T3438]  ? __pud_alloc+0x213/0x260
[   96.153158][ T3438]  ? do_handle_mm_fault+0x2330/0x2330
[   96.158369][ T3438]  ? __stack_depot_save+0x34/0x470
[   96.163317][ T3438]  ? anon_vma_clone+0x9a/0x500
[   96.167920][ T3438]  copy_page_range+0x2b3d/0x2f90
[   96.172688][ T3438]  ? __kasan_slab_alloc+0xb1/0xe0
[   96.177561][ T3438]  ? slab_post_alloc_hook+0x53/0x2c0
[   96.182671][ T3438]  ? copy_mm+0xa3a/0x13e0
[   96.186835][ T3438]  ? copy_process+0x1149/0x3290
[   96.191525][ T3438]  ? kernel_clone+0x21e/0x9e0
[   96.196034][ T3438]  ? do_syscall_64+0x3d/0xb0
[   96.200466][ T3438]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   96.206370][ T3438]  ? pfn_valid+0x1e0/0x1e0
[   96.210615][ T3438]  ? rwsem_write_trylock+0x15b/0x290
[   96.215742][ T3438]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   96.221986][ T3438]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   96.227542][ T3438]  ? __rb_insert_augmented+0x5de/0x610
[   96.232848][ T3438]  copy_mm+0xc7e/0x13e0
[   96.236833][ T3438]  ? copy_signal+0x610/0x610
[   96.241343][ T3438]  ? __init_rwsem+0xd6/0x1c0
[   96.245853][ T3438]  ? copy_signal+0x4e3/0x610
[   96.250285][ T3438]  copy_process+0x1149/0x3290
[   96.254793][ T3438]  ? proc_fail_nth_write+0x20b/0x290
[   96.259916][ T3438]  ? fsnotify_perm+0x6a/0x5d0
[   96.264429][ T3438]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   96.269378][ T3438]  ? vfs_write+0x9ec/0x1110
[   96.273715][ T3438]  kernel_clone+0x21e/0x9e0
[   96.278055][ T3438]  ? file_end_write+0x1c0/0x1c0
[   96.282742][ T3438]  ? create_io_thread+0x1e0/0x1e0
[   96.287601][ T3438]  ? mutex_unlock+0xb2/0x260
[   96.292031][ T3438]  ? __mutex_lock_slowpath+0x10/0x10
[   96.297152][ T3438]  __x64_sys_clone+0x23f/0x290
[   96.301750][ T3438]  ? __do_sys_vfork+0x130/0x130
[   96.306434][ T3438]  ? ksys_write+0x260/0x2c0
[   96.310779][ T3438]  ? debug_smp_processor_id+0x17/0x20
[   96.316070][ T3438]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   96.321972][ T3438]  ? exit_to_user_mode_prepare+0x39/0xa0
[   96.327440][ T3438]  do_syscall_64+0x3d/0xb0
[   96.331693][ T3438]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   96.337423][ T3438] RIP: 0033:0x7fc79465eda9
[   96.341677][ T3438] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   96.361119][ T3438] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   96.369365][ T3438] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   96.377172][ T3438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   96.384983][ T3438] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:32 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff]}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:32 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x9, 0x0, 0x0, &(0x7f0000000540))

06:47:32 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 45)

06:47:32 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1e68}, [@generic={0x7f, 0x4, 0x8, 0x4, 0x7f}, @ldst={0x0, 0x2, 0x4, 0x5, 0x5, 0xfffffffffffffff0, 0x8}]}, 0x0, 0x0, 0xd5, &(0x7f00000009c0)=""/213, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000007c0)={0x1, 0x10, 0x0, 0x79}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[0xffffffffffffffff, r1, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0], &(0x7f00000008c0)=[{0x0, 0x0, 0x3}, {0x5, 0x3, 0x0, 0x6}, {0x0, 0x5, 0x8, 0x7}]}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x42, 0x748, 0x4, 0x5f0, r1, 0x8, '\x00', r2, r3, 0x0, 0x2, 0x2, 0x2}, 0x48)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   96.392794][ T3438] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   96.400606][ T3438] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   96.408429][ T3438]  </TASK>
06:47:32 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x70, 0x0, 0x0, &(0x7f0000000540))

[   96.450155][ T3454] FAULT_INJECTION: forcing a failure.
[   96.450155][ T3454] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   96.473446][ T3454] CPU: 1 PID: 3454 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   96.483523][ T3454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   96.493416][ T3454] Call Trace:
[   96.496540][ T3454]  <TASK>
[   96.499317][ T3454]  dump_stack_lvl+0x151/0x1b7
[   96.503828][ T3454]  ? io_uring_drop_tctx_refs+0x190/0x190
[   96.509299][ T3454]  dump_stack+0x15/0x17
[   96.513299][ T3454]  should_fail+0x3c6/0x510
[   96.517547][ T3454]  should_fail_alloc_page+0x5a/0x80
[   96.522576][ T3454]  prepare_alloc_pages+0x15c/0x700
[   96.527524][ T3454]  ? __alloc_pages_bulk+0xe40/0xe40
[   96.532560][ T3454]  __alloc_pages+0x18c/0x8f0
[   96.536984][ T3454]  ? prep_new_page+0x110/0x110
[   96.541613][ T3454]  ? __alloc_pages+0x27e/0x8f0
[   96.546193][ T3454]  ? __kasan_check_write+0x14/0x20
[   96.551130][ T3454]  ? _raw_spin_lock+0xa4/0x1b0
[   96.555736][ T3454]  pte_alloc_one+0x73/0x1b0
[   96.560073][ T3454]  ? pfn_modify_allowed+0x2f0/0x2f0
[   96.565106][ T3454]  ? __pmd_alloc+0x48d/0x550
[   96.569543][ T3454]  __pte_alloc+0x86/0x350
[   96.573703][ T3454]  ? __pud_alloc+0x260/0x260
[   96.578130][ T3454]  ? __pud_alloc+0x213/0x260
[   96.582556][ T3454]  ? free_pgtables+0x280/0x280
[   96.587150][ T3454]  ? do_handle_mm_fault+0x2330/0x2330
[   96.592365][ T3454]  ? __stack_depot_save+0x34/0x470
[   96.597308][ T3454]  ? anon_vma_clone+0x9a/0x500
[   96.601909][ T3454]  copy_page_range+0x28a8/0x2f90
[   96.606688][ T3454]  ? __kasan_slab_alloc+0xb1/0xe0
[   96.611539][ T3454]  ? slab_post_alloc_hook+0x53/0x2c0
[   96.616667][ T3454]  ? kernel_clone+0x21e/0x9e0
[   96.621175][ T3454]  ? do_syscall_64+0x3d/0xb0
[   96.625600][ T3454]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   96.631505][ T3454]  ? pfn_valid+0x1e0/0x1e0
[   96.635755][ T3454]  ? rwsem_write_trylock+0x15b/0x290
[   96.640879][ T3454]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   96.647126][ T3454]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   96.652683][ T3454]  ? __rb_insert_augmented+0x5de/0x610
[   96.657976][ T3454]  copy_mm+0xc7e/0x13e0
[   96.661969][ T3454]  ? copy_signal+0x610/0x610
[   96.666398][ T3454]  ? __init_rwsem+0xd6/0x1c0
[   96.670821][ T3454]  ? copy_signal+0x4e3/0x610
[   96.675247][ T3454]  copy_process+0x1149/0x3290
[   96.679766][ T3454]  ? proc_fail_nth_write+0x20b/0x290
[   96.684881][ T3454]  ? fsnotify_perm+0x6a/0x5d0
[   96.689397][ T3454]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   96.694344][ T3454]  ? vfs_write+0x9ec/0x1110
[   96.698687][ T3454]  kernel_clone+0x21e/0x9e0
[   96.703024][ T3454]  ? file_end_write+0x1c0/0x1c0
[   96.707750][ T3454]  ? create_io_thread+0x1e0/0x1e0
[   96.712568][ T3454]  ? mutex_unlock+0xb2/0x260
[   96.717000][ T3454]  ? __mutex_lock_slowpath+0x10/0x10
[   96.722117][ T3454]  __x64_sys_clone+0x23f/0x290
[   96.726718][ T3454]  ? __do_sys_vfork+0x130/0x130
[   96.731403][ T3454]  ? ksys_write+0x260/0x2c0
[   96.735745][ T3454]  ? debug_smp_processor_id+0x17/0x20
[   96.740951][ T3454]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   96.746860][ T3454]  ? exit_to_user_mode_prepare+0x39/0xa0
[   96.752321][ T3454]  do_syscall_64+0x3d/0xb0
[   96.756593][ T3454]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   96.762303][ T3454] RIP: 0033:0x7fc79465eda9
[   96.766556][ T3454] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   96.785997][ T3454] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x0, 0x3a, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x9b, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x14, 0x7, 0x101, 0x8e66, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x48)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:33 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1e68}, [@generic={0x7f, 0x4, 0x8, 0x4, 0x7f}, @ldst={0x0, 0x2, 0x4, 0x5, 0x5, 0xfffffffffffffff0, 0x8}]}, 0x0, 0x0, 0xd5, &(0x7f00000009c0)=""/213, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000007c0)={0x1, 0x10, 0x0, 0x79}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[0xffffffffffffffff, r1, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0], &(0x7f00000008c0)=[{0x0, 0x0, 0x3}, {0x5, 0x3, 0x0, 0x6}, {0x0, 0x5, 0x8, 0x7}]}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x42, 0x748, 0x4, 0x5f0, r1, 0x8, '\x00', r2, r3, 0x0, 0x2, 0x2, 0x2}, 0x48) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x700, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 46)

06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   96.794249][ T3454] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   96.802056][ T3454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   96.809867][ T3454] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   96.817678][ T3454] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   96.825486][ T3454] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   96.833308][ T3454]  </TASK>
06:47:33 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x6d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0xe7, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600), 0x4)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x1}, 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x48)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000007c0)={0xffffffffffffffff, 0x9, 0x10}, 0xc)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write$cgroup_int(r10, 0x0, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1b, 0xff, 0x0, 0x0, 0x400, r9, 0x2, '\x00', 0x0, r10, 0x0, 0x4}, 0x48)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40086602, &(0x7f0000000040))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r9, <r13=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r12, <r14=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000680)=r9}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x26, &(0x7f0000000980)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x16d, 0x0, 0x0, 0x0, 0xca0}, {{0x18, 0x1, 0x1, 0x0, r12}}, {}, [@exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r11}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r13}}, @ldst={0x3, 0x2, 0x2, 0x3, 0x7, 0x58, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='syzkaller\x00', 0x4, 0x45, &(0x7f00000003c0)=""/69, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0x1, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[r14], &(0x7f00000008c0)=[{0x3, 0x1, 0x10, 0x3}, {0x2, 0x4, 0x4}, {0x4, 0x1, 0x0, 0x9}], 0x10, 0x9}, 0x90)
r15 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x48)
r16 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000880)={0x0, 0x7f, 0x8}, 0xc)
r17 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xf, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0xc5}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xffffffffffffffff}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xa5}, @jmp={0x5, 0x1, 0x6, 0x2, 0x8, 0xfffffffffffffffc, 0x4}], &(0x7f0000000100)='GPL\x00', 0x7, 0xc7, &(0x7f00000002c0)=""/199, 0x41000, 0x2, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000640)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x0, 0x8, 0x9, 0x1c40}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000940)=[r4, r5, r6, r8, r13, r15, r16, r17], &(0x7f0000000980)=[{0x1, 0x4, 0xc, 0xb}, {0x0, 0x1, 0x1, 0x9}, {0x1, 0x1, 0x5, 0x1}, {0x2, 0x5, 0xd, 0xb}, {0x4, 0x3, 0x2, 0xd6c38fb2a9e64201}], 0x10, 0x4d4000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x900, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x0, 0x3a, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x9b, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x14, 0x7, 0x101, 0x8e66, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x48)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   96.881367][ T3477] FAULT_INJECTION: forcing a failure.
[   96.881367][ T3477] name failslab, interval 1, probability 0, space 0, times 0
[   96.916248][ T3477] CPU: 0 PID: 3477 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   96.926413][ T3477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   96.936326][ T3477] Call Trace:
[   96.939522][ T3477]  <TASK>
[   96.942299][ T3477]  dump_stack_lvl+0x151/0x1b7
[   96.946809][ T3477]  ? io_uring_drop_tctx_refs+0x190/0x190
[   96.952273][ T3477]  dump_stack+0x15/0x17
[   96.956264][ T3477]  should_fail+0x3c6/0x510
[   96.960517][ T3477]  __should_failslab+0xa4/0xe0
[   96.965117][ T3477]  ? vm_area_dup+0x26/0x230
[   96.969457][ T3477]  should_failslab+0x9/0x20
[   96.973794][ T3477]  slab_pre_alloc_hook+0x37/0xd0
[   96.978572][ T3477]  ? vm_area_dup+0x26/0x230
[   96.982910][ T3477]  kmem_cache_alloc+0x44/0x200
[   96.987514][ T3477]  vm_area_dup+0x26/0x230
[   96.991676][ T3477]  copy_mm+0x9a1/0x13e0
[   96.995671][ T3477]  ? copy_signal+0x610/0x610
[   97.000094][ T3477]  ? __init_rwsem+0xd6/0x1c0
[   97.004520][ T3477]  ? copy_signal+0x4e3/0x610
[   97.008948][ T3477]  copy_process+0x1149/0x3290
[   97.013463][ T3477]  ? proc_fail_nth_write+0x20b/0x290
[   97.018585][ T3477]  ? fsnotify_perm+0x6a/0x5d0
[   97.023098][ T3477]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   97.028044][ T3477]  ? vfs_write+0x9ec/0x1110
[   97.032383][ T3477]  kernel_clone+0x21e/0x9e0
[   97.036722][ T3477]  ? file_end_write+0x1c0/0x1c0
[   97.041419][ T3477]  ? create_io_thread+0x1e0/0x1e0
[   97.046273][ T3477]  ? mutex_unlock+0xb2/0x260
[   97.050699][ T3477]  ? __mutex_lock_slowpath+0x10/0x10
[   97.055842][ T3477]  __x64_sys_clone+0x23f/0x290
[   97.060423][ T3477]  ? __do_sys_vfork+0x130/0x130
[   97.065112][ T3477]  ? ksys_write+0x260/0x2c0
[   97.069445][ T3477]  ? debug_smp_processor_id+0x17/0x20
[   97.074655][ T3477]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   97.080552][ T3477]  ? exit_to_user_mode_prepare+0x39/0xa0
[   97.086021][ T3477]  do_syscall_64+0x3d/0xb0
[   97.090275][ T3477]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   97.096008][ T3477] RIP: 0033:0x7fc79465eda9
[   97.100263][ T3477] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   97.119696][ T3477] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x0, 0x3a, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x9b, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x14, 0x7, 0x101, 0x8e66, 0x0, 0xffffffffffffffff, 0x3, '\x00', r1, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x48) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1f00, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x6d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x6d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0xe7, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600), 0x4)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x1}, 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x48)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000007c0)={0xffffffffffffffff, 0x9, 0x10}, 0xc)
bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8) (async)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write$cgroup_int(r10, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1b, 0xff, 0x0, 0x0, 0x400, r9, 0x2, '\x00', 0x0, r10, 0x0, 0x4}, 0x48) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1b, 0xff, 0x0, 0x0, 0x400, r9, 0x2, '\x00', 0x0, r10, 0x0, 0x4}, 0x48)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40086602, &(0x7f0000000040))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r9, <r13=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r12, <r14=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000680)=r9}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x26, &(0x7f0000000980)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x16d, 0x0, 0x0, 0x0, 0xca0}, {{0x18, 0x1, 0x1, 0x0, r12}}, {}, [@exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r11}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r13}}, @ldst={0x3, 0x2, 0x2, 0x3, 0x7, 0x58, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='syzkaller\x00', 0x4, 0x45, &(0x7f00000003c0)=""/69, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0x1, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[r14], &(0x7f00000008c0)=[{0x3, 0x1, 0x10, 0x3}, {0x2, 0x4, 0x4}, {0x4, 0x1, 0x0, 0x9}], 0x10, 0x9}, 0x90)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x48) (async)
r15 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x48)
r16 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000880)={0x0, 0x7f, 0x8}, 0xc)
r17 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xf, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0xc5}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xffffffffffffffff}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xa5}, @jmp={0x5, 0x1, 0x6, 0x2, 0x8, 0xfffffffffffffffc, 0x4}], &(0x7f0000000100)='GPL\x00', 0x7, 0xc7, &(0x7f00000002c0)=""/199, 0x41000, 0x2, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000640)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x0, 0x8, 0x9, 0x1c40}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000940)=[r4, r5, r6, r8, r13, r15, r16, r17], &(0x7f0000000980)=[{0x1, 0x4, 0xc, 0xb}, {0x0, 0x1, 0x1, 0x9}, {0x1, 0x1, 0x5, 0x1}, {0x2, 0x5, 0xd, 0xb}, {0x4, 0x3, 0x2, 0xd6c38fb2a9e64201}], 0x10, 0x4d4000}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xf, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0xc5}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xffffffffffffffff}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xa5}, @jmp={0x5, 0x1, 0x6, 0x2, 0x8, 0xfffffffffffffffc, 0x4}], &(0x7f0000000100)='GPL\x00', 0x7, 0xc7, &(0x7f00000002c0)=""/199, 0x41000, 0x2, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000640)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x0, 0x8, 0x9, 0x1c40}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000940)=[r4, r5, r6, r8, r13, r15, r16, r17], &(0x7f0000000980)=[{0x1, 0x4, 0xc, 0xb}, {0x0, 0x1, 0x1, 0x9}, {0x1, 0x1, 0x5, 0x1}, {0x2, 0x5, 0xd, 0xb}, {0x4, 0x3, 0x2, 0xd6c38fb2a9e64201}], 0x10, 0x4d4000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   97.127942][ T3477] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   97.135753][ T3477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   97.143565][ T3477] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   97.151377][ T3477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   97.159190][ T3477] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   97.167006][ T3477]  </TASK>
06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2000, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x40, 0x7, 0x8bdc, 0x0, r2, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0x1, 0x0, 0x1, 0xfff, '\x00', 0x0, r2, 0x4, 0x5}, 0x48)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r3, r4, 0xffffffffffffffff]}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x1, &(0x7f0000000400)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}], &(0x7f0000000440)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000ec0)=""/4096, 0x41000, 0x16, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740)={0x1, 0x8, 0x6, 0xffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x6b, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_devices(r6, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x20, &(0x7f00000006c0)={&(0x7f0000000640)=""/57, 0x39, <r7=>0x0, &(0x7f0000000680)=""/62, 0x3e}}, 0x10)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000b40)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000074180900002020782500000000002020207b1af8ff00000000bfa10000000000000701df140000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x8, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7ff}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x2}, @generic={0x40, 0x8, 0x9, 0xff00, 0x7fffffff}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}], &(0x7f00000000c0)='syzkaller\x00', 0x6451, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x15, '\x00', r5, 0x25, r6, 0x8, &(0x7f00000005c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x10, 0x0, 0xfffffff8}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[r8, r9, 0xffffffffffffffff], &(0x7f00000007c0), 0x10, 0x10000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x40, 0x7, 0x8bdc, 0x0, r2, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48) (async, rerun: 64)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0x1, 0x0, 0x1, 0xfff, '\x00', 0x0, r2, 0x4, 0x5}, 0x48) (async, rerun: 64)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r3, r4, 0xffffffffffffffff]}, 0x80) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x1, &(0x7f0000000400)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}], &(0x7f0000000440)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000ec0)=""/4096, 0x41000, 0x16, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740)={0x1, 0x8, 0x6, 0xffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}, 0x90) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x6b, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) (async)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_devices(r6, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x20, &(0x7f00000006c0)={&(0x7f0000000640)=""/57, 0x39, <r7=>0x0, &(0x7f0000000680)=""/62, 0x3e}}, 0x10) (async)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000b40)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000074180900002020782500000000002020207b1af8ff00000000bfa10000000000000701df140000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x8, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7ff}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x2}, @generic={0x40, 0x8, 0x9, 0xff00, 0x7fffffff}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}], &(0x7f00000000c0)='syzkaller\x00', 0x6451, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x15, '\x00', r5, 0x25, r6, 0x8, &(0x7f00000005c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x10, 0x0, 0xfffffff8}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[r8, r9, 0xffffffffffffffff], &(0x7f00000007c0), 0x10, 0x10000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async, rerun: 32)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32)

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x7000, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 47)

06:47:33 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x6d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}, 0x48) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0xe7, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600), 0x4)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x1}, 0x48) (async)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x48)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000007c0)={0xffffffffffffffff, 0x9, 0x10}, 0xc) (async)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write$cgroup_int(r10, 0x0, 0x0) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1b, 0xff, 0x0, 0x0, 0x400, r9, 0x2, '\x00', 0x0, r10, 0x0, 0x4}, 0x48) (async)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40086602, &(0x7f0000000040)) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r9, <r13=>0xffffffffffffffff}, 0x4) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r12, <r14=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000680)=r9}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x26, &(0x7f0000000980)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x16d, 0x0, 0x0, 0x0, 0xca0}, {{0x18, 0x1, 0x1, 0x0, r12}}, {}, [@exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r11}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r13}}, @ldst={0x3, 0x2, 0x2, 0x3, 0x7, 0x58, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='syzkaller\x00', 0x4, 0x45, &(0x7f00000003c0)=""/69, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0x1, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[r14], &(0x7f00000008c0)=[{0x3, 0x1, 0x10, 0x3}, {0x2, 0x4, 0x4}, {0x4, 0x1, 0x0, 0x9}], 0x10, 0x9}, 0x90) (async)
r15 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x48) (async)
r16 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000880)={0x0, 0x7f, 0x8}, 0xc)
r17 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xf, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0xc5}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xffffffffffffffff}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xa5}, @jmp={0x5, 0x1, 0x6, 0x2, 0x8, 0xfffffffffffffffc, 0x4}], &(0x7f0000000100)='GPL\x00', 0x7, 0xc7, &(0x7f00000002c0)=""/199, 0x41000, 0x2, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000640)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x0, 0x8, 0x9, 0x1c40}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000940)=[r4, r5, r6, r8, r13, r15, r16, r17], &(0x7f0000000980)=[{0x1, 0x4, 0xc, 0xb}, {0x0, 0x1, 0x1, 0x9}, {0x1, 0x1, 0x5, 0x1}, {0x2, 0x5, 0xd, 0xb}, {0x4, 0x3, 0x2, 0xd6c38fb2a9e64201}], 0x10, 0x4d4000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0)

06:47:33 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 32)
openat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) (rerun: 32)

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x10fff, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0)

[   97.330495][ T3537] FAULT_INJECTION: forcing a failure.
[   97.330495][ T3537] name failslab, interval 1, probability 0, space 0, times 0
[   97.349680][ T3537] CPU: 0 PID: 3537 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   97.359752][ T3537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   97.369648][ T3537] Call Trace:
[   97.372771][ T3537]  <TASK>
[   97.375547][ T3537]  dump_stack_lvl+0x151/0x1b7
06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x56, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8001, 0xf353, 0x5, 0x14c0, r2, 0x0, '\x00', r3, r4, 0x2, 0x5, 0x1, 0x8}, 0x48)

[   97.380056][ T3537]  ? io_uring_drop_tctx_refs+0x190/0x190
[   97.385523][ T3537]  dump_stack+0x15/0x17
[   97.389516][ T3537]  should_fail+0x3c6/0x510
[   97.393777][ T3537]  __should_failslab+0xa4/0xe0
[   97.398374][ T3537]  ? vm_area_dup+0x26/0x230
[   97.402719][ T3537]  should_failslab+0x9/0x20
[   97.407059][ T3537]  slab_pre_alloc_hook+0x37/0xd0
[   97.411827][ T3537]  ? vm_area_dup+0x26/0x230
[   97.416170][ T3537]  kmem_cache_alloc+0x44/0x200
[   97.420768][ T3537]  vm_area_dup+0x26/0x230
[   97.424935][ T3537]  copy_mm+0x9a1/0x13e0
[   97.428927][ T3537]  ? copy_signal+0x610/0x610
[   97.433352][ T3537]  ? __init_rwsem+0xd6/0x1c0
[   97.437774][ T3537]  ? copy_signal+0x4e3/0x610
[   97.442203][ T3537]  copy_process+0x1149/0x3290
[   97.446810][ T3537]  ? proc_fail_nth_write+0x20b/0x290
[   97.451920][ T3537]  ? fsnotify_perm+0x6a/0x5d0
[   97.456436][ T3537]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   97.461467][ T3537]  ? vfs_write+0x9ec/0x1110
[   97.465809][ T3537]  kernel_clone+0x21e/0x9e0
[   97.470147][ T3537]  ? file_end_write+0x1c0/0x1c0
[   97.474834][ T3537]  ? create_io_thread+0x1e0/0x1e0
[   97.479693][ T3537]  ? mutex_unlock+0xb2/0x260
[   97.484122][ T3537]  ? __mutex_lock_slowpath+0x10/0x10
[   97.489252][ T3537]  __x64_sys_clone+0x23f/0x290
[   97.493844][ T3537]  ? __do_sys_vfork+0x130/0x130
[   97.498529][ T3537]  ? ksys_write+0x260/0x2c0
[   97.502870][ T3537]  ? debug_smp_processor_id+0x17/0x20
[   97.508076][ T3537]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   97.513979][ T3537]  ? exit_to_user_mode_prepare+0x39/0xa0
[   97.519447][ T3537]  do_syscall_64+0x3d/0xb0
[   97.523701][ T3537]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   97.529427][ T3537] RIP: 0033:0x7fc79465eda9
[   97.533680][ T3537] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   97.553128][ T3537] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   97.561373][ T3537] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   97.569186][ T3537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:33 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 48)

06:47:33 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x0, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:33 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x20010, 0x0, 0x0, &(0x7f0000000540))

[   97.576993][ T3537] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   97.584801][ T3537] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   97.592615][ T3537] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   97.600430][ T3537]  </TASK>
06:47:33 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x56, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8001, 0xf353, 0x5, 0x14c0, r2, 0x0, '\x00', r3, r4, 0x2, 0x5, 0x1, 0x8}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x56, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async)
openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)}, 0x10) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8001, 0xf353, 0x5, 0x14c0, r2, 0x0, '\x00', r3, r4, 0x2, 0x5, 0x1, 0x8}, 0x48) (async)

[   97.639963][ T3563] FAULT_INJECTION: forcing a failure.
[   97.639963][ T3563] name failslab, interval 1, probability 0, space 0, times 0
[   97.660798][ T3563] CPU: 0 PID: 3563 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   97.670873][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   97.680772][ T3563] Call Trace:
[   97.683886][ T3563]  <TASK>
[   97.686665][ T3563]  dump_stack_lvl+0x151/0x1b7
[   97.691177][ T3563]  ? io_uring_drop_tctx_refs+0x190/0x190
[   97.696644][ T3563]  dump_stack+0x15/0x17
[   97.700637][ T3563]  should_fail+0x3c6/0x510
[   97.704892][ T3563]  __should_failslab+0xa4/0xe0
[   97.709491][ T3563]  ? anon_vma_clone+0x9a/0x500
[   97.714093][ T3563]  should_failslab+0x9/0x20
[   97.718430][ T3563]  slab_pre_alloc_hook+0x37/0xd0
[   97.723206][ T3563]  ? anon_vma_clone+0x9a/0x500
[   97.727809][ T3563]  kmem_cache_alloc+0x44/0x200
[   97.732404][ T3563]  anon_vma_clone+0x9a/0x500
[   97.736835][ T3563]  anon_vma_fork+0x91/0x4e0
[   97.741176][ T3563]  ? anon_vma_name+0x4c/0x70
[   97.745597][ T3563]  ? vm_area_dup+0x17a/0x230
[   97.750024][ T3563]  copy_mm+0xa3a/0x13e0
[   97.754015][ T3563]  ? copy_signal+0x610/0x610
[   97.758444][ T3563]  ? __init_rwsem+0xd6/0x1c0
[   97.762868][ T3563]  ? copy_signal+0x4e3/0x610
[   97.767312][ T3563]  copy_process+0x1149/0x3290
[   97.771810][ T3563]  ? proc_fail_nth_write+0x20b/0x290
[   97.776930][ T3563]  ? fsnotify_perm+0x6a/0x5d0
[   97.781460][ T3563]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   97.786391][ T3563]  ? vfs_write+0x9ec/0x1110
[   97.790730][ T3563]  kernel_clone+0x21e/0x9e0
[   97.795069][ T3563]  ? file_end_write+0x1c0/0x1c0
[   97.799766][ T3563]  ? create_io_thread+0x1e0/0x1e0
[   97.804616][ T3563]  ? mutex_unlock+0xb2/0x260
[   97.809043][ T3563]  ? __mutex_lock_slowpath+0x10/0x10
[   97.814165][ T3563]  __x64_sys_clone+0x23f/0x290
[   97.818764][ T3563]  ? __do_sys_vfork+0x130/0x130
[   97.823449][ T3563]  ? ksys_write+0x260/0x2c0
[   97.827793][ T3563]  ? debug_smp_processor_id+0x17/0x20
[   97.832998][ T3563]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   97.838899][ T3563]  ? exit_to_user_mode_prepare+0x39/0xa0
[   97.844369][ T3563]  do_syscall_64+0x3d/0xb0
[   97.848621][ T3563]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   97.854353][ T3563] RIP: 0033:0x7fc79465eda9
[   97.858603][ T3563] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   97.878049][ T3563] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x80000, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x56, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10) (async)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8001, 0xf353, 0x5, 0x14c0, r2, 0x0, '\x00', r3, r4, 0x2, 0x5, 0x1, 0x8}, 0x48)

[   97.886289][ T3563] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   97.894101][ T3563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   97.901912][ T3563] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   97.909723][ T3563] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   97.917536][ T3563] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   97.925351][ T3563]  </TASK>
06:47:34 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x0, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 49)

06:47:34 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, 0x2b, r1}, 0x90)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000dc0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x57, &(0x7f0000000c80), 0x0, 0x10, &(0x7f00000008c0), &(0x7f0000000880), 0x8, 0x7d, 0x8, 0xffffffffffffff98, &(0x7f0000000d80)}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000440)='sys_enter\x00', r3}, 0x5f)
bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0xd, 0x1, &(0x7f0000001e40)=ANY=[@ANYRESHEX=r2], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0xbc, &(0x7f0000000ac0)=""/188, 0x40f00, 0x8, '\x00', r4, 0x20, r1, 0x8, &(0x7f0000000380)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x6, 0x800, 0x8}, 0x10, r5, r3}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x4, 0x5a, 0x3, 0x9, 0x0, 0x0, 0x20, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x7}, 0x100100, 0x1, 0x80000001, 0x2, 0x170d60b5, 0xffffffff}, 0xffffffffffffffff, 0x8, r6, 0x3)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], <r7=>0x0, 0x59, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xb9, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x1, 0x8, 0x0, 0xc1, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x5, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x9, 0x4, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x2, 0x1, 0x4, 0x5, 0xc, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x59}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000040)='GPL\x00', 0x10001, 0xb3, &(0x7f0000000080)=""/179, 0x41000, 0x40, '\x00', r4, 0x1d, r6, 0x8, &(0x7f0000000140)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x6, 0x0, 0x6255}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000600)=[r8], 0x0, 0x10, 0x7}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x700000, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x0, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   97.993542][ T3598] FAULT_INJECTION: forcing a failure.
[   97.993542][ T3598] name failslab, interval 1, probability 0, space 0, times 0
06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xcc00a0, 0x0, 0x0, &(0x7f0000000540))

[   98.043699][ T3598] CPU: 1 PID: 3598 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   98.053777][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   98.065070][ T3598] Call Trace:
[   98.068193][ T3598]  <TASK>
[   98.070970][ T3598]  dump_stack_lvl+0x151/0x1b7
[   98.075485][ T3598]  ? io_uring_drop_tctx_refs+0x190/0x190
[   98.080961][ T3598]  dump_stack+0x15/0x17
[   98.084943][ T3598]  should_fail+0x3c6/0x510
[   98.089197][ T3598]  __should_failslab+0xa4/0xe0
[   98.093797][ T3598]  ? anon_vma_clone+0x9a/0x500
[   98.098396][ T3598]  should_failslab+0x9/0x20
[   98.102738][ T3598]  slab_pre_alloc_hook+0x37/0xd0
[   98.107512][ T3598]  ? anon_vma_clone+0x9a/0x500
[   98.112116][ T3598]  kmem_cache_alloc+0x44/0x200
[   98.116713][ T3598]  anon_vma_clone+0x9a/0x500
[   98.121137][ T3598]  anon_vma_fork+0x91/0x4e0
[   98.125477][ T3598]  ? anon_vma_name+0x4c/0x70
[   98.129904][ T3598]  ? vm_area_dup+0x17a/0x230
[   98.134331][ T3598]  copy_mm+0xa3a/0x13e0
[   98.138325][ T3598]  ? copy_signal+0x610/0x610
[   98.142747][ T3598]  ? __init_rwsem+0xd6/0x1c0
[   98.147176][ T3598]  ? copy_signal+0x4e3/0x610
[   98.151600][ T3598]  copy_process+0x1149/0x3290
[   98.156118][ T3598]  ? proc_fail_nth_write+0x20b/0x290
[   98.161236][ T3598]  ? fsnotify_perm+0x6a/0x5d0
[   98.165750][ T3598]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   98.170697][ T3598]  ? vfs_write+0x9ec/0x1110
[   98.175036][ T3598]  kernel_clone+0x21e/0x9e0
[   98.179379][ T3598]  ? file_end_write+0x1c0/0x1c0
[   98.184062][ T3598]  ? create_io_thread+0x1e0/0x1e0
[   98.188926][ T3598]  ? mutex_unlock+0xb2/0x260
[   98.193357][ T3598]  ? __mutex_lock_slowpath+0x10/0x10
[   98.198471][ T3598]  __x64_sys_clone+0x23f/0x290
[   98.203072][ T3598]  ? __do_sys_vfork+0x130/0x130
[   98.207759][ T3598]  ? ksys_write+0x260/0x2c0
[   98.212101][ T3598]  ? debug_smp_processor_id+0x17/0x20
[   98.217305][ T3598]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   98.223215][ T3598]  ? exit_to_user_mode_prepare+0x39/0xa0
[   98.228674][ T3598]  do_syscall_64+0x3d/0xb0
[   98.232927][ T3598]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   98.238658][ T3598] RIP: 0033:0x7fc79465eda9
[   98.242908][ T3598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   98.262360][ T3598] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   98.270595][ T3598] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   98.278410][ T3598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   98.286220][ T3598] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:34 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, 0x2b, r1}, 0x90) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000dc0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x57, &(0x7f0000000c80), 0x0, 0x10, &(0x7f00000008c0), &(0x7f0000000880), 0x8, 0x7d, 0x8, 0xffffffffffffff98, &(0x7f0000000d80)}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000440)='sys_enter\x00', r3}, 0x5f) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0xd, 0x1, &(0x7f0000001e40)=ANY=[@ANYRESHEX=r2], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0xbc, &(0x7f0000000ac0)=""/188, 0x40f00, 0x8, '\x00', r4, 0x20, r1, 0x8, &(0x7f0000000380)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x6, 0x800, 0x8}, 0x10, r5, r3}, 0x90) (async, rerun: 64)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x4, 0x5a, 0x3, 0x9, 0x0, 0x0, 0x20, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x7}, 0x100100, 0x1, 0x80000001, 0x2, 0x170d60b5, 0xffffffff}, 0xffffffffffffffff, 0x8, r6, 0x3) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], <r7=>0x0, 0x59, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xb9, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x1, 0x8, 0x0, 0xc1, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x5, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x9, 0x4, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x2, 0x1, 0x4, 0x5, 0xc, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x59}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000040)='GPL\x00', 0x10001, 0xb3, &(0x7f0000000080)=""/179, 0x41000, 0x40, '\x00', r4, 0x1d, r6, 0x8, &(0x7f0000000140)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x6, 0x0, 0x6255}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000600)=[r8], 0x0, 0x10, 0x7}, 0x90) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 50)

06:47:34 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x40, 0x7, 0x8bdc, 0x0, r2, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x40, 0x7, 0x8bdc, 0x0, r2, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0x1, 0x0, 0x1, 0xfff, '\x00', 0x0, r2, 0x4, 0x5}, 0x48)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r3, r4, 0xffffffffffffffff]}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x1, &(0x7f0000000400)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}], &(0x7f0000000440)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000ec0)=""/4096, 0x41000, 0x16, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740)={0x1, 0x8, 0x6, 0xffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x6b, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x6b, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x9e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_devices(r6, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x20, &(0x7f00000006c0)={&(0x7f0000000640)=""/57, 0x39, <r7=>0x0, &(0x7f0000000680)=""/62, 0x3e}}, 0x10)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000b40)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000074180900002020782500000000002020207b1af8ff00000000bfa10000000000000701df140000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740), 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x8, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7ff}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x2}, @generic={0x40, 0x8, 0x9, 0xff00, 0x7fffffff}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}], &(0x7f00000000c0)='syzkaller\x00', 0x6451, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x15, '\x00', r5, 0x25, r6, 0x8, &(0x7f00000005c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x10, 0x0, 0xfffffff8}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[r8, r9, 0xffffffffffffffff], &(0x7f00000007c0), 0x10, 0x10000}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x8, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7ff}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x2}, @generic={0x40, 0x8, 0x9, 0xff00, 0x7fffffff}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}], &(0x7f00000000c0)='syzkaller\x00', 0x6451, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x15, '\x00', r5, 0x25, r6, 0x8, &(0x7f00000005c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x10, 0x0, 0xfffffff8}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[r8, r9, 0xffffffffffffffff], &(0x7f00000007c0), 0x10, 0x10000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:34 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0x0, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   98.294035][ T3598] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   98.301841][ T3598] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   98.309660][ T3598]  </TASK>
06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xf0ff1f, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, 0x2b, r1}, 0x90) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000dc0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x57, &(0x7f0000000c80), 0x0, 0x10, &(0x7f00000008c0), &(0x7f0000000880), 0x8, 0x7d, 0x8, 0xffffffffffffff98, &(0x7f0000000d80)}}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000440)='sys_enter\x00', r3}, 0x5f)
bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0xd, 0x1, &(0x7f0000001e40)=ANY=[@ANYRESHEX=r2], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0xbc, &(0x7f0000000ac0)=""/188, 0x40f00, 0x8, '\x00', r4, 0x20, r1, 0x8, &(0x7f0000000380)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x6, 0x800, 0x8}, 0x10, r5, r3}, 0x90) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x4, 0x5a, 0x3, 0x9, 0x0, 0x0, 0x20, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x7}, 0x100100, 0x1, 0x80000001, 0x2, 0x170d60b5, 0xffffffff}, 0xffffffffffffffff, 0x8, r6, 0x3) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], <r7=>0x0, 0x59, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xb9, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x1, 0x8, 0x0, 0xc1, 0x1, 0x8001, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x5, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x9, 0x4, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x2, 0x1, 0x4, 0x5, 0xc, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x59}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000040)='GPL\x00', 0x10001, 0xb3, &(0x7f0000000080)=""/179, 0x41000, 0x40, '\x00', r4, 0x1d, r6, 0x8, &(0x7f0000000140)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x6, 0x0, 0x6255}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000600)=[r8], 0x0, 0x10, 0x7}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   98.363332][ T3635] FAULT_INJECTION: forcing a failure.
[   98.363332][ T3635] name failslab, interval 1, probability 0, space 0, times 0
[   98.392840][ T3635] CPU: 0 PID: 3635 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   98.402916][ T3635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
06:47:34 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0x0, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1000000, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x33}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000fcffffff090000000000000c05000000060000000000000900000000000000000200000d00000000090c0000040000000b0096000100000000006161612e61610000"], &(0x7f0000000340)=""/174, 0x56, 0xae, 0x1, 0x7fffffff}, 0x20)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x200, 0x0, r1, 0x404f, '\x00', 0x0, r2, 0x3, 0x5, 0x1}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000008c0)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x26e1, 0x0)
close(r6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x9, 0x4, 0x0, 0x440, r3, 0x4, '\x00', r5, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x8}, 0x48)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={r4, 0x7ff, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x26, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xb7f6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x2, 0x3, 0x6, 0xb, 0xb, 0xffffffffffffffc0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000640)='GPL\x00', 0x8, 0x0, &(0x7f0000000680), 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0xa, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000740)=[r8, r6, r3, r6, r6, r3, r1, r6], &(0x7f0000000780)=[{0x1, 0x2, 0xb, 0xb}, {0x5, 0x3, 0x0, 0xc}, {0x2, 0x5, 0x2, 0x9}, {0x1, 0x2, 0x3, 0x1}, {0x1, 0x5, 0x4, 0x8}, {0x1, 0x3, 0xa, 0x4}]}, 0x90)
write$cgroup_subtree(r6, 0x0, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', r5, r6, 0x3, 0x5, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={r6, 0xe0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[0x0], 0x0, 0x91, &(0x7f0000000a40)=[{}, {}], 0x10, 0x10, &(0x7f0000000a80), &(0x7f0000000ac0), 0x8, 0xc4, 0x8, 0x8, &(0x7f0000000b00)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x3c}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x1, 0x3, 0x4, 0x8, 0xfffffffffffffff4, 0xffffffffffffffff}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x32, &(0x7f0000000940)=""/50, 0x41000, 0x18, '\x00', r9, 0x0, r2, 0x8, &(0x7f0000000c80)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000cc0)={0x4, 0x2, 0x40, 0x140000}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d00)=[r6, r1, r1], &(0x7f0000000d40)=[{0x4, 0x3, 0x0, 0x9}, {0x0, 0x5, 0x8, 0x7}, {0x0, 0x2, 0xf, 0x6}], 0x10, 0xff}, 0x90)

[   98.412810][ T3635] Call Trace:
[   98.415931][ T3635]  <TASK>
[   98.418709][ T3635]  dump_stack_lvl+0x151/0x1b7
[   98.423221][ T3635]  ? io_uring_drop_tctx_refs+0x190/0x190
[   98.428689][ T3635]  dump_stack+0x15/0x17
[   98.432680][ T3635]  should_fail+0x3c6/0x510
[   98.436937][ T3635]  __should_failslab+0xa4/0xe0
[   98.441531][ T3635]  ? anon_vma_fork+0x1df/0x4e0
[   98.446148][ T3635]  should_failslab+0x9/0x20
[   98.450471][ T3635]  slab_pre_alloc_hook+0x37/0xd0
[   98.455248][ T3635]  ? anon_vma_fork+0x1df/0x4e0
[   98.459843][ T3635]  kmem_cache_alloc+0x44/0x200
[   98.464443][ T3635]  anon_vma_fork+0x1df/0x4e0
[   98.468870][ T3635]  copy_mm+0xa3a/0x13e0
[   98.472863][ T3635]  ? copy_signal+0x610/0x610
[   98.477289][ T3635]  ? __init_rwsem+0xd6/0x1c0
[   98.481715][ T3635]  ? copy_signal+0x4e3/0x610
[   98.486146][ T3635]  copy_process+0x1149/0x3290
[   98.490662][ T3635]  ? proc_fail_nth_write+0x20b/0x290
[   98.495777][ T3635]  ? fsnotify_perm+0x6a/0x5d0
[   98.500292][ T3635]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   98.505242][ T3635]  ? vfs_write+0x9ec/0x1110
[   98.509585][ T3635]  kernel_clone+0x21e/0x9e0
[   98.513919][ T3635]  ? file_end_write+0x1c0/0x1c0
[   98.518609][ T3635]  ? create_io_thread+0x1e0/0x1e0
[   98.523465][ T3635]  ? mutex_unlock+0xb2/0x260
[   98.527891][ T3635]  ? __mutex_lock_slowpath+0x10/0x10
[   98.533010][ T3635]  __x64_sys_clone+0x23f/0x290
[   98.537616][ T3635]  ? __do_sys_vfork+0x130/0x130
[   98.542297][ T3635]  ? ksys_write+0x260/0x2c0
[   98.546640][ T3635]  ? debug_smp_processor_id+0x17/0x20
[   98.551846][ T3635]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   98.557750][ T3635]  ? exit_to_user_mode_prepare+0x39/0xa0
[   98.563216][ T3635]  do_syscall_64+0x3d/0xb0
[   98.567469][ T3635]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   98.573197][ T3635] RIP: 0033:0x7fc79465eda9
[   98.577451][ T3635] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   98.596894][ T3635] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   98.605138][ T3635] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:34 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd74}, 0x90)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r1, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0xa, 0x3, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xce, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0x2, <r3=>0x0}, 0x8)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40086602, &(0x7f0000000180))
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000880)=r3, 0x4)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0x0, 0x8, 0x8}, 0xc)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1c, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702400014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000080000001868000010000000009b000007000000185500000d0000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000060000008500000006000000bf910094c2fbe1d6f6079e0001000000850000003e775b59b700000000000000950000000042000000"], &(0x7f0000000840)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x6, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x5, 0x0, 0x1000}, 0x10, 0x0, r0, 0x9, &(0x7f0000000940)=[r6, r7], &(0x7f0000000980)=[{0x3, 0x1, 0xe, 0xc}, {0x4, 0x3, 0xa, 0x9}, {0x2, 0x3, 0xc, 0xc}, {0x4, 0x2, 0x5, 0xc}, {0x3, 0x4, 0x4, 0x6}, {0x3, 0x5, 0x1, 0x3}, {0x4, 0x2, 0x10, 0x2}, {0x4, 0x3, 0xb, 0xc}, {0x5, 0x2, 0x2, 0xf}], 0x10, 0x8}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="01fc2200"/17, @ANYRES32=0x1, @ANYBLOB="00000000030000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0xfa5, 0x71, &(0x7f0000000080)=""/113, 0x40f00, 0xc, '\x00', r2, 0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x1, 0xc, 0x9, 0x1}, 0x10, r3, 0xffffffffffffffff, 0x4, &(0x7f0000000600)=[r8], &(0x7f0000000640)=[{0x5, 0x3, 0x10, 0x9}, {0x1, 0x1, 0x8, 0x1}, {0x5, 0x2, 0x8, 0x6}, {0x2, 0x5, 0xd, 0x6}], 0x10, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 51)

06:47:34 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0x0, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   98.612949][ T3635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   98.620761][ T3635] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   98.628571][ T3635] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   98.636382][ T3635] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   98.644203][ T3635]  </TASK>
06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2000000, 0x0, 0x0, &(0x7f0000000540))

06:47:34 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x33}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000fcffffff090000000000000c05000000060000000000000900000000000000000200000d00000000090c0000040000000b0096000100000000006161612e61610000"], &(0x7f0000000340)=""/174, 0x56, 0xae, 0x1, 0x7fffffff}, 0x20)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x200, 0x0, r1, 0x404f, '\x00', 0x0, r2, 0x3, 0x5, 0x1}, 0x48) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000008c0)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x26e1, 0x0)
close(r6) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x9, 0x4, 0x0, 0x440, r3, 0x4, '\x00', r5, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x8}, 0x48)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={r4, 0x7ff, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x26, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xb7f6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x2, 0x3, 0x6, 0xb, 0xb, 0xffffffffffffffc0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000640)='GPL\x00', 0x8, 0x0, &(0x7f0000000680), 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0xa, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000740)=[r8, r6, r3, r6, r6, r3, r1, r6], &(0x7f0000000780)=[{0x1, 0x2, 0xb, 0xb}, {0x5, 0x3, 0x0, 0xc}, {0x2, 0x5, 0x2, 0x9}, {0x1, 0x2, 0x3, 0x1}, {0x1, 0x5, 0x4, 0x8}, {0x1, 0x3, 0xa, 0x4}]}, 0x90) (async)
write$cgroup_subtree(r6, 0x0, 0x2) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', r5, r6, 0x3, 0x5, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={r6, 0xe0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[0x0], 0x0, 0x91, &(0x7f0000000a40)=[{}, {}], 0x10, 0x10, &(0x7f0000000a80), &(0x7f0000000ac0), 0x8, 0xc4, 0x8, 0x8, &(0x7f0000000b00)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x3c}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x1, 0x3, 0x4, 0x8, 0xfffffffffffffff4, 0xffffffffffffffff}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x32, &(0x7f0000000940)=""/50, 0x41000, 0x18, '\x00', r9, 0x0, r2, 0x8, &(0x7f0000000c80)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000cc0)={0x4, 0x2, 0x40, 0x140000}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d00)=[r6, r1, r1], &(0x7f0000000d40)=[{0x4, 0x3, 0x0, 0x9}, {0x0, 0x5, 0x8, 0x7}, {0x0, 0x2, 0xf, 0x6}], 0x10, 0xff}, 0x90)

06:47:34 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x7000000, 0x0, 0x0, &(0x7f0000000540))

06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   98.710387][ T3658] FAULT_INJECTION: forcing a failure.
[   98.710387][ T3658] name failslab, interval 1, probability 0, space 0, times 0
[   98.728379][ T3658] CPU: 1 PID: 3658 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   98.738457][ T3658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   98.748353][ T3658] Call Trace:
[   98.751570][ T3658]  <TASK>
[   98.754337][ T3658]  dump_stack_lvl+0x151/0x1b7
[   98.758853][ T3658]  ? io_uring_drop_tctx_refs+0x190/0x190
[   98.764327][ T3658]  dump_stack+0x15/0x17
[   98.768309][ T3658]  should_fail+0x3c6/0x510
[   98.772565][ T3658]  __should_failslab+0xa4/0xe0
[   98.777161][ T3658]  ? vm_area_dup+0x26/0x230
[   98.781500][ T3658]  should_failslab+0x9/0x20
[   98.785839][ T3658]  slab_pre_alloc_hook+0x37/0xd0
[   98.790617][ T3658]  ? vm_area_dup+0x26/0x230
[   98.794954][ T3658]  kmem_cache_alloc+0x44/0x200
[   98.799552][ T3658]  vm_area_dup+0x26/0x230
[   98.803719][ T3658]  copy_mm+0x9a1/0x13e0
[   98.807712][ T3658]  ? copy_signal+0x610/0x610
[   98.812141][ T3658]  ? __init_rwsem+0xd6/0x1c0
[   98.816569][ T3658]  ? copy_signal+0x4e3/0x610
[   98.820991][ T3658]  copy_process+0x1149/0x3290
[   98.825507][ T3658]  ? proc_fail_nth_write+0x20b/0x290
[   98.830625][ T3658]  ? fsnotify_perm+0x6a/0x5d0
[   98.835143][ T3658]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   98.840086][ T3658]  ? vfs_write+0x9ec/0x1110
[   98.844429][ T3658]  kernel_clone+0x21e/0x9e0
[   98.848768][ T3658]  ? file_end_write+0x1c0/0x1c0
[   98.853457][ T3658]  ? create_io_thread+0x1e0/0x1e0
[   98.858311][ T3658]  ? mutex_unlock+0xb2/0x260
[   98.862741][ T3658]  ? __mutex_lock_slowpath+0x10/0x10
[   98.867860][ T3658]  __x64_sys_clone+0x23f/0x290
[   98.872460][ T3658]  ? __do_sys_vfork+0x130/0x130
[   98.877146][ T3658]  ? ksys_write+0x260/0x2c0
[   98.881486][ T3658]  ? debug_smp_processor_id+0x17/0x20
[   98.886696][ T3658]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   98.892598][ T3658]  ? exit_to_user_mode_prepare+0x39/0xa0
[   98.898070][ T3658]  do_syscall_64+0x3d/0xb0
[   98.902323][ T3658]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   98.908044][ T3658] RIP: 0033:0x7fc79465eda9
[   98.912299][ T3658] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   98.931744][ T3658] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   98.939993][ T3658] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   98.947798][ T3658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:35 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 52)

06:47:35 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd74}, 0x90) (async)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r1, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0xa, 0x3, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xce, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0x2, <r3=>0x0}, 0x8)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40086602, &(0x7f0000000180)) (async)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000880)=r3, 0x4) (async, rerun: 64)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0x0, 0x8, 0x8}, 0xc) (rerun: 64)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1c, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702400014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000080000001868000010000000009b000007000000185500000d0000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000060000008500000006000000bf910094c2fbe1d6f6079e0001000000850000003e775b59b700000000000000950000000042000000"], &(0x7f0000000840)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x6, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x5, 0x0, 0x1000}, 0x10, 0x0, r0, 0x9, &(0x7f0000000940)=[r6, r7], &(0x7f0000000980)=[{0x3, 0x1, 0xe, 0xc}, {0x4, 0x3, 0xa, 0x9}, {0x2, 0x3, 0xc, 0xc}, {0x4, 0x2, 0x5, 0xc}, {0x3, 0x4, 0x4, 0x6}, {0x3, 0x5, 0x1, 0x3}, {0x4, 0x2, 0x10, 0x2}, {0x4, 0x3, 0xb, 0xc}, {0x5, 0x2, 0x2, 0xf}], 0x10, 0x8}, 0x90) (async, rerun: 64)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)='%pK    \x00'}, 0x20) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="01fc2200"/17, @ANYRES32=0x1, @ANYBLOB="00000000030000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0xfa5, 0x71, &(0x7f0000000080)=""/113, 0x40f00, 0xc, '\x00', r2, 0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x1, 0xc, 0x9, 0x1}, 0x10, r3, 0xffffffffffffffff, 0x4, &(0x7f0000000600)=[r8], &(0x7f0000000640)=[{0x5, 0x3, 0x10, 0x9}, {0x1, 0x1, 0x8, 0x1}, {0x5, 0x2, 0x8, 0x6}, {0x2, 0x5, 0xd, 0x6}], 0x10, 0x2}, 0x90) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 32)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   98.955610][ T3658] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   98.963434][ T3658] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   98.971231][ T3658] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   98.979119][ T3658]  </TASK>
06:47:35 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x33}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000fcffffff090000000000000c05000000060000000000000900000000000000000200000d00000000090c0000040000000b0096000100000000006161612e61610000"], &(0x7f0000000340)=""/174, 0x56, 0xae, 0x1, 0x7fffffff}, 0x20)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x200, 0x0, r1, 0x404f, '\x00', 0x0, r2, 0x3, 0x5, 0x1}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000008c0)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x26e1, 0x0)
close(r6) (async)
close(r6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x9, 0x4, 0x0, 0x440, r3, 0x4, '\x00', r5, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x8}, 0x48)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={r4, 0x7ff, 0x18}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x26, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xb7f6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x2, 0x3, 0x6, 0xb, 0xb, 0xffffffffffffffc0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000640)='GPL\x00', 0x8, 0x0, &(0x7f0000000680), 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0xa, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000740)=[r8, r6, r3, r6, r6, r3, r1, r6], &(0x7f0000000780)=[{0x1, 0x2, 0xb, 0xb}, {0x5, 0x3, 0x0, 0xc}, {0x2, 0x5, 0x2, 0x9}, {0x1, 0x2, 0x3, 0x1}, {0x1, 0x5, 0x4, 0x8}, {0x1, 0x3, 0xa, 0x4}]}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x26, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xb7f6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x2, 0x3, 0x6, 0xb, 0xb, 0xffffffffffffffc0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000640)='GPL\x00', 0x8, 0x0, &(0x7f0000000680), 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0xa, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000740)=[r8, r6, r3, r6, r6, r3, r1, r6], &(0x7f0000000780)=[{0x1, 0x2, 0xb, 0xb}, {0x5, 0x3, 0x0, 0xc}, {0x2, 0x5, 0x2, 0x9}, {0x1, 0x2, 0x3, 0x1}, {0x1, 0x5, 0x4, 0x8}, {0x1, 0x3, 0xa, 0x4}]}, 0x90)
write$cgroup_subtree(r6, 0x0, 0x2) (async)
write$cgroup_subtree(r6, 0x0, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', r5, r6, 0x3, 0x5, 0x3}, 0x48) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', r5, r6, 0x3, 0x5, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={r6, 0xe0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[0x0], 0x0, 0x91, &(0x7f0000000a40)=[{}, {}], 0x10, 0x10, &(0x7f0000000a80), &(0x7f0000000ac0), 0x8, 0xc4, 0x8, 0x8, &(0x7f0000000b00)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x3c}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x1, 0x3, 0x4, 0x8, 0xfffffffffffffff4, 0xffffffffffffffff}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x32, &(0x7f0000000940)=""/50, 0x41000, 0x18, '\x00', r9, 0x0, r2, 0x8, &(0x7f0000000c80)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000cc0)={0x4, 0x2, 0x40, 0x140000}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d00)=[r6, r1, r1], &(0x7f0000000d40)=[{0x4, 0x3, 0x0, 0x9}, {0x0, 0x5, 0x8, 0x7}, {0x0, 0x2, 0xf, 0x6}], 0x10, 0xff}, 0x90)

06:47:35 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x8000000, 0x0, 0x0, &(0x7f0000000540))

06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   99.010322][ T3679] FAULT_INJECTION: forcing a failure.
[   99.010322][ T3679] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:47:35 executing program 4:
r0 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
close(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   99.051328][ T3679] CPU: 1 PID: 3679 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   99.061403][ T3679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   99.071301][ T3679] Call Trace:
[   99.074420][ T3679]  <TASK>
[   99.077197][ T3679]  dump_stack_lvl+0x151/0x1b7
[   99.081714][ T3679]  ? io_uring_drop_tctx_refs+0x190/0x190
[   99.087186][ T3679]  dump_stack+0x15/0x17
[   99.091173][ T3679]  should_fail+0x3c6/0x510
[   99.095432][ T3679]  should_fail_alloc_page+0x5a/0x80
[   99.100457][ T3679]  prepare_alloc_pages+0x15c/0x700
[   99.105401][ T3679]  ? __alloc_pages+0x8f0/0x8f0
[   99.110006][ T3679]  ? __alloc_pages_bulk+0xe40/0xe40
[   99.115041][ T3679]  __alloc_pages+0x18c/0x8f0
[   99.119466][ T3679]  ? prep_new_page+0x110/0x110
[   99.124150][ T3679]  ? 0xffffffffa000c664
[   99.128142][ T3679]  ? is_bpf_text_address+0x172/0x190
[   99.133271][ T3679]  pte_alloc_one+0x73/0x1b0
[   99.137603][ T3679]  ? pfn_modify_allowed+0x2f0/0x2f0
[   99.142637][ T3679]  ? arch_stack_walk+0xf3/0x140
[   99.147324][ T3679]  __pte_alloc+0x86/0x350
[   99.151489][ T3679]  ? free_pgtables+0x280/0x280
[   99.156102][ T3679]  ? _raw_spin_lock+0xa4/0x1b0
[   99.160694][ T3679]  ? __kasan_check_write+0x14/0x20
[   99.165637][ T3679]  copy_page_range+0x28a8/0x2f90
[   99.170412][ T3679]  ? __kasan_slab_alloc+0xb1/0xe0
[   99.175274][ T3679]  ? pfn_valid+0x1e0/0x1e0
[   99.179523][ T3679]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   99.185078][ T3679]  ? __rb_insert_augmented+0x5de/0x610
[   99.190380][ T3679]  copy_mm+0xc7e/0x13e0
[   99.194374][ T3679]  ? copy_signal+0x610/0x610
[   99.198791][ T3679]  ? __init_rwsem+0xd6/0x1c0
[   99.203221][ T3679]  ? copy_signal+0x4e3/0x610
[   99.207645][ T3679]  copy_process+0x1149/0x3290
[   99.212157][ T3679]  ? proc_fail_nth_write+0x20b/0x290
[   99.217285][ T3679]  ? fsnotify_perm+0x6a/0x5d0
[   99.221792][ T3679]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   99.226744][ T3679]  ? vfs_write+0x9ec/0x1110
[   99.231081][ T3679]  kernel_clone+0x21e/0x9e0
[   99.235421][ T3679]  ? file_end_write+0x1c0/0x1c0
[   99.240108][ T3679]  ? create_io_thread+0x1e0/0x1e0
[   99.245075][ T3679]  ? mutex_unlock+0xb2/0x260
[   99.249594][ T3679]  ? __mutex_lock_slowpath+0x10/0x10
[   99.254705][ T3679]  __x64_sys_clone+0x23f/0x290
[   99.259305][ T3679]  ? __do_sys_vfork+0x130/0x130
[   99.263991][ T3679]  ? ksys_write+0x260/0x2c0
[   99.268338][ T3679]  ? debug_smp_processor_id+0x17/0x20
[   99.273538][ T3679]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   99.279439][ T3679]  ? exit_to_user_mode_prepare+0x39/0xa0
[   99.284920][ T3679]  do_syscall_64+0x3d/0xb0
[   99.289164][ T3679]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   99.294889][ T3679] RIP: 0033:0x7fc79465eda9
[   99.299143][ T3679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   99.318585][ T3679] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   99.326830][ T3679] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[   99.334639][ T3679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   99.342453][ T3679] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:35 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 53)

06:47:35 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd74}, 0x90)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r1, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0xa, 0x3, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xce, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0x2, <r3=>0x0}, 0x8)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40086602, &(0x7f0000000180))
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000880)=r3, 0x4) (async)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000880)=r3, 0x4)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0x0, 0x8, 0x8}, 0xc)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243) (async)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1c, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702400014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000080000001868000010000000009b000007000000185500000d0000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000060000008500000006000000bf910094c2fbe1d6f6079e0001000000850000003e775b59b700000000000000950000000042000000"], &(0x7f0000000840)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x6, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x5, 0x0, 0x1000}, 0x10, 0x0, r0, 0x9, &(0x7f0000000940)=[r6, r7], &(0x7f0000000980)=[{0x3, 0x1, 0xe, 0xc}, {0x4, 0x3, 0xa, 0x9}, {0x2, 0x3, 0xc, 0xc}, {0x4, 0x2, 0x5, 0xc}, {0x3, 0x4, 0x4, 0x6}, {0x3, 0x5, 0x1, 0x3}, {0x4, 0x2, 0x10, 0x2}, {0x4, 0x3, 0xb, 0xc}, {0x5, 0x2, 0x2, 0xf}], 0x10, 0x8}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1c, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702400014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000080000001868000010000000009b000007000000185500000d0000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000060000008500000006000000bf910094c2fbe1d6f6079e0001000000850000003e775b59b700000000000000950000000042000000"], &(0x7f0000000840)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x6, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x5, 0x0, 0x1000}, 0x10, 0x0, r0, 0x9, &(0x7f0000000940)=[r6, r7], &(0x7f0000000980)=[{0x3, 0x1, 0xe, 0xc}, {0x4, 0x3, 0xa, 0x9}, {0x2, 0x3, 0xc, 0xc}, {0x4, 0x2, 0x5, 0xc}, {0x3, 0x4, 0x4, 0x6}, {0x3, 0x5, 0x1, 0x3}, {0x4, 0x2, 0x10, 0x2}, {0x4, 0x3, 0xb, 0xc}, {0x5, 0x2, 0x2, 0xf}], 0x10, 0x8}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1}, &(0x7f0000000540), &(0x7f0000000580)='%pK    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="01fc2200"/17, @ANYRES32=0x1, @ANYBLOB="00000000030000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0xfa5, 0x71, &(0x7f0000000080)=""/113, 0x40f00, 0xc, '\x00', r2, 0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x1, 0xc, 0x9, 0x1}, 0x10, r3, 0xffffffffffffffff, 0x4, &(0x7f0000000600)=[r8], &(0x7f0000000640)=[{0x5, 0x3, 0x10, 0x9}, {0x1, 0x1, 0x8, 0x1}, {0x5, 0x2, 0x8, 0x6}, {0x2, 0x5, 0xd, 0x6}], 0x10, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:35 executing program 4:
r0 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
close(r0) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:35 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x9000000, 0x0, 0x0, &(0x7f0000000540))

[   99.350267][ T3679] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   99.358076][ T3679] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   99.365891][ T3679]  </TASK>
06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:35 executing program 4:
r0 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
close(r0) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:35 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x10000200, 0x0, 0x0, &(0x7f0000000540))

[   99.419347][ T3702] FAULT_INJECTION: forcing a failure.
[   99.419347][ T3702] name failslab, interval 1, probability 0, space 0, times 0
[   99.447081][ T3702] CPU: 1 PID: 3702 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   99.457162][ T3702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   99.467057][ T3702] Call Trace:
[   99.470179][ T3702]  <TASK>
[   99.472952][ T3702]  dump_stack_lvl+0x151/0x1b7
[   99.477466][ T3702]  ? io_uring_drop_tctx_refs+0x190/0x190
[   99.482940][ T3702]  dump_stack+0x15/0x17
[   99.486926][ T3702]  should_fail+0x3c6/0x510
[   99.491184][ T3702]  __should_failslab+0xa4/0xe0
[   99.495781][ T3702]  ? vm_area_dup+0x26/0x230
[   99.500124][ T3702]  should_failslab+0x9/0x20
[   99.504459][ T3702]  slab_pre_alloc_hook+0x37/0xd0
[   99.509345][ T3702]  ? vm_area_dup+0x26/0x230
[   99.513675][ T3702]  kmem_cache_alloc+0x44/0x200
06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[   99.518276][ T3702]  vm_area_dup+0x26/0x230
[   99.522448][ T3702]  copy_mm+0x9a1/0x13e0
[   99.526434][ T3702]  ? copy_signal+0x610/0x610
[   99.530859][ T3702]  ? __init_rwsem+0xd6/0x1c0
[   99.535286][ T3702]  ? copy_signal+0x4e3/0x610
[   99.539709][ T3702]  copy_process+0x1149/0x3290
[   99.544227][ T3702]  ? proc_fail_nth_write+0x20b/0x290
[   99.549344][ T3702]  ? fsnotify_perm+0x6a/0x5d0
[   99.553860][ T3702]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[   99.558803][ T3702]  ? vfs_write+0x9ec/0x1110
[   99.563147][ T3702]  kernel_clone+0x21e/0x9e0
06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   99.567484][ T3702]  ? file_end_write+0x1c0/0x1c0
[   99.572175][ T3702]  ? create_io_thread+0x1e0/0x1e0
[   99.577031][ T3702]  ? mutex_unlock+0xb2/0x260
[   99.581461][ T3702]  ? __mutex_lock_slowpath+0x10/0x10
[   99.586583][ T3702]  __x64_sys_clone+0x23f/0x290
[   99.591178][ T3702]  ? __do_sys_vfork+0x130/0x130
[   99.595866][ T3702]  ? ksys_write+0x260/0x2c0
[   99.600212][ T3702]  ? debug_smp_processor_id+0x17/0x20
[   99.605408][ T3702]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   99.611309][ T3702]  ? exit_to_user_mode_prepare+0x39/0xa0
[   99.616781][ T3702]  do_syscall_64+0x3d/0xb0
[   99.621032][ T3702]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   99.626759][ T3702] RIP: 0033:0x7fc79465eda9
[   99.631012][ T3702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   99.650456][ T3702] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   99.658705][ T3702] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:35 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 54)

06:47:35 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:35 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x200000000000014c, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@alu={0x4, 0x1, 0x1, 0x4, 0x7, 0xfffffffffffffffc, 0xfffffffffffffffc}, @exit, @jmp={0x5, 0x0, 0x9, 0x6, 0x0, 0x6, 0xf}, @generic={0x6, 0x0, 0x2, 0xfffb, 0x1}, @call={0x85, 0x0, 0x0, 0x18}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfff}, @call={0x85, 0x0, 0x0, 0x40}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0x75, 0x32, &(0x7f0000000140)=""/50, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x0, 0x1, 0x4, 0x40}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x40}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='nmi_noise\x00', r2}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   99.666514][ T3702] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[   99.674325][ T3702] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[   99.682144][ T3702] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   99.689945][ T3702] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[   99.697763][ T3702]  </TASK>
06:47:36 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1f000000, 0x0, 0x0, &(0x7f0000000540))

06:47:36 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0xfffffffa, 0x10}, 0xc)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000540)='syz1\x00', 0x200002, 0x0)
socketpair(0x1f, 0x4, 0xfffffffe, &(0x7f00000005c0)={<r4=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="a7c751c02ca7e304644968081f18cb9e719af57c3bc0ce0e1a30ff594b0553d142ffff9f2a63f79992b0069f4f497c3f1bef7de322aaea39c053928bfef7e0c6e97303a241c066376e764c2f53225282af15cb7d7f841cc4514ff2", 0x5b}], 0x1}, 0x4040001)
r5 = openat$cgroup_ro(r3, &(0x7f0000000580)='blkio.bfq.sectors\x00', 0x0, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x2}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002440)={0x1b, 0x0, 0x0, 0x10001, 0x0, 0xffffffffffffffff, 0xba, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff})
sendmsg$unix(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [r8]}}], 0x18}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002b80)={r7, 0x58, &(0x7f0000002b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000700))
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000002bc0)=r10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={r5, 0x20, &(0x7f0000000ac0)={&(0x7f00000009c0)=""/31, 0x1f, <r11=>0x0, &(0x7f0000000a00)=""/164, 0xa4}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r2, <r12=>0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)=r0}, 0x20)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r13, &(0x7f0000000000)=ANY=[], 0x32600)
write$cgroup_subtree(r13, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x10, 0xf, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff800, 0x0, 0x0, 0x0, 0x23}, [@map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}}, @exit]}, &(0x7f00000008c0)='syzkaller\x00', 0x7, 0x7d, &(0x7f0000000900)=""/125, 0x40f00, 0x10, '\x00', r10, 0x1f, r5, 0x8, &(0x7f0000000980)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, r11, 0xffffffffffffffff, 0x5, &(0x7f0000000c00)=[r5, r6, r1, r12, r13, r5, r5, r6, r5], &(0x7f0000000c40)=[{0x5, 0x3, 0xe, 0x9}, {0x1, 0x5, 0x0, 0xa}, {0x4, 0x5, 0xe, 0x2}, {0x1, 0x5, 0xe}, {0x1, 0x2, 0x2, 0x9}], 0x10, 0x80}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r14=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x15, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000000032a499959787dbe00000000000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f8ffffff18120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000001499f109773ab1853994af3f33c34c19de533556f3ff7c947f351d8d6c970932e69042bb96a623b3b65d0b102cf180742cb460673fa4f37bab4f48db198aeb15ec44ca7bd90830ef0075348d844f1a076617bcaf96d5a8d248219baf60383ddbdf0f409d1c7e55ef7320a4525977ad0fecbc8578342539a14e5fac373722a51e7f438a04c9d2314b6135345371033c6badb454752bed5b23ce7329a4c870affbe3a4314bf4a4877e9def9fbaaa4779248b43426c18c0474be0a64ed6031fc51ca5c4d5a3ba63689dad55cfd8979e7d2e439aeecf436826f6003ca91b6c1ba"], &(0x7f0000000180)='GPL\x00', 0x9, 0x3e, &(0x7f00000001c0)=""/62, 0x40f00, 0x4, '\x00', r14, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xf, 0x8, 0x3e}, 0x10, 0xffffffffffffffff, r0, 0x7, 0x0, &(0x7f0000000400)=[{0x0, 0x3, 0x8}, {0x5, 0x2, 0x10, 0xb}, {0x2, 0x2, 0x7, 0x3}, {0x2, 0x5, 0x0, 0xc}, {0x0, 0x2, 0x9, 0x3}, {0x2, 0x2, 0xc, 0xa}, {0x0, 0x4, 0x2, 0xb}], 0x10, 0x3ff}, 0x90)
openat$cgroup_ro(r3, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0)

06:47:36 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[   99.740670][ T3738] FAULT_INJECTION: forcing a failure.
[   99.740670][ T3738] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:47:36 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0xfffffffa, 0x10}, 0xc)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000540)='syz1\x00', 0x200002, 0x0) (async)
socketpair(0x1f, 0x4, 0xfffffffe, &(0x7f00000005c0)={<r4=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="a7c751c02ca7e304644968081f18cb9e719af57c3bc0ce0e1a30ff594b0553d142ffff9f2a63f79992b0069f4f497c3f1bef7de322aaea39c053928bfef7e0c6e97303a241c066376e764c2f53225282af15cb7d7f841cc4514ff2", 0x5b}], 0x1}, 0x4040001)
r5 = openat$cgroup_ro(r3, &(0x7f0000000580)='blkio.bfq.sectors\x00', 0x0, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x2}, 0x48) (async)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002440)={0x1b, 0x0, 0x0, 0x10001, 0x0, 0xffffffffffffffff, 0xba, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff})
sendmsg$unix(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [r8]}}], 0x18}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002b80)={r7, 0x58, &(0x7f0000002b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000700)) (async)
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000002bc0)=r10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={r5, 0x20, &(0x7f0000000ac0)={&(0x7f00000009c0)=""/31, 0x1f, <r11=>0x0, &(0x7f0000000a00)=""/164, 0xa4}}, 0x10) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r2, <r12=>0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)=r0}, 0x20)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r13, &(0x7f0000000000)=ANY=[], 0x32600) (async)
write$cgroup_subtree(r13, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x10, 0xf, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff800, 0x0, 0x0, 0x0, 0x23}, [@map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}}, @exit]}, &(0x7f00000008c0)='syzkaller\x00', 0x7, 0x7d, &(0x7f0000000900)=""/125, 0x40f00, 0x10, '\x00', r10, 0x1f, r5, 0x8, &(0x7f0000000980)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, r11, 0xffffffffffffffff, 0x5, &(0x7f0000000c00)=[r5, r6, r1, r12, r13, r5, r5, r6, r5], &(0x7f0000000c40)=[{0x5, 0x3, 0xe, 0x9}, {0x1, 0x5, 0x0, 0xa}, {0x4, 0x5, 0xe, 0x2}, {0x1, 0x5, 0xe}, {0x1, 0x2, 0x2, 0x9}], 0x10, 0x80}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r14=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x15, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000000032a499959787dbe00000000000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f8ffffff18120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000001499f109773ab1853994af3f33c34c19de533556f3ff7c947f351d8d6c970932e69042bb96a623b3b65d0b102cf180742cb460673fa4f37bab4f48db198aeb15ec44ca7bd90830ef0075348d844f1a076617bcaf96d5a8d248219baf60383ddbdf0f409d1c7e55ef7320a4525977ad0fecbc8578342539a14e5fac373722a51e7f438a04c9d2314b6135345371033c6badb454752bed5b23ce7329a4c870affbe3a4314bf4a4877e9def9fbaaa4779248b43426c18c0474be0a64ed6031fc51ca5c4d5a3ba63689dad55cfd8979e7d2e439aeecf436826f6003ca91b6c1ba"], &(0x7f0000000180)='GPL\x00', 0x9, 0x3e, &(0x7f00000001c0)=""/62, 0x40f00, 0x4, '\x00', r14, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xf, 0x8, 0x3e}, 0x10, 0xffffffffffffffff, r0, 0x7, 0x0, &(0x7f0000000400)=[{0x0, 0x3, 0x8}, {0x5, 0x2, 0x10, 0xb}, {0x2, 0x2, 0x7, 0x3}, {0x2, 0x5, 0x0, 0xc}, {0x0, 0x2, 0x9, 0x3}, {0x2, 0x2, 0xc, 0xa}, {0x0, 0x4, 0x2, 0xb}], 0x10, 0x3ff}, 0x90) (async)
openat$cgroup_ro(r3, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0)

06:47:36 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1ffff000, 0x0, 0x0, &(0x7f0000000540))

[   99.784936][ T3738] CPU: 1 PID: 3738 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   99.794244][   T30] audit: type=1400 audit(1709880456.026:117): avc:  denied  { create } for  pid=3743 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.795007][ T3738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   99.795022][ T3738] Call Trace:
[   99.828081][ T3738]  <TASK>
[   99.830858][ T3738]  dump_stack_lvl+0x151/0x1b7
[   99.835373][ T3738]  ? io_uring_drop_tctx_refs+0x190/0x190
[   99.840840][ T3738]  dump_stack+0x15/0x17
[   99.844830][ T3738]  should_fail+0x3c6/0x510
[   99.849087][ T3738]  should_fail_alloc_page+0x5a/0x80
[   99.854127][ T3738]  prepare_alloc_pages+0x15c/0x700
[   99.859071][ T3738]  ? __alloc_pages_bulk+0xe40/0xe40
[   99.864107][ T3738]  __alloc_pages+0x18c/0x8f0
[   99.868522][ T3738]  ? prep_new_page+0x110/0x110
[   99.873122][ T3738]  ? __alloc_pages+0x27e/0x8f0
[   99.877722][ T3738]  ? __kasan_check_write+0x14/0x20
[   99.882669][ T3738]  ? _raw_spin_lock+0xa4/0x1b0
[   99.887274][ T3738]  __pmd_alloc+0xb1/0x550
[   99.891436][ T3738]  ? __pud_alloc+0x260/0x260
[   99.895859][ T3738]  ? __pud_alloc+0x213/0x260
[   99.900291][ T3738]  ? do_handle_mm_fault+0x2330/0x2330
[   99.905494][ T3738]  ? __stack_depot_save+0x34/0x470
[   99.910441][ T3738]  ? anon_vma_clone+0x9a/0x500
[   99.915043][ T3738]  copy_page_range+0x2b3d/0x2f90
[   99.919815][ T3738]  ? __kasan_slab_alloc+0xb1/0xe0
[   99.924674][ T3738]  ? slab_post_alloc_hook+0x53/0x2c0
[   99.929795][ T3738]  ? copy_mm+0xa3a/0x13e0
[   99.934051][ T3738]  ? copy_process+0x1149/0x3290
[   99.938735][ T3738]  ? kernel_clone+0x21e/0x9e0
[   99.943252][ T3738]  ? do_syscall_64+0x3d/0xb0
[   99.947676][ T3738]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   99.953584][ T3738]  ? pfn_valid+0x1e0/0x1e0
[   99.957833][ T3738]  ? rwsem_write_trylock+0x15b/0x290
[   99.962951][ T3738]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[   99.969210][ T3738]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[   99.974758][ T3738]  ? __rb_insert_augmented+0x5de/0x610
[   99.980071][ T3738]  copy_mm+0xc7e/0x13e0
[   99.984046][ T3738]  ? copy_signal+0x610/0x610
[   99.988479][ T3738]  ? __init_rwsem+0xd6/0x1c0
[   99.992903][ T3738]  ? copy_signal+0x4e3/0x610
[   99.997329][ T3738]  copy_process+0x1149/0x3290
[  100.001838][ T3738]  ? proc_fail_nth_write+0x20b/0x290
[  100.006958][ T3738]  ? fsnotify_perm+0x6a/0x5d0
[  100.011469][ T3738]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  100.016417][ T3738]  ? vfs_write+0x9ec/0x1110
[  100.020757][ T3738]  kernel_clone+0x21e/0x9e0
[  100.025097][ T3738]  ? file_end_write+0x1c0/0x1c0
[  100.029785][ T3738]  ? create_io_thread+0x1e0/0x1e0
[  100.034645][ T3738]  ? mutex_unlock+0xb2/0x260
[  100.039078][ T3738]  ? __mutex_lock_slowpath+0x10/0x10
[  100.044195][ T3738]  __x64_sys_clone+0x23f/0x290
[  100.048802][ T3738]  ? __do_sys_vfork+0x130/0x130
[  100.053485][ T3738]  ? ksys_write+0x260/0x2c0
[  100.057827][ T3738]  ? debug_smp_processor_id+0x17/0x20
[  100.063032][ T3738]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  100.068928][ T3738]  ? exit_to_user_mode_prepare+0x39/0xa0
[  100.074397][ T3738]  do_syscall_64+0x3d/0xb0
[  100.078650][ T3738]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  100.084376][ T3738] RIP: 0033:0x7fc79465eda9
[  100.088633][ T3738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  100.108078][ T3738] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  100.116322][ T3738] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  100.124133][ T3738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:36 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x200000000000014c, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@alu={0x4, 0x1, 0x1, 0x4, 0x7, 0xfffffffffffffffc, 0xfffffffffffffffc}, @exit, @jmp={0x5, 0x0, 0x9, 0x6, 0x0, 0x6, 0xf}, @generic={0x6, 0x0, 0x2, 0xfffb, 0x1}, @call={0x85, 0x0, 0x0, 0x18}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfff}, @call={0x85, 0x0, 0x0, 0x40}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0x75, 0x32, &(0x7f0000000140)=""/50, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x0, 0x1, 0x4, 0x40}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x40}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='nmi_noise\x00', r2}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:36 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 55)

06:47:36 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x20000000, 0x0, 0x0, &(0x7f0000000540))

[  100.131941][ T3738] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  100.139755][ T3738] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  100.147563][ T3738] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  100.155465][ T3738]  </TASK>
06:47:36 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 1)

06:47:36 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x200000000000014c, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@alu={0x4, 0x1, 0x1, 0x4, 0x7, 0xfffffffffffffffc, 0xfffffffffffffffc}, @exit, @jmp={0x5, 0x0, 0x9, 0x6, 0x0, 0x6, 0xf}, @generic={0x6, 0x0, 0x2, 0xfffb, 0x1}, @call={0x85, 0x0, 0x0, 0x18}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfff}, @call={0x85, 0x0, 0x0, 0x40}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0x75, 0x32, &(0x7f0000000140)=""/50, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x0, 0x1, 0x4, 0x40}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x40}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='nmi_noise\x00', r2}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  100.197836][ T3771] FAULT_INJECTION: forcing a failure.
[  100.197836][ T3771] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  100.214512][ T3771] CPU: 1 PID: 3771 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  100.224586][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  100.234480][ T3771] Call Trace:
[  100.237609][ T3771]  <TASK>
[  100.238970][ T3776] FAULT_INJECTION: forcing a failure.
[  100.238970][ T3776] name failslab, interval 1, probability 0, space 0, times 0
[  100.240379][ T3771]  dump_stack_lvl+0x151/0x1b7
[  100.240406][ T3771]  ? io_uring_drop_tctx_refs+0x190/0x190
[  100.262778][ T3771]  dump_stack+0x15/0x17
[  100.266766][ T3771]  should_fail+0x3c6/0x510
[  100.271020][ T3771]  should_fail_alloc_page+0x5a/0x80
[  100.276053][ T3771]  prepare_alloc_pages+0x15c/0x700
[  100.281000][ T3771]  ? native_set_ldt+0x360/0x360
[  100.285686][ T3771]  ? __alloc_pages_bulk+0xe40/0xe40
[  100.290722][ T3771]  ? _raw_spin_unlock+0x4d/0x70
[  100.295407][ T3771]  __alloc_pages+0x18c/0x8f0
[  100.299841][ T3771]  ? prep_new_page+0x110/0x110
[  100.304438][ T3771]  ? 0xffffffffa000ce38
[  100.308427][ T3771]  ? is_bpf_text_address+0x172/0x190
[  100.313550][ T3771]  pte_alloc_one+0x73/0x1b0
[  100.317887][ T3771]  ? pfn_modify_allowed+0x2f0/0x2f0
[  100.322932][ T3771]  ? arch_stack_walk+0xf3/0x140
[  100.327619][ T3771]  __pte_alloc+0x86/0x350
[  100.331775][ T3771]  ? free_pgtables+0x280/0x280
[  100.336375][ T3771]  ? _raw_spin_lock+0xa4/0x1b0
[  100.340975][ T3771]  ? __kasan_check_write+0x14/0x20
[  100.345923][ T3771]  copy_page_range+0x28a8/0x2f90
[  100.350696][ T3771]  ? __kasan_slab_alloc+0xb1/0xe0
[  100.355561][ T3771]  ? pfn_valid+0x1e0/0x1e0
[  100.359808][ T3771]  ? vma_interval_tree_augment_rotate+0x1a3/0x1d0
[  100.366072][ T3771]  copy_mm+0xc7e/0x13e0
[  100.370052][ T3771]  ? copy_signal+0x610/0x610
[  100.374474][ T3771]  ? __init_rwsem+0xd6/0x1c0
[  100.378903][ T3771]  ? copy_signal+0x4e3/0x610
[  100.383331][ T3771]  copy_process+0x1149/0x3290
[  100.387850][ T3771]  ? proc_fail_nth_write+0x20b/0x290
[  100.392964][ T3771]  ? fsnotify_perm+0x6a/0x5d0
[  100.397477][ T3771]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  100.402423][ T3771]  ? vfs_write+0x9ec/0x1110
[  100.406765][ T3771]  kernel_clone+0x21e/0x9e0
[  100.411103][ T3771]  ? file_end_write+0x1c0/0x1c0
[  100.415791][ T3771]  ? create_io_thread+0x1e0/0x1e0
[  100.420650][ T3771]  ? mutex_unlock+0xb2/0x260
[  100.425079][ T3771]  ? __mutex_lock_slowpath+0x10/0x10
[  100.430201][ T3771]  __x64_sys_clone+0x23f/0x290
[  100.434798][ T3771]  ? __do_sys_vfork+0x130/0x130
[  100.439483][ T3771]  ? ksys_write+0x260/0x2c0
[  100.443825][ T3771]  ? debug_smp_processor_id+0x17/0x20
[  100.449034][ T3771]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  100.454946][ T3771]  ? exit_to_user_mode_prepare+0x39/0xa0
[  100.460403][ T3771]  do_syscall_64+0x3d/0xb0
[  100.464658][ T3771]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  100.470384][ T3771] RIP: 0033:0x7fc79465eda9
[  100.474636][ T3771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  100.494081][ T3771] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  100.502329][ T3771] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  100.510136][ T3771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  100.517951][ T3771] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  100.525766][ T3771] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  100.533570][ T3771] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  100.541387][ T3771]  </TASK>
06:47:36 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0xfffffffa, 0x10}, 0xc) (async)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0xfffffffa, 0x10}, 0xc)
openat$cgroup(0xffffffffffffffff, &(0x7f0000000540)='syz1\x00', 0x200002, 0x0) (async)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000540)='syz1\x00', 0x200002, 0x0)
socketpair(0x1f, 0x4, 0xfffffffe, &(0x7f00000005c0)={<r4=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="a7c751c02ca7e304644968081f18cb9e719af57c3bc0ce0e1a30ff594b0553d142ffff9f2a63f79992b0069f4f497c3f1bef7de322aaea39c053928bfef7e0c6e97303a241c066376e764c2f53225282af15cb7d7f841cc4514ff2", 0x5b}], 0x1}, 0x4040001)
r5 = openat$cgroup_ro(r3, &(0x7f0000000580)='blkio.bfq.sectors\x00', 0x0, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x2}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002440)={0x1b, 0x0, 0x0, 0x10001, 0x0, 0xffffffffffffffff, 0xba, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48) (async)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002440)={0x1b, 0x0, 0x0, 0x10001, 0x0, 0xffffffffffffffff, 0xba, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff})
sendmsg$unix(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [r8]}}], 0x18}, 0x0) (async)
sendmsg$unix(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [r8]}}], 0x18}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002b80)={r7, 0x58, &(0x7f0000002b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000700))
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000002bc0)=r10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={r5, 0x20, &(0x7f0000000ac0)={&(0x7f00000009c0)=""/31, 0x1f, 0x0, &(0x7f0000000a00)=""/164, 0xa4}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={r5, 0x20, &(0x7f0000000ac0)={&(0x7f00000009c0)=""/31, 0x1f, <r11=>0x0, &(0x7f0000000a00)=""/164, 0xa4}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r2, <r12=>0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)=r0}, 0x20)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r13, &(0x7f0000000000)=ANY=[], 0x32600)
write$cgroup_subtree(r13, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x10, 0xf, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff800, 0x0, 0x0, 0x0, 0x23}, [@map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}}, @exit]}, &(0x7f00000008c0)='syzkaller\x00', 0x7, 0x7d, &(0x7f0000000900)=""/125, 0x40f00, 0x10, '\x00', r10, 0x1f, r5, 0x8, &(0x7f0000000980)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, r11, 0xffffffffffffffff, 0x5, &(0x7f0000000c00)=[r5, r6, r1, r12, r13, r5, r5, r6, r5], &(0x7f0000000c40)=[{0x5, 0x3, 0xe, 0x9}, {0x1, 0x5, 0x0, 0xa}, {0x4, 0x5, 0xe, 0x2}, {0x1, 0x5, 0xe}, {0x1, 0x2, 0x2, 0x9}], 0x10, 0x80}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r14=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x15, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000000032a499959787dbe00000000000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f8ffffff18120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000001499f109773ab1853994af3f33c34c19de533556f3ff7c947f351d8d6c970932e69042bb96a623b3b65d0b102cf180742cb460673fa4f37bab4f48db198aeb15ec44ca7bd90830ef0075348d844f1a076617bcaf96d5a8d248219baf60383ddbdf0f409d1c7e55ef7320a4525977ad0fecbc8578342539a14e5fac373722a51e7f438a04c9d2314b6135345371033c6badb454752bed5b23ce7329a4c870affbe3a4314bf4a4877e9def9fbaaa4779248b43426c18c0474be0a64ed6031fc51ca5c4d5a3ba63689dad55cfd8979e7d2e439aeecf436826f6003ca91b6c1ba"], &(0x7f0000000180)='GPL\x00', 0x9, 0x3e, &(0x7f00000001c0)=""/62, 0x40f00, 0x4, '\x00', r14, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xf, 0x8, 0x3e}, 0x10, 0xffffffffffffffff, r0, 0x7, 0x0, &(0x7f0000000400)=[{0x0, 0x3, 0x8}, {0x5, 0x2, 0x10, 0xb}, {0x2, 0x2, 0x7, 0x3}, {0x2, 0x5, 0x0, 0xc}, {0x0, 0x2, 0x9, 0x3}, {0x2, 0x2, 0xc, 0xa}, {0x0, 0x4, 0x2, 0xb}], 0x10, 0x3ff}, 0x90)
openat$cgroup_ro(r3, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0)

06:47:36 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x64ae02a0, 0x0, 0x0, &(0x7f0000000540))

[  100.544261][ T3776] CPU: 0 PID: 3776 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  100.554316][ T3776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  100.564221][ T3776] Call Trace:
[  100.567334][ T3776]  <TASK>
[  100.570116][ T3776]  dump_stack_lvl+0x151/0x1b7
[  100.574629][ T3776]  ? io_uring_drop_tctx_refs+0x190/0x190
[  100.580097][ T3776]  dump_stack+0x15/0x17
[  100.584086][ T3776]  should_fail+0x3c6/0x510
[  100.588337][ T3776]  __should_failslab+0xa4/0xe0
[  100.592936][ T3776]  ? dup_task_struct+0x53/0xc60
[  100.597621][ T3776]  should_failslab+0x9/0x20
[  100.601964][ T3776]  slab_pre_alloc_hook+0x37/0xd0
[  100.606736][ T3776]  ? dup_task_struct+0x53/0xc60
[  100.611531][ T3776]  kmem_cache_alloc+0x44/0x200
[  100.616134][ T3776]  dup_task_struct+0x53/0xc60
[  100.620645][ T3776]  ? __kasan_check_write+0x14/0x20
[  100.625595][ T3776]  copy_process+0x5c4/0x3290
[  100.630024][ T3776]  ? __kasan_check_write+0x14/0x20
[  100.634964][ T3776]  ? proc_fail_nth_write+0x20b/0x290
[  100.640089][ T3776]  ? selinux_file_permission+0x2c4/0x570
[  100.645556][ T3776]  ? fsnotify_perm+0x6a/0x5d0
[  100.650070][ T3776]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  100.655014][ T3776]  ? vfs_write+0x9ec/0x1110
[  100.659354][ T3776]  kernel_clone+0x21e/0x9e0
[  100.663693][ T3776]  ? file_end_write+0x1c0/0x1c0
[  100.668381][ T3776]  ? create_io_thread+0x1e0/0x1e0
[  100.673240][ T3776]  ? mutex_unlock+0xb2/0x260
[  100.677665][ T3776]  ? __mutex_lock_slowpath+0x10/0x10
[  100.682788][ T3776]  __x64_sys_clone+0x23f/0x290
[  100.687387][ T3776]  ? __do_sys_vfork+0x130/0x130
[  100.692076][ T3776]  ? ksys_write+0x260/0x2c0
[  100.696415][ T3776]  ? debug_smp_processor_id+0x17/0x20
[  100.701622][ T3776]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  100.707523][ T3776]  ? exit_to_user_mode_prepare+0x39/0xa0
[  100.712993][ T3776]  do_syscall_64+0x3d/0xb0
[  100.717244][ T3776]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  100.722977][ T3776] RIP: 0033:0x7f905b6a5da9
[  100.727228][ T3776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  100.746670][ T3776] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  100.754915][ T3776] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  100.762733][ T3776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  100.770537][ T3776] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  100.782953][ T3776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  100.790760][ T3776] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
06:47:37 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 56)

06:47:37 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 2)

[  100.798583][ T3776]  </TASK>
06:47:37 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xffffffc0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x4}, 0x48)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000b40), 0x8)
r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000d00)='blkio.bfq.dequeue\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x13, 0x7, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000080000000000000000300000085200000050000001830000004f8000000000000009500000000000000"], &(0x7f00000003c0)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x8, '\x00', r4, 0x35, r5, 0x8, &(0x7f0000000b80)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000bc0)={0x1, 0x0, 0x7, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)=[r6, 0xffffffffffffffff, 0xffffffffffffffff, r3], 0x0, 0x10, 0x3}, 0x90)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r9, 0x40086602, &(0x7f0000000040))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={r8, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r8, 0x20, &(0x7f0000000740)={&(0x7f0000000680)=""/55, 0x37, <r11=>0x0, &(0x7f00000006c0)=""/119, 0x77}}, 0x10)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000007c0)={0xffffffffffffffff}, 0x4)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', 0x0, r8, 0x3, 0x0, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x13, &(0x7f0000000400)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6aa}}, @ringbuf_query, @func={0x85, 0x0, 0x1, 0x0, 0x2}], &(0x7f00000004c0)='GPL\x00', 0xdfb, 0x27, &(0x7f0000000500)=""/39, 0x0, 0x4a, '\x00', r10, 0x0, r8, 0x8, &(0x7f0000000600)={0x2}, 0x8, 0x10, &(0x7f0000000640)={0x2, 0x8, 0x1f, 0x81}, 0x10, r11, r12, 0x0, &(0x7f00000008c0)=[0xffffffffffffffff, r13, 0xffffffffffffffff, r9], 0x0, 0x10, 0x6}, 0x90)
r14 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000380)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ldst={0x2, 0x0, 0x3, 0x6, 0x6, 0xfffffffffffffffe, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @tail_call, @ldst={0x3, 0x0, 0x3, 0x9, 0xe42635505d496e18, 0x20, 0xffffffffffffffff}, @map_val={0x18, 0xb, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000400)='GPL\x00', 0x6, 0xb0, &(0x7f0000000440)=""/176, 0x41000, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0x7, 0x7, 0x7ff}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0xffffffffffffffff, 0x1], &(0x7f00000005c0)=[{0x0, 0x3, 0xf}], 0x10, 0x800}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, <r15=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
r16 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup/syz1\x00', 0x200002, 0x0)
r17 = openat$cgroup_ro(r16, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r17, &(0x7f0000000240)=0x80000002, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000480)={0x0, r17}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{0xffffffffffffffff, <r18=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)='%-010d \x00'}, 0x20)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r19}, {}, {}, {0x85, 0x0, 0x0, 0xab}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1e, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7c61fbdc}, {}, {}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xffffffffffffffff}, @map_fd={0x18, 0xd, 0x1, 0x0, r2}, @exit, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @jmp={0x5, 0x1, 0x7, 0x8, 0x9, 0x6, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x1, '\x00', r4, 0x12, r7, 0x8, &(0x7f0000000300)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x6, 0x9, 0x7f}, 0x10, r11, r14, 0x7, &(0x7f0000000840)=[r15, r17, r18, 0x1, r19], &(0x7f0000000880)=[{0x4, 0x4, 0x4, 0x5b81da74cfa8a893}, {0x4, 0x3, 0x9, 0xb}, {0x1, 0x5, 0x0, 0xb}, {0x0, 0x4, 0x8, 0xa}, {0x4, 0x3, 0x7, 0x5}, {0x0, 0x1, 0x8, 0xb}, {0x0, 0x2, 0x0, 0x2}], 0x10, 0x3f}, 0x90)
syz_clone(0x30bfb00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='\x00')

[  100.824809][ T3791] FAULT_INJECTION: forcing a failure.
[  100.824809][ T3791] name failslab, interval 1, probability 0, space 0, times 0
[  100.839681][ T3789] FAULT_INJECTION: forcing a failure.
[  100.839681][ T3789] name failslab, interval 1, probability 0, space 0, times 0
[  100.853047][ T3791] CPU: 0 PID: 3791 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  100.863104][ T3791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  100.873000][ T3791] Call Trace:
[  100.876119][ T3791]  <TASK>
[  100.878896][ T3791]  dump_stack_lvl+0x151/0x1b7
[  100.883416][ T3791]  ? io_uring_drop_tctx_refs+0x190/0x190
[  100.888878][ T3791]  ? __kasan_slab_alloc+0xc3/0xe0
[  100.894175][ T3791]  ? __kasan_slab_alloc+0xb1/0xe0
[  100.899034][ T3791]  ? slab_post_alloc_hook+0x53/0x2c0
[  100.904152][ T3791]  ? dup_task_struct+0x53/0xc60
[  100.908839][ T3791]  ? copy_process+0x5c4/0x3290
[  100.913448][ T3791]  ? kernel_clone+0x21e/0x9e0
[  100.917954][ T3791]  dump_stack+0x15/0x17
[  100.921943][ T3791]  should_fail+0x3c6/0x510
[  100.926203][ T3791]  __should_failslab+0xa4/0xe0
[  100.930801][ T3791]  should_failslab+0x9/0x20
[  100.935137][ T3791]  slab_pre_alloc_hook+0x37/0xd0
[  100.939911][ T3791]  kmem_cache_alloc_trace+0x48/0x210
[  100.945032][ T3791]  ? __get_vm_area_node+0x117/0x360
[  100.950067][ T3791]  __get_vm_area_node+0x117/0x360
[  100.954926][ T3791]  __vmalloc_node_range+0xe2/0x8d0
[  100.959877][ T3791]  ? copy_process+0x5c4/0x3290
[  100.964476][ T3791]  ? slab_post_alloc_hook+0x72/0x2c0
[  100.969595][ T3791]  ? dup_task_struct+0x53/0xc60
[  100.974373][ T3791]  ? dup_task_struct+0x53/0xc60
[  100.979055][ T3791]  dup_task_struct+0x416/0xc60
[  100.983655][ T3791]  ? copy_process+0x5c4/0x3290
[  100.988255][ T3791]  ? __kasan_check_write+0x14/0x20
[  100.993202][ T3791]  copy_process+0x5c4/0x3290
[  100.997631][ T3791]  ? __kasan_check_write+0x14/0x20
[  101.002575][ T3791]  ? proc_fail_nth_write+0x20b/0x290
[  101.007699][ T3791]  ? selinux_file_permission+0x2c4/0x570
[  101.013167][ T3791]  ? fsnotify_perm+0x6a/0x5d0
[  101.017678][ T3791]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  101.022624][ T3791]  ? vfs_write+0x9ec/0x1110
[  101.026966][ T3791]  kernel_clone+0x21e/0x9e0
[  101.031304][ T3791]  ? file_end_write+0x1c0/0x1c0
[  101.035992][ T3791]  ? create_io_thread+0x1e0/0x1e0
[  101.040850][ T3791]  ? mutex_unlock+0xb2/0x260
[  101.045365][ T3791]  ? __mutex_lock_slowpath+0x10/0x10
[  101.050495][ T3791]  __x64_sys_clone+0x23f/0x290
[  101.055087][ T3791]  ? __do_sys_vfork+0x130/0x130
[  101.059772][ T3791]  ? ksys_write+0x260/0x2c0
[  101.064115][ T3791]  ? debug_smp_processor_id+0x17/0x20
[  101.069320][ T3791]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  101.075335][ T3791]  ? exit_to_user_mode_prepare+0x39/0xa0
[  101.080797][ T3791]  do_syscall_64+0x3d/0xb0
[  101.085072][ T3791]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  101.090779][ T3791] RIP: 0033:0x7f905b6a5da9
[  101.095031][ T3791] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  101.114473][ T3791] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  101.122721][ T3791] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  101.130528][ T3791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  101.138340][ T3791] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  101.146155][ T3791] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  101.153964][ T3791] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
[  101.161780][ T3791]  </TASK>
[  101.164638][ T3789] CPU: 1 PID: 3789 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
06:47:37 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 3)

06:47:37 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xa000cc00, 0x0, 0x0, &(0x7f0000000540))

06:47:37 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40086602, &(0x7f0000000180))
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x20, &(0x7f0000000640)={&(0x7f0000000500)=""/234, 0xea, <r4=>0x0, &(0x7f0000000600)=""/33, 0x21}}, 0x10)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0x5, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @jmp={0x5, 0x1, 0x8, 0xb, 0x3, 0xfffffffffffffffe, 0x4}]}, &(0x7f0000000380)='GPL\x00', 0x4, 0x8a, &(0x7f00000003c0)=""/138, 0x41000, 0x17, '\x00', 0x0, 0x2e, r3, 0x8, &(0x7f0000000480)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0x5, 0x3, 0x3f}, 0x10, r4, r0, 0x0, &(0x7f0000000740)=[r2, r2, r2, r2, r5], 0x0, 0x10, 0xffff}, 0x90)
r6 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r6, r1, 0x0, 0xe, &(0x7f00000002c0)='memory.events\x00'}, 0x30)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r2, &(0x7f0000000080)="0fd0f4cdcab4f693dcb529446a681beb59e62c12183312b613b8a4b70122e3e25ac97c71d9dbff7ec3551a5d97e08a159ecd0bec6bdb5d60be4fe8dd521f4cd0", &(0x7f00000000c0)=""/148}, 0x20)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000001c0)={r0, r7}, 0xc)

[  101.174713][ T3789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  101.184606][ T3789] Call Trace:
[  101.187727][ T3789]  <TASK>
[  101.190503][ T3789]  dump_stack_lvl+0x151/0x1b7
[  101.195020][ T3789]  ? io_uring_drop_tctx_refs+0x190/0x190
[  101.196230][ T3800] FAULT_INJECTION: forcing a failure.
[  101.196230][ T3800] name failslab, interval 1, probability 0, space 0, times 0
[  101.200485][ T3789]  dump_stack+0x15/0x17
[  101.200508][ T3789]  should_fail+0x3c6/0x510
[  101.221150][ T3789]  __should_failslab+0xa4/0xe0
[  101.225742][ T3789]  ? vm_area_dup+0x26/0x230
[  101.230083][ T3789]  should_failslab+0x9/0x20
[  101.234421][ T3789]  slab_pre_alloc_hook+0x37/0xd0
[  101.239194][ T3789]  ? vm_area_dup+0x26/0x230
[  101.243534][ T3789]  kmem_cache_alloc+0x44/0x200
[  101.248134][ T3789]  vm_area_dup+0x26/0x230
[  101.252300][ T3789]  copy_mm+0x9a1/0x13e0
[  101.256296][ T3789]  ? copy_signal+0x610/0x610
[  101.260724][ T3789]  ? __init_rwsem+0xd6/0x1c0
[  101.265144][ T3789]  ? copy_signal+0x4e3/0x610
[  101.269573][ T3789]  copy_process+0x1149/0x3290
[  101.274088][ T3789]  ? proc_fail_nth_write+0x20b/0x290
[  101.279205][ T3789]  ? fsnotify_perm+0x6a/0x5d0
[  101.283719][ T3789]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  101.288665][ T3789]  ? vfs_write+0x9ec/0x1110
[  101.293012][ T3789]  kernel_clone+0x21e/0x9e0
[  101.297347][ T3789]  ? file_end_write+0x1c0/0x1c0
[  101.302032][ T3789]  ? create_io_thread+0x1e0/0x1e0
[  101.306891][ T3789]  ? mutex_unlock+0xb2/0x260
[  101.311319][ T3789]  ? __mutex_lock_slowpath+0x10/0x10
[  101.316453][ T3789]  __x64_sys_clone+0x23f/0x290
[  101.321041][ T3789]  ? __do_sys_vfork+0x130/0x130
[  101.325725][ T3789]  ? ksys_write+0x260/0x2c0
[  101.330068][ T3789]  ? debug_smp_processor_id+0x17/0x20
[  101.335273][ T3789]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  101.341178][ T3789]  ? exit_to_user_mode_prepare+0x39/0xa0
[  101.346645][ T3789]  do_syscall_64+0x3d/0xb0
[  101.350986][ T3789]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  101.356710][ T3789] RIP: 0033:0x7fc79465eda9
[  101.360966][ T3789] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  101.380405][ T3789] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  101.388651][ T3789] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  101.396488][ T3789] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  101.404275][ T3789] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  101.412086][ T3789] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  101.419897][ T3789] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  101.427711][ T3789]  </TASK>
[  101.430991][ T3800] CPU: 0 PID: 3800 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  101.441043][ T3800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  101.450939][ T3800] Call Trace:
[  101.454063][ T3800]  <TASK>
[  101.456841][ T3800]  dump_stack_lvl+0x151/0x1b7
[  101.461352][ T3800]  ? io_uring_drop_tctx_refs+0x190/0x190
[  101.466819][ T3800]  dump_stack+0x15/0x17
[  101.470811][ T3800]  should_fail+0x3c6/0x510
[  101.475065][ T3800]  __should_failslab+0xa4/0xe0
[  101.479663][ T3800]  ? alloc_vmap_area+0x19e/0x1a80
[  101.484526][ T3800]  should_failslab+0x9/0x20
[  101.488864][ T3800]  slab_pre_alloc_hook+0x37/0xd0
[  101.493639][ T3800]  ? alloc_vmap_area+0x19e/0x1a80
[  101.498498][ T3800]  kmem_cache_alloc+0x44/0x200
[  101.503099][ T3800]  alloc_vmap_area+0x19e/0x1a80
[  101.507788][ T3800]  ? vm_map_ram+0xa90/0xa90
[  101.512127][ T3800]  ? kmem_cache_alloc_trace+0x115/0x210
[  101.517506][ T3800]  ? __get_vm_area_node+0x117/0x360
[  101.522542][ T3800]  __get_vm_area_node+0x158/0x360
[  101.527404][ T3800]  __vmalloc_node_range+0xe2/0x8d0
[  101.532348][ T3800]  ? copy_process+0x5c4/0x3290
[  101.536950][ T3800]  ? slab_post_alloc_hook+0x72/0x2c0
[  101.542074][ T3800]  ? dup_task_struct+0x53/0xc60
[  101.546769][ T3800]  ? dup_task_struct+0x53/0xc60
[  101.551446][ T3800]  dup_task_struct+0x416/0xc60
[  101.556043][ T3800]  ? copy_process+0x5c4/0x3290
[  101.560644][ T3800]  ? __kasan_check_write+0x14/0x20
[  101.565592][ T3800]  copy_process+0x5c4/0x3290
[  101.570022][ T3800]  ? __kasan_check_write+0x14/0x20
[  101.574964][ T3800]  ? proc_fail_nth_write+0x20b/0x290
[  101.580088][ T3800]  ? selinux_file_permission+0x2c4/0x570
[  101.585553][ T3800]  ? fsnotify_perm+0x6a/0x5d0
[  101.590077][ T3800]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  101.595013][ T3800]  ? vfs_write+0x9ec/0x1110
[  101.599355][ T3800]  kernel_clone+0x21e/0x9e0
[  101.603693][ T3800]  ? file_end_write+0x1c0/0x1c0
[  101.608379][ T3800]  ? create_io_thread+0x1e0/0x1e0
[  101.613240][ T3800]  ? mutex_unlock+0xb2/0x260
[  101.617668][ T3800]  ? __mutex_lock_slowpath+0x10/0x10
[  101.622790][ T3800]  __x64_sys_clone+0x23f/0x290
[  101.627390][ T3800]  ? __do_sys_vfork+0x130/0x130
[  101.632074][ T3800]  ? ksys_write+0x260/0x2c0
[  101.636424][ T3800]  ? debug_smp_processor_id+0x17/0x20
[  101.641622][ T3800]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  101.647525][ T3800]  ? exit_to_user_mode_prepare+0x39/0xa0
[  101.652995][ T3800]  do_syscall_64+0x3d/0xb0
[  101.657252][ T3800]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  101.662976][ T3800] RIP: 0033:0x7f905b6a5da9
[  101.667238][ T3800] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  101.686668][ T3800] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  101.694914][ T3800] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  101.702724][ T3800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  101.710536][ T3800] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  101.718354][ T3800] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
06:47:37 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 57)

06:47:38 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xffffffc0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x4}, 0x48) (async)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10) (async)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000b40), 0x8) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000d00)='blkio.bfq.dequeue\x00', 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x13, 0x7, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000080000000000000000300000085200000050000001830000004f8000000000000009500000000000000"], &(0x7f00000003c0)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x8, '\x00', r4, 0x35, r5, 0x8, &(0x7f0000000b80)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000bc0)={0x1, 0x0, 0x7, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)=[r6, 0xffffffffffffffff, 0xffffffffffffffff, r3], 0x0, 0x10, 0x3}, 0x90)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r9, 0x40086602, &(0x7f0000000040))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={r8, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r8, 0x20, &(0x7f0000000740)={&(0x7f0000000680)=""/55, 0x37, <r11=>0x0, &(0x7f00000006c0)=""/119, 0x77}}, 0x10) (async)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000007c0)={0xffffffffffffffff}, 0x4) (async)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', 0x0, r8, 0x3, 0x0, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x13, &(0x7f0000000400)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6aa}}, @ringbuf_query, @func={0x85, 0x0, 0x1, 0x0, 0x2}], &(0x7f00000004c0)='GPL\x00', 0xdfb, 0x27, &(0x7f0000000500)=""/39, 0x0, 0x4a, '\x00', r10, 0x0, r8, 0x8, &(0x7f0000000600)={0x2}, 0x8, 0x10, &(0x7f0000000640)={0x2, 0x8, 0x1f, 0x81}, 0x10, r11, r12, 0x0, &(0x7f00000008c0)=[0xffffffffffffffff, r13, 0xffffffffffffffff, r9], 0x0, 0x10, 0x6}, 0x90) (async)
r14 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000380)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ldst={0x2, 0x0, 0x3, 0x6, 0x6, 0xfffffffffffffffe, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @tail_call, @ldst={0x3, 0x0, 0x3, 0x9, 0xe42635505d496e18, 0x20, 0xffffffffffffffff}, @map_val={0x18, 0xb, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000400)='GPL\x00', 0x6, 0xb0, &(0x7f0000000440)=""/176, 0x41000, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0x7, 0x7, 0x7ff}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0xffffffffffffffff, 0x1], &(0x7f00000005c0)=[{0x0, 0x3, 0xf}], 0x10, 0x800}, 0x90) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, <r15=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
r16 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup/syz1\x00', 0x200002, 0x0)
r17 = openat$cgroup_ro(r16, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r17, &(0x7f0000000240)=0x80000002, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000480)={0x0, r17}, 0x10) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{0xffffffffffffffff, <r18=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)='%-010d \x00'}, 0x20) (async)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r19}, {}, {}, {0x85, 0x0, 0x0, 0xab}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1e, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7c61fbdc}, {}, {}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xffffffffffffffff}, @map_fd={0x18, 0xd, 0x1, 0x0, r2}, @exit, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @jmp={0x5, 0x1, 0x7, 0x8, 0x9, 0x6, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x1, '\x00', r4, 0x12, r7, 0x8, &(0x7f0000000300)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x6, 0x9, 0x7f}, 0x10, r11, r14, 0x7, &(0x7f0000000840)=[r15, r17, r18, 0x1, r19], &(0x7f0000000880)=[{0x4, 0x4, 0x4, 0x5b81da74cfa8a893}, {0x4, 0x3, 0x9, 0xb}, {0x1, 0x5, 0x0, 0xb}, {0x0, 0x4, 0x8, 0xa}, {0x4, 0x3, 0x7, 0x5}, {0x0, 0x1, 0x8, 0xb}, {0x0, 0x2, 0x0, 0x2}], 0x10, 0x3f}, 0x90) (async)
syz_clone(0x30bfb00, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='\x00')

06:47:38 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xa002ae64, 0x0, 0x0, &(0x7f0000000540))

06:47:38 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40086602, &(0x7f0000000180)) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x20, &(0x7f0000000640)={&(0x7f0000000500)=""/234, 0xea, <r4=>0x0, &(0x7f0000000600)=""/33, 0x21}}, 0x10) (async)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0x5, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @jmp={0x5, 0x1, 0x8, 0xb, 0x3, 0xfffffffffffffffe, 0x4}]}, &(0x7f0000000380)='GPL\x00', 0x4, 0x8a, &(0x7f00000003c0)=""/138, 0x41000, 0x17, '\x00', 0x0, 0x2e, r3, 0x8, &(0x7f0000000480)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0x5, 0x3, 0x3f}, 0x10, r4, r0, 0x0, &(0x7f0000000740)=[r2, r2, r2, r2, r5], 0x0, 0x10, 0xffff}, 0x90)
r6 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r6, r1, 0x0, 0xe, &(0x7f00000002c0)='memory.events\x00'}, 0x30) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r2, &(0x7f0000000080)="0fd0f4cdcab4f693dcb529446a681beb59e62c12183312b613b8a4b70122e3e25ac97c71d9dbff7ec3551a5d97e08a159ecd0bec6bdb5d60be4fe8dd521f4cd0", &(0x7f00000000c0)=""/148}, 0x20) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243) (async)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000001c0)={r0, r7}, 0xc)

06:47:38 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xffffffc0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x4}, 0x48) (async)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8) (async, rerun: 64)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10) (rerun: 64)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000b40), 0x8) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000d00)='blkio.bfq.dequeue\x00', 0x0, 0x0) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x13, 0x7, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000080000000000000000300000085200000050000001830000004f8000000000000009500000000000000"], &(0x7f00000003c0)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x8, '\x00', r4, 0x35, r5, 0x8, &(0x7f0000000b80)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000bc0)={0x1, 0x0, 0x7, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)=[r6, 0xffffffffffffffff, 0xffffffffffffffff, r3], 0x0, 0x10, 0x3}, 0x90) (async, rerun: 64)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) (async, rerun: 32)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async, rerun: 32)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r9, 0x40086602, &(0x7f0000000040))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={r8, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r8, 0x20, &(0x7f0000000740)={&(0x7f0000000680)=""/55, 0x37, <r11=>0x0, &(0x7f00000006c0)=""/119, 0x77}}, 0x10) (async)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000007c0)={0xffffffffffffffff}, 0x4)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', 0x0, r8, 0x3, 0x0, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x13, &(0x7f0000000400)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6aa}}, @ringbuf_query, @func={0x85, 0x0, 0x1, 0x0, 0x2}], &(0x7f00000004c0)='GPL\x00', 0xdfb, 0x27, &(0x7f0000000500)=""/39, 0x0, 0x4a, '\x00', r10, 0x0, r8, 0x8, &(0x7f0000000600)={0x2}, 0x8, 0x10, &(0x7f0000000640)={0x2, 0x8, 0x1f, 0x81}, 0x10, r11, r12, 0x0, &(0x7f00000008c0)=[0xffffffffffffffff, r13, 0xffffffffffffffff, r9], 0x0, 0x10, 0x6}, 0x90) (async)
r14 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000380)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ldst={0x2, 0x0, 0x3, 0x6, 0x6, 0xfffffffffffffffe, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @tail_call, @ldst={0x3, 0x0, 0x3, 0x9, 0xe42635505d496e18, 0x20, 0xffffffffffffffff}, @map_val={0x18, 0xb, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000400)='GPL\x00', 0x6, 0xb0, &(0x7f0000000440)=""/176, 0x41000, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0x7, 0x7, 0x7ff}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0xffffffffffffffff, 0x1], &(0x7f00000005c0)=[{0x0, 0x3, 0xf}], 0x10, 0x800}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, <r15=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) (async, rerun: 32)
r16 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup/syz1\x00', 0x200002, 0x0) (rerun: 32)
r17 = openat$cgroup_ro(r16, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r17, &(0x7f0000000240)=0x80000002, 0x12) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000480)={0x0, r17}, 0x10) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{0xffffffffffffffff, <r18=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)='%-010d \x00'}, 0x20) (async)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r19}, {}, {}, {0x85, 0x0, 0x0, 0xab}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1e, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7c61fbdc}, {}, {}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xffffffffffffffff}, @map_fd={0x18, 0xd, 0x1, 0x0, r2}, @exit, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @jmp={0x5, 0x1, 0x7, 0x8, 0x9, 0x6, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x1, '\x00', r4, 0x12, r7, 0x8, &(0x7f0000000300)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x6, 0x9, 0x7f}, 0x10, r11, r14, 0x7, &(0x7f0000000840)=[r15, r17, r18, 0x1, r19], &(0x7f0000000880)=[{0x4, 0x4, 0x4, 0x5b81da74cfa8a893}, {0x4, 0x3, 0x9, 0xb}, {0x1, 0x5, 0x0, 0xb}, {0x0, 0x4, 0x8, 0xa}, {0x4, 0x3, 0x7, 0x5}, {0x0, 0x1, 0x8, 0xb}, {0x0, 0x2, 0x0, 0x2}], 0x10, 0x3f}, 0x90) (async)
syz_clone(0x30bfb00, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='\x00')

[  101.726159][ T3800] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
[  101.733974][ T3800]  </TASK>
[  101.760454][ T3811] FAULT_INJECTION: forcing a failure.
[  101.760454][ T3811] name failslab, interval 1, probability 0, space 0, times 0
06:47:38 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 4)

[  101.794225][ T3811] CPU: 0 PID: 3811 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  101.804295][ T3811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  101.814192][ T3811] Call Trace:
[  101.817315][ T3811]  <TASK>
[  101.820091][ T3811]  dump_stack_lvl+0x151/0x1b7
[  101.821106][ T3827] FAULT_INJECTION: forcing a failure.
[  101.821106][ T3827] name failslab, interval 1, probability 0, space 0, times 0
[  101.824601][ T3811]  ? io_uring_drop_tctx_refs+0x190/0x190
[  101.824630][ T3811]  dump_stack+0x15/0x17
[  101.846477][ T3811]  should_fail+0x3c6/0x510
[  101.850727][ T3811]  __should_failslab+0xa4/0xe0
[  101.855327][ T3811]  ? vm_area_dup+0x26/0x230
[  101.859667][ T3811]  should_failslab+0x9/0x20
[  101.864006][ T3811]  slab_pre_alloc_hook+0x37/0xd0
[  101.868779][ T3811]  ? vm_area_dup+0x26/0x230
[  101.873137][ T3811]  kmem_cache_alloc+0x44/0x200
[  101.877720][ T3811]  vm_area_dup+0x26/0x230
[  101.881888][ T3811]  copy_mm+0x9a1/0x13e0
[  101.885887][ T3811]  ? copy_signal+0x610/0x610
[  101.890304][ T3811]  ? __init_rwsem+0xd6/0x1c0
[  101.894729][ T3811]  ? copy_signal+0x4e3/0x610
[  101.899161][ T3811]  copy_process+0x1149/0x3290
[  101.903679][ T3811]  ? proc_fail_nth_write+0x20b/0x290
[  101.908798][ T3811]  ? fsnotify_perm+0x6a/0x5d0
[  101.913308][ T3811]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  101.918256][ T3811]  ? vfs_write+0x9ec/0x1110
[  101.922599][ T3811]  kernel_clone+0x21e/0x9e0
[  101.926935][ T3811]  ? file_end_write+0x1c0/0x1c0
[  101.931619][ T3811]  ? create_io_thread+0x1e0/0x1e0
[  101.936478][ T3811]  ? mutex_unlock+0xb2/0x260
[  101.940912][ T3811]  ? __mutex_lock_slowpath+0x10/0x10
[  101.946030][ T3811]  __x64_sys_clone+0x23f/0x290
[  101.950631][ T3811]  ? __do_sys_vfork+0x130/0x130
[  101.955313][ T3811]  ? ksys_write+0x260/0x2c0
[  101.959655][ T3811]  ? debug_smp_processor_id+0x17/0x20
[  101.964863][ T3811]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  101.970764][ T3811]  ? exit_to_user_mode_prepare+0x39/0xa0
[  101.976234][ T3811]  do_syscall_64+0x3d/0xb0
[  101.980485][ T3811]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  101.986213][ T3811] RIP: 0033:0x7fc79465eda9
[  101.990467][ T3811] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  102.009908][ T3811] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  102.018153][ T3811] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  102.025964][ T3811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  102.033786][ T3811] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  102.041586][ T3811] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  102.049398][ T3811] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  102.057214][ T3811]  </TASK>
[  102.060075][ T3827] CPU: 1 PID: 3827 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  102.070147][ T3827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  102.080039][ T3827] Call Trace:
[  102.083159][ T3827]  <TASK>
[  102.085937][ T3827]  dump_stack_lvl+0x151/0x1b7
[  102.090452][ T3827]  ? io_uring_drop_tctx_refs+0x190/0x190
[  102.095921][ T3827]  dump_stack+0x15/0x17
[  102.099916][ T3827]  should_fail+0x3c6/0x510
[  102.104165][ T3827]  __should_failslab+0xa4/0xe0
[  102.108763][ T3827]  ? alloc_vmap_area+0x644/0x1a80
[  102.113624][ T3827]  should_failslab+0x9/0x20
[  102.117964][ T3827]  slab_pre_alloc_hook+0x37/0xd0
[  102.122741][ T3827]  ? alloc_vmap_area+0x644/0x1a80
[  102.127599][ T3827]  kmem_cache_alloc+0x44/0x200
[  102.132197][ T3827]  alloc_vmap_area+0x644/0x1a80
[  102.136895][ T3827]  ? vm_map_ram+0xa90/0xa90
[  102.141226][ T3827]  ? kmem_cache_alloc_trace+0x115/0x210
[  102.146606][ T3827]  ? __get_vm_area_node+0x117/0x360
[  102.151640][ T3827]  __get_vm_area_node+0x158/0x360
[  102.156504][ T3827]  __vmalloc_node_range+0xe2/0x8d0
[  102.161447][ T3827]  ? copy_process+0x5c4/0x3290
[  102.166047][ T3827]  ? slab_post_alloc_hook+0x72/0x2c0
[  102.171168][ T3827]  ? dup_task_struct+0x53/0xc60
[  102.175857][ T3827]  ? dup_task_struct+0x53/0xc60
[  102.180541][ T3827]  dup_task_struct+0x416/0xc60
[  102.185143][ T3827]  ? copy_process+0x5c4/0x3290
[  102.189743][ T3827]  ? __kasan_check_write+0x14/0x20
[  102.194692][ T3827]  copy_process+0x5c4/0x3290
[  102.199117][ T3827]  ? __kasan_check_write+0x14/0x20
[  102.204063][ T3827]  ? proc_fail_nth_write+0x20b/0x290
[  102.209184][ T3827]  ? selinux_file_permission+0x2c4/0x570
[  102.214653][ T3827]  ? fsnotify_perm+0x6a/0x5d0
[  102.219168][ T3827]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  102.224112][ T3827]  ? vfs_write+0x9ec/0x1110
[  102.228453][ T3827]  kernel_clone+0x21e/0x9e0
[  102.232793][ T3827]  ? file_end_write+0x1c0/0x1c0
[  102.237479][ T3827]  ? create_io_thread+0x1e0/0x1e0
[  102.242337][ T3827]  ? mutex_unlock+0xb2/0x260
[  102.246767][ T3827]  ? __mutex_lock_slowpath+0x10/0x10
[  102.251889][ T3827]  __x64_sys_clone+0x23f/0x290
[  102.256495][ T3827]  ? __do_sys_vfork+0x130/0x130
[  102.261174][ T3827]  ? ksys_write+0x260/0x2c0
[  102.265517][ T3827]  ? debug_smp_processor_id+0x17/0x20
[  102.270720][ T3827]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  102.276625][ T3827]  ? exit_to_user_mode_prepare+0x39/0xa0
[  102.282092][ T3827]  do_syscall_64+0x3d/0xb0
[  102.286345][ T3827]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  102.292073][ T3827] RIP: 0033:0x7f905b6a5da9
[  102.296326][ T3827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  102.315770][ T3827] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  102.324019][ T3827] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  102.331825][ T3827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:38 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 58)

[  102.339636][ T3827] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  102.347448][ T3827] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  102.355262][ T3827] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
[  102.363071][ T3827]  </TASK>
[  102.384937][ T3832] FAULT_INJECTION: forcing a failure.
[  102.384937][ T3832] name failslab, interval 1, probability 0, space 0, times 0
06:47:38 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 5)

06:47:38 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  102.405197][ T3836] FAULT_INJECTION: forcing a failure.
[  102.405197][ T3836] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  102.411823][ T3832] CPU: 1 PID: 3832 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  102.428279][ T3832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  102.438171][ T3832] Call Trace:
[  102.441294][ T3832]  <TASK>
[  102.444082][ T3832]  dump_stack_lvl+0x151/0x1b7
[  102.448588][ T3832]  ? io_uring_drop_tctx_refs+0x190/0x190
[  102.454055][ T3832]  dump_stack+0x15/0x17
[  102.458049][ T3832]  should_fail+0x3c6/0x510
[  102.462300][ T3832]  __should_failslab+0xa4/0xe0
[  102.466904][ T3832]  ? vm_area_dup+0x26/0x230
[  102.471239][ T3832]  should_failslab+0x9/0x20
[  102.475587][ T3832]  slab_pre_alloc_hook+0x37/0xd0
[  102.480352][ T3832]  ? vm_area_dup+0x26/0x230
[  102.484691][ T3832]  kmem_cache_alloc+0x44/0x200
[  102.489293][ T3832]  vm_area_dup+0x26/0x230
[  102.493460][ T3832]  copy_mm+0x9a1/0x13e0
[  102.497453][ T3832]  ? copy_signal+0x610/0x610
[  102.501878][ T3832]  ? __init_rwsem+0xd6/0x1c0
[  102.506305][ T3832]  ? copy_signal+0x4e3/0x610
[  102.510730][ T3832]  copy_process+0x1149/0x3290
[  102.515244][ T3832]  ? proc_fail_nth_write+0x20b/0x290
[  102.520365][ T3832]  ? fsnotify_perm+0x6a/0x5d0
[  102.524883][ T3832]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  102.529825][ T3832]  ? vfs_write+0x9ec/0x1110
[  102.534166][ T3832]  kernel_clone+0x21e/0x9e0
[  102.538503][ T3832]  ? file_end_write+0x1c0/0x1c0
[  102.543191][ T3832]  ? create_io_thread+0x1e0/0x1e0
[  102.548052][ T3832]  ? mutex_unlock+0xb2/0x260
[  102.552478][ T3832]  ? __mutex_lock_slowpath+0x10/0x10
[  102.557599][ T3832]  __x64_sys_clone+0x23f/0x290
[  102.562198][ T3832]  ? __do_sys_vfork+0x130/0x130
[  102.566890][ T3832]  ? ksys_write+0x260/0x2c0
[  102.571228][ T3832]  ? debug_smp_processor_id+0x17/0x20
[  102.576432][ T3832]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  102.582336][ T3832]  ? exit_to_user_mode_prepare+0x39/0xa0
[  102.587805][ T3832]  do_syscall_64+0x3d/0xb0
[  102.592057][ T3832]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  102.597784][ T3832] RIP: 0033:0x7fc79465eda9
[  102.602039][ T3832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  102.621480][ T3832] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  102.629723][ T3832] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  102.637534][ T3832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  102.645350][ T3832] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:38 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40086602, &(0x7f0000000180)) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x20, &(0x7f0000000640)={&(0x7f0000000500)=""/234, 0xea, <r4=>0x0, &(0x7f0000000600)=""/33, 0x21}}, 0x10) (async)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0x5, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @jmp={0x5, 0x1, 0x8, 0xb, 0x3, 0xfffffffffffffffe, 0x4}]}, &(0x7f0000000380)='GPL\x00', 0x4, 0x8a, &(0x7f00000003c0)=""/138, 0x41000, 0x17, '\x00', 0x0, 0x2e, r3, 0x8, &(0x7f0000000480)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0x5, 0x3, 0x3f}, 0x10, r4, r0, 0x0, &(0x7f0000000740)=[r2, r2, r2, r2, r5], 0x0, 0x10, 0xffff}, 0x90) (async)
r6 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r6, r1, 0x0, 0xe, &(0x7f00000002c0)='memory.events\x00'}, 0x30) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r2, &(0x7f0000000080)="0fd0f4cdcab4f693dcb529446a681beb59e62c12183312b613b8a4b70122e3e25ac97c71d9dbff7ec3551a5d97e08a159ecd0bec6bdb5d60be4fe8dd521f4cd0", &(0x7f00000000c0)=""/148}, 0x20) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000000), 0x165243) (async)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000001c0)={r0, r7}, 0xc)

06:47:38 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xf5ffffff, 0x0, 0x0, &(0x7f0000000540))

[  102.653160][ T3832] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  102.660974][ T3832] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  102.668784][ T3832]  </TASK>
[  102.684044][ T3836] CPU: 1 PID: 3836 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  102.694113][ T3836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  102.704003][ T3836] Call Trace:
[  102.707126][ T3836]  <TASK>
[  102.709907][ T3836]  dump_stack_lvl+0x151/0x1b7
[  102.714416][ T3836]  ? io_uring_drop_tctx_refs+0x190/0x190
[  102.719888][ T3836]  ? arch_stack_walk+0xf3/0x140
[  102.724573][ T3836]  dump_stack+0x15/0x17
[  102.728564][ T3836]  should_fail+0x3c6/0x510
[  102.732817][ T3836]  should_fail_alloc_page+0x5a/0x80
[  102.737853][ T3836]  prepare_alloc_pages+0x15c/0x700
[  102.742800][ T3836]  ? __alloc_pages_bulk+0xe40/0xe40
[  102.747837][ T3836]  __alloc_pages+0x18c/0x8f0
[  102.752258][ T3836]  ? do_syscall_64+0x3d/0xb0
[  102.756687][ T3836]  ? prep_new_page+0x110/0x110
[  102.761288][ T3836]  __get_free_pages+0x10/0x30
[  102.765801][ T3836]  kasan_populate_vmalloc_pte+0x39/0x130
[  102.771266][ T3836]  ? __apply_to_page_range+0x8ca/0xbe0
[  102.776564][ T3836]  __apply_to_page_range+0x8dd/0xbe0
[  102.781683][ T3836]  ? kasan_populate_vmalloc+0x70/0x70
[  102.786893][ T3836]  ? kasan_populate_vmalloc+0x70/0x70
[  102.792096][ T3836]  apply_to_page_range+0x3b/0x50
[  102.796871][ T3836]  kasan_populate_vmalloc+0x65/0x70
[  102.801906][ T3836]  alloc_vmap_area+0x192f/0x1a80
[  102.806680][ T3836]  ? vm_map_ram+0xa90/0xa90
[  102.811021][ T3836]  ? kmem_cache_alloc_trace+0x115/0x210
[  102.816401][ T3836]  ? __get_vm_area_node+0x117/0x360
[  102.821436][ T3836]  __get_vm_area_node+0x158/0x360
[  102.826296][ T3836]  __vmalloc_node_range+0xe2/0x8d0
[  102.831243][ T3836]  ? copy_process+0x5c4/0x3290
[  102.835844][ T3836]  ? slab_post_alloc_hook+0x72/0x2c0
[  102.840964][ T3836]  ? dup_task_struct+0x53/0xc60
[  102.845652][ T3836]  dup_task_struct+0x416/0xc60
[  102.850249][ T3836]  ? copy_process+0x5c4/0x3290
[  102.854849][ T3836]  ? __kasan_check_write+0x14/0x20
[  102.859800][ T3836]  copy_process+0x5c4/0x3290
[  102.864227][ T3836]  ? __kasan_check_write+0x14/0x20
[  102.869174][ T3836]  ? proc_fail_nth_write+0x20b/0x290
[  102.874292][ T3836]  ? selinux_file_permission+0x2c4/0x570
[  102.879760][ T3836]  ? fsnotify_perm+0x6a/0x5d0
[  102.884275][ T3836]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  102.889221][ T3836]  ? vfs_write+0x9ec/0x1110
[  102.893562][ T3836]  kernel_clone+0x21e/0x9e0
[  102.897899][ T3836]  ? file_end_write+0x1c0/0x1c0
[  102.902586][ T3836]  ? create_io_thread+0x1e0/0x1e0
[  102.907446][ T3836]  ? mutex_unlock+0xb2/0x260
[  102.911876][ T3836]  ? __mutex_lock_slowpath+0x10/0x10
[  102.916995][ T3836]  __x64_sys_clone+0x23f/0x290
[  102.921596][ T3836]  ? __do_sys_vfork+0x130/0x130
[  102.926370][ T3836]  ? ksys_write+0x260/0x2c0
[  102.930707][ T3836]  ? debug_smp_processor_id+0x17/0x20
[  102.935915][ T3836]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  102.941818][ T3836]  ? exit_to_user_mode_prepare+0x39/0xa0
[  102.947286][ T3836]  do_syscall_64+0x3d/0xb0
[  102.951537][ T3836]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  102.957266][ T3836] RIP: 0033:0x7f905b6a5da9
[  102.961524][ T3836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  102.980960][ T3836] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  102.989208][ T3836] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  102.997020][ T3836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:39 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 59)

06:47:39 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  103.004829][ T3836] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  103.012642][ T3836] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  103.020460][ T3836] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
[  103.028267][ T3836]  </TASK>
[  103.047960][ T3836] warn_alloc: 2 callbacks suppressed
06:47:39 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x6b5581b3, 0x0, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x3, 0xf740, 0x3, 0x608, 0xffffffffffffffff, 0x95, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1, 0xf}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001d80)={r6, 0x20, &(0x7f0000001d40)={&(0x7f0000000d00)=""/41, 0x29, <r9=>0x0, &(0x7f0000000d40)=""/4096, 0x1000}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x1c, 0x20, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000ff030000000000000100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018310000050000000000000000000000185b00000000000000000000000000008d22500008000000850000008c000000185500000b0000000000000000000000186100000c000000000000000001000085100000000000001861000004000000000000000002000018350000030000000000000000000000181b0000", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ec3f346f8da1b2184e7ae85743045d1b920e438d758799970ecd282fa080fe7c67c6e542aba1b84123ced0c12128295db83fbc847096272ad233954bc83e197e2e89cd95cb"], &(0x7f0000000c40)='syzkaller\x00', 0x8001, 0x0, 0x0, 0x41000, 0x15, '\x00', r5, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000c80)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000cc0)={0x0, 0x7, 0x9, 0x80000001}, 0x10, r9, r0, 0x4, 0x0, &(0x7f0000001dc0)=[{0x1, 0x1, 0x0, 0x6}, {0x0, 0x5, 0xc, 0x3}, {0x3, 0x5, 0x10, 0xa}, {0x4, 0x1, 0xe, 0x5}], 0x10, 0x81}, 0x90)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r10}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x15, &(0x7f0000000780)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @jmp={0x5, 0x1, 0x7, 0x4, 0x4, 0x50, 0x1}, @jmp={0x5, 0x0, 0xc, 0x4, 0x6, 0xffffffffffffffc0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x3ff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffe}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}], &(0x7f0000000840)='syzkaller\x00', 0x100, 0xee, &(0x7f0000000880)=""/238, 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000980)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x0, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000a00)=[r7], &(0x7f0000000a40)=[{0x5, 0x1, 0xc, 0x1}], 0x10, 0x401}, 0x90)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x81, 0x0, 0x3, 0x24, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x5, 0xf}, 0x48)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x77}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}, @exit, @jmp={0x5, 0x1, 0x5, 0x2, 0x8, 0x30, 0x10}, @jmp={0x5, 0x1, 0x5, 0x1, 0x2, 0x8, 0x1}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x8}, @alu={0x4, 0x1, 0x5, 0x5, 0x2, 0x30, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x40, 0xe4, &(0x7f00000002c0)=""/228, 0x41000, 0x20, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000400)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x7, 0xf68, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000680)=[r7, r8, r11, r12], 0x0, 0x10, 0xf4}, 0x90)

[  103.047976][ T3836] syz-executor.2: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[  103.071065][ T3836] CPU: 1 PID: 3836 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  103.081125][ T3836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  103.091020][ T3836] Call Trace:
[  103.094141][ T3836]  <TASK>
[  103.096918][ T3836]  dump_stack_lvl+0x151/0x1b7
[  103.101430][ T3836]  ? io_uring_drop_tctx_refs+0x190/0x190
[  103.106903][ T3836]  ? pr_cont_kernfs_name+0xf0/0x100
[  103.111933][ T3836]  dump_stack+0x15/0x17
[  103.115926][ T3836]  warn_alloc+0x21a/0x390
[  103.120099][ T3836]  ? zone_watermark_ok_safe+0x270/0x270
[  103.125472][ T3836]  ? __get_vm_area_node+0x16e/0x360
[  103.130507][ T3836]  __vmalloc_node_range+0x2c1/0x8d0
[  103.135540][ T3836]  ? slab_post_alloc_hook+0x72/0x2c0
[  103.140661][ T3836]  ? dup_task_struct+0x53/0xc60
[  103.145350][ T3836]  dup_task_struct+0x416/0xc60
[  103.149948][ T3836]  ? copy_process+0x5c4/0x3290
[  103.154548][ T3836]  ? __kasan_check_write+0x14/0x20
[  103.159497][ T3836]  copy_process+0x5c4/0x3290
[  103.163924][ T3836]  ? __kasan_check_write+0x14/0x20
[  103.168871][ T3836]  ? proc_fail_nth_write+0x20b/0x290
[  103.173989][ T3836]  ? selinux_file_permission+0x2c4/0x570
[  103.179457][ T3836]  ? fsnotify_perm+0x6a/0x5d0
[  103.183971][ T3836]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  103.188931][ T3836]  ? vfs_write+0x9ec/0x1110
[  103.193264][ T3836]  kernel_clone+0x21e/0x9e0
[  103.197599][ T3836]  ? file_end_write+0x1c0/0x1c0
[  103.202288][ T3836]  ? create_io_thread+0x1e0/0x1e0
[  103.207145][ T3836]  ? mutex_unlock+0xb2/0x260
[  103.211572][ T3836]  ? __mutex_lock_slowpath+0x10/0x10
[  103.216692][ T3836]  __x64_sys_clone+0x23f/0x290
[  103.221294][ T3836]  ? __do_sys_vfork+0x130/0x130
[  103.225980][ T3836]  ? ksys_write+0x260/0x2c0
[  103.230320][ T3836]  ? debug_smp_processor_id+0x17/0x20
[  103.235525][ T3836]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  103.241431][ T3836]  ? exit_to_user_mode_prepare+0x39/0xa0
[  103.246898][ T3836]  do_syscall_64+0x3d/0xb0
[  103.251151][ T3836]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  103.256883][ T3836] RIP: 0033:0x7f905b6a5da9
[  103.261132][ T3836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  103.280575][ T3836] RSP: 002b:00007f905a427078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  103.288818][ T3836] RAX: ffffffffffffffda RBX: 00007f905b7d3f80 RCX: 00007f905b6a5da9
[  103.296631][ T3836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:39 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xfbffffff, 0x0, 0x0, &(0x7f0000000540))

[  103.304442][ T3836] RBP: 00007f905a427120 R08: 0000000020000540 R09: 0000000020000540
[  103.312254][ T3836] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  103.320067][ T3836] R13: 000000000000000b R14: 00007f905b7d3f80 R15: 00007ffcc6c5d5e8
[  103.327882][ T3836]  </TASK>
[  103.333976][ T3836] Mem-Info:
[  103.337415][ T3836] active_anon:6323 inactive_anon:151485 isolated_anon:0
[  103.337415][ T3836]  active_file:3471 inactive_file:10137 isolated_file:0
[  103.337415][ T3836]  unevictable:0 dirty:21 writeback:0
[  103.337415][ T3836]  slab_reclaimable:9134 slab_unreclaimable:72451
[  103.337415][ T3836]  mapped:25907 shmem:8936 pagetables:802 bounce:0
[  103.337415][ T3836]  kernel_misc_reclaimable:0
[  103.337415][ T3836]  free:1418055 free_pcp:21877 free_cma:0
[  103.382152][ T3848] FAULT_INJECTION: forcing a failure.
[  103.382152][ T3848] name failslab, interval 1, probability 0, space 0, times 0
[  103.397218][ T3848] CPU: 0 PID: 3848 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  103.404595][ T3836] Node 0 active_anon:25292kB inactive_anon:605940kB active_file:13884kB inactive_file:40548kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:103628kB dirty:84kB writeback:0kB shmem:35744kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:4436kB pagetables:3208kB all_unreclaimable? no
[  103.407274][ T3848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  103.407288][ T3848] Call Trace:
[  103.407294][ T3848]  <TASK>
[  103.407301][ T3848]  dump_stack_lvl+0x151/0x1b7
[  103.407324][ T3848]  ? io_uring_drop_tctx_refs+0x190/0x190
[  103.407344][ T3848]  dump_stack+0x15/0x17
[  103.407359][ T3848]  should_fail+0x3c6/0x510
[  103.471941][ T3848]  __should_failslab+0xa4/0xe0
[  103.476537][ T3848]  ? vm_area_dup+0x26/0x230
[  103.480875][ T3848]  should_failslab+0x9/0x20
[  103.485217][ T3848]  slab_pre_alloc_hook+0x37/0xd0
[  103.489988][ T3848]  ? vm_area_dup+0x26/0x230
[  103.494328][ T3848]  kmem_cache_alloc+0x44/0x200
[  103.498930][ T3848]  vm_area_dup+0x26/0x230
[  103.503096][ T3848]  copy_mm+0x9a1/0x13e0
[  103.507089][ T3848]  ? copy_signal+0x610/0x610
[  103.511514][ T3848]  ? __init_rwsem+0xd6/0x1c0
[  103.515940][ T3848]  ? copy_signal+0x4e3/0x610
[  103.520372][ T3848]  copy_process+0x1149/0x3290
[  103.524883][ T3848]  ? proc_fail_nth_write+0x20b/0x290
[  103.530003][ T3848]  ? fsnotify_perm+0x6a/0x5d0
[  103.534516][ T3848]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  103.539465][ T3848]  ? vfs_write+0x9ec/0x1110
[  103.543803][ T3848]  kernel_clone+0x21e/0x9e0
[  103.548140][ T3848]  ? file_end_write+0x1c0/0x1c0
[  103.552840][ T3848]  ? create_io_thread+0x1e0/0x1e0
[  103.557694][ T3848]  ? mutex_unlock+0xb2/0x260
[  103.562116][ T3848]  ? __mutex_lock_slowpath+0x10/0x10
[  103.567238][ T3848]  __x64_sys_clone+0x23f/0x290
[  103.571841][ T3848]  ? __do_sys_vfork+0x130/0x130
[  103.576522][ T3848]  ? ksys_write+0x260/0x2c0
[  103.580863][ T3848]  ? debug_smp_processor_id+0x17/0x20
[  103.586073][ T3848]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  103.591973][ T3848]  ? exit_to_user_mode_prepare+0x39/0xa0
[  103.597439][ T3848]  do_syscall_64+0x3d/0xb0
[  103.601694][ T3848]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  103.607424][ T3848] RIP: 0033:0x7fc79465eda9
[  103.611675][ T3848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  103.631119][ T3848] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  103.639361][ T3848] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  103.647175][ T3848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:39 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xff0f0100, 0x0, 0x0, &(0x7f0000000540))

06:47:39 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  103.654983][ T3848] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  103.662797][ T3848] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  103.670606][ T3848] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  103.678430][ T3848]  </TASK>
[  103.682142][ T3836] DMA32 free:2976724kB min:62592kB low:78240kB high:93888kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2981436kB mlocked:0kB bounce:0kB free_pcp:4712kB local_pcp:56kB free_cma:0kB
06:47:39 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xfffffff5, 0x0, 0x0, &(0x7f0000000540))

[  103.715917][ T3836] lowmem_reserve[]: 0 3941 3941
[  103.720795][ T3836] Normal free:2695496kB min:84860kB low:106072kB high:127284kB reserved_highatomic:0KB active_anon:25324kB inactive_anon:606052kB active_file:13884kB inactive_file:40548kB unevictable:0kB writepending:84kB present:5242880kB managed:4035848kB mlocked:0kB bounce:0kB free_pcp:82824kB local_pcp:46164kB free_cma:0kB
[  103.750320][ T3836] lowmem_reserve[]: 0 0 0
06:47:40 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x6}, 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={0xffffffffffffffff, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}], 0x8, 0x10, &(0x7f00000009c0), &(0x7f0000000a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a40)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x0, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="ae45a49d450300fb00fdffffff0000000000fb", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085ee2205001905b7ba87d76ad1859e7e9b10e1f029100000000000850000000000400000000005832f72850000000000000000ebbee2194143d0a7304af424ff9f5d37ccdff1b9da7bb28fbd611b2cde341087a253c12367b49286052856cb407c5fc3232720accf08fdc376539af0917cfa0f0923d087ef91c86530060cc5bae73c45c4457c1b57425cd3b821ad107d7790e53e2d364c13b59e9d294be6e75916cc103454515419f66e67a870da1f5f470858a288b7ffb2d1aef368da6563ebdf0916f1e41d4f47dc68e09cef2dd5add9b537cbf77225dd78806cbc61adafde4fe93a45ff245816698764932a4420495792be84087097e3c8479eab0fe8dfb21d3124e6882a084b505cc29970db5b5b87f5"], 0x0, 0x9, 0x30, &(0x7f0000000500)=""/48, 0x40f00, 0x18, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000bc0)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x7, 0xc}, {0x1, 0x3, 0xe}, {0x0, 0x1, 0x5}], 0x10, 0xc0000}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x1a, &(0x7f0000000400)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @generic={0xcf, 0xb, 0x7, 0x3f, 0xfffffc00}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xb74f1b8}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000001}], &(0x7f0000000500)='syzkaller\x00', 0x1, 0xeb, &(0x7f0000000540)=""/235, 0x41000, 0x0, '\x00', 0x0, 0x3a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x2, 0x5, 0xff, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%pS    \x00'}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000008c0)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x3, 0x12, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_fd={0x18, 0x1, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x63f24b175b6c55d9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='GPL\x00', 0x9, 0xfb, &(0x7f00000002c0)=""/251, 0x40f00, 0x5, '\x00', r4, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x6, 0x7ff}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000900)=[r6, r7, r8, 0xffffffffffffffff], 0x0, 0x10, 0x9}, 0x90)

06:47:40 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x6b5581b3, 0x0, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) (async)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x3, 0xf740, 0x3, 0x608, 0xffffffffffffffff, 0x95, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1, 0xf}, 0x48) (async, rerun: 32)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001d80)={r6, 0x20, &(0x7f0000001d40)={&(0x7f0000000d00)=""/41, 0x29, <r9=>0x0, &(0x7f0000000d40)=""/4096, 0x1000}}, 0x10) (rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x1c, 0x20, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000ff030000000000000100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018310000050000000000000000000000185b00000000000000000000000000008d22500008000000850000008c000000185500000b0000000000000000000000186100000c000000000000000001000085100000000000001861000004000000000000000002000018350000030000000000000000000000181b0000", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ec3f346f8da1b2184e7ae85743045d1b920e438d758799970ecd282fa080fe7c67c6e542aba1b84123ced0c12128295db83fbc847096272ad233954bc83e197e2e89cd95cb"], &(0x7f0000000c40)='syzkaller\x00', 0x8001, 0x0, 0x0, 0x41000, 0x15, '\x00', r5, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000c80)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000cc0)={0x0, 0x7, 0x9, 0x80000001}, 0x10, r9, r0, 0x4, 0x0, &(0x7f0000001dc0)=[{0x1, 0x1, 0x0, 0x6}, {0x0, 0x5, 0xc, 0x3}, {0x3, 0x5, 0x10, 0xa}, {0x4, 0x1, 0xe, 0x5}], 0x10, 0x81}, 0x90) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r10}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x15, &(0x7f0000000780)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @jmp={0x5, 0x1, 0x7, 0x4, 0x4, 0x50, 0x1}, @jmp={0x5, 0x0, 0xc, 0x4, 0x6, 0xffffffffffffffc0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x3ff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffe}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}], &(0x7f0000000840)='syzkaller\x00', 0x100, 0xee, &(0x7f0000000880)=""/238, 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000980)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x0, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000a00)=[r7], &(0x7f0000000a40)=[{0x5, 0x1, 0xc, 0x1}], 0x10, 0x401}, 0x90) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x81, 0x0, 0x3, 0x24, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x5, 0xf}, 0x48) (async)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x77}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}, @exit, @jmp={0x5, 0x1, 0x5, 0x2, 0x8, 0x30, 0x10}, @jmp={0x5, 0x1, 0x5, 0x1, 0x2, 0x8, 0x1}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x8}, @alu={0x4, 0x1, 0x5, 0x5, 0x2, 0x30, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x40, 0xe4, &(0x7f00000002c0)=""/228, 0x41000, 0x20, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000400)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x7, 0xf68, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000680)=[r7, r8, r11, r12], 0x0, 0x10, 0xf4}, 0x90)

[  103.754642][ T3836] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 4*2048kB (UM) 723*4096kB (M) = 2976724kB
06:47:40 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 60)

06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xfffffffb, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x6}, 0xc) (rerun: 64)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={0xffffffffffffffff, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}], 0x8, 0x10, &(0x7f00000009c0), &(0x7f0000000a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a40)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x0, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="ae45a49d450300fb00fdffffff0000000000fb", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085ee2205001905b7ba87d76ad1859e7e9b10e1f029100000000000850000000000400000000005832f72850000000000000000ebbee2194143d0a7304af424ff9f5d37ccdff1b9da7bb28fbd611b2cde341087a253c12367b49286052856cb407c5fc3232720accf08fdc376539af0917cfa0f0923d087ef91c86530060cc5bae73c45c4457c1b57425cd3b821ad107d7790e53e2d364c13b59e9d294be6e75916cc103454515419f66e67a870da1f5f470858a288b7ffb2d1aef368da6563ebdf0916f1e41d4f47dc68e09cef2dd5add9b537cbf77225dd78806cbc61adafde4fe93a45ff245816698764932a4420495792be84087097e3c8479eab0fe8dfb21d3124e6882a084b505cc29970db5b5b87f5"], 0x0, 0x9, 0x30, &(0x7f0000000500)=""/48, 0x40f00, 0x18, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000bc0)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x7, 0xc}, {0x1, 0x3, 0xe}, {0x0, 0x1, 0x5}], 0x10, 0xc0000}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x1a, &(0x7f0000000400)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @generic={0xcf, 0xb, 0x7, 0x3f, 0xfffffc00}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xb74f1b8}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000001}], &(0x7f0000000500)='syzkaller\x00', 0x1, 0xeb, &(0x7f0000000540)=""/235, 0x41000, 0x0, '\x00', 0x0, 0x3a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x2, 0x5, 0xff, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%pS    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20) (async)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000008c0)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x3, 0x12, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_fd={0x18, 0x1, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x63f24b175b6c55d9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='GPL\x00', 0x9, 0xfb, &(0x7f00000002c0)=""/251, 0x40f00, 0x5, '\x00', r4, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x6, 0x7ff}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000900)=[r6, r7, r8, 0xffffffffffffffff], 0x0, 0x10, 0x9}, 0x90)

[  103.783815][ T3836] Normal: 4220*4kB (UME) 1039*8kB (UME) 638*16kB (UME) 252*32kB (UME) 96*64kB (UME) 59*128kB (UME) 14*256kB (UME) 4*512kB (UE) 1*1024kB (E) 3*2048kB (UM) 641*4096kB (M) = 2695496kB
[  103.810829][ T3836] 22515 total pagecache pages
[  103.823991][ T3836] 0 pages in swap cache
[  103.828959][ T3836] Swap cache stats: add 0, delete 0, find 0/0
[  103.834911][ T3836] Free swap  = 124996kB
06:47:40 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1b0f81f000, 0x0, 0x0, &(0x7f0000000540))

[  103.838936][ T3836] Total swap = 124996kB
[  103.842903][ T3836] 2097051 pages RAM
[  103.846820][ T3836] 0 pages HighMem/MovableOnly
[  103.851367][ T3836] 342730 pages reserved
[  103.855345][ T3836] 0 pages cma reserved
[  103.874213][ T3891] FAULT_INJECTION: forcing a failure.
[  103.874213][ T3891] name failslab, interval 1, probability 0, space 0, times 0
[  103.888722][ T3891] CPU: 0 PID: 3891 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  103.898789][ T3891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  103.908683][ T3891] Call Trace:
[  103.911807][ T3891]  <TASK>
[  103.914581][ T3891]  dump_stack_lvl+0x151/0x1b7
[  103.919102][ T3891]  ? io_uring_drop_tctx_refs+0x190/0x190
[  103.924570][ T3891]  dump_stack+0x15/0x17
[  103.928562][ T3891]  should_fail+0x3c6/0x510
[  103.932813][ T3891]  __should_failslab+0xa4/0xe0
[  103.937409][ T3891]  ? vm_area_dup+0x26/0x230
[  103.941748][ T3891]  should_failslab+0x9/0x20
[  103.946110][ T3891]  slab_pre_alloc_hook+0x37/0xd0
[  103.950870][ T3891]  ? vm_area_dup+0x26/0x230
[  103.955200][ T3891]  kmem_cache_alloc+0x44/0x200
[  103.959806][ T3891]  vm_area_dup+0x26/0x230
[  103.963972][ T3891]  copy_mm+0x9a1/0x13e0
[  103.967961][ T3891]  ? copy_signal+0x610/0x610
[  103.972385][ T3891]  ? __init_rwsem+0xd6/0x1c0
[  103.976810][ T3891]  ? copy_signal+0x4e3/0x610
[  103.981329][ T3891]  copy_process+0x1149/0x3290
[  103.985837][ T3891]  ? proc_fail_nth_write+0x20b/0x290
[  103.990957][ T3891]  ? fsnotify_perm+0x6a/0x5d0
[  103.995495][ T3891]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  104.000418][ T3891]  ? vfs_write+0x9ec/0x1110
[  104.004764][ T3891]  kernel_clone+0x21e/0x9e0
[  104.009099][ T3891]  ? file_end_write+0x1c0/0x1c0
[  104.013881][ T3891]  ? create_io_thread+0x1e0/0x1e0
[  104.018734][ T3891]  ? mutex_unlock+0xb2/0x260
[  104.023161][ T3891]  ? __mutex_lock_slowpath+0x10/0x10
[  104.028281][ T3891]  __x64_sys_clone+0x23f/0x290
[  104.032879][ T3891]  ? __do_sys_vfork+0x130/0x130
[  104.037565][ T3891]  ? ksys_write+0x260/0x2c0
[  104.041908][ T3891]  ? debug_smp_processor_id+0x17/0x20
[  104.047113][ T3891]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  104.053015][ T3891]  ? exit_to_user_mode_prepare+0x39/0xa0
[  104.058486][ T3891]  do_syscall_64+0x3d/0xb0
[  104.062738][ T3891]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  104.068468][ T3891] RIP: 0033:0x7fc79465eda9
[  104.072719][ T3891] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:40 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x6b5581b3, 0x0, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x3, 0xf740, 0x3, 0x608, 0xffffffffffffffff, 0x95, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1, 0xf}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001d80)={r6, 0x20, &(0x7f0000001d40)={&(0x7f0000000d00)=""/41, 0x29, <r9=>0x0, &(0x7f0000000d40)=""/4096, 0x1000}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x1c, 0x20, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000ff030000000000000100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018310000050000000000000000000000185b00000000000000000000000000008d22500008000000850000008c000000185500000b0000000000000000000000186100000c000000000000000001000085100000000000001861000004000000000000000002000018350000030000000000000000000000181b0000", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ec3f346f8da1b2184e7ae85743045d1b920e438d758799970ecd282fa080fe7c67c6e542aba1b84123ced0c12128295db83fbc847096272ad233954bc83e197e2e89cd95cb"], &(0x7f0000000c40)='syzkaller\x00', 0x8001, 0x0, 0x0, 0x41000, 0x15, '\x00', r5, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000c80)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000cc0)={0x0, 0x7, 0x9, 0x80000001}, 0x10, r9, r0, 0x4, 0x0, &(0x7f0000001dc0)=[{0x1, 0x1, 0x0, 0x6}, {0x0, 0x5, 0xc, 0x3}, {0x3, 0x5, 0x10, 0xa}, {0x4, 0x1, 0xe, 0x5}], 0x10, 0x81}, 0x90)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r10}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x15, &(0x7f0000000780)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @jmp={0x5, 0x1, 0x7, 0x4, 0x4, 0x50, 0x1}, @jmp={0x5, 0x0, 0xc, 0x4, 0x6, 0xffffffffffffffc0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x3ff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffe}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}], &(0x7f0000000840)='syzkaller\x00', 0x100, 0xee, &(0x7f0000000880)=""/238, 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000980)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x0, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000a00)=[r7], &(0x7f0000000a40)=[{0x5, 0x1, 0xc, 0x1}], 0x10, 0x401}, 0x90)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x81, 0x0, 0x3, 0x24, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x5, 0xf}, 0x48)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x77}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}, @exit, @jmp={0x5, 0x1, 0x5, 0x2, 0x8, 0x30, 0x10}, @jmp={0x5, 0x1, 0x5, 0x1, 0x2, 0x8, 0x1}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x8}, @alu={0x4, 0x1, 0x5, 0x5, 0x2, 0x30, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x40, 0xe4, &(0x7f00000002c0)=""/228, 0x41000, 0x20, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000400)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x7, 0xf68, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000680)=[r7, r8, r11, r12], 0x0, 0x10, 0xf4}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x6b5581b3, 0x0, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) (async)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) (async)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)}, 0x10) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x3, 0xf740, 0x3, 0x608, 0xffffffffffffffff, 0x95, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1, 0xf}, 0x48) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001d80)={r6, 0x20, &(0x7f0000001d40)={&(0x7f0000000d00)=""/41, 0x29, 0x0, &(0x7f0000000d40)=""/4096, 0x1000}}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x1c, 0x20, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000ff030000000000000100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018310000050000000000000000000000185b00000000000000000000000000008d22500008000000850000008c000000185500000b0000000000000000000000186100000c000000000000000001000085100000000000001861000004000000000000000002000018350000030000000000000000000000181b0000", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ec3f346f8da1b2184e7ae85743045d1b920e438d758799970ecd282fa080fe7c67c6e542aba1b84123ced0c12128295db83fbc847096272ad233954bc83e197e2e89cd95cb"], &(0x7f0000000c40)='syzkaller\x00', 0x8001, 0x0, 0x0, 0x41000, 0x15, '\x00', r5, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000c80)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000cc0)={0x0, 0x7, 0x9, 0x80000001}, 0x10, r9, r0, 0x4, 0x0, &(0x7f0000001dc0)=[{0x1, 0x1, 0x0, 0x6}, {0x0, 0x5, 0xc, 0x3}, {0x3, 0x5, 0x10, 0xa}, {0x4, 0x1, 0xe, 0x5}], 0x10, 0x81}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48) (async)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r10}, 0x38) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x15, &(0x7f0000000780)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @jmp={0x5, 0x1, 0x7, 0x4, 0x4, 0x50, 0x1}, @jmp={0x5, 0x0, 0xc, 0x4, 0x6, 0xffffffffffffffc0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x3ff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffe}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}], &(0x7f0000000840)='syzkaller\x00', 0x100, 0xee, &(0x7f0000000880)=""/238, 0x40f00, 0x0, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000980)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x0, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000a00)=[r7], &(0x7f0000000a40)=[{0x5, 0x1, 0xc, 0x1}], 0x10, 0x401}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x81, 0x0, 0x3, 0x24, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x5, 0xf}, 0x48) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x77}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}, @exit, @jmp={0x5, 0x1, 0x5, 0x2, 0x8, 0x30, 0x10}, @jmp={0x5, 0x1, 0x5, 0x1, 0x2, 0x8, 0x1}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x8}, @alu={0x4, 0x1, 0x5, 0x5, 0x2, 0x30, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x40, 0xe4, &(0x7f00000002c0)=""/228, 0x41000, 0x20, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000400)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x7, 0xf68, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000680)=[r7, r8, r11, r12], 0x0, 0x10, 0xf4}, 0x90) (async)

06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2a6e10b8d000, 0x0, 0x0, &(0x7f0000000540))

[  104.092164][ T3891] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  104.100404][ T3891] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  104.108216][ T3891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  104.116118][ T3891] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  104.123929][ T3891] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  104.131736][ T3891] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  104.139551][ T3891]  </TASK>
06:47:40 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025102, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 61)

[  104.216625][ T3917] FAULT_INJECTION: forcing a failure.
[  104.216625][ T3917] name failslab, interval 1, probability 0, space 0, times 0
[  104.236665][ T3917] CPU: 0 PID: 3917 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  104.246742][ T3917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  104.256624][ T3917] Call Trace:
[  104.259750][ T3917]  <TASK>
06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x553a24fe3000, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025107, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  104.262612][ T3917]  dump_stack_lvl+0x151/0x1b7
[  104.267127][ T3917]  ? io_uring_drop_tctx_refs+0x190/0x190
[  104.272595][ T3917]  ? avc_denied+0x1b0/0x1b0
[  104.276936][ T3917]  dump_stack+0x15/0x17
[  104.280924][ T3917]  should_fail+0x3c6/0x510
[  104.285182][ T3917]  __should_failslab+0xa4/0xe0
[  104.289778][ T3917]  ? vm_area_dup+0x26/0x230
[  104.294118][ T3917]  should_failslab+0x9/0x20
[  104.298457][ T3917]  slab_pre_alloc_hook+0x37/0xd0
[  104.303231][ T3917]  ? vm_area_dup+0x26/0x230
[  104.307570][ T3917]  kmem_cache_alloc+0x44/0x200
[  104.312181][ T3917]  vm_area_dup+0x26/0x230
[  104.316335][ T3917]  copy_mm+0x9a1/0x13e0
[  104.320333][ T3917]  ? copy_signal+0x610/0x610
[  104.324757][ T3917]  ? __init_rwsem+0xd6/0x1c0
[  104.329191][ T3917]  ? copy_signal+0x4e3/0x610
[  104.333606][ T3917]  copy_process+0x1149/0x3290
[  104.338119][ T3917]  ? proc_fail_nth_write+0x20b/0x290
[  104.343238][ T3917]  ? fsnotify_perm+0x6a/0x5d0
[  104.347752][ T3917]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  104.352699][ T3917]  ? vfs_write+0x9ec/0x1110
[  104.357050][ T3917]  kernel_clone+0x21e/0x9e0
[  104.361382][ T3917]  ? file_end_write+0x1c0/0x1c0
[  104.366065][ T3917]  ? create_io_thread+0x1e0/0x1e0
[  104.370928][ T3917]  ? mutex_unlock+0xb2/0x260
[  104.375353][ T3917]  ? __mutex_lock_slowpath+0x10/0x10
[  104.380481][ T3917]  __x64_sys_clone+0x23f/0x290
[  104.385071][ T3917]  ? __do_sys_vfork+0x130/0x130
[  104.389763][ T3917]  ? ksys_write+0x260/0x2c0
[  104.394106][ T3917]  ? debug_smp_processor_id+0x17/0x20
[  104.399308][ T3917]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  104.405208][ T3917]  ? exit_to_user_mode_prepare+0x39/0xa0
[  104.410676][ T3917]  do_syscall_64+0x3d/0xb0
[  104.414932][ T3917]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  104.420659][ T3917] RIP: 0033:0x7fc79465eda9
[  104.424915][ T3917] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  104.444354][ T3917] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  104.452598][ T3917] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2001000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 62)

06:47:40 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025108, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  104.460411][ T3917] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  104.468226][ T3917] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  104.476033][ T3917] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  104.483844][ T3917] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  104.491667][ T3917]  </TASK>
06:47:40 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x8000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r2, 0x20, &(0x7f0000000500)={&(0x7f00000009c0)=""/4096, 0x1000, 0x0, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, r3, 0x2, 0x0, 0x5}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x0, 0xb, &(0x7f0000001780)=ANY=[@ANYBLOB="94071000f0ffffff4ddb0600000000008520000005000000183400000300000000000000000000008520000003000000183200000300000000000000000018001843000004000000000000000000000085100000000000005121d80f8a0e03df1eca6651736566744b061ba08a0e04c3cbcc1e9ba95a893bac8a7cb562af66cb0060786ab753917dc479a4a8da3d3364cfcfdfa561e7591e06833fdd2856a3622c77fee6581d74c70ae2651c0f914a039fb05f1fcf72a2426ab953a86a4a7ee913ddbb35364c6dc7ebc48d8422c8068f3d0f117ff9c339b942077c4c338bf5c6765ee51ddf5507eaf90a77f8974b398e7025ffe20590741d2bbc6b69e0b7c444deb14866da43e6ae9eadec9f3d01022e1c6b81962e9899ef5d26adef1c182514c5195126825d3f60"], 0x0, 0x5, 0xb0, &(0x7f00000015c0)=""/176, 0x40f00, 0x1, '\x00', r5, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000001680)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000016c0)={0x1, 0x8, 0x47, 0x9}, 0x10}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e00)={0x18, 0x1, &(0x7f00000003c0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000400)='syzkaller\x00', 0x6, 0xd5, &(0x7f0000001c80)=""/213, 0x40f00, 0x20, '\x00', r5, 0x0, r1, 0x8, &(0x7f0000000440)={0xa, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001d80)=[r1, r4, r3, r1, r2], &(0x7f0000001dc0)=[{0x2, 0x4, 0x10, 0x5}, {0x4, 0x3, 0x2, 0xe}], 0x10, 0x5}, 0x90)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
openat$cgroup_ro(r9, &(0x7f0000000500)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x6, 0x2, 0x8, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0xfff, 0x4, 0x8, 0x200, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0x1}, 0x48)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x5, 0x0, 0xd, 0xa, 0x0, 0x0, 0x74000000}, @printk={@x={0x18, 0x9}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1d, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1, &(0x7f0000000000)=@raw=[@alu={0x7, 0x1, 0x5, 0x0, 0x3, 0x100}], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x91, &(0x7f0000000080)=""/145, 0x41000, 0x5c, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x5, 0x1, 0x80, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000580)=[r7, r8, r9, r10, 0xffffffffffffffff, r11, r12, r13], &(0x7f00000005c0)=[{0x0, 0x3, 0x0, 0x9}, {0x0, 0x2, 0x6, 0x1}], 0x10, 0x6}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:40 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025109, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  104.545641][ T3954] FAULT_INJECTION: forcing a failure.
[  104.545641][ T3954] name failslab, interval 1, probability 0, space 0, times 0
[  104.580651][ T3954] CPU: 1 PID: 3954 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  104.590722][ T3954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  104.600701][ T3954] Call Trace:
[  104.603820][ T3954]  <TASK>
[  104.606603][ T3954]  dump_stack_lvl+0x151/0x1b7
[  104.611112][ T3954]  ? io_uring_drop_tctx_refs+0x190/0x190
[  104.616581][ T3954]  dump_stack+0x15/0x17
[  104.620572][ T3954]  should_fail+0x3c6/0x510
[  104.624826][ T3954]  __should_failslab+0xa4/0xe0
[  104.629432][ T3954]  ? vm_area_dup+0x26/0x230
[  104.633769][ T3954]  should_failslab+0x9/0x20
[  104.638108][ T3954]  slab_pre_alloc_hook+0x37/0xd0
[  104.642887][ T3954]  ? vm_area_dup+0x26/0x230
[  104.647216][ T3954]  kmem_cache_alloc+0x44/0x200
[  104.651818][ T3954]  vm_area_dup+0x26/0x230
[  104.655984][ T3954]  copy_mm+0x9a1/0x13e0
[  104.659986][ T3954]  ? copy_signal+0x610/0x610
[  104.664401][ T3954]  ? __init_rwsem+0xd6/0x1c0
[  104.668829][ T3954]  ? copy_signal+0x4e3/0x610
[  104.673257][ T3954]  copy_process+0x1149/0x3290
[  104.677771][ T3954]  ? proc_fail_nth_write+0x20b/0x290
[  104.682891][ T3954]  ? fsnotify_perm+0x6a/0x5d0
[  104.687403][ T3954]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  104.692352][ T3954]  ? vfs_write+0x9ec/0x1110
[  104.696694][ T3954]  kernel_clone+0x21e/0x9e0
[  104.701032][ T3954]  ? file_end_write+0x1c0/0x1c0
[  104.705731][ T3954]  ? create_io_thread+0x1e0/0x1e0
[  104.710577][ T3954]  ? mutex_unlock+0xb2/0x260
[  104.715005][ T3954]  ? __mutex_lock_slowpath+0x10/0x10
[  104.720125][ T3954]  __x64_sys_clone+0x23f/0x290
[  104.724750][ T3954]  ? __do_sys_vfork+0x130/0x130
[  104.729411][ T3954]  ? ksys_write+0x260/0x2c0
[  104.733753][ T3954]  ? debug_smp_processor_id+0x17/0x20
[  104.738960][ T3954]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  104.744860][ T3954]  ? exit_to_user_mode_prepare+0x39/0xa0
[  104.750329][ T3954]  do_syscall_64+0x3d/0xb0
[  104.754581][ T3954]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  104.760311][ T3954] RIP: 0033:0x7fc79465eda9
[  104.764564][ T3954] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  104.784006][ T3954] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:41 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 63)

[  104.792251][ T3954] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  104.800060][ T3954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  104.807873][ T3954] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  104.815686][ T3954] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  104.823495][ T3954] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  104.831309][ T3954]  </TASK>
06:47:41 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x6}, 0xc) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={0xffffffffffffffff, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}], 0x8, 0x10, &(0x7f00000009c0), &(0x7f0000000a00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a40)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x0, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="ae45a49d450300fb00fdffffff0000000000fb", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085ee2205001905b7ba87d76ad1859e7e9b10e1f029100000000000850000000000400000000005832f72850000000000000000ebbee2194143d0a7304af424ff9f5d37ccdff1b9da7bb28fbd611b2cde341087a253c12367b49286052856cb407c5fc3232720accf08fdc376539af0917cfa0f0923d087ef91c86530060cc5bae73c45c4457c1b57425cd3b821ad107d7790e53e2d364c13b59e9d294be6e75916cc103454515419f66e67a870da1f5f470858a288b7ffb2d1aef368da6563ebdf0916f1e41d4f47dc68e09cef2dd5add9b537cbf77225dd78806cbc61adafde4fe93a45ff245816698764932a4420495792be84087097e3c8479eab0fe8dfb21d3124e6882a084b505cc29970db5b5b87f5"], 0x0, 0x9, 0x30, &(0x7f0000000500)=""/48, 0x40f00, 0x18, '\x00', r3, 0x0, r2, 0x8, &(0x7f0000000bc0)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x7, 0xc}, {0x1, 0x3, 0xe}, {0x0, 0x1, 0x5}], 0x10, 0xc0000}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x1a, &(0x7f0000000400)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @generic={0xcf, 0xb, 0x7, 0x3f, 0xfffffc00}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xb74f1b8}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000001}], &(0x7f0000000500)='syzkaller\x00', 0x1, 0xeb, &(0x7f0000000540)=""/235, 0x41000, 0x0, '\x00', 0x0, 0x3a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x2, 0x5, 0xff, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%pS    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20) (async)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000008c0)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x3, 0x12, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_fd={0x18, 0x1, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x63f24b175b6c55d9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='GPL\x00', 0x9, 0xfb, &(0x7f00000002c0)=""/251, 0x40f00, 0x5, '\x00', r4, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x6, 0x7ff}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000900)=[r6, r7, r8, 0xffffffffffffffff], 0x0, 0x10, 0x9}, 0x90)

06:47:41 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x30fe243a550000, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 64)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r2, 0x20, &(0x7f0000000500)={&(0x7f00000009c0)=""/4096, 0x1000, 0x0, 0x0}}, 0x10) (async, rerun: 32)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, r3, 0x2, 0x0, 0x5}, 0x48) (rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x0, 0xb, &(0x7f0000001780)=ANY=[@ANYBLOB="94071000f0ffffff4ddb0600000000008520000005000000183400000300000000000000000000008520000003000000183200000300000000000000000018001843000004000000000000000000000085100000000000005121d80f8a0e03df1eca6651736566744b061ba08a0e04c3cbcc1e9ba95a893bac8a7cb562af66cb0060786ab753917dc479a4a8da3d3364cfcfdfa561e7591e06833fdd2856a3622c77fee6581d74c70ae2651c0f914a039fb05f1fcf72a2426ab953a86a4a7ee913ddbb35364c6dc7ebc48d8422c8068f3d0f117ff9c339b942077c4c338bf5c6765ee51ddf5507eaf90a77f8974b398e7025ffe20590741d2bbc6b69e0b7c444deb14866da43e6ae9eadec9f3d01022e1c6b81962e9899ef5d26adef1c182514c5195126825d3f60"], 0x0, 0x5, 0xb0, &(0x7f00000015c0)=""/176, 0x40f00, 0x1, '\x00', r5, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000001680)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000016c0)={0x1, 0x8, 0x47, 0x9}, 0x10}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e00)={0x18, 0x1, &(0x7f00000003c0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000400)='syzkaller\x00', 0x6, 0xd5, &(0x7f0000001c80)=""/213, 0x40f00, 0x20, '\x00', r5, 0x0, r1, 0x8, &(0x7f0000000440)={0xa, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001d80)=[r1, r4, r3, r1, r2], &(0x7f0000001dc0)=[{0x2, 0x4, 0x10, 0x5}, {0x4, 0x3, 0x2, 0xe}], 0x10, 0x5}, 0x90) (async)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
openat$cgroup_ro(r9, &(0x7f0000000500)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x6, 0x2, 0x8, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0xfff, 0x4, 0x8, 0x200, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0x1}, 0x48)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x5, 0x0, 0xd, 0xa, 0x0, 0x0, 0x74000000}, @printk={@x={0x18, 0x9}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) (async, rerun: 64)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1d, 0x5}, 0x48) (rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1, &(0x7f0000000000)=@raw=[@alu={0x7, 0x1, 0x5, 0x0, 0x3, 0x100}], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x91, &(0x7f0000000080)=""/145, 0x41000, 0x5c, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x5, 0x1, 0x80, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000580)=[r7, r8, r9, r10, 0xffffffffffffffff, r11, r12, r13], &(0x7f00000005c0)=[{0x0, 0x3, 0x0, 0x9}, {0x0, 0x2, 0x6, 0x1}], 0x10, 0x6}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  104.863388][ T3971] FAULT_INJECTION: forcing a failure.
[  104.863388][ T3971] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  104.876729][ T3971] CPU: 1 PID: 3971 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  104.886792][ T3971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  104.896691][ T3971] Call Trace:
[  104.899811][ T3971]  <TASK>
[  104.902590][ T3971]  dump_stack_lvl+0x151/0x1b7
[  104.907105][ T3971]  ? io_uring_drop_tctx_refs+0x190/0x190
[  104.912569][ T3971]  dump_stack+0x15/0x17
[  104.916558][ T3971]  should_fail+0x3c6/0x510
[  104.920814][ T3971]  should_fail_alloc_page+0x5a/0x80
[  104.925845][ T3971]  prepare_alloc_pages+0x15c/0x700
[  104.930794][ T3971]  ? __alloc_pages+0x8f0/0x8f0
[  104.935408][ T3971]  ? __alloc_pages_bulk+0xe40/0xe40
[  104.940428][ T3971]  __alloc_pages+0x18c/0x8f0
[  104.944857][ T3971]  ? prep_new_page+0x110/0x110
[  104.949454][ T3971]  ? is_bpf_text_address+0x172/0x190
[  104.954578][ T3971]  pte_alloc_one+0x73/0x1b0
[  104.958916][ T3971]  ? pfn_modify_allowed+0x2f0/0x2f0
[  104.963949][ T3971]  ? arch_stack_walk+0xf3/0x140
[  104.968636][ T3971]  __pte_alloc+0x86/0x350
[  104.972807][ T3971]  ? free_pgtables+0x280/0x280
[  104.977406][ T3971]  ? _raw_spin_lock+0xa4/0x1b0
[  104.982004][ T3971]  ? __kasan_check_write+0x14/0x20
[  104.986949][ T3971]  copy_page_range+0x28a8/0x2f90
[  104.991723][ T3971]  ? __kasan_slab_alloc+0xb1/0xe0
[  104.996588][ T3971]  ? pfn_valid+0x1e0/0x1e0
[  105.000835][ T3971]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[  105.006393][ T3971]  ? __rb_insert_augmented+0x5de/0x610
[  105.011688][ T3971]  copy_mm+0xc7e/0x13e0
[  105.015681][ T3971]  ? copy_signal+0x610/0x610
[  105.020105][ T3971]  ? __init_rwsem+0xd6/0x1c0
[  105.024532][ T3971]  ? copy_signal+0x4e3/0x610
[  105.028957][ T3971]  copy_process+0x1149/0x3290
[  105.033474][ T3971]  ? proc_fail_nth_write+0x20b/0x290
[  105.038597][ T3971]  ? fsnotify_perm+0x6a/0x5d0
[  105.043107][ T3971]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  105.048055][ T3971]  ? vfs_write+0x9ec/0x1110
[  105.052392][ T3971]  kernel_clone+0x21e/0x9e0
[  105.056745][ T3971]  ? file_end_write+0x1c0/0x1c0
[  105.061420][ T3971]  ? create_io_thread+0x1e0/0x1e0
[  105.066279][ T3971]  ? mutex_unlock+0xb2/0x260
[  105.070705][ T3971]  ? __mutex_lock_slowpath+0x10/0x10
[  105.075827][ T3971]  __x64_sys_clone+0x23f/0x290
[  105.080427][ T3971]  ? __do_sys_vfork+0x130/0x130
[  105.085112][ T3971]  ? ksys_write+0x260/0x2c0
[  105.089455][ T3971]  ? debug_smp_processor_id+0x17/0x20
[  105.094661][ T3971]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  105.100568][ T3971]  ? exit_to_user_mode_prepare+0x39/0xa0
[  105.106031][ T3971]  do_syscall_64+0x3d/0xb0
[  105.110284][ T3971]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  105.116015][ T3971] RIP: 0033:0x7fc79465eda9
[  105.120265][ T3971] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  105.139708][ T3971] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  105.147954][ T3971] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  105.155763][ T3971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:41 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x2, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4004662b, &(0x7f00000005c0)=0x1)
r3 = openat$cgroup(r2, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:41 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 64)

[  105.163576][ T3971] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  105.171387][ T3971] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  105.179197][ T3971] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  105.187012][ T3971]  </TASK>
06:47:41 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r2, 0x20, &(0x7f0000000500)={&(0x7f00000009c0)=""/4096, 0x1000, 0x0, 0x0}}, 0x10) (async, rerun: 32)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, r3, 0x2, 0x0, 0x5}, 0x48) (rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x0, 0xb, &(0x7f0000001780)=ANY=[@ANYBLOB="94071000f0ffffff4ddb0600000000008520000005000000183400000300000000000000000000008520000003000000183200000300000000000000000018001843000004000000000000000000000085100000000000005121d80f8a0e03df1eca6651736566744b061ba08a0e04c3cbcc1e9ba95a893bac8a7cb562af66cb0060786ab753917dc479a4a8da3d3364cfcfdfa561e7591e06833fdd2856a3622c77fee6581d74c70ae2651c0f914a039fb05f1fcf72a2426ab953a86a4a7ee913ddbb35364c6dc7ebc48d8422c8068f3d0f117ff9c339b942077c4c338bf5c6765ee51ddf5507eaf90a77f8974b398e7025ffe20590741d2bbc6b69e0b7c444deb14866da43e6ae9eadec9f3d01022e1c6b81962e9899ef5d26adef1c182514c5195126825d3f60"], 0x0, 0x5, 0xb0, &(0x7f00000015c0)=""/176, 0x40f00, 0x1, '\x00', r5, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000001680)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000016c0)={0x1, 0x8, 0x47, 0x9}, 0x10}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e00)={0x18, 0x1, &(0x7f00000003c0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000400)='syzkaller\x00', 0x6, 0xd5, &(0x7f0000001c80)=""/213, 0x40f00, 0x20, '\x00', r5, 0x0, r1, 0x8, &(0x7f0000000440)={0xa, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001d80)=[r1, r4, r3, r1, r2], &(0x7f0000001dc0)=[{0x2, 0x4, 0x10, 0x5}, {0x4, 0x3, 0x2, 0xe}], 0x10, 0x5}, 0x90)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) (async, rerun: 32)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f00000002c0)=r0}, 0x20) (rerun: 32)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
openat$cgroup_ro(r9, &(0x7f0000000500)='cgroup.stat\x00', 0x0, 0x0) (async)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x6, 0x2, 0x8, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0xfff, 0x4, 0x8, 0x200, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0x1}, 0x48) (async)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x5, 0x0, 0xd, 0xa, 0x0, 0x0, 0x74000000}, @printk={@x={0x18, 0x9}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) (async)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1d, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1, &(0x7f0000000000)=@raw=[@alu={0x7, 0x1, 0x5, 0x0, 0x3, 0x100}], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x91, &(0x7f0000000080)=""/145, 0x41000, 0x5c, '\x00', r5, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x5, 0x1, 0x80, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000580)=[r7, r8, r9, r10, 0xffffffffffffffff, r11, r12, r13], &(0x7f00000005c0)=[{0x0, 0x3, 0x0, 0x9}, {0x0, 0x2, 0x6, 0x1}], 0x10, 0x6}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x70000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x7, 0x0, 0x0, &(0x7f0000000540))

[  105.240872][ T3998] FAULT_INJECTION: forcing a failure.
[  105.240872][ T3998] name failslab, interval 1, probability 0, space 0, times 0
[  105.265088][ T3998] CPU: 0 PID: 3998 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  105.275166][ T3998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  105.285056][ T3998] Call Trace:
[  105.288180][ T3998]  <TASK>
[  105.290954][ T3998]  dump_stack_lvl+0x151/0x1b7
[  105.295479][ T3998]  ? io_uring_drop_tctx_refs+0x190/0x190
[  105.300935][ T3998]  dump_stack+0x15/0x17
[  105.304933][ T3998]  should_fail+0x3c6/0x510
[  105.309182][ T3998]  __should_failslab+0xa4/0xe0
[  105.313780][ T3998]  ? vm_area_dup+0x26/0x230
[  105.318119][ T3998]  should_failslab+0x9/0x20
[  105.322458][ T3998]  slab_pre_alloc_hook+0x37/0xd0
[  105.327232][ T3998]  ? vm_area_dup+0x26/0x230
[  105.331571][ T3998]  kmem_cache_alloc+0x44/0x200
[  105.336176][ T3998]  vm_area_dup+0x26/0x230
[  105.340341][ T3998]  copy_mm+0x9a1/0x13e0
[  105.344333][ T3998]  ? copy_signal+0x610/0x610
[  105.348758][ T3998]  ? __init_rwsem+0xd6/0x1c0
[  105.353183][ T3998]  ? copy_signal+0x4e3/0x610
[  105.357611][ T3998]  copy_process+0x1149/0x3290
[  105.362126][ T3998]  ? proc_fail_nth_write+0x20b/0x290
[  105.367244][ T3998]  ? fsnotify_perm+0x6a/0x5d0
[  105.371759][ T3998]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  105.376705][ T3998]  ? vfs_write+0x9ec/0x1110
[  105.381048][ T3998]  kernel_clone+0x21e/0x9e0
[  105.385383][ T3998]  ? file_end_write+0x1c0/0x1c0
[  105.390070][ T3998]  ? create_io_thread+0x1e0/0x1e0
[  105.394933][ T3998]  ? mutex_unlock+0xb2/0x260
[  105.399358][ T3998]  ? __mutex_lock_slowpath+0x10/0x10
[  105.404479][ T3998]  __x64_sys_clone+0x23f/0x290
[  105.409088][ T3998]  ? __do_sys_vfork+0x130/0x130
[  105.413765][ T3998]  ? ksys_write+0x260/0x2c0
[  105.418117][ T3998]  ? debug_smp_processor_id+0x17/0x20
[  105.423573][ T3998]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  105.429476][ T3998]  ? exit_to_user_mode_prepare+0x39/0xa0
[  105.434955][ T3998]  do_syscall_64+0x3d/0xb0
[  105.439203][ T3998]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  105.444926][ T3998] RIP: 0033:0x7fc79465eda9
[  105.449181][ T3998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  105.468621][ T3998] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  105.476863][ T3998] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:41 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xcc00a0ffffffff, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) (async)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4004662b, &(0x7f00000005c0)=0x1)
r3 = openat$cgroup(r2, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:41 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000003c00000000000000b7080000000000007b8af8ff00000000b70800007c0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000ef07040000f0ffffffb70200361b13458f1c000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000001c0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x144000, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r3, &(0x7f0000000180), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000000)={r3, &(0x7f0000000180), 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a40)={r3, &(0x7f0000000a00)="4e5b9a4ec81ff1b970b9e6564141042d708506336fb20b1f2c9d1197b6ebd77879"}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)=r2}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000003c0)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x65, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xbb, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880)={r6}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x1c, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000b40d0000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000000000550901000000000095000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000080000008500000006000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x80, 0x3e, &(0x7f0000000300)=""/62, 0x41000, 0x44, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000800)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0x3, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x10, 0xda}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, <r7=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0xc, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000fbffffff000000000400000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000147466e7370a46c1d0dc0000b70000000000000085200000030000008510000007ffffff185600000a00000000000000000000009500"/83], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x3a, &(0x7f00000000c0)=""/58, 0x40f00, 0x4, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x8, 0x2, 0x1}, 0x10, r7, r0, 0x4, &(0x7f00000001c0)=[0x1], &(0x7f00000002c0)=[{0x5, 0x1, 0xa, 0x6}, {0x4, 0x3, 0x1, 0xb}, {0x3, 0x2, 0xd, 0xb}, {0x0, 0x4, 0x7, 0x9}], 0x10, 0x10df}, 0x90)

06:47:41 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 65)

06:47:41 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async, rerun: 32)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) (rerun: 32)
openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0) (async)
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
r3 = openat$cgroup(r2, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0) (async, rerun: 64)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64)

06:47:41 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xd0b8106e2a0000, 0x0, 0x0, &(0x7f0000000540))

[  105.484675][ T3998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  105.492486][ T3998] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  105.500297][ T3998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  105.508109][ T3998] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  105.515930][ T3998]  </TASK>
06:47:41 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x8, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xf0810f1b000000, 0x0, 0x0, &(0x7f0000000540))

06:47:41 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x9, 0x0, 0x0, &(0x7f0000000540))

[  105.582882][ T4024] FAULT_INJECTION: forcing a failure.
[  105.582882][ T4024] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  105.630953][ T4024] CPU: 0 PID: 4024 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  105.641023][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  105.650917][ T4024] Call Trace:
[  105.654040][ T4024]  <TASK>
[  105.656816][ T4024]  dump_stack_lvl+0x151/0x1b7
[  105.661331][ T4024]  ? io_uring_drop_tctx_refs+0x190/0x190
[  105.666802][ T4024]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[  105.672269][ T4024]  dump_stack+0x15/0x17
[  105.676261][ T4024]  should_fail+0x3c6/0x510
[  105.680512][ T4024]  should_fail_alloc_page+0x5a/0x80
[  105.685546][ T4024]  prepare_alloc_pages+0x15c/0x700
[  105.690493][ T4024]  ? __alloc_pages_bulk+0xe40/0xe40
[  105.695527][ T4024]  __alloc_pages+0x18c/0x8f0
[  105.699960][ T4024]  ? prep_new_page+0x110/0x110
[  105.704553][ T4024]  ? stack_trace_save+0x1c0/0x1c0
[  105.709416][ T4024]  ? __kernel_text_address+0x9b/0x110
[  105.714621][ T4024]  pte_alloc_one+0x73/0x1b0
[  105.718961][ T4024]  ? pfn_modify_allowed+0x2f0/0x2f0
[  105.723996][ T4024]  __pte_alloc+0x86/0x350
[  105.728163][ T4024]  ? free_pgtables+0x280/0x280
[  105.732762][ T4024]  ? __stack_depot_save+0x34/0x470
[  105.737709][ T4024]  ? anon_vma_clone+0x9a/0x500
[  105.742310][ T4024]  copy_page_range+0x28a8/0x2f90
[  105.747082][ T4024]  ? __kasan_slab_alloc+0xb1/0xe0
[  105.751944][ T4024]  ? slab_post_alloc_hook+0x53/0x2c0
[  105.757064][ T4024]  ? kernel_clone+0x21e/0x9e0
[  105.761577][ T4024]  ? do_syscall_64+0x3d/0xb0
[  105.766004][ T4024]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  105.771910][ T4024]  ? pfn_valid+0x1e0/0x1e0
[  105.776160][ T4024]  ? rwsem_write_trylock+0x15b/0x290
[  105.781280][ T4024]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  105.787528][ T4024]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  105.793082][ T4024]  ? __rb_insert_augmented+0x5de/0x610
[  105.798387][ T4024]  copy_mm+0xc7e/0x13e0
[  105.802373][ T4024]  ? copy_signal+0x610/0x610
[  105.806972][ T4024]  ? __init_rwsem+0xd6/0x1c0
[  105.811397][ T4024]  ? copy_signal+0x4e3/0x610
[  105.815824][ T4024]  copy_process+0x1149/0x3290
[  105.820340][ T4024]  ? proc_fail_nth_write+0x20b/0x290
[  105.825459][ T4024]  ? fsnotify_perm+0x6a/0x5d0
[  105.829974][ T4024]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  105.834919][ T4024]  ? vfs_write+0x9ec/0x1110
[  105.839261][ T4024]  kernel_clone+0x21e/0x9e0
[  105.843603][ T4024]  ? file_end_write+0x1c0/0x1c0
[  105.848284][ T4024]  ? create_io_thread+0x1e0/0x1e0
[  105.853150][ T4024]  ? mutex_unlock+0xb2/0x260
[  105.857574][ T4024]  ? __mutex_lock_slowpath+0x10/0x10
[  105.862696][ T4024]  __x64_sys_clone+0x23f/0x290
[  105.867292][ T4024]  ? __do_sys_vfork+0x130/0x130
[  105.871982][ T4024]  ? ksys_write+0x260/0x2c0
[  105.876323][ T4024]  ? debug_smp_processor_id+0x17/0x20
[  105.881529][ T4024]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  105.887432][ T4024]  ? exit_to_user_mode_prepare+0x39/0xa0
[  105.892898][ T4024]  do_syscall_64+0x3d/0xb0
[  105.897151][ T4024]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  105.902879][ T4024] RIP: 0033:0x7fc79465eda9
[  105.907134][ T4024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:42 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000003c00000000000000b7080000000000007b8af8ff00000000b70800007c0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000ef07040000f0ffffffb70200361b13458f1c000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000001c0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300}, 0x50) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x144000, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r3, &(0x7f0000000180), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000000)={r3, &(0x7f0000000180), 0x0}, 0x20) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a40)={r3, &(0x7f0000000a00)="4e5b9a4ec81ff1b970b9e6564141042d708506336fb20b1f2c9d1197b6ebd77879"}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)=r2}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000003c0)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x65, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xbb, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880)={r6}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x1c, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000b40d0000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000000000550901000000000095000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000080000008500000006000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x80, 0x3e, &(0x7f0000000300)=""/62, 0x41000, 0x44, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000800)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0x3, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x10, 0xda}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, <r7=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0xc, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000fbffffff000000000400000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000147466e7370a46c1d0dc0000b70000000000000085200000030000008510000007ffffff185600000a00000000000000000000009500"/83], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x3a, &(0x7f00000000c0)=""/58, 0x40f00, 0x4, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x8, 0x2, 0x1}, 0x10, r7, r0, 0x4, &(0x7f00000001c0)=[0x1], &(0x7f00000002c0)=[{0x5, 0x1, 0xa, 0x6}, {0x4, 0x3, 0x1, 0xb}, {0x3, 0x2, 0xd, 0xb}, {0x0, 0x4, 0x7, 0x9}], 0x10, 0x10df}, 0x90)

06:47:42 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xf0ff1f00000000, 0x0, 0x0, &(0x7f0000000540))

06:47:42 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 66)

[  105.926574][ T4024] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  105.934820][ T4024] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  105.942632][ T4024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  105.950442][ T4024] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  105.958253][ T4024] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  105.966064][ T4024] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  105.973881][ T4024]  </TASK>
[  106.014882][ T4052] FAULT_INJECTION: forcing a failure.
[  106.014882][ T4052] name failslab, interval 1, probability 0, space 0, times 0
[  106.029456][ T4052] CPU: 0 PID: 4052 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  106.039525][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.049416][ T4052] Call Trace:
[  106.052536][ T4052]  <TASK>
[  106.055317][ T4052]  dump_stack_lvl+0x151/0x1b7
[  106.059829][ T4052]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.065307][ T4052]  dump_stack+0x15/0x17
[  106.069289][ T4052]  should_fail+0x3c6/0x510
[  106.073541][ T4052]  __should_failslab+0xa4/0xe0
[  106.078144][ T4052]  ? vm_area_dup+0x26/0x230
[  106.082481][ T4052]  should_failslab+0x9/0x20
[  106.086823][ T4052]  slab_pre_alloc_hook+0x37/0xd0
[  106.091605][ T4052]  ? vm_area_dup+0x26/0x230
[  106.095935][ T4052]  kmem_cache_alloc+0x44/0x200
[  106.100538][ T4052]  vm_area_dup+0x26/0x230
[  106.104706][ T4052]  copy_mm+0x9a1/0x13e0
[  106.108697][ T4052]  ? copy_signal+0x610/0x610
[  106.113121][ T4052]  ? __init_rwsem+0xd6/0x1c0
[  106.117550][ T4052]  ? copy_signal+0x4e3/0x610
[  106.121973][ T4052]  copy_process+0x1149/0x3290
[  106.126492][ T4052]  ? proc_fail_nth_write+0x20b/0x290
[  106.131610][ T4052]  ? fsnotify_perm+0x6a/0x5d0
[  106.136123][ T4052]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.141069][ T4052]  ? vfs_write+0x9ec/0x1110
[  106.145410][ T4052]  kernel_clone+0x21e/0x9e0
[  106.149748][ T4052]  ? file_end_write+0x1c0/0x1c0
[  106.154435][ T4052]  ? create_io_thread+0x1e0/0x1e0
[  106.159295][ T4052]  ? mutex_unlock+0xb2/0x260
[  106.163722][ T4052]  ? __mutex_lock_slowpath+0x10/0x10
[  106.168842][ T4052]  __x64_sys_clone+0x23f/0x290
[  106.173442][ T4052]  ? __do_sys_vfork+0x130/0x130
[  106.178129][ T4052]  ? ksys_write+0x260/0x2c0
[  106.182472][ T4052]  ? debug_smp_processor_id+0x17/0x20
[  106.187677][ T4052]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.193581][ T4052]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.199050][ T4052]  do_syscall_64+0x3d/0xb0
[  106.203302][ T4052]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.209034][ T4052] RIP: 0033:0x7fc79465eda9
[  106.213287][ T4052] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.232820][ T4052] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.241058][ T4052] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  106.248866][ T4052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  106.256676][ T4052] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:42 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x100000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:42 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x70, 0x0, 0x0, &(0x7f0000000540))

06:47:42 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000003c00000000000000b7080000000000007b8af8ff00000000b70800007c0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000ef07040000f0ffffffb70200361b13458f1c000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000001c0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300}, 0x50) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x144000, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r3, &(0x7f0000000180), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000000)={r3, &(0x7f0000000180), 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a40)={r3, &(0x7f0000000a00)="4e5b9a4ec81ff1b970b9e6564141042d708506336fb20b1f2c9d1197b6ebd77879"}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)=r2}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000003c0)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x3, 0x7, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x65, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xbb, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880)={r6}, 0x4) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x1c, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000b40d0000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000000000550901000000000095000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000080000008500000006000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x80, 0x3e, &(0x7f0000000300)=""/62, 0x41000, 0x44, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000800)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0x3, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x10, 0xda}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, <r7=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0xc, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000fbffffff000000000400000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000147466e7370a46c1d0dc0000b70000000000000085200000030000008510000007ffffff185600000a00000000000000000000009500"/83], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x3a, &(0x7f00000000c0)=""/58, 0x40f00, 0x4, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x8, 0x2, 0x1}, 0x10, r7, r0, 0x4, &(0x7f00000001c0)=[0x1], &(0x7f00000002c0)=[{0x5, 0x1, 0xa, 0x6}, {0x4, 0x3, 0x1, 0xb}, {0x3, 0x2, 0xd, 0xb}, {0x0, 0x4, 0x7, 0x9}], 0x10, 0x10df}, 0x90)

[  106.264489][ T4052] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  106.272300][ T4052] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  106.280117][ T4052]  </TASK>
06:47:42 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 67)

06:47:42 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x200000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:42 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x700, 0x0, 0x0, &(0x7f0000000540))

[  106.357717][ T4076] FAULT_INJECTION: forcing a failure.
[  106.357717][ T4076] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  106.371433][ T4076] CPU: 1 PID: 4076 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  106.381496][ T4076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.391389][ T4076] Call Trace:
[  106.394514][ T4076]  <TASK>
[  106.397290][ T4076]  dump_stack_lvl+0x151/0x1b7
[  106.401805][ T4076]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.407272][ T4076]  ? __alloc_pages+0x27e/0x8f0
[  106.411871][ T4076]  dump_stack+0x15/0x17
[  106.415865][ T4076]  should_fail+0x3c6/0x510
[  106.420552][ T4076]  should_fail_alloc_page+0x5a/0x80
[  106.425584][ T4076]  prepare_alloc_pages+0x15c/0x700
[  106.430532][ T4076]  ? __alloc_pages_bulk+0xe40/0xe40
[  106.435570][ T4076]  __alloc_pages+0x18c/0x8f0
[  106.439992][ T4076]  ? prep_new_page+0x110/0x110
[  106.444593][ T4076]  ? stack_trace_save+0x1c0/0x1c0
[  106.449455][ T4076]  ? __kernel_text_address+0x9b/0x110
[  106.454661][ T4076]  pte_alloc_one+0x73/0x1b0
[  106.459001][ T4076]  ? pfn_modify_allowed+0x2f0/0x2f0
[  106.464035][ T4076]  __pte_alloc+0x86/0x350
[  106.468202][ T4076]  ? free_pgtables+0x280/0x280
[  106.472801][ T4076]  ? __stack_depot_save+0x34/0x470
[  106.477748][ T4076]  ? anon_vma_clone+0x9a/0x500
[  106.482348][ T4076]  copy_page_range+0x28a8/0x2f90
[  106.487125][ T4076]  ? __kasan_slab_alloc+0xb1/0xe0
[  106.491982][ T4076]  ? slab_post_alloc_hook+0x53/0x2c0
[  106.497105][ T4076]  ? kernel_clone+0x21e/0x9e0
[  106.501618][ T4076]  ? do_syscall_64+0x3d/0xb0
[  106.506042][ T4076]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.511956][ T4076]  ? pfn_valid+0x1e0/0x1e0
[  106.516198][ T4076]  ? rwsem_write_trylock+0x15b/0x290
[  106.521319][ T4076]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  106.527567][ T4076]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  106.533122][ T4076]  ? __rb_insert_augmented+0x5de/0x610
[  106.538422][ T4076]  copy_mm+0xc7e/0x13e0
[  106.542412][ T4076]  ? copy_signal+0x610/0x610
[  106.546836][ T4076]  ? __init_rwsem+0xd6/0x1c0
[  106.551272][ T4076]  ? copy_signal+0x4e3/0x610
[  106.555690][ T4076]  copy_process+0x1149/0x3290
[  106.560207][ T4076]  ? proc_fail_nth_write+0x20b/0x290
[  106.565322][ T4076]  ? fsnotify_perm+0x6a/0x5d0
[  106.569836][ T4076]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.574785][ T4076]  ? vfs_write+0x9ec/0x1110
[  106.579124][ T4076]  kernel_clone+0x21e/0x9e0
[  106.583462][ T4076]  ? file_end_write+0x1c0/0x1c0
[  106.588149][ T4076]  ? create_io_thread+0x1e0/0x1e0
[  106.593009][ T4076]  ? mutex_unlock+0xb2/0x260
[  106.597436][ T4076]  ? __mutex_lock_slowpath+0x10/0x10
[  106.602558][ T4076]  __x64_sys_clone+0x23f/0x290
[  106.607157][ T4076]  ? __do_sys_vfork+0x130/0x130
[  106.611845][ T4076]  ? ksys_write+0x260/0x2c0
[  106.616187][ T4076]  ? debug_smp_processor_id+0x17/0x20
[  106.621391][ T4076]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.627295][ T4076]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.632763][ T4076]  do_syscall_64+0x3d/0xb0
[  106.637015][ T4076]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.642743][ T4076] RIP: 0033:0x7fc79465eda9
[  106.646997][ T4076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.666439][ T4076] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.674683][ T4076] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  106.682497][ T4076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  106.690307][ T4076] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  106.698117][ T4076] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:42 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4004662b, &(0x7f00000005c0)=0x1)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=r0, 0x4)

06:47:42 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 68)

06:47:43 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x900, 0x0, 0x0, &(0x7f0000000540))

06:47:43 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x700000000000000, 0x0, 0x0, &(0x7f0000000540))

[  106.705929][ T4076] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  106.713743][ T4076]  </TASK>
[  106.745478][ T4087] FAULT_INJECTION: forcing a failure.
[  106.745478][ T4087] name failslab, interval 1, probability 0, space 0, times 0
06:47:43 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0x1, <r2=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000), 0x2000fdef)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)='%pB    \x00'}, 0x20)
r7 = syz_clone(0x160500, &(0x7f0000001000)="cb394c26945fd83562d0fc4df96376bd336666f25dd447c80236ec095fd2a4ac6b609aa569a6928d23cb160ef6ff55b9ff0d608795b4c7ba09e62d21e2f04d7bf0987b70cdd1ca2fb7f4baf22d8c253d6a38d5557ce0d078654bfad7651d7eb3dbc58296fa101328e100b9d038477db43fb08f84a8e20dbfa6f08b3b9a30d2134607219b0f6e10aed5b454d3c4b87edf1053856a03852164778b461c2f2813f3d06ad14c7acfa5b5c8b8d38ee2f2000000000000000000000000000003b5021ba4792ded00", 0xc5, &(0x7f0000000a40), &(0x7f0000000580), &(0x7f0000001780)="7126258dc52e716ba969389c747d1a61e4afe4bfd507fec7a49ee9d2011a4ba572873c39f402825152510326609b44f5d96427f364a43c56cac104c577ee0d1066dfda1e92d9a58795c95f3ae6c78e6d34d523b5ae56588279789f4d57b902f5ad735dcc5ae3c4912a17c22aa9e5e66f3a8f4801907d4205a605db102465456af575bd64794c64240ff6cafa61d23335e0f3da92bf3c745074f472353c3f1f315cf53670c90cced0e040d6d68f10e085386a17a3494c1f76adb25e4b84b8012500c7192ff175ef0041c4e3cd9990adfcdef35c9cfd5f1cf55390a9afd2d4f50e6d")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x5, 0xff, 0x0, 0x9, 0x0, 0x7fe, 0x4b96e844e009db4d, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x60000, 0x4, @perf_bp={&(0x7f0000000540), 0x2}, 0x8000, 0x5, 0x7fffffff, 0x8, 0x8000000000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5}, r7, 0xf, r8, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f, '\x00', 0x0, 0x2b, r9}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001740)={r11, 0xe0, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000c00)=[0x0, 0x0], <r12=>0x0, 0x8, &(0x7f0000001600), 0x0, 0x10, &(0x7f0000001680), &(0x7f0000000600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001700)}}, 0x10)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x12, 0x43, &(0x7f0000001dc0)=ANY=[@ANYBLOB="18000000742e0000000000000400000018110000", @ANYRES16=r13, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="000000a9e2000000b70500000800000085000000a5000000851000000200ff000aa50100fcffffffb708004d000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000ebff000007040000f0ffffffb7020000080000001823dd678f0bca1ea34eed330000229bd8f8ec166916457406ee9035d033d57ed432d49a3f3733a7a95fc47c07a588ea74bc89bd83be492128c87620b8101c5c5291c46e9e571aeadd715c197e9402f1c851d08046c876419b25e5beb7b8acc3673515539e97a2aa2fe70fd40b5c9dcf0f2e8005c28eb1479c71576e16574fff1e769ed2062f57e9bd602f3be749af564495aa12531dcca998b1d0d3d4db7531fd1be4f8c67de24f45b2c39008d4398cd71e4a29f718f7fa9ea1844ae7f0269ad20f6212cbd1b79dd2ab33587cc8ce7a7cb100000000c1d92c70a16510046ced5ea3b5ed5409fc552e4fac53c98beaf004888094b0b0a25c3ce4987f72cea55724605613c3fa5a01b20ad204ba5fd356c1ad3411b9a93c7d88feccb5f5484eb336f0cd7119b61181969a593baf47adaec0c941af28e6fd630135eb6c83af2d231ff792622f952d12ce902a461314f0a71eacb2e29df2603590ff32290c1caa78240ab12ac41b618dabb86ad30699d35e9e9808acecfff7461325c43ca3397757ecc7c0ca9ec6889a54648aaee3b5a8dc184d32f5b0fcab79441f72866e8b9f7591e192c22a8edf25f24465e6528dfe353855e91338b92564d48a128658049a5d41573a93ff0602f5706247807e2a53283a2c15afdecc753da8f5e595ed99eef28d93f42908a936cdbb531056be4e26bd8a8ae0c97d21ef04cc799c94e2beb54406b27d957e58ffb914015bf25005eb991cd237fd", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000085000000b6000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a500000018330000050000000000000000000000bf91000000000000ff0700008500000085000000b7000000000000009500000000000000"], &(0x7f0000000b00)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x84, '\x00', 0x0, 0x36, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b40)={0x4, 0x8, 0x7, 0x8}, 0x10, r12, r10, 0x7, 0x0, &(0x7f0000000f40)=[{0x3, 0x1, 0x10, 0x9}, {0x2, 0x4, 0x8}, {0x3, 0x3, 0x9, 0xa}, {0x0, 0x1, 0xd}, {0x0, 0x5, 0xf, 0xc}, {0x3, 0x2, 0xffffffff, 0x7}, {0x5, 0x3, 0xe, 0x6}], 0x10, 0x10001}, 0x90)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4)
r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x3, &(0x7f0000000780)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000007c0)='syzkaller\x00', 0x100, 0xf9, &(0x7f0000000800)=""/249, 0x40f00, 0x2, '\x00', 0x0, 0x0, r14, 0x8, &(0x7f0000000900)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000940)={0x0, 0xe, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000980)=[r15], &(0x7f00000009c0)=[{0x4, 0x2, 0x1, 0x4}, {0x0, 0x5, 0xe, 0x7}, {0x4, 0x4, 0x5, 0x4}, {0x2, 0x2, 0xb, 0x5}], 0x10, 0x1}, 0x90)
write$cgroup_type(r15, &(0x7f0000000000), 0x248800)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{0xffffffffffffffff, <r16=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)='%-5lx  \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={0x1, <r17=>0xffffffffffffffff}, 0x4)
r18 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x15, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x6, 0x6, 0x27, 0x10}, @generic={0x8, 0x1, 0x8, 0xff, 0x9}, @map_fd={0x18, 0x4, 0x1, 0x0, r1}, @ldst={0x1, 0x3, 0x0, 0x2, 0x9, 0xfffffffffffffff4, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x7, 0x37, &(0x7f00000001c0)=""/55, 0x41000, 0x41, '\x00', r3, 0x25, r5, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000600)=[r0, r6, 0xffffffffffffffff, r8, 0x1, r15, 0xffffffffffffffff, r16, r17, r18], &(0x7f0000000640)=[{0x0, 0x5, 0x7, 0xb}, {0x0, 0x1, 0x8, 0x6}, {0x5, 0x3, 0x1, 0x4}, {0x5, 0x2, 0xc, 0xb}, {0x3, 0x1, 0xd, 0x8}, {0x1, 0x5, 0x8, 0xb}, {0x1, 0x2, 0xe, 0x4}, {0x5, 0x1, 0x9}, {0x3, 0x3, 0x6, 0x5}, {0x3, 0x1, 0x0, 0x1}], 0x10, 0x2a7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  106.760719][ T4087] CPU: 0 PID: 4087 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  106.770786][ T4087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.780680][ T4087] Call Trace:
[  106.783804][ T4087]  <TASK>
[  106.786581][ T4087]  dump_stack_lvl+0x151/0x1b7
[  106.791094][ T4087]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.796564][ T4087]  dump_stack+0x15/0x17
[  106.800549][ T4087]  should_fail+0x3c6/0x510
[  106.804807][ T4087]  __should_failslab+0xa4/0xe0
[  106.809403][ T4087]  ? vm_area_dup+0x26/0x230
[  106.813745][ T4087]  should_failslab+0x9/0x20
[  106.818081][ T4087]  slab_pre_alloc_hook+0x37/0xd0
[  106.822855][ T4087]  ? vm_area_dup+0x26/0x230
[  106.827196][ T4087]  kmem_cache_alloc+0x44/0x200
[  106.831799][ T4087]  vm_area_dup+0x26/0x230
[  106.835963][ T4087]  copy_mm+0x9a1/0x13e0
[  106.840045][ T4087]  ? copy_signal+0x610/0x610
[  106.844472][ T4087]  ? __init_rwsem+0xd6/0x1c0
[  106.848900][ T4087]  ? copy_signal+0x4e3/0x610
[  106.853320][ T4087]  copy_process+0x1149/0x3290
[  106.857837][ T4087]  ? proc_fail_nth_write+0x20b/0x290
[  106.862953][ T4087]  ? fsnotify_perm+0x6a/0x5d0
[  106.867476][ T4087]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.872421][ T4087]  ? vfs_write+0x9ec/0x1110
[  106.876754][ T4087]  kernel_clone+0x21e/0x9e0
[  106.881095][ T4087]  ? file_end_write+0x1c0/0x1c0
[  106.885788][ T4087]  ? create_io_thread+0x1e0/0x1e0
[  106.890641][ T4087]  ? mutex_unlock+0xb2/0x260
[  106.895070][ T4087]  ? __mutex_lock_slowpath+0x10/0x10
[  106.900191][ T4087]  __x64_sys_clone+0x23f/0x290
[  106.904789][ T4087]  ? __do_sys_vfork+0x130/0x130
[  106.909475][ T4087]  ? ksys_write+0x260/0x2c0
[  106.913817][ T4087]  ? debug_smp_processor_id+0x17/0x20
[  106.919022][ T4087]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.924932][ T4087]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.930395][ T4087]  do_syscall_64+0x3d/0xb0
[  106.934648][ T4087]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.940377][ T4087] RIP: 0033:0x7fc79465eda9
[  106.944641][ T4087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.964074][ T4087] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.972336][ T4087] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  106.980325][ T4087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  106.988133][ T4087] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  106.995957][ T4087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  107.003756][ T4087] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
06:47:43 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x800000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:43 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 69)

06:47:43 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=r0, 0x4)

06:47:43 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x1f00, 0x0, 0x0, &(0x7f0000000540))

[  107.011573][ T4087]  </TASK>
06:47:43 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x2000, 0x0, 0x0, &(0x7f0000000540))

06:47:43 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x900000000000000, 0x0, 0x0, &(0x7f0000000540))

[  107.082285][ T4115] FAULT_INJECTION: forcing a failure.
[  107.082285][ T4115] name failslab, interval 1, probability 0, space 0, times 0
[  107.094804][ T4115] CPU: 1 PID: 4115 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.104766][ T4115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.114659][ T4115] Call Trace:
[  107.117784][ T4115]  <TASK>
[  107.120911][ T4115]  dump_stack_lvl+0x151/0x1b7
[  107.125422][ T4115]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.130890][ T4115]  dump_stack+0x15/0x17
[  107.134880][ T4115]  should_fail+0x3c6/0x510
[  107.139146][ T4115]  __should_failslab+0xa4/0xe0
[  107.143737][ T4115]  ? anon_vma_clone+0x9a/0x500
[  107.148334][ T4115]  should_failslab+0x9/0x20
[  107.152671][ T4115]  slab_pre_alloc_hook+0x37/0xd0
[  107.157446][ T4115]  ? anon_vma_clone+0x9a/0x500
[  107.162046][ T4115]  kmem_cache_alloc+0x44/0x200
[  107.166655][ T4115]  anon_vma_clone+0x9a/0x500
[  107.171081][ T4115]  anon_vma_fork+0x91/0x4e0
[  107.175418][ T4115]  ? anon_vma_name+0x43/0x70
[  107.179843][ T4115]  ? vm_area_dup+0x17a/0x230
[  107.184272][ T4115]  copy_mm+0xa3a/0x13e0
[  107.188261][ T4115]  ? copy_signal+0x610/0x610
[  107.192690][ T4115]  ? __init_rwsem+0xd6/0x1c0
[  107.197112][ T4115]  ? copy_signal+0x4e3/0x610
[  107.201539][ T4115]  copy_process+0x1149/0x3290
[  107.206053][ T4115]  ? proc_fail_nth_write+0x20b/0x290
[  107.211173][ T4115]  ? fsnotify_perm+0x6a/0x5d0
[  107.215687][ T4115]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.220632][ T4115]  ? vfs_write+0x9ec/0x1110
[  107.224973][ T4115]  kernel_clone+0x21e/0x9e0
[  107.229316][ T4115]  ? file_end_write+0x1c0/0x1c0
[  107.234002][ T4115]  ? create_io_thread+0x1e0/0x1e0
[  107.238861][ T4115]  ? mutex_unlock+0xb2/0x260
[  107.243287][ T4115]  ? __mutex_lock_slowpath+0x10/0x10
[  107.248409][ T4115]  __x64_sys_clone+0x23f/0x290
[  107.253009][ T4115]  ? __do_sys_vfork+0x130/0x130
[  107.257692][ T4115]  ? ksys_write+0x260/0x2c0
[  107.262036][ T4115]  ? debug_smp_processor_id+0x17/0x20
[  107.267244][ T4115]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.273144][ T4115]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.278614][ T4115]  do_syscall_64+0x3d/0xb0
[  107.282865][ T4115]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.288600][ T4115] RIP: 0033:0x7fc79465eda9
[  107.292847][ T4115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.312291][ T4115] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.320538][ T4115] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:43 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 70)

[  107.328351][ T4115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  107.336156][ T4115] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  107.343968][ T4115] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  107.351778][ T4115] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  107.359600][ T4115]  </TASK>
06:47:43 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=r0, 0x4)

06:47:43 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x7000, 0x0, 0x0, &(0x7f0000000540))

06:47:43 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x1f00000000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:43 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={0x1, <r3=>0xffffffffffffffff}, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x6, 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="850000007d0000005400000000000000950000000000000059f6a2c30eff3cff9837f1ad5e6e744f8f85d0dc61bd963ed577e4e710b638322604f7a81bf128d908795894690895249d107352c19254d124950ae6f2f091c96ce1bb69bb8cb0e7f58e73c68779f07d6fe656cff983dade0989cee59d683d4e588c1ce12bda2f6c90e904791fd928b3942c3de61510ec1c8a2e640bc61a34f40c925adc047b2c6fc66838858121060de6dfbf818a17383879de2bc2619b5fb1accea705a62d9a6253ad9260631048300b3e2af7c58ee876a161b9e0178de1dfde5e4fd5be38e63652e6fd2ea94c7f40e8e8bbeee2c70388fcea559938b09648791801831a869372544133ae36d7e190d9e0f36cd06ef18045cbdda77ce4d0439a00925c2b2d4352ca770b491d88a982d45d8731ddf851cd49c3a3f22cf245ddaad77f3bb1b268e0f8dad9a91b84173e2e31ee161455637a40b63c2f5a225cb69cad576bd369333cbfac7777603913338e5ea61e8560be5ce5dd4873a6d45a458ba16630f388756d10e92b2eec271170d989743d5af0ad9294a48fbd967eec536c1278bc9e536b1e5e5356635d95a7aeed472bd8c4000084e225c8994530baac8cac314e2fc3ae15a4efb535f6303e1c64dfad861282921073bc8a722a46105b48a5c03327b96132d42a37fd8ab12eadea2776d9f22fc63b65cb97fbe6ac0e53dd3ffe82e4c8fefbc899a802b26bffeff8ec2654f871c5d7a1712e567984837608f918d04a00fdcfff118a62da63c9520996f44d3ed45147cf49586b9b248e60df3e714cbf9eae0a1115a5e4e53cd07ee820d707c742a987389221e03cacebc1b735ea8761a05e839fe2ec64bc2ec65c244a5b18d1ab1f37038e5e89708ea179727c329f926b4b0c2d7b09975303f45467ccf19388b90b65630e2f99809a73c420ca8cce3f41f959ebfc50336d50ab85203a84a9cacacc451782a01b1f"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff}, 0xc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x200}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000240), 0xc30, r7}, 0x38)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r7, <r8=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000003c0)=[0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8c, &(0x7f0000001e80)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x40007c, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb0, 0xb0, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x44, 0x0, 0x60, 0x2}, @func={0x9, 0x0, 0x0, 0xc, 0x5}, @var={0x7, 0x0, 0x0, 0xe, 0x5, 0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x6a, 0x0, 0x2f, 0x3}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x8, 0x2}, {0x7, 0x4}, {0x2, 0x1}, {0xf}, {0x0, 0x2}]}, @fwd={0x8}, @fwd={0xb}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0x5}}]}, {0x0, [0x0, 0x30, 0x30]}}, &(0x7f0000000ac0)=""/202, 0xcd, 0xca, 0x1, 0x7f}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0x4, &(0x7f0000001bc0)=ANY=[@ANYBLOB="3a1586e00900000000000000ff0f0478622530000018650000090000000000000005000000"], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x5a, &(0x7f00000002c0)=""/90, 0x41000, 0x1, '\x00', r10, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x1ff, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000740)=[r8, r8, r6, r7], &(0x7f00000007c0)=[{0x0, 0x2, 0x9, 0x6}], 0x10, 0x3}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0x1d, <r12=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x8, 0x14, &(0x7f0000001ec0)=ANY=[@ANYBLOB="180000000100000000000000ff01000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000004101c0fff0ffffff18110000", @ANYRES32=r4, @ANYRESHEX=r9], &(0x7f0000000280)='syzkaller\x00', 0x2, 0x1000, &(0x7f00000009c0)=""/4096, 0x41100, 0x1, '\x00', r10, 0xc, r4, 0x8, &(0x7f0000000500)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0xd, 0x7fffffff, 0xfffffef6}, 0x10, r12, r5, 0x5, 0x0, &(0x7f00000006c0)=[{0x2, 0x4}, {0x4, 0x1, 0x1, 0xa}, {0x2, 0x1, 0x5, 0x4}, {0x5, 0x3, 0xe, 0x6}, {0x3, 0x1, 0xc}], 0x10, 0x9}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r13=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)='%pi6   \x00'}, 0x20)
r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
r15 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r14, 0xe0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f00000007c0)=[0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0x88, 0x8, 0xfffffffffffffe9d, &(0x7f0000000bc0)}}, 0x10)
r17 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000011c0)=@generic={&(0x7f0000001180)='./file0\x00', 0x0, 0x38}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001280)={{r14, <r18=>0xffffffffffffffff}, &(0x7f0000001200), &(0x7f0000001240)='%-010d \x00'}, 0x20)
r19 = bpf$ITER_CREATE(0x21, &(0x7f00000012c0), 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001b00)={0x6, 0xe, &(0x7f0000000800)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x4, 0x6, 0x9, 0x1, 0x14}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000780)='GPL\x00', 0x101, 0x9f, &(0x7f0000000880)=""/159, 0x41100, 0x23, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x9, 0x4, 0x1}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001a80)=[{0x3, 0x1, 0xd, 0xb}, {0x1, 0x3, 0x7, 0x9}, {0x3, 0x1, 0x7}, {0x0, 0x5, 0xf, 0x9}, {0x5, 0x4, 0xf, 0x7}, {0x5, 0x4, 0x10}, {0x4, 0x5, 0xb, 0x5}], 0x10, 0x9}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x7, &(0x7f0000000dc0)=ANY=[@ANYBLOB="cb7001000002000018200000", @ANYRES32=r15, @ANYBLOB="000000000101003d999a39aa00183700000400000000000000000000001847000006000000000000"], &(0x7f0000000fc0)='syzkaller\x00', 0x0, 0xe7, &(0x7f0000001000)=""/231, 0x40f00, 0xfcb8d4b11f91379c, '\x00', r16, 0x0, r14, 0x8, &(0x7f0000001100)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001140)={0x1, 0x3, 0x7, 0x5}, 0x10, 0x309a0, r17, 0x8, &(0x7f0000001300)=[r18, r19, r14, r15, r15, r14], &(0x7f0000001340)=[{0x5, 0x2, 0x0, 0x5}, {0x3, 0x2, 0xc, 0x2}, {0x1, 0x5, 0xa, 0xc}, {0x2, 0x4, 0xa}, {0x0, 0x2, 0xc, 0x3}, {0x1, 0x1, 0x9, 0xb}, {0x1, 0x1, 0xc, 0x5}, {0x0, 0x1, 0x0, 0x9}], 0x10, 0x3ff}, 0x90)
r20 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='rdma.current\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r21=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000002c0)=@raw=[@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @ldst={0x3, 0x0, 0x3, 0x8, 0x2, 0xfffffffffffffffc, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ldst={0x1, 0x0, 0x1, 0x0, 0x8, 0x30, 0xffffffffffffffff}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0x37876ea5}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000001c0)='syzkaller\x00', 0x494, 0xb, &(0x7f0000000380)=""/11, 0x41000, 0xe, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0xf, 0x0, 0x8001}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000600)=[r13, r18, r20, r21], &(0x7f0000000640)=[{0x2, 0x1, 0x10, 0x4}, {0x5, 0x5, 0x3, 0x2}, {0x2, 0x5, 0x10, 0xc}, {0x2, 0x2, 0xc, 0x6}, {0x0, 0x4, 0x6, 0x3}, {0x2, 0x3, 0x0, 0x7}, {0x2, 0x5, 0xe, 0x4}], 0x10, 0x3}, 0x90)

[  107.457859][ T4127] FAULT_INJECTION: forcing a failure.
[  107.457859][ T4127] name failslab, interval 1, probability 0, space 0, times 0
[  107.470872][ T4127] CPU: 0 PID: 4127 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.481054][ T4127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.490950][ T4127] Call Trace:
[  107.494074][ T4127]  <TASK>
[  107.496853][ T4127]  dump_stack_lvl+0x151/0x1b7
[  107.501367][ T4127]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.506836][ T4127]  dump_stack+0x15/0x17
[  107.510824][ T4127]  should_fail+0x3c6/0x510
[  107.515078][ T4127]  __should_failslab+0xa4/0xe0
[  107.519674][ T4127]  ? vm_area_dup+0x26/0x230
[  107.524011][ T4127]  should_failslab+0x9/0x20
[  107.528359][ T4127]  slab_pre_alloc_hook+0x37/0xd0
[  107.533131][ T4127]  ? vm_area_dup+0x26/0x230
[  107.537468][ T4127]  kmem_cache_alloc+0x44/0x200
[  107.542066][ T4127]  vm_area_dup+0x26/0x230
[  107.546236][ T4127]  copy_mm+0x9a1/0x13e0
[  107.550228][ T4127]  ? copy_signal+0x610/0x610
[  107.554654][ T4127]  ? __init_rwsem+0xd6/0x1c0
[  107.559080][ T4127]  ? copy_signal+0x4e3/0x610
[  107.563506][ T4127]  copy_process+0x1149/0x3290
[  107.568022][ T4127]  ? proc_fail_nth_write+0x20b/0x290
[  107.573138][ T4127]  ? fsnotify_perm+0x6a/0x5d0
[  107.577651][ T4127]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.582606][ T4127]  ? vfs_write+0x9ec/0x1110
[  107.586938][ T4127]  kernel_clone+0x21e/0x9e0
[  107.591279][ T4127]  ? file_end_write+0x1c0/0x1c0
[  107.595962][ T4127]  ? create_io_thread+0x1e0/0x1e0
[  107.600827][ T4127]  ? mutex_unlock+0xb2/0x260
[  107.605251][ T4127]  ? __mutex_lock_slowpath+0x10/0x10
[  107.610377][ T4127]  __x64_sys_clone+0x23f/0x290
[  107.614975][ T4127]  ? __do_sys_vfork+0x130/0x130
[  107.619660][ T4127]  ? ksys_write+0x260/0x2c0
[  107.624001][ T4127]  ? debug_smp_processor_id+0x17/0x20
[  107.629207][ T4127]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.635109][ T4127]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.640580][ T4127]  do_syscall_64+0x3d/0xb0
[  107.644830][ T4127]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.650566][ T4127] RIP: 0033:0x7fc79465eda9
[  107.654812][ T4127] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.674259][ T4127] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.682499][ T4127] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  107.690310][ T4127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  107.698203][ T4127] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:43 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0x1, <r2=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000), 0x2000fdef)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)='%pB    \x00'}, 0x20) (async)
r7 = syz_clone(0x160500, &(0x7f0000001000)="cb394c26945fd83562d0fc4df96376bd336666f25dd447c80236ec095fd2a4ac6b609aa569a6928d23cb160ef6ff55b9ff0d608795b4c7ba09e62d21e2f04d7bf0987b70cdd1ca2fb7f4baf22d8c253d6a38d5557ce0d078654bfad7651d7eb3dbc58296fa101328e100b9d038477db43fb08f84a8e20dbfa6f08b3b9a30d2134607219b0f6e10aed5b454d3c4b87edf1053856a03852164778b461c2f2813f3d06ad14c7acfa5b5c8b8d38ee2f2000000000000000000000000000003b5021ba4792ded00", 0xc5, &(0x7f0000000a40), &(0x7f0000000580), &(0x7f0000001780)="7126258dc52e716ba969389c747d1a61e4afe4bfd507fec7a49ee9d2011a4ba572873c39f402825152510326609b44f5d96427f364a43c56cac104c577ee0d1066dfda1e92d9a58795c95f3ae6c78e6d34d523b5ae56588279789f4d57b902f5ad735dcc5ae3c4912a17c22aa9e5e66f3a8f4801907d4205a605db102465456af575bd64794c64240ff6cafa61d23335e0f3da92bf3c745074f472353c3f1f315cf53670c90cced0e040d6d68f10e085386a17a3494c1f76adb25e4b84b8012500c7192ff175ef0041c4e3cd9990adfcdef35c9cfd5f1cf55390a9afd2d4f50e6d")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x5, 0xff, 0x0, 0x9, 0x0, 0x7fe, 0x4b96e844e009db4d, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x60000, 0x4, @perf_bp={&(0x7f0000000540), 0x2}, 0x8000, 0x5, 0x7fffffff, 0x8, 0x8000000000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5}, r7, 0xf, r8, 0x0) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f, '\x00', 0x0, 0x2b, r9}, 0x90) (async)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001740)={r11, 0xe0, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000c00)=[0x0, 0x0], <r12=>0x0, 0x8, &(0x7f0000001600), 0x0, 0x10, &(0x7f0000001680), &(0x7f0000000600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001700)}}, 0x10)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x12, 0x43, &(0x7f0000001dc0)=ANY=[@ANYBLOB="18000000742e0000000000000400000018110000", @ANYRES16=r13, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="000000a9e2000000b70500000800000085000000a5000000851000000200ff000aa50100fcffffffb708004d000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000ebff000007040000f0ffffffb7020000080000001823dd678f0bca1ea34eed330000229bd8f8ec166916457406ee9035d033d57ed432d49a3f3733a7a95fc47c07a588ea74bc89bd83be492128c87620b8101c5c5291c46e9e571aeadd715c197e9402f1c851d08046c876419b25e5beb7b8acc3673515539e97a2aa2fe70fd40b5c9dcf0f2e8005c28eb1479c71576e16574fff1e769ed2062f57e9bd602f3be749af564495aa12531dcca998b1d0d3d4db7531fd1be4f8c67de24f45b2c39008d4398cd71e4a29f718f7fa9ea1844ae7f0269ad20f6212cbd1b79dd2ab33587cc8ce7a7cb100000000c1d92c70a16510046ced5ea3b5ed5409fc552e4fac53c98beaf004888094b0b0a25c3ce4987f72cea55724605613c3fa5a01b20ad204ba5fd356c1ad3411b9a93c7d88feccb5f5484eb336f0cd7119b61181969a593baf47adaec0c941af28e6fd630135eb6c83af2d231ff792622f952d12ce902a461314f0a71eacb2e29df2603590ff32290c1caa78240ab12ac41b618dabb86ad30699d35e9e9808acecfff7461325c43ca3397757ecc7c0ca9ec6889a54648aaee3b5a8dc184d32f5b0fcab79441f72866e8b9f7591e192c22a8edf25f24465e6528dfe353855e91338b92564d48a128658049a5d41573a93ff0602f5706247807e2a53283a2c15afdecc753da8f5e595ed99eef28d93f42908a936cdbb531056be4e26bd8a8ae0c97d21ef04cc799c94e2beb54406b27d957e58ffb914015bf25005eb991cd237fd", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000085000000b6000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a500000018330000050000000000000000000000bf91000000000000ff0700008500000085000000b7000000000000009500000000000000"], &(0x7f0000000b00)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x84, '\x00', 0x0, 0x36, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b40)={0x4, 0x8, 0x7, 0x8}, 0x10, r12, r10, 0x7, 0x0, &(0x7f0000000f40)=[{0x3, 0x1, 0x10, 0x9}, {0x2, 0x4, 0x8}, {0x3, 0x3, 0x9, 0xa}, {0x0, 0x1, 0xd}, {0x0, 0x5, 0xf, 0xc}, {0x3, 0x2, 0xffffffff, 0x7}, {0x5, 0x3, 0xe, 0x6}], 0x10, 0x10001}, 0x90) (async)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) (async)
r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x3, &(0x7f0000000780)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000007c0)='syzkaller\x00', 0x100, 0xf9, &(0x7f0000000800)=""/249, 0x40f00, 0x2, '\x00', 0x0, 0x0, r14, 0x8, &(0x7f0000000900)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000940)={0x0, 0xe, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000980)=[r15], &(0x7f00000009c0)=[{0x4, 0x2, 0x1, 0x4}, {0x0, 0x5, 0xe, 0x7}, {0x4, 0x4, 0x5, 0x4}, {0x2, 0x2, 0xb, 0x5}], 0x10, 0x1}, 0x90) (async)
write$cgroup_type(r15, &(0x7f0000000000), 0x248800) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{0xffffffffffffffff, <r16=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)='%-5lx  \x00'}, 0x20) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={0x1, <r17=>0xffffffffffffffff}, 0x4) (async)
r18 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x15, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x6, 0x6, 0x27, 0x10}, @generic={0x8, 0x1, 0x8, 0xff, 0x9}, @map_fd={0x18, 0x4, 0x1, 0x0, r1}, @ldst={0x1, 0x3, 0x0, 0x2, 0x9, 0xfffffffffffffff4, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x7, 0x37, &(0x7f00000001c0)=""/55, 0x41000, 0x41, '\x00', r3, 0x25, r5, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000600)=[r0, r6, 0xffffffffffffffff, r8, 0x1, r15, 0xffffffffffffffff, r16, r17, r18], &(0x7f0000000640)=[{0x0, 0x5, 0x7, 0xb}, {0x0, 0x1, 0x8, 0x6}, {0x5, 0x3, 0x1, 0x4}, {0x5, 0x2, 0xc, 0xb}, {0x3, 0x1, 0xd, 0x8}, {0x1, 0x5, 0x8, 0xb}, {0x1, 0x2, 0xe, 0x4}, {0x5, 0x1, 0x9}, {0x3, 0x3, 0x6, 0x5}, {0x3, 0x1, 0x0, 0x1}], 0x10, 0x2a7}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:44 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 71)

06:47:44 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x2000000000000000, 0x0, 0x0, &(0x7f0000000540))

[  107.705936][ T4127] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  107.713743][ T4127] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  107.721560][ T4127]  </TASK>
06:47:44 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x10fff, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%pi6   \x00'}, 0x20) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={0x1, <r3=>0xffffffffffffffff}, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x6, 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="850000007d0000005400000000000000950000000000000059f6a2c30eff3cff9837f1ad5e6e744f8f85d0dc61bd963ed577e4e710b638322604f7a81bf128d908795894690895249d107352c19254d124950ae6f2f091c96ce1bb69bb8cb0e7f58e73c68779f07d6fe656cff983dade0989cee59d683d4e588c1ce12bda2f6c90e904791fd928b3942c3de61510ec1c8a2e640bc61a34f40c925adc047b2c6fc66838858121060de6dfbf818a17383879de2bc2619b5fb1accea705a62d9a6253ad9260631048300b3e2af7c58ee876a161b9e0178de1dfde5e4fd5be38e63652e6fd2ea94c7f40e8e8bbeee2c70388fcea559938b09648791801831a869372544133ae36d7e190d9e0f36cd06ef18045cbdda77ce4d0439a00925c2b2d4352ca770b491d88a982d45d8731ddf851cd49c3a3f22cf245ddaad77f3bb1b268e0f8dad9a91b84173e2e31ee161455637a40b63c2f5a225cb69cad576bd369333cbfac7777603913338e5ea61e8560be5ce5dd4873a6d45a458ba16630f388756d10e92b2eec271170d989743d5af0ad9294a48fbd967eec536c1278bc9e536b1e5e5356635d95a7aeed472bd8c4000084e225c8994530baac8cac314e2fc3ae15a4efb535f6303e1c64dfad861282921073bc8a722a46105b48a5c03327b96132d42a37fd8ab12eadea2776d9f22fc63b65cb97fbe6ac0e53dd3ffe82e4c8fefbc899a802b26bffeff8ec2654f871c5d7a1712e567984837608f918d04a00fdcfff118a62da63c9520996f44d3ed45147cf49586b9b248e60df3e714cbf9eae0a1115a5e4e53cd07ee820d707c742a987389221e03cacebc1b735ea8761a05e839fe2ec64bc2ec65c244a5b18d1ab1f37038e5e89708ea179727c329f926b4b0c2d7b09975303f45467ccf19388b90b65630e2f99809a73c420ca8cce3f41f959ebfc50336d50ab85203a84a9cacacc451782a01b1f"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) (async)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff}, 0xc) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x200}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000240), 0xc30, r7}, 0x38) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r7, <r8=>0xffffffffffffffff}, 0x4) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000003c0)=[0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8c, &(0x7f0000001e80)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x40007c, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb0, 0xb0, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x44, 0x0, 0x60, 0x2}, @func={0x9, 0x0, 0x0, 0xc, 0x5}, @var={0x7, 0x0, 0x0, 0xe, 0x5, 0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x6a, 0x0, 0x2f, 0x3}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x8, 0x2}, {0x7, 0x4}, {0x2, 0x1}, {0xf}, {0x0, 0x2}]}, @fwd={0x8}, @fwd={0xb}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0x5}}]}, {0x0, [0x0, 0x30, 0x30]}}, &(0x7f0000000ac0)=""/202, 0xcd, 0xca, 0x1, 0x7f}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0x4, &(0x7f0000001bc0)=ANY=[@ANYBLOB="3a1586e00900000000000000ff0f0478622530000018650000090000000000000005000000"], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x5a, &(0x7f00000002c0)=""/90, 0x41000, 0x1, '\x00', r10, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x1ff, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000740)=[r8, r8, r6, r7], &(0x7f00000007c0)=[{0x0, 0x2, 0x9, 0x6}], 0x10, 0x3}, 0x90) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0x1d, <r12=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x8, 0x14, &(0x7f0000001ec0)=ANY=[@ANYBLOB="180000000100000000000000ff01000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000004101c0fff0ffffff18110000", @ANYRES32=r4, @ANYRESHEX=r9], &(0x7f0000000280)='syzkaller\x00', 0x2, 0x1000, &(0x7f00000009c0)=""/4096, 0x41100, 0x1, '\x00', r10, 0xc, r4, 0x8, &(0x7f0000000500)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0xd, 0x7fffffff, 0xfffffef6}, 0x10, r12, r5, 0x5, 0x0, &(0x7f00000006c0)=[{0x2, 0x4}, {0x4, 0x1, 0x1, 0xa}, {0x2, 0x1, 0x5, 0x4}, {0x5, 0x3, 0xe, 0x6}, {0x3, 0x1, 0xc}], 0x10, 0x9}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r13=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)='%pi6   \x00'}, 0x20)
r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
r15 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x8}, 0x18) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r14, 0xe0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f00000007c0)=[0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0x88, 0x8, 0xfffffffffffffe9d, &(0x7f0000000bc0)}}, 0x10) (async)
r17 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000011c0)=@generic={&(0x7f0000001180)='./file0\x00', 0x0, 0x38}, 0x18) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001280)={{r14, <r18=>0xffffffffffffffff}, &(0x7f0000001200), &(0x7f0000001240)='%-010d \x00'}, 0x20) (async)
r19 = bpf$ITER_CREATE(0x21, &(0x7f00000012c0), 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001b00)={0x6, 0xe, &(0x7f0000000800)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x4, 0x6, 0x9, 0x1, 0x14}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000780)='GPL\x00', 0x101, 0x9f, &(0x7f0000000880)=""/159, 0x41100, 0x23, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x9, 0x4, 0x1}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001a80)=[{0x3, 0x1, 0xd, 0xb}, {0x1, 0x3, 0x7, 0x9}, {0x3, 0x1, 0x7}, {0x0, 0x5, 0xf, 0x9}, {0x5, 0x4, 0xf, 0x7}, {0x5, 0x4, 0x10}, {0x4, 0x5, 0xb, 0x5}], 0x10, 0x9}, 0x90) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x7, &(0x7f0000000dc0)=ANY=[@ANYBLOB="cb7001000002000018200000", @ANYRES32=r15, @ANYBLOB="000000000101003d999a39aa00183700000400000000000000000000001847000006000000000000"], &(0x7f0000000fc0)='syzkaller\x00', 0x0, 0xe7, &(0x7f0000001000)=""/231, 0x40f00, 0xfcb8d4b11f91379c, '\x00', r16, 0x0, r14, 0x8, &(0x7f0000001100)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001140)={0x1, 0x3, 0x7, 0x5}, 0x10, 0x309a0, r17, 0x8, &(0x7f0000001300)=[r18, r19, r14, r15, r15, r14], &(0x7f0000001340)=[{0x5, 0x2, 0x0, 0x5}, {0x3, 0x2, 0xc, 0x2}, {0x1, 0x5, 0xa, 0xc}, {0x2, 0x4, 0xa}, {0x0, 0x2, 0xc, 0x3}, {0x1, 0x1, 0x9, 0xb}, {0x1, 0x1, 0xc, 0x5}, {0x0, 0x1, 0x0, 0x9}], 0x10, 0x3ff}, 0x90)
r20 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='rdma.current\x00', 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r21=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000002c0)=@raw=[@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @ldst={0x3, 0x0, 0x3, 0x8, 0x2, 0xfffffffffffffffc, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ldst={0x1, 0x0, 0x1, 0x0, 0x8, 0x30, 0xffffffffffffffff}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0x37876ea5}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000001c0)='syzkaller\x00', 0x494, 0xb, &(0x7f0000000380)=""/11, 0x41000, 0xe, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0xf, 0x0, 0x8001}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000600)=[r13, r18, r20, r21], &(0x7f0000000640)=[{0x2, 0x1, 0x10, 0x4}, {0x5, 0x5, 0x3, 0x2}, {0x2, 0x5, 0x10, 0xc}, {0x2, 0x2, 0xc, 0x6}, {0x0, 0x4, 0x6, 0x3}, {0x2, 0x3, 0x0, 0x7}, {0x2, 0x5, 0xe, 0x4}], 0x10, 0x3}, 0x90)

[  107.763364][ T4151] FAULT_INJECTION: forcing a failure.
[  107.763364][ T4151] name failslab, interval 1, probability 0, space 0, times 0
[  107.779464][ T4151] CPU: 0 PID: 4151 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.789538][ T4151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.799432][ T4151] Call Trace:
[  107.802560][ T4151]  <TASK>
[  107.805333][ T4151]  dump_stack_lvl+0x151/0x1b7
[  107.809848][ T4151]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.815319][ T4151]  dump_stack+0x15/0x17
[  107.819308][ T4151]  should_fail+0x3c6/0x510
[  107.823559][ T4151]  __should_failslab+0xa4/0xe0
[  107.828157][ T4151]  ? anon_vma_fork+0xf7/0x4e0
[  107.832668][ T4151]  should_failslab+0x9/0x20
[  107.837007][ T4151]  slab_pre_alloc_hook+0x37/0xd0
[  107.841787][ T4151]  ? anon_vma_fork+0xf7/0x4e0
[  107.846302][ T4151]  kmem_cache_alloc+0x44/0x200
[  107.850900][ T4151]  anon_vma_fork+0xf7/0x4e0
[  107.855234][ T4151]  ? anon_vma_name+0x43/0x70
[  107.859666][ T4151]  ? vm_area_dup+0x17a/0x230
[  107.864088][ T4151]  copy_mm+0xa3a/0x13e0
[  107.868083][ T4151]  ? copy_signal+0x610/0x610
[  107.872513][ T4151]  ? __init_rwsem+0xd6/0x1c0
[  107.876931][ T4151]  ? copy_signal+0x4e3/0x610
[  107.881358][ T4151]  copy_process+0x1149/0x3290
[  107.885871][ T4151]  ? proc_fail_nth_write+0x20b/0x290
[  107.890993][ T4151]  ? fsnotify_perm+0x6a/0x5d0
[  107.895509][ T4151]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.900453][ T4151]  ? vfs_write+0x9ec/0x1110
[  107.904795][ T4151]  kernel_clone+0x21e/0x9e0
[  107.909134][ T4151]  ? file_end_write+0x1c0/0x1c0
[  107.913821][ T4151]  ? create_io_thread+0x1e0/0x1e0
[  107.918683][ T4151]  ? mutex_unlock+0xb2/0x260
[  107.923106][ T4151]  ? __mutex_lock_slowpath+0x10/0x10
[  107.928229][ T4151]  __x64_sys_clone+0x23f/0x290
[  107.932827][ T4151]  ? __do_sys_vfork+0x130/0x130
[  107.937518][ T4151]  ? ksys_write+0x260/0x2c0
[  107.941857][ T4151]  ? debug_smp_processor_id+0x17/0x20
[  107.947063][ T4151]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.952963][ T4151]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.958433][ T4151]  do_syscall_64+0x3d/0xb0
[  107.962687][ T4151]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.968413][ T4151] RIP: 0033:0x7fc79465eda9
[  107.972667][ T4151] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.992109][ T4151] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.000353][ T4151] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:44 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x64ae02a0ffffffff, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x20010, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 72)

06:47:44 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={0x1, <r3=>0xffffffffffffffff}, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x6, 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="850000007d0000005400000000000000950000000000000059f6a2c30eff3cff9837f1ad5e6e744f8f85d0dc61bd963ed577e4e710b638322604f7a81bf128d908795894690895249d107352c19254d124950ae6f2f091c96ce1bb69bb8cb0e7f58e73c68779f07d6fe656cff983dade0989cee59d683d4e588c1ce12bda2f6c90e904791fd928b3942c3de61510ec1c8a2e640bc61a34f40c925adc047b2c6fc66838858121060de6dfbf818a17383879de2bc2619b5fb1accea705a62d9a6253ad9260631048300b3e2af7c58ee876a161b9e0178de1dfde5e4fd5be38e63652e6fd2ea94c7f40e8e8bbeee2c70388fcea559938b09648791801831a869372544133ae36d7e190d9e0f36cd06ef18045cbdda77ce4d0439a00925c2b2d4352ca770b491d88a982d45d8731ddf851cd49c3a3f22cf245ddaad77f3bb1b268e0f8dad9a91b84173e2e31ee161455637a40b63c2f5a225cb69cad576bd369333cbfac7777603913338e5ea61e8560be5ce5dd4873a6d45a458ba16630f388756d10e92b2eec271170d989743d5af0ad9294a48fbd967eec536c1278bc9e536b1e5e5356635d95a7aeed472bd8c4000084e225c8994530baac8cac314e2fc3ae15a4efb535f6303e1c64dfad861282921073bc8a722a46105b48a5c03327b96132d42a37fd8ab12eadea2776d9f22fc63b65cb97fbe6ac0e53dd3ffe82e4c8fefbc899a802b26bffeff8ec2654f871c5d7a1712e567984837608f918d04a00fdcfff118a62da63c9520996f44d3ed45147cf49586b9b248e60df3e714cbf9eae0a1115a5e4e53cd07ee820d707c742a987389221e03cacebc1b735ea8761a05e839fe2ec64bc2ec65c244a5b18d1ab1f37038e5e89708ea179727c329f926b4b0c2d7b09975303f45467ccf19388b90b65630e2f99809a73c420ca8cce3f41f959ebfc50336d50ab85203a84a9cacacc451782a01b1f"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x6, 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="850000007d0000005400000000000000950000000000000059f6a2c30eff3cff9837f1ad5e6e744f8f85d0dc61bd963ed577e4e710b638322604f7a81bf128d908795894690895249d107352c19254d124950ae6f2f091c96ce1bb69bb8cb0e7f58e73c68779f07d6fe656cff983dade0989cee59d683d4e588c1ce12bda2f6c90e904791fd928b3942c3de61510ec1c8a2e640bc61a34f40c925adc047b2c6fc66838858121060de6dfbf818a17383879de2bc2619b5fb1accea705a62d9a6253ad9260631048300b3e2af7c58ee876a161b9e0178de1dfde5e4fd5be38e63652e6fd2ea94c7f40e8e8bbeee2c70388fcea559938b09648791801831a869372544133ae36d7e190d9e0f36cd06ef18045cbdda77ce4d0439a00925c2b2d4352ca770b491d88a982d45d8731ddf851cd49c3a3f22cf245ddaad77f3bb1b268e0f8dad9a91b84173e2e31ee161455637a40b63c2f5a225cb69cad576bd369333cbfac7777603913338e5ea61e8560be5ce5dd4873a6d45a458ba16630f388756d10e92b2eec271170d989743d5af0ad9294a48fbd967eec536c1278bc9e536b1e5e5356635d95a7aeed472bd8c4000084e225c8994530baac8cac314e2fc3ae15a4efb535f6303e1c64dfad861282921073bc8a722a46105b48a5c03327b96132d42a37fd8ab12eadea2776d9f22fc63b65cb97fbe6ac0e53dd3ffe82e4c8fefbc899a802b26bffeff8ec2654f871c5d7a1712e567984837608f918d04a00fdcfff118a62da63c9520996f44d3ed45147cf49586b9b248e60df3e714cbf9eae0a1115a5e4e53cd07ee820d707c742a987389221e03cacebc1b735ea8761a05e839fe2ec64bc2ec65c244a5b18d1ab1f37038e5e89708ea179727c329f926b4b0c2d7b09975303f45467ccf19388b90b65630e2f99809a73c420ca8cce3f41f959ebfc50336d50ab85203a84a9cacacc451782a01b1f"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff}, 0xc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x200}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000240), 0xc30, r7}, 0x38) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000240), 0xc30, r7}, 0x38)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r7}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r7, <r8=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000003c0)=[0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8c, &(0x7f0000001e80)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x40007c, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000003c0)=[0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8c, &(0x7f0000001e80)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x40007c, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb0, 0xb0, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x44, 0x0, 0x60, 0x2}, @func={0x9, 0x0, 0x0, 0xc, 0x5}, @var={0x7, 0x0, 0x0, 0xe, 0x5, 0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x6a, 0x0, 0x2f, 0x3}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x8, 0x2}, {0x7, 0x4}, {0x2, 0x1}, {0xf}, {0x0, 0x2}]}, @fwd={0x8}, @fwd={0xb}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0x5}}]}, {0x0, [0x0, 0x30, 0x30]}}, &(0x7f0000000ac0)=""/202, 0xcd, 0xca, 0x1, 0x7f}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0x4, &(0x7f0000001bc0)=ANY=[@ANYBLOB="3a1586e00900000000000000ff0f0478622530000018650000090000000000000005000000"], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x5a, &(0x7f00000002c0)=""/90, 0x41000, 0x1, '\x00', r10, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x1ff, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000740)=[r8, r8, r6, r7], &(0x7f00000007c0)=[{0x0, 0x2, 0x9, 0x6}], 0x10, 0x3}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0x1d, <r12=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x8, 0x14, &(0x7f0000001ec0)=ANY=[@ANYBLOB="180000000100000000000000ff01000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000004101c0fff0ffffff18110000", @ANYRES32=r4, @ANYRESHEX=r9], &(0x7f0000000280)='syzkaller\x00', 0x2, 0x1000, &(0x7f00000009c0)=""/4096, 0x41100, 0x1, '\x00', r10, 0xc, r4, 0x8, &(0x7f0000000500)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0xd, 0x7fffffff, 0xfffffef6}, 0x10, r12, r5, 0x5, 0x0, &(0x7f00000006c0)=[{0x2, 0x4}, {0x4, 0x1, 0x1, 0xa}, {0x2, 0x1, 0x5, 0x4}, {0x5, 0x3, 0xe, 0x6}, {0x3, 0x1, 0xc}], 0x10, 0x9}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r13=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)='%pi6   \x00'}, 0x20)
r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
r15 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r14, 0xe0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f00000007c0)=[0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x68, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0x88, 0x8, 0xfffffffffffffe9d, &(0x7f0000000bc0)}}, 0x10)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000011c0)=@generic={&(0x7f0000001180)='./file0\x00', 0x0, 0x38}, 0x18) (async)
r17 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000011c0)=@generic={&(0x7f0000001180)='./file0\x00', 0x0, 0x38}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001280)={{r14}, &(0x7f0000001200), &(0x7f0000001240)='%-010d \x00'}, 0x20) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001280)={{r14, <r18=>0xffffffffffffffff}, &(0x7f0000001200), &(0x7f0000001240)='%-010d \x00'}, 0x20)
r19 = bpf$ITER_CREATE(0x21, &(0x7f00000012c0), 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001b00)={0x6, 0xe, &(0x7f0000000800)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x4, 0x6, 0x9, 0x1, 0x14}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000780)='GPL\x00', 0x101, 0x9f, &(0x7f0000000880)=""/159, 0x41100, 0x23, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x9, 0x4, 0x1}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001a80)=[{0x3, 0x1, 0xd, 0xb}, {0x1, 0x3, 0x7, 0x9}, {0x3, 0x1, 0x7}, {0x0, 0x5, 0xf, 0x9}, {0x5, 0x4, 0xf, 0x7}, {0x5, 0x4, 0x10}, {0x4, 0x5, 0xb, 0x5}], 0x10, 0x9}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x7, &(0x7f0000000dc0)=ANY=[@ANYBLOB="cb7001000002000018200000", @ANYRES32=r15, @ANYBLOB="000000000101003d999a39aa00183700000400000000000000000000001847000006000000000000"], &(0x7f0000000fc0)='syzkaller\x00', 0x0, 0xe7, &(0x7f0000001000)=""/231, 0x40f00, 0xfcb8d4b11f91379c, '\x00', r16, 0x0, r14, 0x8, &(0x7f0000001100)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001140)={0x1, 0x3, 0x7, 0x5}, 0x10, 0x309a0, r17, 0x8, &(0x7f0000001300)=[r18, r19, r14, r15, r15, r14], &(0x7f0000001340)=[{0x5, 0x2, 0x0, 0x5}, {0x3, 0x2, 0xc, 0x2}, {0x1, 0x5, 0xa, 0xc}, {0x2, 0x4, 0xa}, {0x0, 0x2, 0xc, 0x3}, {0x1, 0x1, 0x9, 0xb}, {0x1, 0x1, 0xc, 0x5}, {0x0, 0x1, 0x0, 0x9}], 0x10, 0x3ff}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='rdma.current\x00', 0x0, 0x0) (async)
r20 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='rdma.current\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)=r0}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r21=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000002c0)=@raw=[@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @ldst={0x3, 0x0, 0x3, 0x8, 0x2, 0xfffffffffffffffc, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ldst={0x1, 0x0, 0x1, 0x0, 0x8, 0x30, 0xffffffffffffffff}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0x37876ea5}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000001c0)='syzkaller\x00', 0x494, 0xb, &(0x7f0000000380)=""/11, 0x41000, 0xe, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0xf, 0x0, 0x8001}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000600)=[r13, r18, r20, r21], &(0x7f0000000640)=[{0x2, 0x1, 0x10, 0x4}, {0x5, 0x5, 0x3, 0x2}, {0x2, 0x5, 0x10, 0xc}, {0x2, 0x2, 0xc, 0x6}, {0x0, 0x4, 0x6, 0x3}, {0x2, 0x3, 0x0, 0x7}, {0x2, 0x5, 0xe, 0x4}], 0x10, 0x3}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000002c0)=@raw=[@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @ldst={0x3, 0x0, 0x3, 0x8, 0x2, 0xfffffffffffffffc, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ldst={0x1, 0x0, 0x1, 0x0, 0x8, 0x30, 0xffffffffffffffff}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0x37876ea5}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000001c0)='syzkaller\x00', 0x494, 0xb, &(0x7f0000000380)=""/11, 0x41000, 0xe, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0xf, 0x0, 0x8001}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000600)=[r13, r18, r20, r21], &(0x7f0000000640)=[{0x2, 0x1, 0x10, 0x4}, {0x5, 0x5, 0x3, 0x2}, {0x2, 0x5, 0x10, 0xc}, {0x2, 0x2, 0xc, 0x6}, {0x0, 0x4, 0x6, 0x3}, {0x2, 0x3, 0x0, 0x7}, {0x2, 0x5, 0xe, 0x4}], 0x10, 0x3}, 0x90)

[  108.008165][ T4151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  108.015977][ T4151] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  108.023791][ T4151] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  108.031601][ T4151] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  108.039416][ T4151]  </TASK>
06:47:44 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xf5ffffff00000000, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x80000, 0x0, 0x0, &(0x7f0000000540))

[  108.110088][ T4177] FAULT_INJECTION: forcing a failure.
[  108.110088][ T4177] name failslab, interval 1, probability 0, space 0, times 0
[  108.124851][ T4177] CPU: 1 PID: 4177 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.134927][ T4177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.144824][ T4177] Call Trace:
[  108.147941][ T4177]  <TASK>
[  108.150719][ T4177]  dump_stack_lvl+0x151/0x1b7
[  108.155231][ T4177]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.160703][ T4177]  ? avc_denied+0x1b0/0x1b0
[  108.165041][ T4177]  dump_stack+0x15/0x17
[  108.169030][ T4177]  should_fail+0x3c6/0x510
[  108.173285][ T4177]  __should_failslab+0xa4/0xe0
[  108.177884][ T4177]  ? vm_area_dup+0x26/0x230
[  108.182225][ T4177]  should_failslab+0x9/0x20
[  108.186568][ T4177]  slab_pre_alloc_hook+0x37/0xd0
[  108.191341][ T4177]  ? vm_area_dup+0x26/0x230
[  108.195678][ T4177]  kmem_cache_alloc+0x44/0x200
[  108.200282][ T4177]  vm_area_dup+0x26/0x230
[  108.204443][ T4177]  copy_mm+0x9a1/0x13e0
[  108.208439][ T4177]  ? copy_signal+0x610/0x610
[  108.212864][ T4177]  ? __init_rwsem+0xd6/0x1c0
[  108.217290][ T4177]  ? copy_signal+0x4e3/0x610
[  108.221721][ T4177]  copy_process+0x1149/0x3290
[  108.226233][ T4177]  ? proc_fail_nth_write+0x20b/0x290
[  108.231349][ T4177]  ? fsnotify_perm+0x6a/0x5d0
[  108.235863][ T4177]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.240817][ T4177]  ? vfs_write+0x9ec/0x1110
[  108.245152][ T4177]  kernel_clone+0x21e/0x9e0
[  108.249494][ T4177]  ? file_end_write+0x1c0/0x1c0
[  108.254178][ T4177]  ? create_io_thread+0x1e0/0x1e0
[  108.259037][ T4177]  ? mutex_unlock+0xb2/0x260
[  108.263479][ T4177]  ? __mutex_lock_slowpath+0x10/0x10
[  108.268589][ T4177]  __x64_sys_clone+0x23f/0x290
[  108.273190][ T4177]  ? __do_sys_vfork+0x130/0x130
[  108.277871][ T4177]  ? ksys_write+0x260/0x2c0
[  108.282215][ T4177]  ? debug_smp_processor_id+0x17/0x20
[  108.287419][ T4177]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.293322][ T4177]  ? exit_to_user_mode_prepare+0x39/0xa0
[  108.298790][ T4177]  do_syscall_64+0x3d/0xb0
[  108.303041][ T4177]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  108.308771][ T4177] RIP: 0033:0x7fc79465eda9
[  108.313025][ T4177] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  108.332468][ T4177] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.340712][ T4177] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  108.348528][ T4177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
06:47:44 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3f}, [@map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x9f}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x8}, @alu={0x4, 0xa97520d7d244f299, 0xa, 0x1, 0x3, 0x20, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x32}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, &(0x7f0000000100), 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0xa, 0x7ff, 0x10000}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000002c0)=[{0x3, 0x4, 0x5, 0x9}], 0x10, 0x6}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000400)=r0}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[], 0xffe6)
write$cgroup_subtree(r5, &(0x7f0000000000)={[{0x0, 'freezer'}]}, 0x9)
write$cgroup_int(r5, &(0x7f0000000040), 0x12)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x10}, 0x18)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1f, 0x0, 0x9, 0x3, 0xc31a1751b83e80fe, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000780)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0xa, &(0x7f0000000480)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xa9}], &(0x7f0000000500)='GPL\x00', 0x40d3, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000600)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0x6, 0xe81c, 0x5}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000840)=[r6, r7, r8, r9, r1, r1], &(0x7f0000000880)=[{0x0, 0x4, 0x5}, {0x5, 0x3, 0x8, 0x2}, {0x5, 0x4, 0xf, 0x9}, {0x0, 0x3, 0x6, 0x3}, {0x2, 0x5, 0xe, 0xa}, {0x2, 0x2, 0x6, 0x4}], 0x10, 0xffff8000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='fscache_volume\x00', r2}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xfbffffff00000000, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 73)

06:47:44 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x700000, 0x0, 0x0, &(0x7f0000000540))

[  108.356334][ T4177] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  108.364162][ T4177] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  108.371956][ T4177] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  108.379772][ T4177]  </TASK>
06:47:44 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xf0ff1f, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3f}, [@map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x9f}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x8}, @alu={0x4, 0xa97520d7d244f299, 0xa, 0x1, 0x3, 0x20, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x32}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, &(0x7f0000000100), 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0xa, 0x7ff, 0x10000}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000002c0)=[{0x3, 0x4, 0x5, 0x9}], 0x10, 0x6}, 0x90) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000400)=r0}, 0x20) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[], 0xffe6) (async)
write$cgroup_subtree(r5, &(0x7f0000000000)={[{0x0, 'freezer'}]}, 0x9) (async)
write$cgroup_int(r5, &(0x7f0000000040), 0x12) (async)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x10}, 0x18) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1f, 0x0, 0x9, 0x3, 0xc31a1751b83e80fe, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000780)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0xa, &(0x7f0000000480)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xa9}], &(0x7f0000000500)='GPL\x00', 0x40d3, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000600)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0x6, 0xe81c, 0x5}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000840)=[r6, r7, r8, r9, r1, r1], &(0x7f0000000880)=[{0x0, 0x4, 0x5}, {0x5, 0x3, 0x8, 0x2}, {0x5, 0x4, 0xf, 0x9}, {0x0, 0x3, 0x6, 0x3}, {0x2, 0x5, 0xe, 0xa}, {0x2, 0x2, 0x6, 0x4}], 0x10, 0xffff8000}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='fscache_volume\x00', r2}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:44 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async, rerun: 32)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 32)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3f}, [@map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x9f}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x8}, @alu={0x4, 0xa97520d7d244f299, 0xa, 0x1, 0x3, 0x20, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x32}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, &(0x7f0000000100), 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0xa, 0x7ff, 0x10000}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000002c0)=[{0x3, 0x4, 0x5, 0x9}], 0x10, 0x6}, 0x90) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000400)=r0}, 0x20) (async, rerun: 64)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[], 0xffe6) (async, rerun: 64)
write$cgroup_subtree(r5, &(0x7f0000000000)={[{0x0, 'freezer'}]}, 0x9) (rerun: 64)
write$cgroup_int(r5, &(0x7f0000000040), 0x12) (async)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x10}, 0x18)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1f, 0x0, 0x9, 0x3, 0xc31a1751b83e80fe, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000780)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0xa, &(0x7f0000000480)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xa9}], &(0x7f0000000500)='GPL\x00', 0x40d3, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000600)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0x6, 0xe81c, 0x5}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000840)=[r6, r7, r8, r9, r1, r1], &(0x7f0000000880)=[{0x0, 0x4, 0x5}, {0x5, 0x3, 0x8, 0x2}, {0x5, 0x4, 0xf, 0x9}, {0x0, 0x3, 0x6, 0x3}, {0x2, 0x5, 0xe, 0xa}, {0x2, 0x2, 0x6, 0x4}], 0x10, 0xffff8000}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='fscache_volume\x00', r2}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  108.433537][ T4196] FAULT_INJECTION: forcing a failure.
[  108.433537][ T4196] name failslab, interval 1, probability 0, space 0, times 0
[  108.452278][ T4196] CPU: 0 PID: 4196 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.462357][ T4196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.472252][ T4196] Call Trace:
[  108.475378][ T4196]  <TASK>
[  108.478156][ T4196]  dump_stack_lvl+0x151/0x1b7
[  108.482661][ T4196]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.488128][ T4196]  dump_stack+0x15/0x17
[  108.492122][ T4196]  should_fail+0x3c6/0x510
[  108.496374][ T4196]  __should_failslab+0xa4/0xe0
[  108.500978][ T4196]  ? anon_vma_clone+0x9a/0x500
[  108.505575][ T4196]  should_failslab+0x9/0x20
[  108.509913][ T4196]  slab_pre_alloc_hook+0x37/0xd0
[  108.514688][ T4196]  ? anon_vma_clone+0x9a/0x500
[  108.519287][ T4196]  kmem_cache_alloc+0x44/0x200
[  108.523890][ T4196]  anon_vma_clone+0x9a/0x500
[  108.528314][ T4196]  anon_vma_fork+0x91/0x4e0
[  108.532654][ T4196]  ? anon_vma_name+0x4c/0x70
[  108.537081][ T4196]  ? vm_area_dup+0x17a/0x230
[  108.541512][ T4196]  copy_mm+0xa3a/0x13e0
[  108.545502][ T4196]  ? copy_signal+0x610/0x610
[  108.549928][ T4196]  ? __init_rwsem+0xd6/0x1c0
[  108.554353][ T4196]  ? copy_signal+0x4e3/0x610
[  108.558778][ T4196]  copy_process+0x1149/0x3290
[  108.563293][ T4196]  ? proc_fail_nth_write+0x20b/0x290
[  108.568412][ T4196]  ? fsnotify_perm+0x6a/0x5d0
[  108.572931][ T4196]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.577878][ T4196]  ? vfs_write+0x9ec/0x1110
06:47:44 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0x1, <r2=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f00000002c0)}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000), 0x2000fdef)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)='%pB    \x00'}, 0x20)
r7 = syz_clone(0x160500, &(0x7f0000001000)="cb394c26945fd83562d0fc4df96376bd336666f25dd447c80236ec095fd2a4ac6b609aa569a6928d23cb160ef6ff55b9ff0d608795b4c7ba09e62d21e2f04d7bf0987b70cdd1ca2fb7f4baf22d8c253d6a38d5557ce0d078654bfad7651d7eb3dbc58296fa101328e100b9d038477db43fb08f84a8e20dbfa6f08b3b9a30d2134607219b0f6e10aed5b454d3c4b87edf1053856a03852164778b461c2f2813f3d06ad14c7acfa5b5c8b8d38ee2f2000000000000000000000000000003b5021ba4792ded00", 0xc5, &(0x7f0000000a40), &(0x7f0000000580), &(0x7f0000001780)="7126258dc52e716ba969389c747d1a61e4afe4bfd507fec7a49ee9d2011a4ba572873c39f402825152510326609b44f5d96427f364a43c56cac104c577ee0d1066dfda1e92d9a58795c95f3ae6c78e6d34d523b5ae56588279789f4d57b902f5ad735dcc5ae3c4912a17c22aa9e5e66f3a8f4801907d4205a605db102465456af575bd64794c64240ff6cafa61d23335e0f3da92bf3c745074f472353c3f1f315cf53670c90cced0e040d6d68f10e085386a17a3494c1f76adb25e4b84b8012500c7192ff175ef0041c4e3cd9990adfcdef35c9cfd5f1cf55390a9afd2d4f50e6d")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x5, 0xff, 0x0, 0x9, 0x0, 0x7fe, 0x4b96e844e009db4d, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x60000, 0x4, @perf_bp={&(0x7f0000000540), 0x2}, 0x8000, 0x5, 0x7fffffff, 0x8, 0x8000000000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5}, r7, 0xf, r8, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000ec0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f, '\x00', 0x0, 0x2b, r9}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) (async)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001740)={r11, 0xe0, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000c00)=[0x0, 0x0], <r12=>0x0, 0x8, &(0x7f0000001600), 0x0, 0x10, &(0x7f0000001680), &(0x7f0000000600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001700)}}, 0x10)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x12, 0x43, &(0x7f0000001dc0)=ANY=[@ANYBLOB="18000000742e0000000000000400000018110000", @ANYRES16=r13, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="000000a9e2000000b70500000800000085000000a5000000851000000200ff000aa50100fcffffffb708004d000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000ebff000007040000f0ffffffb7020000080000001823dd678f0bca1ea34eed330000229bd8f8ec166916457406ee9035d033d57ed432d49a3f3733a7a95fc47c07a588ea74bc89bd83be492128c87620b8101c5c5291c46e9e571aeadd715c197e9402f1c851d08046c876419b25e5beb7b8acc3673515539e97a2aa2fe70fd40b5c9dcf0f2e8005c28eb1479c71576e16574fff1e769ed2062f57e9bd602f3be749af564495aa12531dcca998b1d0d3d4db7531fd1be4f8c67de24f45b2c39008d4398cd71e4a29f718f7fa9ea1844ae7f0269ad20f6212cbd1b79dd2ab33587cc8ce7a7cb100000000c1d92c70a16510046ced5ea3b5ed5409fc552e4fac53c98beaf004888094b0b0a25c3ce4987f72cea55724605613c3fa5a01b20ad204ba5fd356c1ad3411b9a93c7d88feccb5f5484eb336f0cd7119b61181969a593baf47adaec0c941af28e6fd630135eb6c83af2d231ff792622f952d12ce902a461314f0a71eacb2e29df2603590ff32290c1caa78240ab12ac41b618dabb86ad30699d35e9e9808acecfff7461325c43ca3397757ecc7c0ca9ec6889a54648aaee3b5a8dc184d32f5b0fcab79441f72866e8b9f7591e192c22a8edf25f24465e6528dfe353855e91338b92564d48a128658049a5d41573a93ff0602f5706247807e2a53283a2c15afdecc753da8f5e595ed99eef28d93f42908a936cdbb531056be4e26bd8a8ae0c97d21ef04cc799c94e2beb54406b27d957e58ffb914015bf25005eb991cd237fd", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000085000000b6000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a500000018330000050000000000000000000000bf91000000000000ff0700008500000085000000b7000000000000009500000000000000"], &(0x7f0000000b00)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x84, '\x00', 0x0, 0x36, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b40)={0x4, 0x8, 0x7, 0x8}, 0x10, r12, r10, 0x7, 0x0, &(0x7f0000000f40)=[{0x3, 0x1, 0x10, 0x9}, {0x2, 0x4, 0x8}, {0x3, 0x3, 0x9, 0xa}, {0x0, 0x1, 0xd}, {0x0, 0x5, 0xf, 0xc}, {0x3, 0x2, 0xffffffff, 0x7}, {0x5, 0x3, 0xe, 0x6}], 0x10, 0x10001}, 0x90)
r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x3, &(0x7f0000000780)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000007c0)='syzkaller\x00', 0x100, 0xf9, &(0x7f0000000800)=""/249, 0x40f00, 0x2, '\x00', 0x0, 0x0, r14, 0x8, &(0x7f0000000900)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000940)={0x0, 0xe, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000980)=[r15], &(0x7f00000009c0)=[{0x4, 0x2, 0x1, 0x4}, {0x0, 0x5, 0xe, 0x7}, {0x4, 0x4, 0x5, 0x4}, {0x2, 0x2, 0xb, 0x5}], 0x10, 0x1}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x3, &(0x7f0000000780)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000007c0)='syzkaller\x00', 0x100, 0xf9, &(0x7f0000000800)=""/249, 0x40f00, 0x2, '\x00', 0x0, 0x0, r14, 0x8, &(0x7f0000000900)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000940)={0x0, 0xe, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000980)=[r15], &(0x7f00000009c0)=[{0x4, 0x2, 0x1, 0x4}, {0x0, 0x5, 0xe, 0x7}, {0x4, 0x4, 0x5, 0x4}, {0x2, 0x2, 0xb, 0x5}], 0x10, 0x1}, 0x90)
write$cgroup_type(r15, &(0x7f0000000000), 0x248800)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{0xffffffffffffffff, <r16=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)='%-5lx  \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={0x1}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={0x1, <r17=>0xffffffffffffffff}, 0x4)
r18 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x15, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x6, 0x6, 0x27, 0x10}, @generic={0x8, 0x1, 0x8, 0xff, 0x9}, @map_fd={0x18, 0x4, 0x1, 0x0, r1}, @ldst={0x1, 0x3, 0x0, 0x2, 0x9, 0xfffffffffffffff4, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x7, 0x37, &(0x7f00000001c0)=""/55, 0x41000, 0x41, '\x00', r3, 0x25, r5, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000600)=[r0, r6, 0xffffffffffffffff, r8, 0x1, r15, 0xffffffffffffffff, r16, r17, r18], &(0x7f0000000640)=[{0x0, 0x5, 0x7, 0xb}, {0x0, 0x1, 0x8, 0x6}, {0x5, 0x3, 0x1, 0x4}, {0x5, 0x2, 0xc, 0xb}, {0x3, 0x1, 0xd, 0x8}, {0x1, 0x5, 0x8, 0xb}, {0x1, 0x2, 0xe, 0x4}, {0x5, 0x1, 0x9}, {0x3, 0x3, 0x6, 0x5}, {0x3, 0x1, 0x0, 0x1}], 0x10, 0x2a7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  108.582213][ T4196]  kernel_clone+0x21e/0x9e0
[  108.586559][ T4196]  ? file_end_write+0x1c0/0x1c0
[  108.591248][ T4196]  ? create_io_thread+0x1e0/0x1e0
[  108.596106][ T4196]  ? mutex_unlock+0xb2/0x260
[  108.600529][ T4196]  ? __mutex_lock_slowpath+0x10/0x10
[  108.605649][ T4196]  __x64_sys_clone+0x23f/0x290
[  108.610254][ T4196]  ? __do_sys_vfork+0x130/0x130
[  108.614935][ T4196]  ? ksys_write+0x260/0x2c0
[  108.619274][ T4196]  ? debug_smp_processor_id+0x17/0x20
[  108.624482][ T4196]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.630385][ T4196]  ? exit_to_user_mode_prepare+0x39/0xa0
[  108.635851][ T4196]  do_syscall_64+0x3d/0xb0
[  108.640105][ T4196]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  108.645833][ T4196] RIP: 0033:0x7fc79465eda9
[  108.650088][ T4196] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  108.669707][ T4196] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:44 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xff0f010000000000, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 74)

06:47:45 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x401, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002240)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYRESOCT, @ANYRESDEC, @ANYRES8=r5], 0x32600)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002180)={0x18, 0x13, &(0x7f0000001300)=@raw=[@ldst={0x2, 0x3, 0x3, 0x8, 0x8, 0x2}, @map_val={0x18, 0x1, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x1ff}, @generic={0x6, 0x6, 0x7, 0x1}, @generic={0x0, 0xf, 0x3, 0xeb, 0x5}, @map_idx={0x18, 0x2}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9e3}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}], 0x0, 0xfffffff9, 0x40, &(0x7f0000001e40)=""/64, 0x41100, 0x5c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001e80)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001ec0)={0x1, 0x1, 0x0, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000002140)=[r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x3f}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r9=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001840)={0xffffffffffffffff, 0x5, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x0, 0x15, &(0x7f0000002880)=ANY=[@ANYBLOB="1800000006000000000000001e00000036110000c51c9119d0be689dd5ec6ec05fbd03d008be8463b02aade605541663cd4860bf35bc163e6dcc0af286ebfffd22b7f25cb56536fb69bf7662b4a86c5b698907e00721c11a4429a5e8fb1a4f01dbb47de987fdbe2ccecddbd5f22c478780d4a95fe585b89c7823119dcf760c9f31cd12e8773c497ec3a8ce69d26384dd00fd47e3ae1e98249db88a8cc0681e791294e05ddc286c5429c47a167207e846b3b0dc5678bd442cbad8c2f930a7a3b40d0c7b8bace88f7c7882071398b2622fcaf30f87ef85f4d188c27bae4bc233f5acedc4097d3c87e314a1c8966d4e961ade55bf4c1f1eb1bd01fbd294f2cc4596257b2755dd9bdd", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000095000000000000005807119afc608d70a5a8924ee86627b1a6231e7246625f4eca2ff937ea644738ebc164cdfc6523a58339fc2a99d2e8fcec976db25d0647f69ea69701f1fdfbe54ef971d50de2f8d620c40fb166b1f9ae5f63772c8145cd97c242ef3a2ed454cdf4f03e84d625c4278327fa68f82eb12978dcf892001000002377d65c6cc6d4283fb551fc8179cbb7018499d0058e1f86418c490d45d43084510e6891921f49d9b7e50b0c1319dc63aaaa83232bb304737c6e397ec50cb56a8bc1f193a0c8cd5655baa63560c43c1d3fe31cd2382379f8a8a83053190baaf834ba03fd04013e378a28b83f8183803d8a861687ee63169ccfab6b67db8d411e2424181c2e5f0a115eb721aaba02401da08e37cfa197ca8fbf3e48472e37535da542542235047834a20000000000000000000000000000003cb561318ddcbce23ce530fdb6f9cb5654765a4d5c0f88f8720b918b9bb7c7ac1ccbca0711cdcb6ea2d8570b8487805c6d722297c65655e024c4b05c6b924495ff27bf519cd32b7a0ef8d283b17f0babb4ff5c75b354075d6f4622f4a5479e05cda68a0f19a3a8aa01d4f07c14ecaa8d0a553e21e89c6190d833fb0fc8fc4c53e7d56e02737b968aafa7f94ce6b37c040d5c58", @ANYRES32=r6, @ANYBLOB="000000000000000085100000fcffffff18600000030000000000000003000000bf91000000000000b70200000100000085000000"], &(0x7f0000001740)='syzkaller\x00', 0x0, 0x4, &(0x7f0000001780)=""/4, 0x40f00, 0x2a, '\x00', 0x0, 0x36, 0xffffffffffffffff, 0x8, &(0x7f00000017c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000001800)={0x2, 0x7, 0x9}, 0x10, 0x0, r4, 0x4, &(0x7f0000001880), &(0x7f00000018c0)=[{0x3, 0x2, 0x6, 0x2}, {0x2, 0x5, 0x8, 0x7}, {0x1, 0x3, 0xb, 0xb}, {0x0, 0x2}], 0x10, 0x80000000}, 0x90)
r11 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001b00)=r9, 0x4)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000e000000c50000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0xffffffffffffffd5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sys_enter\x00', r12}, 0x10)
r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001c40)=@bpf_tracing={0x1a, 0x2, &(0x7f0000001580)=ANY=[@ANYRESDEC], &(0x7f0000001a40)='syzkaller\x00', 0x400, 0x65, &(0x7f0000001a80)=""/101, 0x0, 0x0, '\x00', 0x0, 0x0, r11, 0x8, &(0x7f00000015c0)={0x1, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x64ff, r12, 0x3, &(0x7f0000001e00)=[r5, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c00)=[{0x2, 0x2, 0xa, 0x8}, {0x5, 0x1, 0x10, 0xb}, {0x0, 0x3, 0xb, 0xa}]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="37586f1e", @ANYRES32, @ANYBLOB="00030000"], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x3}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x9, 0x1000}, 0x10, r9, r7, 0x0, &(0x7f0000000540)=[0xffffffffffffffff]}, 0x90)
r14 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r15 = openat$cgroup_ro(r14, &(0x7f0000001700)='freezer.self_freezing\x00', 0x0, 0x0)
r16 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x0, 0x17, &(0x7f0000001b40)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r14}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x0, 0xb, 0x0, 0x8, 0xfffffffffffffffc, 0xfffffffffffffff0}], &(0x7f0000001d00)='GPL\x00', 0x4, 0x74, &(0x7f0000001f00)=""/116, 0x41100, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d40)={0x4, 0xa, 0xffffffff, 0x8e62}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001dc0)=[r14, r14, r6, r6, r10, r10, r5, r10], &(0x7f0000001f80)=[{0x3, 0x3, 0x0, 0x2}, {0x4, 0x4, 0xb, 0x5}, {0x4, 0x5, 0x0, 0x3}, {0x3, 0x4, 0xa, 0x9}, {0x4, 0x1, 0x0, 0x4}], 0x10, 0x1f}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000002480)={0x1e, 0xf, &(0x7f0000001680)=@raw=[@generic={0x81, 0xe, 0x5, 0x140, 0x7f}, @jmp={0x5, 0x1, 0x5, 0x7, 0x6, 0x6, 0x4}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000001600)='GPL\x00', 0x0, 0x1000, &(0x7f0000002f80)=""/4096, 0x41000, 0x61, '\x00', 0x0, 0x28, r15, 0x8, &(0x7f0000001880)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001900)={0x1, 0x6, 0x6}, 0x10, r9, r16, 0x9, &(0x7f00000020c0)=[r6, r5], &(0x7f00000023c0)=[{0x0, 0x4, 0x6, 0x3}, {0x3, 0x1, 0xa, 0x7}, {0x2, 0x4, 0xc, 0x41cd7dad2d98cb2c}, {0x0, 0x1, 0x6, 0x3}, {0x5, 0x2, 0x3, 0x9}, {0x1, 0x3, 0x0, 0xc}, {0x2, 0x5, 0xc, 0x4}, {0x1, 0x3, 0xb, 0x6}, {0x3, 0x5, 0xf, 0xa}], 0x10, 0x29}, 0x90)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x7f, 0x0, 0xffffffffffffffff, 0x21c9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0x9, &(0x7f00000002c0)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f0000000340)='syzkaller\x00', 0xffffffd4, 0xfa, &(0x7f0000000380)=""/250, 0x41000, 0x8, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0xc, 0x8, 0x2}, 0x10, r9, r0, 0x1, &(0x7f0000000540)=[r17], &(0x7f0000000580)=[{0x0, 0x1, 0x4, 0x6}]}, 0x90)
r18 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x80, 0x0, 0x81, 0xcb, 0x0, 0x0, 0x10040, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x202, 0x3, 0x9, 0x2, 0xdb, 0x8, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x5, r18, 0x1)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002340)={0x2, 0x4, 0x8, 0x1, 0x80, r10, 0x7, '\x00', 0x0, r11, 0x3, 0x1, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x8, 0x29, &(0x7f0000002600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x0, 0x2, 0x0, r15, 0x0, 0x0, 0x0, 0x423}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x38064487, 0x0, 0x0, 0x0, 0x26}, @alu={0x4, 0x1, 0xc, 0xb, 0xa2faa3c0599107ed, 0xfffffffffffffff8, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, r19, 0x0, 0x0, 0x0, 0xfff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x3}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xe}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001500)='GPL\x00', 0x101, 0x75, &(0x7f00000022c0)=""/117, 0x41100, 0x50, '\x00', r8, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001540)={0x2, 0xd, 0x4, 0x4}, 0x10, r9, r13, 0x0, &(0x7f0000001640)=[r5], 0x0, 0x10, 0x4}, 0x90)

06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x1000000, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xffffffffa000cc00, 0x0, 0x0, &(0x7f0000000540))

[  108.677953][ T4196] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  108.685759][ T4196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  108.693572][ T4196] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  108.701385][ T4196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  108.709195][ T4196] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  108.717010][ T4196]  </TASK>
06:47:45 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0xffffffffa002ae64, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x2000000, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x401, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5}, 0x48) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) (async, rerun: 64)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002240)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYRESOCT, @ANYRESDEC, @ANYRES8=r5], 0x32600) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002180)={0x18, 0x13, &(0x7f0000001300)=@raw=[@ldst={0x2, 0x3, 0x3, 0x8, 0x8, 0x2}, @map_val={0x18, 0x1, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x1ff}, @generic={0x6, 0x6, 0x7, 0x1}, @generic={0x0, 0xf, 0x3, 0xeb, 0x5}, @map_idx={0x18, 0x2}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9e3}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}], 0x0, 0xfffffff9, 0x40, &(0x7f0000001e40)=""/64, 0x41100, 0x5c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001e80)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001ec0)={0x1, 0x1, 0x0, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000002140)=[r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x3f}, 0x90) (async, rerun: 32)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r9=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001840)={0xffffffffffffffff, 0x5, 0x10}, 0xc) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x0, 0x15, &(0x7f0000002880)=ANY=[@ANYBLOB="1800000006000000000000001e00000036110000c51c9119d0be689dd5ec6ec05fbd03d008be8463b02aade605541663cd4860bf35bc163e6dcc0af286ebfffd22b7f25cb56536fb69bf7662b4a86c5b698907e00721c11a4429a5e8fb1a4f01dbb47de987fdbe2ccecddbd5f22c478780d4a95fe585b89c7823119dcf760c9f31cd12e8773c497ec3a8ce69d26384dd00fd47e3ae1e98249db88a8cc0681e791294e05ddc286c5429c47a167207e846b3b0dc5678bd442cbad8c2f930a7a3b40d0c7b8bace88f7c7882071398b2622fcaf30f87ef85f4d188c27bae4bc233f5acedc4097d3c87e314a1c8966d4e961ade55bf4c1f1eb1bd01fbd294f2cc4596257b2755dd9bdd", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000095000000000000005807119afc608d70a5a8924ee86627b1a6231e7246625f4eca2ff937ea644738ebc164cdfc6523a58339fc2a99d2e8fcec976db25d0647f69ea69701f1fdfbe54ef971d50de2f8d620c40fb166b1f9ae5f63772c8145cd97c242ef3a2ed454cdf4f03e84d625c4278327fa68f82eb12978dcf892001000002377d65c6cc6d4283fb551fc8179cbb7018499d0058e1f86418c490d45d43084510e6891921f49d9b7e50b0c1319dc63aaaa83232bb304737c6e397ec50cb56a8bc1f193a0c8cd5655baa63560c43c1d3fe31cd2382379f8a8a83053190baaf834ba03fd04013e378a28b83f8183803d8a861687ee63169ccfab6b67db8d411e2424181c2e5f0a115eb721aaba02401da08e37cfa197ca8fbf3e48472e37535da542542235047834a20000000000000000000000000000003cb561318ddcbce23ce530fdb6f9cb5654765a4d5c0f88f8720b918b9bb7c7ac1ccbca0711cdcb6ea2d8570b8487805c6d722297c65655e024c4b05c6b924495ff27bf519cd32b7a0ef8d283b17f0babb4ff5c75b354075d6f4622f4a5479e05cda68a0f19a3a8aa01d4f07c14ecaa8d0a553e21e89c6190d833fb0fc8fc4c53e7d56e02737b968aafa7f94ce6b37c040d5c58", @ANYRES32=r6, @ANYBLOB="000000000000000085100000fcffffff18600000030000000000000003000000bf91000000000000b70200000100000085000000"], &(0x7f0000001740)='syzkaller\x00', 0x0, 0x4, &(0x7f0000001780)=""/4, 0x40f00, 0x2a, '\x00', 0x0, 0x36, 0xffffffffffffffff, 0x8, &(0x7f00000017c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000001800)={0x2, 0x7, 0x9}, 0x10, 0x0, r4, 0x4, &(0x7f0000001880), &(0x7f00000018c0)=[{0x3, 0x2, 0x6, 0x2}, {0x2, 0x5, 0x8, 0x7}, {0x1, 0x3, 0xb, 0xb}, {0x0, 0x2}], 0x10, 0x80000000}, 0x90) (async, rerun: 64)
r11 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001b00)=r9, 0x4) (rerun: 64)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000e000000c50000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0xffffffffffffffd5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sys_enter\x00', r12}, 0x10) (async)
r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001c40)=@bpf_tracing={0x1a, 0x2, &(0x7f0000001580)=ANY=[@ANYRESDEC], &(0x7f0000001a40)='syzkaller\x00', 0x400, 0x65, &(0x7f0000001a80)=""/101, 0x0, 0x0, '\x00', 0x0, 0x0, r11, 0x8, &(0x7f00000015c0)={0x1, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x64ff, r12, 0x3, &(0x7f0000001e00)=[r5, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c00)=[{0x2, 0x2, 0xa, 0x8}, {0x5, 0x1, 0x10, 0xb}, {0x0, 0x3, 0xb, 0xa}]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="37586f1e", @ANYRES32, @ANYBLOB="00030000"], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x3}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x9, 0x1000}, 0x10, r9, r7, 0x0, &(0x7f0000000540)=[0xffffffffffffffff]}, 0x90) (async, rerun: 32)
r14 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (rerun: 32)
r15 = openat$cgroup_ro(r14, &(0x7f0000001700)='freezer.self_freezing\x00', 0x0, 0x0) (async)
r16 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x0, 0x17, &(0x7f0000001b40)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r14}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x0, 0xb, 0x0, 0x8, 0xfffffffffffffffc, 0xfffffffffffffff0}], &(0x7f0000001d00)='GPL\x00', 0x4, 0x74, &(0x7f0000001f00)=""/116, 0x41100, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d40)={0x4, 0xa, 0xffffffff, 0x8e62}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001dc0)=[r14, r14, r6, r6, r10, r10, r5, r10], &(0x7f0000001f80)=[{0x3, 0x3, 0x0, 0x2}, {0x4, 0x4, 0xb, 0x5}, {0x4, 0x5, 0x0, 0x3}, {0x3, 0x4, 0xa, 0x9}, {0x4, 0x1, 0x0, 0x4}], 0x10, 0x1f}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000002480)={0x1e, 0xf, &(0x7f0000001680)=@raw=[@generic={0x81, 0xe, 0x5, 0x140, 0x7f}, @jmp={0x5, 0x1, 0x5, 0x7, 0x6, 0x6, 0x4}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000001600)='GPL\x00', 0x0, 0x1000, &(0x7f0000002f80)=""/4096, 0x41000, 0x61, '\x00', 0x0, 0x28, r15, 0x8, &(0x7f0000001880)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001900)={0x1, 0x6, 0x6}, 0x10, r9, r16, 0x9, &(0x7f00000020c0)=[r6, r5], &(0x7f00000023c0)=[{0x0, 0x4, 0x6, 0x3}, {0x3, 0x1, 0xa, 0x7}, {0x2, 0x4, 0xc, 0x41cd7dad2d98cb2c}, {0x0, 0x1, 0x6, 0x3}, {0x5, 0x2, 0x3, 0x9}, {0x1, 0x3, 0x0, 0xc}, {0x2, 0x5, 0xc, 0x4}, {0x1, 0x3, 0xb, 0x6}, {0x3, 0x5, 0xf, 0xa}], 0x10, 0x29}, 0x90) (async)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x7f, 0x0, 0xffffffffffffffff, 0x21c9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0x9, &(0x7f00000002c0)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f0000000340)='syzkaller\x00', 0xffffffd4, 0xfa, &(0x7f0000000380)=""/250, 0x41000, 0x8, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0xc, 0x8, 0x2}, 0x10, r9, r0, 0x1, &(0x7f0000000540)=[r17], &(0x7f0000000580)=[{0x0, 0x1, 0x4, 0x6}]}, 0x90)
r18 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x80, 0x0, 0x81, 0xcb, 0x0, 0x0, 0x10040, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x202, 0x3, 0x9, 0x2, 0xdb, 0x8, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x5, r18, 0x1)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002340)={0x2, 0x4, 0x8, 0x1, 0x80, r10, 0x7, '\x00', 0x0, r11, 0x3, 0x1, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x8, 0x29, &(0x7f0000002600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x0, 0x2, 0x0, r15, 0x0, 0x0, 0x0, 0x423}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x38064487, 0x0, 0x0, 0x0, 0x26}, @alu={0x4, 0x1, 0xc, 0xb, 0xa2faa3c0599107ed, 0xfffffffffffffff8, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, r19, 0x0, 0x0, 0x0, 0xfff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x3}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xe}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001500)='GPL\x00', 0x101, 0x75, &(0x7f00000022c0)=""/117, 0x41100, 0x50, '\x00', r8, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001540)={0x2, 0xd, 0x4, 0x4}, 0x10, r9, r13, 0x0, &(0x7f0000001640)=[r5], 0x0, 0x10, 0x4}, 0x90)

06:47:45 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000000040)}, 0x20)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa8}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xd0c}]}, &(0x7f0000000140)='GPL\x00', 0x5, 0xa2, &(0x7f0000000240)=""/162, 0x40f00, 0x8, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x2, 0x3ff, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000300)=[r1, r0, r0, r0], &(0x7f0000000380)=[{0x1, 0x5, 0xf, 0x7}, {0x4, 0x3, 0x5}], 0x10, 0xd9f}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000000c0)='rxrpc_rx_packet\x00', r3}, 0x10)

[  108.790541][ T4234] FAULT_INJECTION: forcing a failure.
[  108.790541][ T4234] name failslab, interval 1, probability 0, space 0, times 0
[  108.816421][ T4234] CPU: 1 PID: 4234 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.826496][ T4234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.836393][ T4234] Call Trace:
[  108.839518][ T4234]  <TASK>
[  108.842299][ T4234]  dump_stack_lvl+0x151/0x1b7
[  108.846810][ T4234]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.852271][ T4234]  dump_stack+0x15/0x17
[  108.856267][ T4234]  should_fail+0x3c6/0x510
[  108.860516][ T4234]  __should_failslab+0xa4/0xe0
[  108.865115][ T4234]  ? anon_vma_clone+0x9a/0x500
[  108.869716][ T4234]  should_failslab+0x9/0x20
[  108.874056][ T4234]  slab_pre_alloc_hook+0x37/0xd0
[  108.878831][ T4234]  ? anon_vma_clone+0x9a/0x500
[  108.883440][ T4234]  kmem_cache_alloc+0x44/0x200
[  108.888031][ T4234]  anon_vma_clone+0x9a/0x500
[  108.892458][ T4234]  anon_vma_fork+0x91/0x4e0
[  108.896800][ T4234]  ? anon_vma_name+0x4c/0x70
[  108.901223][ T4234]  ? vm_area_dup+0x17a/0x230
[  108.905649][ T4234]  copy_mm+0xa3a/0x13e0
[  108.909730][ T4234]  ? copy_signal+0x610/0x610
[  108.914154][ T4234]  ? __init_rwsem+0xd6/0x1c0
[  108.918595][ T4234]  ? copy_signal+0x4e3/0x610
[  108.923008][ T4234]  copy_process+0x1149/0x3290
[  108.927533][ T4234]  ? proc_fail_nth_write+0x20b/0x290
[  108.932642][ T4234]  ? fsnotify_perm+0x6a/0x5d0
[  108.937156][ T4234]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.942103][ T4234]  ? vfs_write+0x9ec/0x1110
[  108.946445][ T4234]  kernel_clone+0x21e/0x9e0
[  108.950788][ T4234]  ? file_end_write+0x1c0/0x1c0
[  108.955468][ T4234]  ? create_io_thread+0x1e0/0x1e0
[  108.960337][ T4234]  ? mutex_unlock+0xb2/0x260
[  108.964756][ T4234]  ? __mutex_lock_slowpath+0x10/0x10
[  108.969876][ T4234]  __x64_sys_clone+0x23f/0x290
[  108.974483][ T4234]  ? __do_sys_vfork+0x130/0x130
[  108.979162][ T4234]  ? ksys_write+0x260/0x2c0
[  108.983503][ T4234]  ? debug_smp_processor_id+0x17/0x20
[  108.988710][ T4234]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.994614][ T4234]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.000082][ T4234]  do_syscall_64+0x3d/0xb0
[  109.004334][ T4234]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.010083][ T4234] RIP: 0033:0x7fc79465eda9
[  109.014317][ T4234] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:45 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 75)

06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x7000000, 0x0, 0x0, &(0x7f0000000540))

[  109.033762][ T4234] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  109.042008][ T4234] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  109.049820][ T4234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  109.057630][ T4234] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  109.065453][ T4234] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.073266][ T4234] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  109.081066][ T4234]  </TASK>
06:47:45 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x401, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5}, 0x48) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) (async, rerun: 64)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (rerun: 64)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) (async, rerun: 32)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002240)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYRESOCT, @ANYRESDEC, @ANYRES8=r5], 0x32600)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002180)={0x18, 0x13, &(0x7f0000001300)=@raw=[@ldst={0x2, 0x3, 0x3, 0x8, 0x8, 0x2}, @map_val={0x18, 0x1, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x1ff}, @generic={0x6, 0x6, 0x7, 0x1}, @generic={0x0, 0xf, 0x3, 0xeb, 0x5}, @map_idx={0x18, 0x2}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9e3}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}], 0x0, 0xfffffff9, 0x40, &(0x7f0000001e40)=""/64, 0x41100, 0x5c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001e80)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001ec0)={0x1, 0x1, 0x0, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000002140)=[r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x3f}, 0x90) (async, rerun: 64)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0) (async, rerun: 64)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r9=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001840)={0xffffffffffffffff, 0x5, 0x10}, 0xc) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x0, 0x15, &(0x7f0000002880)=ANY=[@ANYBLOB="1800000006000000000000001e00000036110000c51c9119d0be689dd5ec6ec05fbd03d008be8463b02aade605541663cd4860bf35bc163e6dcc0af286ebfffd22b7f25cb56536fb69bf7662b4a86c5b698907e00721c11a4429a5e8fb1a4f01dbb47de987fdbe2ccecddbd5f22c478780d4a95fe585b89c7823119dcf760c9f31cd12e8773c497ec3a8ce69d26384dd00fd47e3ae1e98249db88a8cc0681e791294e05ddc286c5429c47a167207e846b3b0dc5678bd442cbad8c2f930a7a3b40d0c7b8bace88f7c7882071398b2622fcaf30f87ef85f4d188c27bae4bc233f5acedc4097d3c87e314a1c8966d4e961ade55bf4c1f1eb1bd01fbd294f2cc4596257b2755dd9bdd", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000095000000000000005807119afc608d70a5a8924ee86627b1a6231e7246625f4eca2ff937ea644738ebc164cdfc6523a58339fc2a99d2e8fcec976db25d0647f69ea69701f1fdfbe54ef971d50de2f8d620c40fb166b1f9ae5f63772c8145cd97c242ef3a2ed454cdf4f03e84d625c4278327fa68f82eb12978dcf892001000002377d65c6cc6d4283fb551fc8179cbb7018499d0058e1f86418c490d45d43084510e6891921f49d9b7e50b0c1319dc63aaaa83232bb304737c6e397ec50cb56a8bc1f193a0c8cd5655baa63560c43c1d3fe31cd2382379f8a8a83053190baaf834ba03fd04013e378a28b83f8183803d8a861687ee63169ccfab6b67db8d411e2424181c2e5f0a115eb721aaba02401da08e37cfa197ca8fbf3e48472e37535da542542235047834a20000000000000000000000000000003cb561318ddcbce23ce530fdb6f9cb5654765a4d5c0f88f8720b918b9bb7c7ac1ccbca0711cdcb6ea2d8570b8487805c6d722297c65655e024c4b05c6b924495ff27bf519cd32b7a0ef8d283b17f0babb4ff5c75b354075d6f4622f4a5479e05cda68a0f19a3a8aa01d4f07c14ecaa8d0a553e21e89c6190d833fb0fc8fc4c53e7d56e02737b968aafa7f94ce6b37c040d5c58", @ANYRES32=r6, @ANYBLOB="000000000000000085100000fcffffff18600000030000000000000003000000bf91000000000000b70200000100000085000000"], &(0x7f0000001740)='syzkaller\x00', 0x0, 0x4, &(0x7f0000001780)=""/4, 0x40f00, 0x2a, '\x00', 0x0, 0x36, 0xffffffffffffffff, 0x8, &(0x7f00000017c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000001800)={0x2, 0x7, 0x9}, 0x10, 0x0, r4, 0x4, &(0x7f0000001880), &(0x7f00000018c0)=[{0x3, 0x2, 0x6, 0x2}, {0x2, 0x5, 0x8, 0x7}, {0x1, 0x3, 0xb, 0xb}, {0x0, 0x2}], 0x10, 0x80000000}, 0x90)
r11 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001b00)=r9, 0x4) (async)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000e000000c50000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0xffffffffffffffd5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sys_enter\x00', r12}, 0x10) (async)
r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001c40)=@bpf_tracing={0x1a, 0x2, &(0x7f0000001580)=ANY=[@ANYRESDEC], &(0x7f0000001a40)='syzkaller\x00', 0x400, 0x65, &(0x7f0000001a80)=""/101, 0x0, 0x0, '\x00', 0x0, 0x0, r11, 0x8, &(0x7f00000015c0)={0x1, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x64ff, r12, 0x3, &(0x7f0000001e00)=[r5, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c00)=[{0x2, 0x2, 0xa, 0x8}, {0x5, 0x1, 0x10, 0xb}, {0x0, 0x3, 0xb, 0xa}]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="37586f1e", @ANYRES32, @ANYBLOB="00030000"], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x3}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x9, 0x1000}, 0x10, r9, r7, 0x0, &(0x7f0000000540)=[0xffffffffffffffff]}, 0x90) (async)
r14 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r15 = openat$cgroup_ro(r14, &(0x7f0000001700)='freezer.self_freezing\x00', 0x0, 0x0) (async)
r16 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x0, 0x17, &(0x7f0000001b40)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r14}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x0, 0xb, 0x0, 0x8, 0xfffffffffffffffc, 0xfffffffffffffff0}], &(0x7f0000001d00)='GPL\x00', 0x4, 0x74, &(0x7f0000001f00)=""/116, 0x41100, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d40)={0x4, 0xa, 0xffffffff, 0x8e62}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001dc0)=[r14, r14, r6, r6, r10, r10, r5, r10], &(0x7f0000001f80)=[{0x3, 0x3, 0x0, 0x2}, {0x4, 0x4, 0xb, 0x5}, {0x4, 0x5, 0x0, 0x3}, {0x3, 0x4, 0xa, 0x9}, {0x4, 0x1, 0x0, 0x4}], 0x10, 0x1f}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000002480)={0x1e, 0xf, &(0x7f0000001680)=@raw=[@generic={0x81, 0xe, 0x5, 0x140, 0x7f}, @jmp={0x5, 0x1, 0x5, 0x7, 0x6, 0x6, 0x4}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000001600)='GPL\x00', 0x0, 0x1000, &(0x7f0000002f80)=""/4096, 0x41000, 0x61, '\x00', 0x0, 0x28, r15, 0x8, &(0x7f0000001880)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001900)={0x1, 0x6, 0x6}, 0x10, r9, r16, 0x9, &(0x7f00000020c0)=[r6, r5], &(0x7f00000023c0)=[{0x0, 0x4, 0x6, 0x3}, {0x3, 0x1, 0xa, 0x7}, {0x2, 0x4, 0xc, 0x41cd7dad2d98cb2c}, {0x0, 0x1, 0x6, 0x3}, {0x5, 0x2, 0x3, 0x9}, {0x1, 0x3, 0x0, 0xc}, {0x2, 0x5, 0xc, 0x4}, {0x1, 0x3, 0xb, 0x6}, {0x3, 0x5, 0xf, 0xa}], 0x10, 0x29}, 0x90) (async)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x7f, 0x0, 0xffffffffffffffff, 0x21c9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0x9, &(0x7f00000002c0)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f0000000340)='syzkaller\x00', 0xffffffd4, 0xfa, &(0x7f0000000380)=""/250, 0x41000, 0x8, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0xc, 0x8, 0x2}, 0x10, r9, r0, 0x1, &(0x7f0000000540)=[r17], &(0x7f0000000580)=[{0x0, 0x1, 0x4, 0x6}]}, 0x90)
r18 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x80, 0x0, 0x81, 0xcb, 0x0, 0x0, 0x10040, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x202, 0x3, 0x9, 0x2, 0xdb, 0x8, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x5, r18, 0x1) (async)
r19 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002340)={0x2, 0x4, 0x8, 0x1, 0x80, r10, 0x7, '\x00', 0x0, r11, 0x3, 0x1, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x8, 0x29, &(0x7f0000002600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x0, 0x2, 0x0, r15, 0x0, 0x0, 0x0, 0x423}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x38064487, 0x0, 0x0, 0x0, 0x26}, @alu={0x4, 0x1, 0xc, 0xb, 0xa2faa3c0599107ed, 0xfffffffffffffff8, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, r19, 0x0, 0x0, 0x0, 0xfff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x3}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xe}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001500)='GPL\x00', 0x101, 0x75, &(0x7f00000022c0)=""/117, 0x41100, 0x50, '\x00', r8, 0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001540)={0x2, 0xd, 0x4, 0x4}, 0x10, r9, r13, 0x0, &(0x7f0000001640)=[r5], 0x0, 0x10, 0x4}, 0x90)

[  109.115146][ T4256] FAULT_INJECTION: forcing a failure.
[  109.115146][ T4256] name failslab, interval 1, probability 0, space 0, times 0
[  109.130155][ T4256] CPU: 1 PID: 4256 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.140219][ T4256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.150113][ T4256] Call Trace:
[  109.153234][ T4256]  <TASK>
[  109.156032][ T4256]  dump_stack_lvl+0x151/0x1b7
[  109.160530][ T4256]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.165996][ T4256]  dump_stack+0x15/0x17
[  109.169985][ T4256]  should_fail+0x3c6/0x510
[  109.174325][ T4256]  __should_failslab+0xa4/0xe0
[  109.178931][ T4256]  ? anon_vma_clone+0x9a/0x500
[  109.183531][ T4256]  should_failslab+0x9/0x20
[  109.187865][ T4256]  slab_pre_alloc_hook+0x37/0xd0
[  109.192638][ T4256]  ? anon_vma_clone+0x9a/0x500
[  109.197239][ T4256]  kmem_cache_alloc+0x44/0x200
[  109.201937][ T4256]  anon_vma_clone+0x9a/0x500
[  109.206363][ T4256]  anon_vma_fork+0x91/0x4e0
[  109.210700][ T4256]  ? anon_vma_name+0x43/0x70
[  109.215126][ T4256]  ? vm_area_dup+0x17a/0x230
[  109.219553][ T4256]  copy_mm+0xa3a/0x13e0
[  109.223547][ T4256]  ? copy_signal+0x610/0x610
[  109.227973][ T4256]  ? __init_rwsem+0xd6/0x1c0
[  109.232400][ T4256]  ? copy_signal+0x4e3/0x610
[  109.236824][ T4256]  copy_process+0x1149/0x3290
[  109.241340][ T4256]  ? proc_fail_nth_write+0x20b/0x290
[  109.246462][ T4256]  ? fsnotify_perm+0x6a/0x5d0
[  109.250972][ T4256]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  109.255925][ T4256]  ? vfs_write+0x9ec/0x1110
[  109.260261][ T4256]  kernel_clone+0x21e/0x9e0
[  109.264600][ T4256]  ? file_end_write+0x1c0/0x1c0
[  109.269292][ T4256]  ? create_io_thread+0x1e0/0x1e0
[  109.274146][ T4256]  ? mutex_unlock+0xb2/0x260
[  109.278572][ T4256]  ? __mutex_lock_slowpath+0x10/0x10
[  109.283702][ T4256]  __x64_sys_clone+0x23f/0x290
[  109.288294][ T4256]  ? __do_sys_vfork+0x130/0x130
[  109.292982][ T4256]  ? ksys_write+0x260/0x2c0
[  109.297321][ T4256]  ? debug_smp_processor_id+0x17/0x20
[  109.302528][ T4256]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  109.308433][ T4256]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.313899][ T4256]  do_syscall_64+0x3d/0xb0
[  109.318152][ T4256]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.324315][ T4256] RIP: 0033:0x7fc79465eda9
[  109.328573][ T4256] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  109.348010][ T4256] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  109.356252][ T4256] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x8000000, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000000040)}, 0x20) (async)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa8}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xd0c}]}, &(0x7f0000000140)='GPL\x00', 0x5, 0xa2, &(0x7f0000000240)=""/162, 0x40f00, 0x8, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x2, 0x3ff, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000300)=[r1, r0, r0, r0], &(0x7f0000000380)=[{0x1, 0x5, 0xf, 0x7}, {0x4, 0x3, 0x5}], 0x10, 0xd9f}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000000c0)='rxrpc_rx_packet\x00', r3}, 0x10)

06:47:45 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000005000000050000700090000000800000000000007000000fff9000000000000090300000000000900000000000000000001000000020000006c000000310056080d0000aabe8540eed3528b730000090000000075005902002e"], &(0x7f00000002c0)=""/230, 0x71, 0xe6, 0x0, 0x7}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x2, <r3=>0x0}, 0x8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1000}, [@map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, 0xc, r2, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x2, 0x0, 0x6}, 0x10, r3, r0, 0x1, &(0x7f00000004c0)=[r4], &(0x7f0000000500)=[{0x1, 0x1, 0x0, 0xb}]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x9000000, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1}, &(0x7f0000001540), &(0x7f0000000040)}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000000040)}, 0x20)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa8}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xd0c}]}, &(0x7f0000000140)='GPL\x00', 0x5, 0xa2, &(0x7f0000000240)=""/162, 0x40f00, 0x8, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x2, 0x3ff, 0x2}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000300)=[r1, r0, r0, r0], &(0x7f0000000380)=[{0x1, 0x5, 0xf, 0x7}, {0x4, 0x3, 0x5}], 0x10, 0xd9f}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000000c0)='rxrpc_rx_packet\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000000c0)='rxrpc_rx_packet\x00', r3}, 0x10)

[  109.364065][ T4256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  109.371877][ T4256] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  109.379689][ T4256] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.387501][ T4256] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  109.395314][ T4256]  </TASK>
06:47:45 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 76)

06:47:45 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_kthread_work_queue_work\x00', r0}, 0x10)

06:47:45 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000005000000050000700090000000800000000000007000000fff9000000000000090300000000000900000000000000000001000000020000006c000000310056080d0000aabe8540eed3528b730000090000000075005902002e"], &(0x7f00000002c0)=""/230, 0x71, 0xe6, 0x0, 0x7}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x2, <r3=>0x0}, 0x8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1000}, [@map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, 0xc, r2, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x2, 0x0, 0x6}, 0x10, r3, r0, 0x1, &(0x7f00000004c0)=[r4], &(0x7f0000000500)=[{0x1, 0x1, 0x0, 0xb}]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000005000000050000700090000000800000000000007000000fff9000000000000090300000000000900000000000000000001000000020000006c000000310056080d0000aabe8540eed3528b730000090000000075005902002e"], &(0x7f00000002c0)=""/230, 0x71, 0xe6, 0x0, 0x7}, 0x20) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x2}, 0x8) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1000}, [@map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, 0xc, r2, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x2, 0x0, 0x6}, 0x10, r3, r0, 0x1, &(0x7f00000004c0)=[r4], &(0x7f0000000500)=[{0x1, 0x1, 0x0, 0xb}]}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:45 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x10000200, 0x0, 0x0, &(0x7f0000000540))

06:47:45 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
recvmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000440)=""/222, 0xde}, {&(0x7f0000000540)=""/177, 0xb1}, {&(0x7f0000000600)=""/167, 0xa7}, {&(0x7f00000006c0)=""/45, 0x2d}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000000700)=""/58, 0x3a}, {&(0x7f0000002640)=""/4096, 0x1000}], 0x7, &(0x7f00000007c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}, 0x100)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x9, 0x2, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0xc, 0x0, 0x6, 0x4}, @call={0x85, 0x0, 0x0, 0xac}], &(0x7f0000000080)='GPL\x00', 0x1, 0x9f, &(0x7f00000000c0)=""/159, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x10, 0xffff8000, 0xffff0000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000240)=[{0x4, 0x3, 0x3, 0x1}, {0x4, 0x2, 0xc, 0xa}, {0x5, 0x3, 0xe, 0x1}, {0x1, 0x5, 0x9, 0x5}, {0x1, 0x3, 0x10, 0x6}, {0x4, 0x5, 0x1}, {0x4, 0x1, 0xc, 0x2}], 0x10, 0xfffffff7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  109.481631][ T4283] FAULT_INJECTION: forcing a failure.
[  109.481631][ T4283] name failslab, interval 1, probability 0, space 0, times 0
[  109.511186][ T4283] CPU: 1 PID: 4283 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.521344][ T4283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.531326][ T4283] Call Trace:
[  109.534449][ T4283]  <TASK>
[  109.537226][ T4283]  dump_stack_lvl+0x151/0x1b7
[  109.541740][ T4283]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.547209][ T4283]  dump_stack+0x15/0x17
[  109.551200][ T4283]  should_fail+0x3c6/0x510
[  109.555453][ T4283]  __should_failslab+0xa4/0xe0
[  109.560050][ T4283]  ? anon_vma_clone+0x9a/0x500
[  109.564651][ T4283]  should_failslab+0x9/0x20
[  109.568992][ T4283]  slab_pre_alloc_hook+0x37/0xd0
[  109.573765][ T4283]  ? anon_vma_clone+0x9a/0x500
[  109.578377][ T4283]  kmem_cache_alloc+0x44/0x200
[  109.582966][ T4283]  anon_vma_clone+0x9a/0x500
[  109.587397][ T4283]  anon_vma_fork+0x91/0x4e0
[  109.591732][ T4283]  ? anon_vma_name+0x4c/0x70
[  109.596160][ T4283]  ? vm_area_dup+0x17a/0x230
[  109.600584][ T4283]  copy_mm+0xa3a/0x13e0
[  109.604592][ T4283]  ? copy_signal+0x610/0x610
[  109.609004][ T4283]  ? __init_rwsem+0xd6/0x1c0
[  109.613429][ T4283]  ? copy_signal+0x4e3/0x610
[  109.617857][ T4283]  copy_process+0x1149/0x3290
[  109.622805][ T4283]  ? proc_fail_nth_write+0x20b/0x290
[  109.627926][ T4283]  ? fsnotify_perm+0x6a/0x5d0
[  109.632439][ T4283]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  109.637385][ T4283]  ? vfs_write+0x9ec/0x1110
[  109.641728][ T4283]  kernel_clone+0x21e/0x9e0
[  109.646070][ T4283]  ? file_end_write+0x1c0/0x1c0
[  109.650754][ T4283]  ? create_io_thread+0x1e0/0x1e0
[  109.655610][ T4283]  ? mutex_unlock+0xb2/0x260
[  109.660038][ T4283]  ? __mutex_lock_slowpath+0x10/0x10
[  109.665159][ T4283]  __x64_sys_clone+0x23f/0x290
[  109.669851][ T4283]  ? __do_sys_vfork+0x130/0x130
[  109.674532][ T4283]  ? ksys_write+0x260/0x2c0
[  109.678873][ T4283]  ? debug_smp_processor_id+0x17/0x20
[  109.684082][ T4283]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  109.689983][ T4283]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.695452][ T4283]  do_syscall_64+0x3d/0xb0
[  109.699713][ T4283]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.705433][ T4283] RIP: 0033:0x7fc79465eda9
[  109.709688][ T4283] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:46 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000005000000050000700090000000800000000000007000000fff9000000000000090300000000000900000000000000000001000000020000006c000000310056080d0000aabe8540eed3528b730000090000000075005902002e"], &(0x7f00000002c0)=""/230, 0x71, 0xe6, 0x0, 0x7}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x2, <r3=>0x0}, 0x8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1000}, [@map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, 0xc, r2, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x2, 0x0, 0x6}, 0x10, r3, r0, 0x1, &(0x7f00000004c0)=[r4], &(0x7f0000000500)=[{0x1, 0x1, 0x0, 0xb}]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000005000000050000700090000000800000000000007000000fff9000000000000090300000000000900000000000000000001000000020000006c000000310056080d0000aabe8540eed3528b730000090000000075005902002e"], &(0x7f00000002c0)=""/230, 0x71, 0xe6, 0x0, 0x7}, 0x20) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x2}, 0x8) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1000}, [@map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, 0xc, r2, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x2, 0x0, 0x6}, 0x10, r3, r0, 0x1, &(0x7f00000004c0)=[r4], &(0x7f0000000500)=[{0x1, 0x1, 0x0, 0xb}]}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:46 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_kthread_work_queue_work\x00', r0}, 0x10)

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x1f000000, 0x0, 0x0, &(0x7f0000000540))

[  109.729128][ T4283] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  109.737372][ T4283] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  109.745184][ T4283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  109.752994][ T4283] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  109.760806][ T4283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.768617][ T4283] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  109.776433][ T4283]  </TASK>
06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
recvmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000440)=""/222, 0xde}, {&(0x7f0000000540)=""/177, 0xb1}, {&(0x7f0000000600)=""/167, 0xa7}, {&(0x7f00000006c0)=""/45, 0x2d}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000000700)=""/58, 0x3a}, {&(0x7f0000002640)=""/4096, 0x1000}], 0x7, &(0x7f00000007c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}, 0x100)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x9, 0x2, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0xc, 0x0, 0x6, 0x4}, @call={0x85, 0x0, 0x0, 0xac}], &(0x7f0000000080)='GPL\x00', 0x1, 0x9f, &(0x7f00000000c0)=""/159, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x10, 0xffff8000, 0xffff0000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000240)=[{0x4, 0x3, 0x3, 0x1}, {0x4, 0x2, 0xc, 0xa}, {0x5, 0x3, 0xe, 0x1}, {0x1, 0x5, 0x9, 0x5}, {0x1, 0x3, 0x10, 0x6}, {0x4, 0x5, 0x1}, {0x4, 0x1, 0xc, 0x2}], 0x10, 0xfffffff7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
recvmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000440)=""/222, 0xde}, {&(0x7f0000000540)=""/177, 0xb1}, {&(0x7f0000000600)=""/167, 0xa7}, {&(0x7f00000006c0)=""/45, 0x2d}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000000700)=""/58, 0x3a}, {&(0x7f0000002640)=""/4096, 0x1000}], 0x7, &(0x7f00000007c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}, 0x100) (async)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x9, 0x2, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0xc, 0x0, 0x6, 0x4}, @call={0x85, 0x0, 0x0, 0xac}], &(0x7f0000000080)='GPL\x00', 0x1, 0x9f, &(0x7f00000000c0)=""/159, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x10, 0xffff8000, 0xffff0000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000240)=[{0x4, 0x3, 0x3, 0x1}, {0x4, 0x2, 0xc, 0xa}, {0x5, 0x3, 0xe, 0x1}, {0x1, 0x5, 0x9, 0x5}, {0x1, 0x3, 0x10, 0x6}, {0x4, 0x5, 0x1}, {0x4, 0x1, 0xc, 0x2}], 0x10, 0xfffffff7}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:46 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 77)

06:47:46 executing program 0:
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000540)='pids.current\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000f40)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000980)={0x5, <r3=>0x0}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000ac0)={@map=r1, 0x2320b58bb67963fb, 0x0, 0x4, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000000a00)=[0x0], &(0x7f0000000a40)=[0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@map=r1, r2, 0x5, 0x28, 0x0, @link_id=r3, r4}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x80000001, <r5=>0x0}, 0x8)
r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
openat$cgroup_freezer_state(r7, &(0x7f0000000300), 0x2, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000400)={'ip6erspan0\x00', 0x200})
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x2, &(0x7f0000000980)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x8, 0x0, 0x0, 0x1e00, 0x1b, '\x00', 0x0, 0x8, r8, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x7, 0x8000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[r8, r7, r8, 0xffffffffffffffff]}, 0x80)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r10, &(0x7f0000000180), 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xe, 0x1, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], &(0x7f0000000040)='GPL\x00', 0x5, 0xb6, &(0x7f0000000080)=""/182, 0x41100, 0x3, '\x00', 0x0, 0x33, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x3, 0x9, 0x4, 0x65b2}, 0x10, r5, r6, 0x5, &(0x7f00000002c0)=[r8, r10, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x2, 0x4, 0x7, 0x1}, {0x5, 0x1, 0x9, 0xc}, {0x5, 0x3, 0x3}, {0x4, 0x5, 0x9, 0x6}, {0x4, 0x5, 0x4, 0x8}], 0x10, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x1ffff000, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_kthread_work_queue_work\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_kthread_work_queue_work\x00', r0}, 0x10) (async)

06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
recvmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000440)=""/222, 0xde}, {&(0x7f0000000540)=""/177, 0xb1}, {&(0x7f0000000600)=""/167, 0xa7}, {&(0x7f00000006c0)=""/45, 0x2d}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000000700)=""/58, 0x3a}, {&(0x7f0000002640)=""/4096, 0x1000}], 0x7, &(0x7f00000007c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}, 0x100)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x9, 0x2, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0xc, 0x0, 0x6, 0x4}, @call={0x85, 0x0, 0x0, 0xac}], &(0x7f0000000080)='GPL\x00', 0x1, 0x9f, &(0x7f00000000c0)=""/159, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x10, 0xffff8000, 0xffff0000}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000240)=[{0x4, 0x3, 0x3, 0x1}, {0x4, 0x2, 0xc, 0xa}, {0x5, 0x3, 0xe, 0x1}, {0x1, 0x5, 0x9, 0x5}, {0x1, 0x3, 0x10, 0x6}, {0x4, 0x5, 0x1}, {0x4, 0x1, 0xc, 0x2}], 0x10, 0xfffffff7}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  109.855312][ T4327] FAULT_INJECTION: forcing a failure.
[  109.855312][ T4327] name failslab, interval 1, probability 0, space 0, times 0
[  109.875513][ T4327] CPU: 0 PID: 4327 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.885588][ T4327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.895488][ T4327] Call Trace:
[  109.898610][ T4327]  <TASK>
[  109.901386][ T4327]  dump_stack_lvl+0x151/0x1b7
[  109.905897][ T4327]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.911368][ T4327]  dump_stack+0x15/0x17
[  109.915355][ T4327]  should_fail+0x3c6/0x510
[  109.920227][ T4327]  __should_failslab+0xa4/0xe0
[  109.924820][ T4327]  ? anon_vma_clone+0x9a/0x500
[  109.929420][ T4327]  should_failslab+0x9/0x20
[  109.933762][ T4327]  slab_pre_alloc_hook+0x37/0xd0
[  109.938535][ T4327]  ? anon_vma_clone+0x9a/0x500
[  109.943133][ T4327]  kmem_cache_alloc+0x44/0x200
[  109.947735][ T4327]  anon_vma_clone+0x9a/0x500
[  109.952159][ T4327]  anon_vma_fork+0x91/0x4e0
[  109.956500][ T4327]  ? anon_vma_name+0x43/0x70
[  109.960927][ T4327]  ? vm_area_dup+0x17a/0x230
[  109.965351][ T4327]  copy_mm+0xa3a/0x13e0
[  109.969356][ T4327]  ? copy_signal+0x610/0x610
[  109.973773][ T4327]  ? __init_rwsem+0xd6/0x1c0
[  109.978201][ T4327]  ? copy_signal+0x4e3/0x610
[  109.982625][ T4327]  copy_process+0x1149/0x3290
[  109.987140][ T4327]  ? proc_fail_nth_write+0x20b/0x290
[  109.992262][ T4327]  ? fsnotify_perm+0x6a/0x5d0
[  109.996774][ T4327]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.001721][ T4327]  ? vfs_write+0x9ec/0x1110
[  110.006062][ T4327]  kernel_clone+0x21e/0x9e0
[  110.010400][ T4327]  ? file_end_write+0x1c0/0x1c0
[  110.015087][ T4327]  ? create_io_thread+0x1e0/0x1e0
[  110.019949][ T4327]  ? mutex_unlock+0xb2/0x260
[  110.024375][ T4327]  ? __mutex_lock_slowpath+0x10/0x10
[  110.029505][ T4327]  __x64_sys_clone+0x23f/0x290
[  110.034118][ T4327]  ? __do_sys_vfork+0x130/0x130
[  110.038783][ T4327]  ? ksys_write+0x260/0x2c0
[  110.043120][ T4327]  ? debug_smp_processor_id+0x17/0x20
[  110.048330][ T4327]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.054231][ T4327]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.059699][ T4327]  do_syscall_64+0x3d/0xb0
[  110.063952][ T4327]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.069678][ T4327] RIP: 0033:0x7fc79465eda9
[  110.073935][ T4327] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.093386][ T4327] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
06:47:46 executing program 0:
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000540)='pids.current\x00', 0x0, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000f40)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000980)={0x5, <r3=>0x0}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000ac0)={@map=r1, 0x2320b58bb67963fb, 0x0, 0x4, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000000a00)=[0x0], &(0x7f0000000a40)=[0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@map=r1, r2, 0x5, 0x28, 0x0, @link_id=r3, r4}, 0x20) (async, rerun: 32)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x80000001, <r5=>0x0}, 0x8) (async, rerun: 32)
r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (async)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) (async, rerun: 32)
openat$cgroup_freezer_state(r7, &(0x7f0000000300), 0x2, 0x0) (rerun: 32)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000400)={'ip6erspan0\x00', 0x200})
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x2, &(0x7f0000000980)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x8, 0x0, 0x0, 0x1e00, 0x1b, '\x00', 0x0, 0x8, r8, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x7, 0x8000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[r8, r7, r8, 0xffffffffffffffff]}, 0x80)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r10, &(0x7f0000000180), 0x40001) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xe, 0x1, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], &(0x7f0000000040)='GPL\x00', 0x5, 0xb6, &(0x7f0000000080)=""/182, 0x41100, 0x3, '\x00', 0x0, 0x33, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x3, 0x9, 0x4, 0x65b2}, 0x10, r5, r6, 0x5, &(0x7f00000002c0)=[r8, r10, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x2, 0x4, 0x7, 0x1}, {0x5, 0x1, 0x9, 0xc}, {0x5, 0x3, 0x3}, {0x4, 0x5, 0x9, 0x6}, {0x4, 0x5, 0x4, 0x8}], 0x10, 0x8}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x20000000, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = syz_clone(0x50000800, &(0x7f0000000380)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000000480)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x80, 0x81, 0x5, 0x81, 0x0, 0x0, 0x70a88, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb87, 0x2, @perf_config_ext={0x36, 0xffffffffffffe724}, 0x0, 0x1, 0x8, 0x5, 0x9, 0x4141, 0x3ff, 0x0, 0xffffffff, 0x0, 0x6}, 0x0, 0x3, r0, 0x9)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x9, 0xff, 0x10, 0x0, 0xfe, 0x80080, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x10100, 0x1f, 0x2, 0x7, 0xfffffffffffeffff, 0x5, 0x4664, 0x0, 0x3, 0x0, 0x8}, r1, 0xf, r2, 0xa)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='f2fs_fallocate\x00', r0}, 0x10)
r4 = openat$cgroup_ro(r0, &(0x7f0000000280)='rdma.current\x00', 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000240)=0xeb14)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x4, 0x4, 0x4}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r5, &(0x7f0000000040), 0x20000000}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r4, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x2, 0x8, &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x1, &(0x7f0000000780)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x63, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x1b, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x40}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, @map_fd={0x18, 0x4, 0x1, 0x0, r4}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='GPL\x00', 0xdb5, 0x4a, &(0x7f0000000680)=""/74, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000009c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000a00)={0x3, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[r0, r4, r0, r0, r4], 0x0, 0x10, 0xec}, 0x90)

06:47:46 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 78)

[  110.101622][ T4327] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  110.109433][ T4327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  110.117241][ T4327] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  110.125142][ T4327] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  110.133129][ T4327] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  110.140949][ T4327]  </TASK>
06:47:46 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xa00022c4, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 0:
openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz0\x00', 0x200002, 0x0) (async)
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000540)='pids.current\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000f40)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000980)={0x5, <r3=>0x0}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000ac0)={@map=r1, 0x2320b58bb67963fb, 0x0, 0x4, &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000000a00)=[0x0], &(0x7f0000000a40)=[0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@map=r1, r2, 0x5, 0x28, 0x0, @link_id=r3, r4}, 0x20) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@map=r1, r2, 0x5, 0x28, 0x0, @link_id=r3, r4}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x80000001}, 0x8) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x80000001, <r5=>0x0}, 0x8)
bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (async)
r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
openat$cgroup_freezer_state(r7, &(0x7f0000000300), 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0) (async)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000400)={'ip6erspan0\x00', 0x200})
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x2, &(0x7f0000000980)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x8, 0x0, 0x0, 0x1e00, 0x1b, '\x00', 0x0, 0x8, r8, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x7, 0x8000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[r8, r7, r8, 0xffffffffffffffff]}, 0x80)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r10, &(0x7f0000000180), 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xe, 0x1, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], &(0x7f0000000040)='GPL\x00', 0x5, 0xb6, &(0x7f0000000080)=""/182, 0x41100, 0x3, '\x00', 0x0, 0x33, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x3, 0x9, 0x4, 0x65b2}, 0x10, r5, r6, 0x5, &(0x7f00000002c0)=[r8, r10, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x2, 0x4, 0x7, 0x1}, {0x5, 0x1, 0x9, 0xc}, {0x5, 0x3, 0x3}, {0x4, 0x5, 0x9, 0x6}, {0x4, 0x5, 0x4, 0x8}], 0x10, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  110.219995][ T4368] FAULT_INJECTION: forcing a failure.
[  110.219995][ T4368] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.236583][ T4368] CPU: 0 PID: 4368 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  110.246650][ T4368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  110.256544][ T4368] Call Trace:
[  110.259665][ T4368]  <TASK>
[  110.262458][ T4368]  dump_stack_lvl+0x151/0x1b7
[  110.266958][ T4368]  ? io_uring_drop_tctx_refs+0x190/0x190
[  110.272428][ T4368]  dump_stack+0x15/0x17
[  110.276418][ T4368]  should_fail+0x3c6/0x510
[  110.280671][ T4368]  should_fail_alloc_page+0x5a/0x80
[  110.285707][ T4368]  prepare_alloc_pages+0x15c/0x700
[  110.290653][ T4368]  ? __alloc_pages_bulk+0xe40/0xe40
[  110.295688][ T4368]  __alloc_pages+0x18c/0x8f0
[  110.300118][ T4368]  ? prep_new_page+0x110/0x110
[  110.304714][ T4368]  ? stack_trace_save+0x1c0/0x1c0
[  110.309576][ T4368]  ? __kernel_text_address+0x9b/0x110
[  110.314869][ T4368]  pte_alloc_one+0x73/0x1b0
[  110.319557][ T4368]  ? pfn_modify_allowed+0x2f0/0x2f0
[  110.324589][ T4368]  __pte_alloc+0x86/0x350
[  110.328754][ T4368]  ? free_pgtables+0x280/0x280
[  110.333356][ T4368]  ? __stack_depot_save+0x34/0x470
[  110.338302][ T4368]  ? anon_vma_clone+0x9a/0x500
[  110.342902][ T4368]  copy_page_range+0x28a8/0x2f90
[  110.347675][ T4368]  ? __kasan_slab_alloc+0xb1/0xe0
[  110.352535][ T4368]  ? slab_post_alloc_hook+0x53/0x2c0
[  110.357659][ T4368]  ? kernel_clone+0x21e/0x9e0
[  110.362170][ T4368]  ? do_syscall_64+0x3d/0xb0
[  110.366597][ T4368]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.372504][ T4368]  ? pfn_valid+0x1e0/0x1e0
[  110.376752][ T4368]  ? rwsem_write_trylock+0x15b/0x290
[  110.381882][ T4368]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  110.388124][ T4368]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  110.393677][ T4368]  ? __rb_insert_augmented+0x5de/0x610
[  110.398972][ T4368]  copy_mm+0xc7e/0x13e0
[  110.402964][ T4368]  ? copy_signal+0x610/0x610
[  110.407390][ T4368]  ? __init_rwsem+0xd6/0x1c0
[  110.411816][ T4368]  ? copy_signal+0x4e3/0x610
[  110.416241][ T4368]  copy_process+0x1149/0x3290
[  110.421109][ T4368]  ? proc_fail_nth_write+0x20b/0x290
[  110.426229][ T4368]  ? fsnotify_perm+0x6a/0x5d0
[  110.430738][ T4368]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.435686][ T4368]  ? vfs_write+0x9ec/0x1110
[  110.440024][ T4368]  kernel_clone+0x21e/0x9e0
[  110.444366][ T4368]  ? file_end_write+0x1c0/0x1c0
[  110.449061][ T4368]  ? create_io_thread+0x1e0/0x1e0
[  110.453916][ T4368]  ? mutex_unlock+0xb2/0x260
[  110.458340][ T4368]  ? __mutex_lock_slowpath+0x10/0x10
[  110.463462][ T4368]  __x64_sys_clone+0x23f/0x290
[  110.468061][ T4368]  ? __do_sys_vfork+0x130/0x130
[  110.472746][ T4368]  ? ksys_write+0x260/0x2c0
[  110.477085][ T4368]  ? debug_smp_processor_id+0x17/0x20
[  110.482292][ T4368]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.488200][ T4368]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.493665][ T4368]  do_syscall_64+0x3d/0xb0
[  110.497918][ T4368]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.503644][ T4368] RIP: 0033:0x7fc79465eda9
[  110.507900][ T4368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.527341][ T4368] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  110.535758][ T4368] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  110.543568][ T4368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  110.551381][ T4368] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  110.559194][ T4368] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
r1 = syz_clone(0x50000800, &(0x7f0000000380)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000000480)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x80, 0x81, 0x5, 0x81, 0x0, 0x0, 0x70a88, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb87, 0x2, @perf_config_ext={0x36, 0xffffffffffffe724}, 0x0, 0x1, 0x8, 0x5, 0x9, 0x4141, 0x3ff, 0x0, 0xffffffff, 0x0, 0x6}, 0x0, 0x3, r0, 0x9) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x9, 0xff, 0x10, 0x0, 0xfe, 0x80080, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x10100, 0x1f, 0x2, 0x7, 0xfffffffffffeffff, 0x5, 0x4664, 0x0, 0x3, 0x0, 0x8}, r1, 0xf, r2, 0xa) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='f2fs_fallocate\x00', r0}, 0x10)
r4 = openat$cgroup_ro(r0, &(0x7f0000000280)='rdma.current\x00', 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000240)=0xeb14) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x4, 0x4, 0x4}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r5, &(0x7f0000000040), 0x20000000}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r4, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x2, 0x8, &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x1, &(0x7f0000000780)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x63, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x1b, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x40}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, @map_fd={0x18, 0x4, 0x1, 0x0, r4}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='GPL\x00', 0xdb5, 0x4a, &(0x7f0000000680)=""/74, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000009c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000a00)={0x3, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[r0, r4, r0, r0, r4], 0x0, 0x10, 0xec}, 0x90)

06:47:46 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:46 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 79)

06:47:46 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = syz_clone(0x50000800, &(0x7f0000000380)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000000480)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async, rerun: 64)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x80, 0x81, 0x5, 0x81, 0x0, 0x0, 0x70a88, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb87, 0x2, @perf_config_ext={0x36, 0xffffffffffffe724}, 0x0, 0x1, 0x8, 0x5, 0x9, 0x4141, 0x3ff, 0x0, 0xffffffff, 0x0, 0x6}, 0x0, 0x3, r0, 0x9) (async, rerun: 64)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x9, 0xff, 0x10, 0x0, 0xfe, 0x80080, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x10100, 0x1f, 0x2, 0x7, 0xfffffffffffeffff, 0x5, 0x4664, 0x0, 0x3, 0x0, 0x8}, r1, 0xf, r2, 0xa)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='f2fs_fallocate\x00', r0}, 0x10)
r4 = openat$cgroup_ro(r0, &(0x7f0000000280)='rdma.current\x00', 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000240)=0xeb14) (async, rerun: 32)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x4, 0x4, 0x4}, 0x48) (rerun: 32)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r5, &(0x7f0000000040), 0x20000000}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r4, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x2, 0x8, &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x1, &(0x7f0000000780)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x63, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x1b, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x40}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, @map_fd={0x18, 0x4, 0x1, 0x0, r4}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='GPL\x00', 0xdb5, 0x4a, &(0x7f0000000680)=""/74, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000009c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000a00)={0x3, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[r0, r4, r0, r0, r4], 0x0, 0x10, 0xec}, 0x90)

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xa000cee8, 0x0, 0x0, &(0x7f0000000540))

[  110.567005][ T4368] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  110.574821][ T4368]  </TASK>
06:47:46 executing program 4:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x930c, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x1}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x8}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f00000001c0)='GPL\x00', 0x80000000, 0x99, &(0x7f00000002c0)=""/153, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000080), &(0x7f00000004c0)=r1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x90)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:46 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x52) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xc42200a0, 0x0, 0x0, &(0x7f0000000540))

06:47:46 executing program 4:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x930c, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x1}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x8}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f00000001c0)='GPL\x00', 0x80000000, 0x99, &(0x7f00000002c0)=""/153, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000080), &(0x7f00000004c0)=r1}, 0x20) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x90) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  110.643247][ T4395] FAULT_INJECTION: forcing a failure.
[  110.643247][ T4395] name failslab, interval 1, probability 0, space 0, times 0
06:47:46 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = openat$cgroup_ro(r0, &(0x7f0000000980)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x6, 0x30}, 0xc)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, &(0x7f0000000040)="3523d8da26c4dfdf6b35c321c7a60a42ac7709cb14070f01dfc5371cd39e0c3d24ef079446ae2e0637f872", &(0x7f0000000500)=""/208}, 0x20)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="1802000000000000000000147c8d75790d46c8dc57c6cd9c00000000008500000053000000950000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001780)={r3, 0xe0, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000001500)=[0x0], &(0x7f0000001540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001580)=[{}], 0x8, 0x10, &(0x7f00000015c0), &(0x7f0000001600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001640)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0xd700000, 0x0, 0x0, 0x41000, 0x4b, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x4, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r2], &(0x7f0000000740)=[{0x3, 0x0, 0xc}, {0x5, 0x4, 0x4, 0x2}, {0x0, 0x4, 0x1, 0xb}, {0x4, 0x3, 0x9, 0x3}, {0x3, 0x5, 0x3, 0x8}, {0x0, 0x3, 0x9, 0xc}, {0x2, 0x1, 0x9, 0xb}], 0x10, 0x180000}, 0x90)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r0, 0x20, &(0x7f0000000300)={&(0x7f0000000240)=""/153, 0x99, <r5=>0x0, &(0x7f0000000180)=""/108, 0x6c}}, 0x10)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3d, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd3e}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc16055dc2c86f5b7}}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xb}, @initr0={0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000005c0)='syzkaller\x00', 0x7ff, 0xae, &(0x7f0000000600)=""/174, 0x41100, 0x33, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000006c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000740)=[{0x4, 0x3, 0x5, 0x7}, {0x2, 0x4, 0xb}, {0x5, 0x1, 0x5, 0x6}], 0x10, 0x20}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x7, 0x4, 0x4, 0x7}, 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x2c996a3a, '\x00', r4, r0, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000a40)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000002840)=""/4096, 0x41000, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000a80)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x1, 0xffffffff, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r1, r9, r0, r1, r0, r2, 0x1, r2, r1, r2]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r8], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c80)={0x1b, 0x0, 0x0, 0xff, 0x0, 0x1, 0x23ca, '\x00', 0x0, r11, 0x1, 0x3, 0x1}, 0x48)
write$cgroup_int(r11, &(0x7f0000000200), 0x23000)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f0000000480), 0x0}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002780)=@bpf_tracing={0x1a, 0x32, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1da6, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @map_val={0x18, 0x1, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x18}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ldst={0x3, 0x2, 0x2, 0x3, 0x4, 0x8, 0x10}, @map_val={0x18, 0x7, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0x1000, &(0x7f0000001780)=""/4096, 0x41000, 0x1, '\x00', r10, 0x1a, r11, 0x8, &(0x7f0000000380)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x0, 0x4, 0x4}, 0x10, 0xc1df, r12, 0x0, &(0x7f0000000540)=[r7, 0xffffffffffffffff, r7, r7, r7, r7, r13, r7]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xe, 0x0, &(0x7f0000000040), &(0x7f0000000080)='GPL\x00', 0x2, 0x7f, &(0x7f00000000c0)=""/127, 0x82300, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000140)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r6, 0x4, &(0x7f0000000840)=[r0, r0, r0, r0, r0, r13], &(0x7f0000000880)=[{0x1, 0x5, 0xe, 0x4}, {0x4, 0x4, 0x2, 0xb}, {0x1, 0x3, 0x0, 0xa}, {0x3, 0x2, 0x5, 0xb}], 0x10, 0x3}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  110.693324][ T4395] CPU: 0 PID: 4395 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  110.703411][ T4395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  110.713305][ T4395] Call Trace:
[  110.716428][ T4395]  <TASK>
[  110.719201][ T4395]  dump_stack_lvl+0x151/0x1b7
[  110.723714][ T4395]  ? io_uring_drop_tctx_refs+0x190/0x190
[  110.729183][ T4395]  ? avc_denied+0x1b0/0x1b0
[  110.733519][ T4395]  dump_stack+0x15/0x17
[  110.737514][ T4395]  should_fail+0x3c6/0x510
[  110.741773][ T4395]  __should_failslab+0xa4/0xe0
[  110.746367][ T4395]  ? vm_area_dup+0x26/0x230
[  110.750704][ T4395]  should_failslab+0x9/0x20
[  110.755043][ T4395]  slab_pre_alloc_hook+0x37/0xd0
[  110.759819][ T4395]  ? vm_area_dup+0x26/0x230
[  110.764165][ T4395]  kmem_cache_alloc+0x44/0x200
[  110.768760][ T4395]  vm_area_dup+0x26/0x230
[  110.772923][ T4395]  copy_mm+0x9a1/0x13e0
[  110.776918][ T4395]  ? copy_signal+0x610/0x610
[  110.781353][ T4395]  ? __init_rwsem+0xd6/0x1c0
[  110.785769][ T4395]  ? copy_signal+0x4e3/0x610
[  110.790202][ T4395]  copy_process+0x1149/0x3290
[  110.794709][ T4395]  ? proc_fail_nth_write+0x20b/0x290
[  110.799832][ T4395]  ? fsnotify_perm+0x6a/0x5d0
[  110.804345][ T4395]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.809290][ T4395]  ? vfs_write+0x9ec/0x1110
[  110.813631][ T4395]  kernel_clone+0x21e/0x9e0
[  110.817968][ T4395]  ? file_end_write+0x1c0/0x1c0
[  110.822661][ T4395]  ? create_io_thread+0x1e0/0x1e0
[  110.827517][ T4395]  ? mutex_unlock+0xb2/0x260
[  110.831942][ T4395]  ? __mutex_lock_slowpath+0x10/0x10
[  110.837066][ T4395]  __x64_sys_clone+0x23f/0x290
[  110.841664][ T4395]  ? __do_sys_vfork+0x130/0x130
[  110.846354][ T4395]  ? ksys_write+0x260/0x2c0
[  110.850779][ T4395]  ? debug_smp_processor_id+0x17/0x20
[  110.855988][ T4395]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.861888][ T4395]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.867365][ T4395]  do_syscall_64+0x3d/0xb0
[  110.871609][ T4395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.877339][ T4395] RIP: 0033:0x7fc79465eda9
[  110.881592][ T4395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.901033][ T4395] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  110.909281][ T4395] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  110.917089][ T4395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  110.925342][ T4395] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  110.933148][ T4395] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
06:47:47 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x52) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:47 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xe8ce00a0, 0x0, 0x0, &(0x7f0000000540))

06:47:47 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 80)

[  110.940962][ T4395] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  110.948775][ T4395]  </TASK>
[  110.987733][ T4435] FAULT_INJECTION: forcing a failure.
[  110.987733][ T4435] name failslab, interval 1, probability 0, space 0, times 0
[  111.000293][ T4435] CPU: 1 PID: 4435 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.010375][ T4435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.020266][ T4435] Call Trace:
[  111.023395][ T4435]  <TASK>
[  111.026167][ T4435]  dump_stack_lvl+0x151/0x1b7
[  111.030682][ T4435]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.036150][ T4435]  dump_stack+0x15/0x17
[  111.040140][ T4435]  should_fail+0x3c6/0x510
[  111.044394][ T4435]  __should_failslab+0xa4/0xe0
[  111.048991][ T4435]  ? anon_vma_clone+0x9a/0x500
[  111.053592][ T4435]  should_failslab+0x9/0x20
[  111.057941][ T4435]  slab_pre_alloc_hook+0x37/0xd0
[  111.062706][ T4435]  ? anon_vma_clone+0x9a/0x500
[  111.067308][ T4435]  kmem_cache_alloc+0x44/0x200
[  111.071911][ T4435]  anon_vma_clone+0x9a/0x500
[  111.076336][ T4435]  anon_vma_fork+0x91/0x4e0
[  111.080673][ T4435]  ? anon_vma_name+0x43/0x70
[  111.085097][ T4435]  ? vm_area_dup+0x17a/0x230
[  111.089526][ T4435]  copy_mm+0xa3a/0x13e0
[  111.093519][ T4435]  ? copy_signal+0x610/0x610
[  111.097944][ T4435]  ? __init_rwsem+0xd6/0x1c0
[  111.102373][ T4435]  ? copy_signal+0x4e3/0x610
[  111.106796][ T4435]  copy_process+0x1149/0x3290
[  111.111314][ T4435]  ? proc_fail_nth_write+0x20b/0x290
[  111.116430][ T4435]  ? fsnotify_perm+0x6a/0x5d0
[  111.120945][ T4435]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.125890][ T4435]  ? vfs_write+0x9ec/0x1110
[  111.130231][ T4435]  kernel_clone+0x21e/0x9e0
[  111.134572][ T4435]  ? file_end_write+0x1c0/0x1c0
[  111.139258][ T4435]  ? create_io_thread+0x1e0/0x1e0
[  111.144117][ T4435]  ? mutex_unlock+0xb2/0x260
[  111.148547][ T4435]  ? __mutex_lock_slowpath+0x10/0x10
[  111.153665][ T4435]  __x64_sys_clone+0x23f/0x290
[  111.158274][ T4435]  ? __do_sys_vfork+0x130/0x130
[  111.162951][ T4435]  ? ksys_write+0x260/0x2c0
[  111.167294][ T4435]  ? debug_smp_processor_id+0x17/0x20
[  111.172502][ T4435]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.178402][ T4435]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.183871][ T4435]  do_syscall_64+0x3d/0xb0
[  111.188123][ T4435]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.193850][ T4435] RIP: 0033:0x7fc79465eda9
[  111.198105][ T4435] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  111.217544][ T4435] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  111.225791][ T4435] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
06:47:47 executing program 4:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x930c, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x1}, 0x48) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1d, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x8}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f00000001c0)='GPL\x00', 0x80000000, 0x99, &(0x7f00000002c0)=""/153, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000080), &(0x7f00000004c0)=r1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x90) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:47 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xf5ffffff, 0x0, 0x0, &(0x7f0000000540))

06:47:47 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5823c557}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:47 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe63}, 0x90)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x2d, 0x9, 0x2000000, 0x2, 0x20, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1}, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r3, &(0x7f0000000000), 0x248800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0, 0xae, &(0x7f0000000540)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xf9, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0x20, &(0x7f0000000980)={&(0x7f0000000800)=""/214, 0xd6, <r5=>0x0, &(0x7f0000000900)=""/110, 0x6e}}, 0x10)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a00)={0x1b, 0x0, 0x0, 0xf6, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r7, <r10=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r8}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r7, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0], 0x0, 0x62, &(0x7f0000000800), 0x0, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x57, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x3, 0x16, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000002000000000000002c0d001ffbffffffff916b86556190c90000000000000024cc7f00186500000c0000000000000001000000185600000f0000a28f6323dad0ef0000000000000006001800000000851ed375357575b086930b1423ca8ebd89c7a3becb7e0002bf6ce07a67fe5f93646d84d6fcc1fe00005637af481efbcc28c402588c19f93d8ce018d72cc416a0725a7aaee3c0814f2dac4871128c4a4651e99238e3a365abfbabc9e7cb32dd39e9dff15f91cd8e947df2f4d83dae9db04512187b5fc5ef65ffbc8662740583a8940504412c9236aada0c21b8a2bad4883f2b5aca48709e07d70c526b6bb497970c62e27a84748dd4", @ANYRES32=r10, @ANYRES32=r9], &(0x7f0000000640)='syzkaller\x00', 0x7a8defd5, 0x26, &(0x7f0000000680)=""/38, 0x0, 0x0, '\x00', r11, 0x6, r7, 0x8, &(0x7f0000000a40)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x3, 0xe, 0x3f, 0x1000}, 0x10, 0xffffffffffffffff, r8, 0x6, 0x0, &(0x7f0000000b00)=[{0x0, 0x2, 0x3, 0x2}, {0x3, 0x1, 0x7, 0x9}, {0x2, 0x3, 0xd, 0xb}, {0x2, 0x1, 0x1, 0xb}, {0x5, 0x2, 0x8, 0xa}, {0x4, 0x5, 0x3}], 0x10, 0x3}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x11, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x81}, @alu={0x4, 0x0, 0x5, 0xe, 0x8, 0xffffffffffffffe0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x7, 0x1, 0x0, r2}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x5}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @alu={0x7, 0x1, 0x0, 0x5, 0x5, 0x1, 0x1}, @cb_func={0x18, 0x6}], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0xed, &(0x7f0000000380)=""/237, 0x40f00, 0x4, '\x00', r4, 0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x4, 0x2, 0x3f27, 0x7}, 0x10, r5, r0, 0x1, &(0x7f0000000a80)=[r6, r7], &(0x7f0000000ac0)=[{0x5, 0x1, 0xfffffffd, 0x6}], 0x10, 0x200}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x2}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x23)
r13 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1, 0x7f, 0x81, 0x7, 0x0, 0x3, 0x80000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x75, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4, 0x0, 0x3db, 0x7, 0x8, 0x5, 0xfffb, 0x0, 0x6, 0x0, 0x20}, r13, 0x6, 0xffffffffffffffff, 0xa)

06:47:47 executing program 3:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = openat$cgroup_ro(r0, &(0x7f0000000980)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x6, 0x30}, 0xc)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, &(0x7f0000000040)="3523d8da26c4dfdf6b35c321c7a60a42ac7709cb14070f01dfc5371cd39e0c3d24ef079446ae2e0637f872", &(0x7f0000000500)=""/208}, 0x20)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="1802000000000000000000147c8d75790d46c8dc57c6cd9c00000000008500000053000000950000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001780)={r3, 0xe0, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000001500)=[0x0], &(0x7f0000001540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001580)=[{}], 0x8, 0x10, &(0x7f00000015c0), &(0x7f0000001600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001640)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0xd700000, 0x0, 0x0, 0x41000, 0x4b, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x4, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r2], &(0x7f0000000740)=[{0x3, 0x0, 0xc}, {0x5, 0x4, 0x4, 0x2}, {0x0, 0x4, 0x1, 0xb}, {0x4, 0x3, 0x9, 0x3}, {0x3, 0x5, 0x3, 0x8}, {0x0, 0x3, 0x9, 0xc}, {0x2, 0x1, 0x9, 0xb}], 0x10, 0x180000}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0xd700000, 0x0, 0x0, 0x41000, 0x4b, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x4, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r2], &(0x7f0000000740)=[{0x3, 0x0, 0xc}, {0x5, 0x4, 0x4, 0x2}, {0x0, 0x4, 0x1, 0xb}, {0x4, 0x3, 0x9, 0x3}, {0x3, 0x5, 0x3, 0x8}, {0x0, 0x3, 0x9, 0xc}, {0x2, 0x1, 0x9, 0xb}], 0x10, 0x180000}, 0x90)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r0, 0x20, &(0x7f0000000300)={&(0x7f0000000240)=""/153, 0x99, <r5=>0x0, &(0x7f0000000180)=""/108, 0x6c}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3d, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd3e}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc16055dc2c86f5b7}}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xb}, @initr0={0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000005c0)='syzkaller\x00', 0x7ff, 0xae, &(0x7f0000000600)=""/174, 0x41100, 0x33, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000006c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000740)=[{0x4, 0x3, 0x5, 0x7}, {0x2, 0x4, 0xb}, {0x5, 0x1, 0x5, 0x6}], 0x10, 0x20}, 0x90) (async)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3d, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd3e}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc16055dc2c86f5b7}}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xb}, @initr0={0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000005c0)='syzkaller\x00', 0x7ff, 0xae, &(0x7f0000000600)=""/174, 0x41100, 0x33, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000006c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000740)=[{0x4, 0x3, 0x5, 0x7}, {0x2, 0x4, 0xb}, {0x5, 0x1, 0x5, 0x6}], 0x10, 0x20}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x7, 0x4, 0x4, 0x7}, 0x48) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x7, 0x4, 0x4, 0x7}, 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x2c996a3a, '\x00', r4, r0, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000a40)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000002840)=""/4096, 0x41000, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000a80)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x1, 0xffffffff, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r1, r9, r0, r1, r0, r2, 0x1, r2, r1, r2]}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000a40)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000002840)=""/4096, 0x41000, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000a80)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x1, 0xffffffff, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r1, r9, r0, r1, r0, r2, 0x1, r2, r1, r2]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r8], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c80)={0x1b, 0x0, 0x0, 0xff, 0x0, 0x1, 0x23ca, '\x00', 0x0, r11, 0x1, 0x3, 0x1}, 0x48)
write$cgroup_int(r11, &(0x7f0000000200), 0x23000)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f0000000480), 0x0}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002780)=@bpf_tracing={0x1a, 0x32, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1da6, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @map_val={0x18, 0x1, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x18}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ldst={0x3, 0x2, 0x2, 0x3, 0x4, 0x8, 0x10}, @map_val={0x18, 0x7, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0x1000, &(0x7f0000001780)=""/4096, 0x41000, 0x1, '\x00', r10, 0x1a, r11, 0x8, &(0x7f0000000380)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x0, 0x4, 0x4}, 0x10, 0xc1df, r12, 0x0, &(0x7f0000000540)=[r7, 0xffffffffffffffff, r7, r7, r7, r7, r13, r7]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xe, 0x0, &(0x7f0000000040), &(0x7f0000000080)='GPL\x00', 0x2, 0x7f, &(0x7f00000000c0)=""/127, 0x82300, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000140)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r6, 0x4, &(0x7f0000000840)=[r0, r0, r0, r0, r0, r13], &(0x7f0000000880)=[{0x1, 0x5, 0xe, 0x4}, {0x4, 0x4, 0x2, 0xb}, {0x1, 0x3, 0x0, 0xa}, {0x3, 0x2, 0x5, 0xb}], 0x10, 0x3}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xe, 0x0, &(0x7f0000000040), &(0x7f0000000080)='GPL\x00', 0x2, 0x7f, &(0x7f00000000c0)=""/127, 0x82300, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000140)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r6, 0x4, &(0x7f0000000840)=[r0, r0, r0, r0, r0, r13], &(0x7f0000000880)=[{0x1, 0x5, 0xe, 0x4}, {0x4, 0x4, 0x2, 0xb}, {0x1, 0x3, 0x0, 0xa}, {0x3, 0x2, 0x5, 0xb}], 0x10, 0x3}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

[  111.233604][ T4435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  111.241414][ T4435] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  111.249225][ T4435] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  111.257037][ T4435] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  111.264853][ T4435]  </TASK>
06:47:47 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5823c557}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:47 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xfbffffff, 0x0, 0x0, &(0x7f0000000540))

06:47:47 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 81)

06:47:47 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = openat$cgroup_ro(r0, &(0x7f0000000980)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x6, 0x30}, 0xc)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, &(0x7f0000000040)="3523d8da26c4dfdf6b35c321c7a60a42ac7709cb14070f01dfc5371cd39e0c3d24ef079446ae2e0637f872", &(0x7f0000000500)=""/208}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, &(0x7f0000000040)="3523d8da26c4dfdf6b35c321c7a60a42ac7709cb14070f01dfc5371cd39e0c3d24ef079446ae2e0637f872", &(0x7f0000000500)=""/208}, 0x20)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="1802000000000000000000147c8d75790d46c8dc57c6cd9c00000000008500000053000000950000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001780)={r3, 0xe0, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000001500)=[0x0], &(0x7f0000001540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001580)=[{}], 0x8, 0x10, &(0x7f00000015c0), &(0x7f0000001600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001640)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0xd700000, 0x0, 0x0, 0x41000, 0x4b, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x4, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r2], &(0x7f0000000740)=[{0x3, 0x0, 0xc}, {0x5, 0x4, 0x4, 0x2}, {0x0, 0x4, 0x1, 0xb}, {0x4, 0x3, 0x9, 0x3}, {0x3, 0x5, 0x3, 0x8}, {0x0, 0x3, 0x9, 0xc}, {0x2, 0x1, 0x9, 0xb}], 0x10, 0x180000}, 0x90)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r0, 0x20, &(0x7f0000000300)={&(0x7f0000000240)=""/153, 0x99, 0x0, &(0x7f0000000180)=""/108, 0x6c}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r0, 0x20, &(0x7f0000000300)={&(0x7f0000000240)=""/153, 0x99, <r5=>0x0, &(0x7f0000000180)=""/108, 0x6c}}, 0x10)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3d, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd3e}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc16055dc2c86f5b7}}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xb}, @initr0={0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000005c0)='syzkaller\x00', 0x7ff, 0xae, &(0x7f0000000600)=""/174, 0x41100, 0x33, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000006c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x2, 0x400, 0x2}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000740)=[{0x4, 0x3, 0x5, 0x7}, {0x2, 0x4, 0xb}, {0x5, 0x1, 0x5, 0x6}], 0x10, 0x20}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x7, 0x4, 0x4, 0x7}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x2c996a3a, '\x00', r4, r0, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000a40)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000002840)=""/4096, 0x41000, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000a80)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x1, 0xffffffff, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r1, r9, r0, r1, r0, r2, 0x1, r2, r1, r2]}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000a40)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000002840)=""/4096, 0x41000, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000a80)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x1, 0xffffffff, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r1, r9, r0, r1, r0, r2, 0x1, r2, r1, r2]}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000440)}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r8], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x90) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r8], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x90)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c80)={0x1b, 0x0, 0x0, 0xff, 0x0, 0x1, 0x23ca, '\x00', 0x0, r11, 0x1, 0x3, 0x1}, 0x48)
write$cgroup_int(r11, &(0x7f0000000200), 0x23000)
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f0000000480), 0x0}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002780)=@bpf_tracing={0x1a, 0x32, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1da6, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @map_val={0x18, 0x1, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x18}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ldst={0x3, 0x2, 0x2, 0x3, 0x4, 0x8, 0x10}, @map_val={0x18, 0x7, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0x1000, &(0x7f0000001780)=""/4096, 0x41000, 0x1, '\x00', r10, 0x1a, r11, 0x8, &(0x7f0000000380)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x0, 0x4, 0x4}, 0x10, 0xc1df, r12, 0x0, &(0x7f0000000540)=[r7, 0xffffffffffffffff, r7, r7, r7, r7, r13, r7]}, 0x90) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002780)=@bpf_tracing={0x1a, 0x32, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1da6, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @map_val={0x18, 0x1, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x18}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ldst={0x3, 0x2, 0x2, 0x3, 0x4, 0x8, 0x10}, @map_val={0x18, 0x7, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0x1000, &(0x7f0000001780)=""/4096, 0x41000, 0x1, '\x00', r10, 0x1a, r11, 0x8, &(0x7f0000000380)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x0, 0x4, 0x4}, 0x10, 0xc1df, r12, 0x0, &(0x7f0000000540)=[r7, 0xffffffffffffffff, r7, r7, r7, r7, r13, r7]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xe, 0x0, &(0x7f0000000040), &(0x7f0000000080)='GPL\x00', 0x2, 0x7f, &(0x7f00000000c0)=""/127, 0x82300, 0x8, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000140)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r6, 0x4, &(0x7f0000000840)=[r0, r0, r0, r0, r0, r13], &(0x7f0000000880)=[{0x1, 0x5, 0xe, 0x4}, {0x4, 0x4, 0x2, 0xb}, {0x1, 0x3, 0x0, 0xa}, {0x3, 0x2, 0x5, 0xb}], 0x10, 0x3}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:47 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe63}, 0x90)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48) (async)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x2d, 0x9, 0x2000000, 0x2, 0x20, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r3, &(0x7f0000000000), 0x248800) (async)
write$cgroup_type(r3, &(0x7f0000000000), 0x248800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0, 0xae, &(0x7f0000000540)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xf9, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0x20, &(0x7f0000000980)={&(0x7f0000000800)=""/214, 0xd6, <r5=>0x0, &(0x7f0000000900)=""/110, 0x6e}}, 0x10)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a00)={0x1b, 0x0, 0x0, 0xf6, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r7, <r10=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r8}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r7, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0], 0x0, 0x62, &(0x7f0000000800), 0x0, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x57, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r7, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0], 0x0, 0x62, &(0x7f0000000800), 0x0, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x57, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x3, 0x16, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000002000000000000002c0d001ffbffffffff916b86556190c90000000000000024cc7f00186500000c0000000000000001000000185600000f0000a28f6323dad0ef0000000000000006001800000000851ed375357575b086930b1423ca8ebd89c7a3becb7e0002bf6ce07a67fe5f93646d84d6fcc1fe00005637af481efbcc28c402588c19f93d8ce018d72cc416a0725a7aaee3c0814f2dac4871128c4a4651e99238e3a365abfbabc9e7cb32dd39e9dff15f91cd8e947df2f4d83dae9db04512187b5fc5ef65ffbc8662740583a8940504412c9236aada0c21b8a2bad4883f2b5aca48709e07d70c526b6bb497970c62e27a84748dd4", @ANYRES32=r10, @ANYRES32=r9], &(0x7f0000000640)='syzkaller\x00', 0x7a8defd5, 0x26, &(0x7f0000000680)=""/38, 0x0, 0x0, '\x00', r11, 0x6, r7, 0x8, &(0x7f0000000a40)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x3, 0xe, 0x3f, 0x1000}, 0x10, 0xffffffffffffffff, r8, 0x6, 0x0, &(0x7f0000000b00)=[{0x0, 0x2, 0x3, 0x2}, {0x3, 0x1, 0x7, 0x9}, {0x2, 0x3, 0xd, 0xb}, {0x2, 0x1, 0x1, 0xb}, {0x5, 0x2, 0x8, 0xa}, {0x4, 0x5, 0x3}], 0x10, 0x3}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x11, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x81}, @alu={0x4, 0x0, 0x5, 0xe, 0x8, 0xffffffffffffffe0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x7, 0x1, 0x0, r2}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x5}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @alu={0x7, 0x1, 0x0, 0x5, 0x5, 0x1, 0x1}, @cb_func={0x18, 0x6}], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0xed, &(0x7f0000000380)=""/237, 0x40f00, 0x4, '\x00', r4, 0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x4, 0x2, 0x3f27, 0x7}, 0x10, r5, r0, 0x1, &(0x7f0000000a80)=[r6, r7], &(0x7f0000000ac0)=[{0x5, 0x1, 0xfffffffd, 0x6}], 0x10, 0x200}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x2}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x23)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
r13 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1, 0x7f, 0x81, 0x7, 0x0, 0x3, 0x80000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x75, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4, 0x0, 0x3db, 0x7, 0x8, 0x5, 0xfffb, 0x0, 0x6, 0x0, 0x20}, r13, 0x6, 0xffffffffffffffff, 0xa)

[  111.379903][ T4465] FAULT_INJECTION: forcing a failure.
[  111.379903][ T4465] name failslab, interval 1, probability 0, space 0, times 0
[  111.407402][ T4465] CPU: 1 PID: 4465 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.417476][ T4465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.427370][ T4465] Call Trace:
[  111.430491][ T4465]  <TASK>
[  111.433270][ T4465]  dump_stack_lvl+0x151/0x1b7
[  111.437789][ T4465]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.443255][ T4465]  dump_stack+0x15/0x17
[  111.447243][ T4465]  should_fail+0x3c6/0x510
[  111.451499][ T4465]  __should_failslab+0xa4/0xe0
[  111.456098][ T4465]  ? anon_vma_clone+0x9a/0x500
[  111.460694][ T4465]  should_failslab+0x9/0x20
[  111.465034][ T4465]  slab_pre_alloc_hook+0x37/0xd0
[  111.469811][ T4465]  ? anon_vma_clone+0x9a/0x500
[  111.474409][ T4465]  kmem_cache_alloc+0x44/0x200
[  111.479009][ T4465]  anon_vma_clone+0x9a/0x500
[  111.483439][ T4465]  anon_vma_fork+0x91/0x4e0
[  111.487777][ T4465]  ? anon_vma_name+0x43/0x70
[  111.492202][ T4465]  ? vm_area_dup+0x17a/0x230
[  111.496630][ T4465]  copy_mm+0xa3a/0x13e0
[  111.500623][ T4465]  ? copy_signal+0x610/0x610
[  111.505048][ T4465]  ? __init_rwsem+0xd6/0x1c0
[  111.509475][ T4465]  ? copy_signal+0x4e3/0x610
[  111.513900][ T4465]  copy_process+0x1149/0x3290
[  111.518417][ T4465]  ? proc_fail_nth_write+0x20b/0x290
[  111.523535][ T4465]  ? fsnotify_perm+0x6a/0x5d0
[  111.528048][ T4465]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.532997][ T4465]  ? vfs_write+0x9ec/0x1110
[  111.537336][ T4465]  kernel_clone+0x21e/0x9e0
[  111.541675][ T4465]  ? file_end_write+0x1c0/0x1c0
[  111.546362][ T4465]  ? create_io_thread+0x1e0/0x1e0
[  111.551223][ T4465]  ? mutex_unlock+0xb2/0x260
[  111.555652][ T4465]  ? __mutex_lock_slowpath+0x10/0x10
[  111.560773][ T4465]  __x64_sys_clone+0x23f/0x290
[  111.565458][ T4465]  ? __do_sys_vfork+0x130/0x130
[  111.570144][ T4465]  ? ksys_write+0x260/0x2c0
[  111.574484][ T4465]  ? debug_smp_processor_id+0x17/0x20
[  111.579689][ T4465]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.585592][ T4465]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.591062][ T4465]  do_syscall_64+0x3d/0xb0
[  111.595314][ T4465]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.601041][ T4465] RIP: 0033:0x7fc79465eda9
[  111.605297][ T4465] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:47 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5823c557}, 0x90) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5823c557}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:47 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xff0f0100, 0x0, 0x0, &(0x7f0000000540))

[  111.624736][ T4465] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  111.632984][ T4465] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  111.640793][ T4465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  111.648605][ T4465] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  111.656417][ T4465] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  111.664226][ T4465] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  111.672045][ T4465]  </TASK>
06:47:47 executing program 4:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xf0, 0xf0, 0x3, [@const={0x2, 0x0, 0x0, 0xa, 0x2}, @restrict={0xf, 0x0, 0x0, 0xb, 0x1}, @var={0x10, 0x0, 0x0, 0xe, 0x3, 0x1}, @volatile={0xe, 0x0, 0x0, 0x9, 0x5}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x12, 0x0, 0x1d}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0x6, 0x3}, {0xf, 0x5}, {0x2}, {0x0, 0x2}, {0xb, 0x1}, {0xe, 0x4}, {0x7, 0x1}]}, @enum={0x5, 0x2, 0x0, 0x6, 0x4, [{0xd, 0x7}, {0x9}]}, @enum={0xd, 0x8, 0x0, 0x6, 0x4, [{0x10, 0x7}, {0x8, 0x4}, {0x5, 0x9}, {0xa, 0x3}, {0xa, 0x1}, {0xa, 0xffff}, {0x1, 0x8}, {0x2, 0x8001}]}]}, {0x0, [0x2e]}}, &(0x7f0000000140)=""/156, 0x10b, 0x9c, 0x0, 0xae91}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0)

06:47:47 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0)
r1 = syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
r2 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x49, 0xf1, 0x80, 0x40, 0x0, 0x7, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x200800, 0x0, @perf_bp={&(0x7f0000000140)}, 0x1000, 0x1, 0x7fff, 0x1, 0xa6e, 0x0, 0x7, 0x0, 0x3f, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x1, 0x7f, 0x2, 0x8, 0x0, 0x9ff8, 0x24800, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd26a7a3, 0x4, @perf_config_ext={0x81, 0x1c000000}, 0x80e2, 0x0, 0x3fffc00, 0x8, 0x100, 0x75, 0x8000, 0x0, 0x3, 0x0, 0x101}, 0x0, 0xc, r0, 0x8)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x2, 0x1, 0x6, 0x0, 0xfffffffffffffff9, 0x8000a, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7f, 0x0, @perf_config_ext={0x2, 0x3}, 0x2, 0x1000, 0x6, 0x9, 0x2, 0x6b, 0x3b72, 0x0, 0x9, 0x0, 0x10001}, r1, 0xa, r2, 0x2)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mm_vmscan_write_folio\x00', r0}, 0x10)
r4 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x8, 0x7, 0x4, 0x4, 0x0, 0x7, 0x40, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x3, @perf_config_ext={0x2, 0x3f7c}, 0x100040, 0x9, 0xfffffff8, 0x7, 0x8, 0xda, 0x8, 0x0, 0x7, 0x0, 0x1}, r4, 0x5, r3, 0x8)

06:47:47 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 82)

06:47:48 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe63}, 0x90)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x2d, 0x9, 0x2000000, 0x2, 0x20, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1}, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r3, &(0x7f0000000000), 0x248800) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0, 0xae, &(0x7f0000000540)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xf9, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0x20, &(0x7f0000000980)={&(0x7f0000000800)=""/214, 0xd6, <r5=>0x0, &(0x7f0000000900)=""/110, 0x6e}}, 0x10) (async)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a00)={0x1b, 0x0, 0x0, 0xf6, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) (async)
r9 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r7, <r10=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r8}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r7, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0], 0x0, 0x62, &(0x7f0000000800), 0x0, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x57, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x3, 0x16, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000002000000000000002c0d001ffbffffffff916b86556190c90000000000000024cc7f00186500000c0000000000000001000000185600000f0000a28f6323dad0ef0000000000000006001800000000851ed375357575b086930b1423ca8ebd89c7a3becb7e0002bf6ce07a67fe5f93646d84d6fcc1fe00005637af481efbcc28c402588c19f93d8ce018d72cc416a0725a7aaee3c0814f2dac4871128c4a4651e99238e3a365abfbabc9e7cb32dd39e9dff15f91cd8e947df2f4d83dae9db04512187b5fc5ef65ffbc8662740583a8940504412c9236aada0c21b8a2bad4883f2b5aca48709e07d70c526b6bb497970c62e27a84748dd4", @ANYRES32=r10, @ANYRES32=r9], &(0x7f0000000640)='syzkaller\x00', 0x7a8defd5, 0x26, &(0x7f0000000680)=""/38, 0x0, 0x0, '\x00', r11, 0x6, r7, 0x8, &(0x7f0000000a40)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x3, 0xe, 0x3f, 0x1000}, 0x10, 0xffffffffffffffff, r8, 0x6, 0x0, &(0x7f0000000b00)=[{0x0, 0x2, 0x3, 0x2}, {0x3, 0x1, 0x7, 0x9}, {0x2, 0x3, 0xd, 0xb}, {0x2, 0x1, 0x1, 0xb}, {0x5, 0x2, 0x8, 0xa}, {0x4, 0x5, 0x3}], 0x10, 0x3}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x11, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x81}, @alu={0x4, 0x0, 0x5, 0xe, 0x8, 0xffffffffffffffe0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x7, 0x1, 0x0, r2}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x5}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @alu={0x7, 0x1, 0x0, 0x5, 0x5, 0x1, 0x1}, @cb_func={0x18, 0x6}], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0xed, &(0x7f0000000380)=""/237, 0x40f00, 0x4, '\x00', r4, 0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x4, 0x2, 0x3f27, 0x7}, 0x10, r5, r0, 0x1, &(0x7f0000000a80)=[r6, r7], &(0x7f0000000ac0)=[{0x5, 0x1, 0xfffffffd, 0x6}], 0x10, 0x200}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r12}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x2}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x23) (async)
r13 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1, 0x7f, 0x81, 0x7, 0x0, 0x3, 0x80000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x75, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4, 0x0, 0x3db, 0x7, 0x8, 0x5, 0xfffb, 0x0, 0x6, 0x0, 0x20}, r13, 0x6, 0xffffffffffffffff, 0xa)

06:47:48 executing program 4:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xf0, 0xf0, 0x3, [@const={0x2, 0x0, 0x0, 0xa, 0x2}, @restrict={0xf, 0x0, 0x0, 0xb, 0x1}, @var={0x10, 0x0, 0x0, 0xe, 0x3, 0x1}, @volatile={0xe, 0x0, 0x0, 0x9, 0x5}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x12, 0x0, 0x1d}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0x6, 0x3}, {0xf, 0x5}, {0x2}, {0x0, 0x2}, {0xb, 0x1}, {0xe, 0x4}, {0x7, 0x1}]}, @enum={0x5, 0x2, 0x0, 0x6, 0x4, [{0xd, 0x7}, {0x9}]}, @enum={0xd, 0x8, 0x0, 0x6, 0x4, [{0x10, 0x7}, {0x8, 0x4}, {0x5, 0x9}, {0xa, 0x3}, {0xa, 0x1}, {0xa, 0xffff}, {0x1, 0x8}, {0x2, 0x8001}]}]}, {0x0, [0x2e]}}, &(0x7f0000000140)=""/156, 0x10b, 0x9c, 0x0, 0xae91}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) (async, rerun: 64)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64)

06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) (async)
r1 = syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
r2 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x49, 0xf1, 0x80, 0x40, 0x0, 0x7, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x200800, 0x0, @perf_bp={&(0x7f0000000140)}, 0x1000, 0x1, 0x7fff, 0x1, 0xa6e, 0x0, 0x7, 0x0, 0x3f, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x0) (async)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x1, 0x7f, 0x2, 0x8, 0x0, 0x9ff8, 0x24800, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd26a7a3, 0x4, @perf_config_ext={0x81, 0x1c000000}, 0x80e2, 0x0, 0x3fffc00, 0x8, 0x100, 0x75, 0x8000, 0x0, 0x3, 0x0, 0x101}, 0x0, 0xc, r0, 0x8)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x2, 0x1, 0x6, 0x0, 0xfffffffffffffff9, 0x8000a, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7f, 0x0, @perf_config_ext={0x2, 0x3}, 0x2, 0x1000, 0x6, 0x9, 0x2, 0x6b, 0x3b72, 0x0, 0x9, 0x0, 0x10001}, r1, 0xa, r2, 0x2)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mm_vmscan_write_folio\x00', r0}, 0x10)
r4 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x8, 0x7, 0x4, 0x4, 0x0, 0x7, 0x40, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x3, @perf_config_ext={0x2, 0x3f7c}, 0x100040, 0x9, 0xfffffff8, 0x7, 0x8, 0xda, 0x8, 0x0, 0x7, 0x0, 0x1}, r4, 0x5, r3, 0x8)

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xfffffff5, 0x0, 0x0, &(0x7f0000000540))

[  111.750349][ T4495] FAULT_INJECTION: forcing a failure.
[  111.750349][ T4495] name failslab, interval 1, probability 0, space 0, times 0
[  111.791743][ T4495] CPU: 1 PID: 4495 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.801813][ T4495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.811703][ T4495] Call Trace:
[  111.814829][ T4495]  <TASK>
[  111.817606][ T4495]  dump_stack_lvl+0x151/0x1b7
[  111.822125][ T4495]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.827588][ T4495]  dump_stack+0x15/0x17
[  111.831578][ T4495]  should_fail+0x3c6/0x510
[  111.835836][ T4495]  __should_failslab+0xa4/0xe0
[  111.840431][ T4495]  ? anon_vma_clone+0x9a/0x500
[  111.845037][ T4495]  should_failslab+0x9/0x20
[  111.849369][ T4495]  slab_pre_alloc_hook+0x37/0xd0
[  111.854145][ T4495]  ? anon_vma_clone+0x9a/0x500
[  111.858754][ T4495]  kmem_cache_alloc+0x44/0x200
[  111.863355][ T4495]  anon_vma_clone+0x9a/0x500
[  111.867772][ T4495]  anon_vma_fork+0x91/0x4e0
[  111.872110][ T4495]  ? anon_vma_name+0x4c/0x70
[  111.876537][ T4495]  ? vm_area_dup+0x17a/0x230
[  111.880964][ T4495]  copy_mm+0xa3a/0x13e0
[  111.884957][ T4495]  ? copy_signal+0x610/0x610
[  111.889469][ T4495]  ? __init_rwsem+0xd6/0x1c0
[  111.893896][ T4495]  ? copy_signal+0x4e3/0x610
[  111.898324][ T4495]  copy_process+0x1149/0x3290
[  111.902838][ T4495]  ? proc_fail_nth_write+0x20b/0x290
[  111.907959][ T4495]  ? fsnotify_perm+0x6a/0x5d0
[  111.912472][ T4495]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.917420][ T4495]  ? vfs_write+0x9ec/0x1110
[  111.921758][ T4495]  kernel_clone+0x21e/0x9e0
[  111.926097][ T4495]  ? file_end_write+0x1c0/0x1c0
[  111.930783][ T4495]  ? create_io_thread+0x1e0/0x1e0
[  111.935645][ T4495]  ? mutex_unlock+0xb2/0x260
[  111.940071][ T4495]  ? __mutex_lock_slowpath+0x10/0x10
[  111.945194][ T4495]  __x64_sys_clone+0x23f/0x290
[  111.949793][ T4495]  ? __do_sys_vfork+0x130/0x130
[  111.954477][ T4495]  ? ksys_write+0x260/0x2c0
[  111.958820][ T4495]  ? debug_smp_processor_id+0x17/0x20
[  111.964028][ T4495]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.969927][ T4495]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.975397][ T4495]  do_syscall_64+0x3d/0xb0
[  111.979649][ T4495]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.985377][ T4495] RIP: 0033:0x7fc79465eda9
[  111.989633][ T4495] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  112.009074][ T4495] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.017317][ T4495] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  112.025127][ T4495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  112.032939][ T4495] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
06:47:48 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x8, 0x9}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f0000000000)="1d"}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x20, &(0x7f0000000580)={&(0x7f00000003c0)=""/135, 0x87, <r3=>0x0, &(0x7f0000000480)=""/228, 0xe4}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x7, 0x3, 0x1}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f00000003c0)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x18, 0x1, 0x1, [r4, r4]}}], 0x18}, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x5}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xf, 0xf, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200}, [@jmp={0x5, 0x0, 0x7, 0x4, 0x3, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0xc9, &(0x7f00000000c0)=""/201, 0x41100, 0x1, '\x00', r2, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81, 0xff}, 0x10, r3, r0, 0x8, &(0x7f0000000740)=[r4, r6, r7], &(0x7f0000000780)=[{0x0, 0x5, 0x2, 0x2}, {0x2, 0x5, 0x0, 0x3}, {0x2, 0x1, 0x9, 0x3}, {0x3, 0x4, 0x2, 0x9}, {0x3, 0x5, 0x1, 0x8}, {0x4, 0x3, 0xe, 0x1}, {0x3, 0x1, 0x6, 0x1}, {0x1, 0x1, 0x3, 0x8}], 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0xfffffffb, 0x0, 0x0, &(0x7f0000000540))

06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0)
r1 = syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
r2 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x49, 0xf1, 0x80, 0x40, 0x0, 0x7, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x200800, 0x0, @perf_bp={&(0x7f0000000140)}, 0x1000, 0x1, 0x7fff, 0x1, 0xa6e, 0x0, 0x7, 0x0, 0x3f, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x1, 0x7f, 0x2, 0x8, 0x0, 0x9ff8, 0x24800, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd26a7a3, 0x4, @perf_config_ext={0x81, 0x1c000000}, 0x80e2, 0x0, 0x3fffc00, 0x8, 0x100, 0x75, 0x8000, 0x0, 0x3, 0x0, 0x101}, 0x0, 0xc, r0, 0x8)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x2, 0x1, 0x6, 0x0, 0xfffffffffffffff9, 0x8000a, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7f, 0x0, @perf_config_ext={0x2, 0x3}, 0x2, 0x1000, 0x6, 0x9, 0x2, 0x6b, 0x3b72, 0x0, 0x9, 0x0, 0x10001}, r1, 0xa, r2, 0x2)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mm_vmscan_write_folio\x00', r0}, 0x10)
r4 = syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x8, 0x7, 0x4, 0x4, 0x0, 0x7, 0x40, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x3, @perf_config_ext={0x2, 0x3f7c}, 0x100040, 0x9, 0xfffffff8, 0x7, 0x8, 0xda, 0x8, 0x0, 0x7, 0x0, 0x1}, r4, 0x5, r3, 0x8)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) (async)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x49, 0xf1, 0x80, 0x40, 0x0, 0x7, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x200800, 0x0, @perf_bp={&(0x7f0000000140)}, 0x1000, 0x1, 0x7fff, 0x1, 0xa6e, 0x0, 0x7, 0x0, 0x3f, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x0) (async)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x1, 0x7f, 0x2, 0x8, 0x0, 0x9ff8, 0x24800, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd26a7a3, 0x4, @perf_config_ext={0x81, 0x1c000000}, 0x80e2, 0x0, 0x3fffc00, 0x8, 0x100, 0x75, 0x8000, 0x0, 0x3, 0x0, 0x101}, 0x0, 0xc, r0, 0x8) (async)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x2, 0x1, 0x6, 0x0, 0xfffffffffffffff9, 0x8000a, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7f, 0x0, @perf_config_ext={0x2, 0x3}, 0x2, 0x1000, 0x6, 0x9, 0x2, 0x6b, 0x3b72, 0x0, 0x9, 0x0, 0x10001}, r1, 0xa, r2, 0x2) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mm_vmscan_write_folio\x00', r0}, 0x10) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x8, 0x7, 0x4, 0x4, 0x0, 0x7, 0x40, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x3, @perf_config_ext={0x2, 0x3f7c}, 0x100040, 0x9, 0xfffffff8, 0x7, 0x8, 0xda, 0x8, 0x0, 0x7, 0x0, 0x1}, r4, 0x5, r3, 0x8) (async)

06:47:48 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 83)

[  112.040751][ T4495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.048563][ T4495] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  112.056379][ T4495]  </TASK>
[  112.110246][ T4531] FAULT_INJECTION: forcing a failure.
[  112.110246][ T4531] name failslab, interval 1, probability 0, space 0, times 0
[  112.139957][ T4531] CPU: 1 PID: 4531 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.150030][ T4531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.159923][ T4531] Call Trace:
[  112.163045][ T4531]  <TASK>
[  112.165824][ T4531]  dump_stack_lvl+0x151/0x1b7
[  112.170337][ T4531]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.175803][ T4531]  dump_stack+0x15/0x17
[  112.179795][ T4531]  should_fail+0x3c6/0x510
[  112.184047][ T4531]  __should_failslab+0xa4/0xe0
[  112.188648][ T4531]  ? anon_vma_clone+0x9a/0x500
[  112.193248][ T4531]  should_failslab+0x9/0x20
[  112.197593][ T4531]  slab_pre_alloc_hook+0x37/0xd0
[  112.202366][ T4531]  ? anon_vma_clone+0x9a/0x500
[  112.206978][ T4531]  kmem_cache_alloc+0x44/0x200
[  112.211566][ T4531]  anon_vma_clone+0x9a/0x500
[  112.216084][ T4531]  anon_vma_fork+0x91/0x4e0
[  112.220415][ T4531]  ? anon_vma_name+0x43/0x70
[  112.224849][ T4531]  ? vm_area_dup+0x17a/0x230
[  112.229266][ T4531]  copy_mm+0xa3a/0x13e0
[  112.233260][ T4531]  ? copy_signal+0x610/0x610
[  112.237688][ T4531]  ? __init_rwsem+0xd6/0x1c0
[  112.242115][ T4531]  ? copy_signal+0x4e3/0x610
[  112.246542][ T4531]  copy_process+0x1149/0x3290
[  112.251056][ T4531]  ? proc_fail_nth_write+0x20b/0x290
[  112.256174][ T4531]  ? fsnotify_perm+0x6a/0x5d0
[  112.260689][ T4531]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  112.265633][ T4531]  ? vfs_write+0x9ec/0x1110
[  112.269983][ T4531]  kernel_clone+0x21e/0x9e0
[  112.274316][ T4531]  ? file_end_write+0x1c0/0x1c0
[  112.279003][ T4531]  ? create_io_thread+0x1e0/0x1e0
[  112.283861][ T4531]  ? mutex_unlock+0xb2/0x260
[  112.288290][ T4531]  ? __mutex_lock_slowpath+0x10/0x10
[  112.293419][ T4531]  __x64_sys_clone+0x23f/0x290
[  112.298013][ T4531]  ? __do_sys_vfork+0x130/0x130
[  112.302699][ T4531]  ? ksys_write+0x260/0x2c0
[  112.307039][ T4531]  ? debug_smp_processor_id+0x17/0x20
[  112.312241][ T4531]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  112.318149][ T4531]  ? exit_to_user_mode_prepare+0x39/0xa0
[  112.323614][ T4531]  do_syscall_64+0x3d/0xb0
[  112.327865][ T4531]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  112.333595][ T4531] RIP: 0033:0x7fc79465eda9
[  112.337849][ T4531] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x9, '\x00', 0x0, r0, 0x4, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000140)='GPL\x00', 0x6, 0x20, &(0x7f0000000180)=""/32, 0x41100, 0x14, '\x00', r1, 0x0, r0, 0x8, &(0x7f00000002c0)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xc, 0x101, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r2, r0], 0x0, 0x10, 0x5}, 0x90)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)="9bb6333d66a001b2e732682658faed74d66cbd31b3520982ee0b3d2b9be2504592b891fa03b80111759f428d6b89ccc6e6d5a2bd4b1d62424f8883bf9814410a1e0caa3735672c1ff06e21cd8d5c73a253762d3ad4e8a489e4035e91aae04d0f628897b405ac1a68902a48391c9c2d9225d324c242d32aab83b7558c48f0b6f83eba4fb748660e75966d0d39af7326490b12eaa5c7d8")

06:47:48 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x8, 0x9}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f0000000000)="1d"}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x20, &(0x7f0000000580)={&(0x7f00000003c0)=""/135, 0x87, <r3=>0x0, &(0x7f0000000480)=""/228, 0xe4}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x7, 0x3, 0x1}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f00000003c0)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x18, 0x1, 0x1, [r4, r4]}}], 0x18}, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x5}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xf, 0xf, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200}, [@jmp={0x5, 0x0, 0x7, 0x4, 0x3, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0xc9, &(0x7f00000000c0)=""/201, 0x41100, 0x1, '\x00', r2, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81, 0xff}, 0x10, r3, r0, 0x8, &(0x7f0000000740)=[r4, r6, r7], &(0x7f0000000780)=[{0x0, 0x5, 0x2, 0x2}, {0x2, 0x5, 0x0, 0x3}, {0x2, 0x1, 0x9, 0x3}, {0x3, 0x4, 0x2, 0x9}, {0x3, 0x5, 0x1, 0x8}, {0x4, 0x3, 0xe, 0x1}, {0x3, 0x1, 0x6, 0x1}, {0x1, 0x1, 0x3, 0x8}], 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x8, 0x9}, 0x48) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f0000000000)="1d"}, 0x20) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f00000002c0)}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x20, &(0x7f0000000580)={&(0x7f00000003c0)=""/135, 0x87, 0x0, &(0x7f0000000480)=""/228, 0xe4}}, 0x10) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x7, 0x3, 0x1}, 0x48) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async)
sendmsg$unix(r5, &(0x7f00000003c0)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x18, 0x1, 0x1, [r4, r4]}}], 0x18}, 0x0) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x5}, 0x48) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{}, &(0x7f0000000680), &(0x7f00000006c0)='%ps    \x00'}, 0x20) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xf, 0xf, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200}, [@jmp={0x5, 0x0, 0x7, 0x4, 0x3, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0xc9, &(0x7f00000000c0)=""/201, 0x41100, 0x1, '\x00', r2, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81, 0xff}, 0x10, r3, r0, 0x8, &(0x7f0000000740)=[r4, r6, r7], &(0x7f0000000780)=[{0x0, 0x5, 0x2, 0x2}, {0x2, 0x5, 0x0, 0x3}, {0x2, 0x1, 0x9, 0x3}, {0x3, 0x4, 0x2, 0x9}, {0x3, 0x5, 0x1, 0x8}, {0x4, 0x3, 0xe, 0x1}, {0x3, 0x1, 0x6, 0x1}, {0x1, 0x1, 0x3, 0x8}], 0x10, 0x1}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (async)

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x1b0f91f000, 0x0, 0x0, &(0x7f0000000540))

[  112.357292][ T4531] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.365536][ T4531] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  112.373344][ T4531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  112.381160][ T4531] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  112.388967][ T4531] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.396780][ T4531] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  112.404597][ T4531]  </TASK>
06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10) (async)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x9, '\x00', 0x0, r0, 0x4, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000140)='GPL\x00', 0x6, 0x20, &(0x7f0000000180)=""/32, 0x41100, 0x14, '\x00', r1, 0x0, r0, 0x8, &(0x7f00000002c0)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xc, 0x101, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r2, r0], 0x0, 0x10, 0x5}, 0x90) (async)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)="9bb6333d66a001b2e732682658faed74d66cbd31b3520982ee0b3d2b9be2504592b891fa03b80111759f428d6b89ccc6e6d5a2bd4b1d62424f8883bf9814410a1e0caa3735672c1ff06e21cd8d5c73a253762d3ad4e8a489e4035e91aae04d0f628897b405ac1a68902a48391c9c2d9225d324c242d32aab83b7558c48f0b6f83eba4fb748660e75966d0d39af7326490b12eaa5c7d8")

06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498") (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10) (async)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x9, '\x00', 0x0, r0, 0x4, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000140)='GPL\x00', 0x6, 0x20, &(0x7f0000000180)=""/32, 0x41100, 0x14, '\x00', r1, 0x0, r0, 0x8, &(0x7f00000002c0)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xc, 0x101, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r2, r0], 0x0, 0x10, 0x5}, 0x90) (async)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)="9bb6333d66a001b2e732682658faed74d66cbd31b3520982ee0b3d2b9be2504592b891fa03b80111759f428d6b89ccc6e6d5a2bd4b1d62424f8883bf9814410a1e0caa3735672c1ff06e21cd8d5c73a253762d3ad4e8a489e4035e91aae04d0f628897b405ac1a68902a48391c9c2d9225d324c242d32aab83b7558c48f0b6f83eba4fb748660e75966d0d39af7326490b12eaa5c7d8")

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x2a3b03c3a000, 0x0, 0x0, &(0x7f0000000540))

06:47:48 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
syz_clone(0x50000800, &(0x7f00000012c0)="3fd17e8da218b5d3c93c23828a3d61d0a1d79a713b29bf911edeac9b402e90066ddf31f0b1824349ea5a021bea658c2bcf918a805b5713dc7de972e5c179f2c2c3fcc8bae66bef2e4426c2d6988c1d7f1e02b6271e969c666d9443fd6ad87346fef5c0c7cca75a14c28749eeab7095bdfed3131e9faed2e1b2a7e42060f87d6abe4b7e34bfed879069159e8984afbe8ef05138684e1d3ebc0bec3f6dd8b133753857e13b7eca0d33de4f916d2d1ae26eb83c1885915f93ec386063ac35505e0506910e9417ae1f114af5d8b107ab88c1770dbdfbc09580e20eb878eea9a228a82019bd41e0e1119d", 0xe8, &(0x7f00000013c0), &(0x7f0000001400), &(0x7f0000001440)="08649f313f35a129e81851b95cf5a8a25003a8b56dc2749671da376ff53c14df699842f511ad0411b66ce065075f9ec59bb29f59e98cea8d3d6aac38c748682fe41fb81e500c3ee599389b4c9378095851e69d693afc6c7576f55ef8637e74d873cfd4a83b8bb0d39751c561a0727f08c5f3745c6d44c98ed6993a2af85b25733a12b4b98041d8df8346daf8009a6138a47e7558e4b016276d1bbf858e76d98fa3ca59ce575f893b56250a5094a3a7be5aa08a5127dd121169dae525ee3a5c438448c486de51a3323346ed346b436319906a03a61cbd5a019bb091eabb2a0b4127b26d8d9590e2091a5deb2500fef7d0f9a1155e34aca94d161498")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0x7, <r2=>0x0}, 0x8)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x1000, '\x00', 0x0, r0, 0x3, 0x4, 0x3}, 0x48)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0x23, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd9e}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @ldst={0x1, 0x3, 0x2, 0x0, 0x2, 0x0, 0x1}, @map_fd={0x18, 0x6, 0x1, 0x0, r1}, @alu={0x4, 0x1, 0x3, 0x5, 0x1, 0xfffffffffffffffc, 0x8}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xe}, @map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x401}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000180)='syzkaller\x00', 0x24, 0x5e, &(0x7f0000000240)=""/94, 0x41100, 0x40, '\x00', 0x0, 0x4, r0, 0x8, &(0x7f00000001c0)={0x0, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x0, 0x6, 0x20}, 0x10, r2, 0xffffffffffffffff, 0x1, &(0x7f0000000480)=[r1, r1, r1, r3, r4, r1, r1, r0, r0, r1], &(0x7f00000004c0)=[{0x0, 0x3, 0xb, 0x4}], 0x10, 0x5}, 0x90)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001600), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540))

06:47:48 executing program 1:
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8983, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
socketpair(0x0, 0x4, 0xffffff01, &(0x7f0000001c80))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x23025100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)) (fail_nth: 84)

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x553a2508b000, 0x0, 0x0, &(0x7f0000000540))

06:47:48 executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socketpair(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x18, 0x10, &(0x7f0000001cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @generic={0x81, 0x5, 0x4, 0x3ff, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x5}, @generic={0x53, 0x0, 0x3, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000001d40)='syzkaller\x00', 0xffffab66, 0x65, &(0x7f0000001d80)=""/101, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001e00)={0x1, 0xb, 0x8, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001e40)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff], 0x0, 0x10, 0x60da38cb}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair(0x26, 0x4, 0xffffff01, &(0x7f0000001c80))
syz_clone(0x23025100, 0x0, 0x2001000000000, 0x0, 0x0, &(0x7f0000000540))

[  112.529215][ T4585] FAULT_INJECTION: forcing a failure.
[  112.529215][ T4585] name failslab, interval 1, probability 0, space 0, times 0
[  112.558415][ T4585] CPU: 0 PID: 4585 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.568491][ T4585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.578388][ T4585] Call Trace:
[  112.581504][ T4585]  <TASK>
[  112.584288][ T4585]  dump_stack_lvl+0x151/0x1b7
[  112.588795][ T4585]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.594262][ T4585]  dump_stack+0x15/0x17
[  112.598261][ T4585]  should_fail+0x3c6/0x510
[  112.602507][ T4585]  __should_failslab+0xa4/0xe0
[  112.607109][ T4585]  ? anon_vma_fork+0x1df/0x4e0
[  112.611713][ T4585]  should_failslab+0x9/0x20
[  112.616051][ T4585]  slab_pre_alloc_hook+0x37/0xd0
[  112.620820][ T4585]  ? anon_vma_fork+0x1df/0x4e0
[  112.625421][ T4585]  kmem_cache_alloc+0x44/0x200
[  112.630027][ T4585]  anon_vma_fork+0x1df/0x4e0
[  112.634447][ T4585]  copy_mm+0xa3a/0x13e0
[  112.638445][ T4585]  ? copy_signal+0x610/0x610
[  112.642867][ T4585]  ? __init_rwsem+0xd6/0x1c0
[  112.647293][ T4585]  ? copy_signal+0x4e3/0x610
[  112.651721][ T4585]  copy_process+0x1149/0x3290
[  112.656240][ T4585]  ? proc_fail_nth_write+0x20b/0x290
[  112.661355][ T4585]  ? fsnotify_perm+0x6a/0x5d0
[  112.665953][ T4585]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  112.670904][ T4585]  ? vfs_write+0x9ec/0x1110
[  112.675241][ T4585]  kernel_clone+0x21e/0x9e0
[  112.679581][ T4585]  ? file_end_write+0x1c0/0x1c0
[  112.684267][ T4585]  ? create_io_thread+0x1e0/0x1e0
[  112.689128][ T4585]  ? mutex_unlock+0xb2/0x260
[  112.693557][ T4585]  ? __mutex_lock_slowpath+0x10/0x10
[  112.698679][ T4585]  __x64_sys_clone+0x23f/0x290
[  112.703277][ T4585]  ? __do_sys_vfork+0x130/0x130
[  112.707961][ T4585]  ? ksys_write+0x260/0x2c0
[  112.712303][ T4585]  ? debug_smp_processor_id+0x17/0x20
[  112.717516][ T4585]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  112.723767][ T4585]  ? exit_to_user_mode_prepare+0x39/0xa0
[  112.729230][ T4585]  do_syscall_64+0x3d/0xb0
[  112.733480][ T4585]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  112.739207][ T4585] RIP: 0033:0x7fc79465eda9
[  112.743462][ T4585] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  112.762906][ T4585] RSP: 002b:00007fc7933e0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.771149][ T4585] RAX: ffffffffffffffda RBX: 00007fc79478cf80 RCX: 00007fc79465eda9
[  112.778962][ T4585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  112.786783][ T4585] RBP: 00007fc7933e0120 R08: 0000000020000540 R09: 0000000020000540
[  112.794582][ T4585] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.802395][ T4585] R13: 000000000000000b R14: 00007fc79478cf80 R15: 00007ffe32fa6218
[  112.810210][ T4585]  </TASK>
[  112.824857][ T4598] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  112.836395][ T4598] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  112.844639][ T4598] CPU: 0 PID: 4598 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.854721][ T4598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.864599][ T4598] RIP: 0010:__rb_erase_color+0x10e/0xa60
[  112.870066][ T4598] Code: 89 ff e8 85 29 2b ff 4c 8b 6d d0 4d 89 2f 4c 89 eb 48 83 cb 01 4c 8b 7d c0 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 54 29 2b ff 49 89 1f 4c 89 eb 48 c1
[  112.889509][ T4598] RSP: 0018:ffffc90000af77c0 EFLAGS: 00010246
[  112.895413][ T4598] RAX: 0000000000000000 RBX: ffff88810b80cac1 RCX: dffffc0000000000
[  112.903238][ T4598] RDX: ffffffff81a50880 RSI: ffff888110265518 RDI: ffff88814ba81748
[  112.911035][ T4598] RBP: ffffc90000af7820 R08: ffffffff81a4e940 R09: ffffed102204caa7
[  112.918849][ T4598] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110218a25a2
[  112.926657][ T4598] R13: ffff88810b80cac0 R14: ffff88810c512d10 R15: 0000000000000000
[  112.934469][ T4598] FS:  00007fc3671d26c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  112.943238][ T4598] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  112.949667][ T4598] CR2: 00007fdf26acd990 CR3: 000000013405c000 CR4: 00000000003506b0
[  112.957473][ T4598] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  112.965279][ T4598] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  112.973094][ T4598] Call Trace:
[  112.976217][ T4598]  <TASK>
[  112.978997][ T4598]  ? __die_body+0x62/0xb0
[  112.983162][ T4598]  ? die_addr+0x9f/0xd0
[  112.987152][ T4598]  ? exc_general_protection+0x311/0x4b0
[  112.992535][ T4598]  ? asm_exc_general_protection+0x27/0x30
[  112.998093][ T4598]  ? vma_interval_tree_remove+0xae0/0xba0
[  113.003645][ T4598]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  113.009997][ T4598]  ? __rb_erase_color+0x10e/0xa60
[  113.014852][ T4598]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  113.021525][ T4598]  vma_interval_tree_remove+0xb82/0xba0
[  113.026903][ T4598]  unlink_file_vma+0xd9/0xf0
[  113.031332][ T4598]  free_pgtables+0x13f/0x280
[  113.035756][ T4598]  exit_mmap+0x3e7/0x6f0
[  113.039853][ T4598]  ? exit_aio+0x25e/0x3c0
[  113.044007][ T4598]  ? vm_brk+0x30/0x30
[  113.047820][ T4598]  ? mutex_unlock+0xb2/0x260
[  113.052254][ T4598]  ? uprobe_clear_state+0x2cd/0x320
[  113.057286][ T4598]  __mmput+0x95/0x310
[  113.061100][ T4598]  mmput+0x5b/0x170
[  113.064747][ T4598]  copy_process+0x25d9/0x3290
[  113.069262][ T4598]  ? __fdget+0x1ce/0x240
[  113.073338][ T4598]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  113.078288][ T4598]  ? avc_has_perm+0x16f/0x260
[  113.082798][ T4598]  ? radix_tree_lookup+0x23a/0x290
[  113.087752][ T4598]  kernel_clone+0x21e/0x9e0
[  113.092085][ T4598]  ? create_io_thread+0x1e0/0x1e0
[  113.096946][ T4598]  ? security_bpf+0x82/0xb0
[  113.101285][ T4598]  __x64_sys_clone+0x23f/0x290
[  113.105886][ T4598]  ? __do_sys_vfork+0x130/0x130
[  113.110572][ T4598]  ? switch_fpu_return+0x1ed/0x3d0
[  113.115525][ T4598]  ? __kasan_check_read+0x11/0x20
[  113.120385][ T4598]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  113.125850][ T4598]  do_syscall_64+0x3d/0xb0
[  113.130103][ T4598]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  113.135832][ T4598] RIP: 0033:0x7fc368450da9
[  113.140086][ T4598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.159530][ T4598] RSP: 002b:00007fc3671d2078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  113.167785][ T4598] RAX: ffffffffffffffda RBX: 00007fc36857ef80 RCX: 00007fc368450da9
[  113.175588][ T4598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000023025000
[  113.183392][ T4598] RBP: 00007fc36849d47a R08: 0000000020000540 R09: 0000000020000540
[  113.191219][ T4598] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  113.199013][ T4598] R13: 000000000000000b R14: 00007fc36857ef80 R15: 00007ffd99bee8b8
[  113.206829][ T4598]  </TASK>
[  113.209692][ T4598] Modules linked in:
[  113.213570][ T4598] ---[ end trace f7c1f3adbd51141a ]---
[  113.219671][ T4598] RIP: 0010:__rb_erase_color+0x10e/0xa60
[  113.225202][ T4598] Code: 89 ff e8 85 29 2b ff 4c 8b 6d d0 4d 89 2f 4c 89 eb 48 83 cb 01 4c 8b 7d c0 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 54 29 2b ff 49 89 1f 4c 89 eb 48 c1
[  113.244669][ T4598] RSP: 0018:ffffc90000af77c0 EFLAGS: 00010246
[  113.250559][ T4598] RAX: 0000000000000000 RBX: ffff88810b80cac1 RCX: dffffc0000000000
[  113.258360][ T4598] RDX: ffffffff81a50880 RSI: ffff888110265518 RDI: ffff88814ba81748
[  113.266227][ T4598] RBP: ffffc90000af7820 R08: ffffffff81a4e940 R09: ffffed102204caa7
[  113.273992][ T4598] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110218a25a2
[  113.281800][ T4598] R13: ffff88810b80cac0 R14: ffff88810c512d10 R15: 0000000000000000
[  113.289617][ T4598] FS:  00007fc3671d26c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  113.298423][ T4598] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.304828][ T4598] CR2: 00007fdf26acd990 CR3: 000000013405c000 CR4: 00000000003506b0
[  113.312635][ T4598] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  113.320428][ T4598] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  113.328286][ T4598] Kernel panic - not syncing: Fatal exception
[  113.334392][ T4598] Kernel Offset: disabled
[  113.338517][ T4598] Rebooting in 86400 seconds..