OB="18ff0300000000000000000000010025fe1bf7302000850000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r0, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0], 0x0, 0x8, &(0x7f0000000800)=[{}], 0x8, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000a80)=0xffffffffffffffff, 0x4) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000b40)={0xffffffffffffffff}, 0x4) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x14, 0xf, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @map_fd={0x18, 0x4, 0x1, 0x0, r1}, @alu={0x4, 0x1, 0x7, 0x3, 0x6, 0x80, 0x8}, @call={0x85, 0x0, 0x0, 0xcb}, @alu={0x4, 0x1, 0xb, 0x9, 0x2, 0xffffffffffffffc0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x8}]}, &(0x7f0000000700)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x4, r3, 0x8, &(0x7f0000000ac0)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000b00)={0x4, 0xb, 0x4a6, 0x9}, 0x10, 0xffffffffffffffff, r4, 0x0, &(0x7f0000000b80)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r5]}, 0x80) (rerun: 32) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_procs(r6, &(0x7f0000000c40)='cgroup.procs\x00', 0x2, 0x0) (async) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r8 = openat$cgroup(r7, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) openat$cgroup(r8, &(0x7f0000000640)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup(r9, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040)) (async) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1a, 0x7, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xffff4b3a}, [@jmp={0x5, 0x0, 0x8, 0x5, 0x2, 0xfffffffffffffff4, 0xfffffffffffffff0}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffc}, @exit]}, &(0x7f00000004c0)='syzkaller\x00', 0xe47, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1a, r7, 0x8, &(0x7f0000000500)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0x5, 0x9, 0x4}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000580)=[0x1, r0, r9, r10]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) (async, rerun: 64) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@alu={0x7, 0x0, 0xd, 0xb, 0x8, 0x100, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6436}, @generic={0x3f, 0x2, 0x9, 0x1, 0x5}, @map_idx={0x18, 0xa}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0xee8, 0x14, &(0x7f0000000180)=""/20, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x3, 0xf0, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r11, r12]}, 0x80) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="4e2d3303e2740d15a380b582710acb519862b4f702544c05f3d2911c86785f38465e486732b73ebc8c32e05e10e242589eebb29c7dddf9b72ae221c791d0100b3b36815593a4d711b158cd42a5254a947c1da8493c0fc84941acac30f5809b702a167b1a1c5612b200000000000000"], 0x6a) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r3, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x0, 0x0) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) write$cgroup_int(r1, &(0x7f00000000c0)=0x5, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) write$cgroup_int(r1, &(0x7f00000000c0)=0x5, 0x12) (async) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) [ 202.542813][T27893] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 202.550704][T27893] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 202.558539][T27893] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 202.566328][T27893] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 202.574140][T27893] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 202.582041][T27893] 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4f2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x2d, 'io'}, {0x2b, 'hugetlb'}]}, 0xd) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="4e2d3303e2740d15a380b582710acb519862b4f702544c05f3d2911c86785f38465e486732b73ebc8c32e05e10e242589eebb29c7dddf9b72ae221c791d0100b3b36815593a4d711b158cd42a5254a947c1da8493c0fc84941acac30f5809b702a167b1a1c5612b200000000000000"], 0x6a) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r3, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x0, 0x0) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4f2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x2d, 'io'}, {0x2b, 'hugetlb'}]}, 0xd) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="ce2d33"], 0x6a) [ 202.617916][T27943] FAULT_INJECTION: forcing a failure. [ 202.617916][T27943] name failslab, interval 1, probability 0, space 0, times 0 [ 202.657968][T27943] CPU: 0 PID: 27943 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 202.668034][T27943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 202.677936][T27943] Call Trace: [ 202.681061][T27943] [ 202.683835][T27943] dump_stack_lvl+0x151/0x1b7 [ 202.688349][T27943] ? bfq_pos_tree_add_move+0x43e/0x43e [ 202.693645][T27943] dump_stack+0x15/0x17 [ 202.697635][T27943] should_fail+0x3c0/0x510 [ 202.701888][T27943] __should_failslab+0x9f/0xe0 [ 202.706484][T27943] should_failslab+0x9/0x20 [ 202.710827][T27943] kmem_cache_alloc+0x4f/0x2f0 [ 202.715424][T27943] ? anon_vma_fork+0x1b9/0x4f0 [ 202.720027][T27943] anon_vma_fork+0x1b9/0x4f0 [ 202.724457][T27943] dup_mmap+0x750/0xea0 [ 202.728449][T27943] ? __delayed_free_task+0x20/0x20 [ 202.733394][T27943] ? mm_init+0x807/0x960 [ 202.737472][T27943] dup_mm+0x91/0x330 [ 202.741207][T27943] copy_mm+0x108/0x1b0 [ 202.745112][T27943] copy_process+0x1295/0x3250 [ 202.749630][T27943] ? proc_fail_nth_write+0x213/0x290 [ 202.754746][T27943] ? proc_fail_nth_read+0x220/0x220 [ 202.759783][T27943] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 202.764724][T27943] ? vfs_write+0x9af/0x1050 [ 202.769074][T27943] ? vmacache_update+0xb7/0x120 [ 202.773754][T27943] kernel_clone+0x22d/0x990 [ 202.778099][T27943] ? file_end_write+0x1b0/0x1b0 [ 202.782784][T27943] ? __kasan_check_write+0x14/0x20 [ 202.787729][T27943] ? create_io_thread+0x1e0/0x1e0 [ 202.792590][T27943] ? __mutex_lock_slowpath+0x10/0x10 [ 202.797708][T27943] __x64_sys_clone+0x289/0x310 [ 202.802308][T27943] ? __do_sys_vfork+0x130/0x130 [ 202.806997][T27943] ? debug_smp_processor_id+0x17/0x20 [ 202.812206][T27943] do_syscall_64+0x44/0xd0 [ 202.816455][T27943] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 202.822201][T27943] RIP: 0033:0x7f510cb420d9 [ 202.826449][T27943] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 202.845878][T27943] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 202.854237][T27943] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 17:39:40 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 32) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="ce2d33"], 0x6a) [ 202.862028][T27943] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 202.869834][T27943] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 202.877644][T27943] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 202.885455][T27943] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 202.893270][T27943] 17:39:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18ff0300000000000000000000010025fe1bf7302000850000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r0, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0], 0x0, 0x8, &(0x7f0000000800)=[{}], 0x8, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) (async) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000a80)=0xffffffffffffffff, 0x4) (async) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000b40)={0xffffffffffffffff}, 0x4) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x14, 0xf, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @map_fd={0x18, 0x4, 0x1, 0x0, r1}, @alu={0x4, 0x1, 0x7, 0x3, 0x6, 0x80, 0x8}, @call={0x85, 0x0, 0x0, 0xcb}, @alu={0x4, 0x1, 0xb, 0x9, 0x2, 0xffffffffffffffc0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x8}]}, &(0x7f0000000700)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x4, r3, 0x8, &(0x7f0000000ac0)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000b00)={0x4, 0xb, 0x4a6, 0x9}, 0x10, 0xffffffffffffffff, r4, 0x0, &(0x7f0000000b80)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r5]}, 0x80) (async, rerun: 64) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) openat$cgroup_procs(r6, &(0x7f0000000c40)='cgroup.procs\x00', 0x2, 0x0) (async, rerun: 64) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r8 = openat$cgroup(r7, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) openat$cgroup(r8, &(0x7f0000000640)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup(r9, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1a, 0x7, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xffff4b3a}, [@jmp={0x5, 0x0, 0x8, 0x5, 0x2, 0xfffffffffffffff4, 0xfffffffffffffff0}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffc}, @exit]}, &(0x7f00000004c0)='syzkaller\x00', 0xe47, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1a, r7, 0x8, &(0x7f0000000500)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0x5, 0x9, 0x4}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000580)=[0x1, r0, r9, r10]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) (async, rerun: 32) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@alu={0x7, 0x0, 0xd, 0xb, 0x8, 0x100, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6436}, @generic={0x3f, 0x2, 0x9, 0x1, 0x5}, @map_idx={0x18, 0xa}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0xee8, 0x14, &(0x7f0000000180)=""/20, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x3, 0xf0, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r11, r12]}, 0x80) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4f2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x2d, 'io'}, {0x2b, 'hugetlb'}]}, 0xd) 17:39:40 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x36) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) r2 = openat$cgroup(r1, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="ce2d33"], 0x6a) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="f2ffffff"], 0x6a) [ 202.931742][T27973] FAULT_INJECTION: forcing a failure. [ 202.931742][T27973] name failslab, interval 1, probability 0, space 0, times 0 [ 202.944258][T27973] CPU: 0 PID: 27973 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 202.954239][T27973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 202.964128][T27973] Call Trace: [ 202.967251][T27973] [ 202.970028][T27973] dump_stack_lvl+0x151/0x1b7 [ 202.974545][T27973] ? bfq_pos_tree_add_move+0x43e/0x43e [ 202.979838][T27973] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 202.986086][T27973] dump_stack+0x15/0x17 [ 202.990082][T27973] should_fail+0x3c0/0x510 [ 202.994330][T27973] __should_failslab+0x9f/0xe0 [ 202.998930][T27973] should_failslab+0x9/0x20 [ 203.003364][T27973] kmem_cache_alloc+0x4f/0x2f0 [ 203.007956][T27973] ? anon_vma_fork+0xf7/0x4f0 [ 203.012566][T27973] anon_vma_fork+0xf7/0x4f0 [ 203.016908][T27973] ? anon_vma_name+0x4c/0x70 [ 203.021331][T27973] dup_mmap+0x750/0xea0 [ 203.025331][T27973] ? __delayed_free_task+0x20/0x20 [ 203.030274][T27973] ? mm_init+0x807/0x960 [ 203.034352][T27973] dup_mm+0x91/0x330 [ 203.038081][T27973] copy_mm+0x108/0x1b0 [ 203.041991][T27973] copy_process+0x1295/0x3250 [ 203.046503][T27973] ? proc_fail_nth_write+0x213/0x290 [ 203.051620][T27973] ? proc_fail_nth_read+0x220/0x220 [ 203.056657][T27973] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 203.061603][T27973] ? vfs_write+0x9af/0x1050 [ 203.065943][T27973] ? vmacache_update+0xb7/0x120 [ 203.070632][T27973] kernel_clone+0x22d/0x990 [ 203.074973][T27973] ? file_end_write+0x1b0/0x1b0 [ 203.079656][T27973] ? __kasan_check_write+0x14/0x20 [ 203.084609][T27973] ? create_io_thread+0x1e0/0x1e0 [ 203.089466][T27973] ? __mutex_lock_slowpath+0x10/0x10 [ 203.094585][T27973] __x64_sys_clone+0x289/0x310 [ 203.099194][T27973] ? __do_sys_vfork+0x130/0x130 [ 203.103965][T27973] ? debug_smp_processor_id+0x17/0x20 [ 203.109184][T27973] do_syscall_64+0x44/0xd0 [ 203.113423][T27973] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 203.119155][T27973] RIP: 0033:0x7f510cb420d9 17:39:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x100) [ 203.123403][T27973] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 203.142842][T27973] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 203.151090][T27973] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 203.158895][T27973] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 203.166709][T27973] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 203.174519][T27973] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="f2ffffff"], 0x6a) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x36) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x36) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:39:40 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 33) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:40 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x36) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x36) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:39:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x100) 17:39:40 executing program 0: syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe0e) [ 203.182354][T27973] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 203.190179][T27973] [ 203.264454][T28012] FAULT_INJECTION: forcing a failure. [ 203.264454][T28012] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 203.280291][T28012] CPU: 1 PID: 28012 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 203.290362][T28012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 203.300246][T28012] Call Trace: [ 203.303372][T28012] [ 203.306148][T28012] dump_stack_lvl+0x151/0x1b7 17:39:40 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:40 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="f2ffffff"], 0x6a) 17:39:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x100) 17:39:40 executing program 0: syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe0e) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000200)=0xff) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC=r4], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r6, &(0x7f0000000180)='blkio.bfq.time\x00', 0x0, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r7, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) 17:39:40 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000200)=0xff) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC=r4], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r6, &(0x7f0000000180)='blkio.bfq.time\x00', 0x0, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r7, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000200)=0xff) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC=r4], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r6, &(0x7f0000000180)='blkio.bfq.time\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r7, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (async) 17:39:40 executing program 0: syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe0e) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe0e) (async) [ 203.310663][T28012] ? bfq_pos_tree_add_move+0x43e/0x43e [ 203.315964][T28012] dump_stack+0x15/0x17 [ 203.319948][T28012] should_fail+0x3c0/0x510 [ 203.324201][T28012] should_fail_alloc_page+0x58/0x70 [ 203.329236][T28012] __alloc_pages+0x1de/0x7c0 [ 203.333666][T28012] ? __count_vm_events+0x30/0x30 [ 203.338436][T28012] ? dup_mm+0x91/0x330 [ 203.342341][T28012] ? copy_mm+0x108/0x1b0 [ 203.346419][T28012] ? copy_process+0x1295/0x3250 [ 203.351114][T28012] ? kernel_clone+0x22d/0x990 [ 203.355621][T28012] ? __x64_sys_clone+0x289/0x310 [ 203.360395][T28012] pte_alloc_one+0x73/0x1b0 [ 203.364738][T28012] ? pfn_modify_allowed+0x2e0/0x2e0 [ 203.369767][T28012] ? __kasan_check_write+0x14/0x20 [ 203.374722][T28012] ? __set_page_owner+0x2ee/0x310 [ 203.379666][T28012] __pte_alloc+0x86/0x350 [ 203.383825][T28012] ? post_alloc_hook+0x1ab/0x1b0 [ 203.388604][T28012] ? free_pgtables+0x210/0x210 [ 203.393198][T28012] ? get_page_from_freelist+0x38b/0x400 [ 203.398675][T28012] copy_pte_range+0x1b1f/0x20b0 [ 203.403366][T28012] ? __kunmap_atomic+0x80/0x80 [ 203.407960][T28012] ? __pud_alloc+0x260/0x260 [ 203.412404][T28012] ? __pud_alloc+0x218/0x260 [ 203.416817][T28012] ? do_handle_mm_fault+0x2370/0x2370 [ 203.422028][T28012] copy_page_range+0xc1e/0x1090 [ 203.426714][T28012] ? pfn_valid+0x1e0/0x1e0 [ 203.430964][T28012] dup_mmap+0x99f/0xea0 [ 203.434954][T28012] ? __delayed_free_task+0x20/0x20 [ 203.439900][T28012] ? mm_init+0x807/0x960 [ 203.443979][T28012] dup_mm+0x91/0x330 [ 203.447710][T28012] copy_mm+0x108/0x1b0 [ 203.451617][T28012] copy_process+0x1295/0x3250 [ 203.456133][T28012] ? proc_fail_nth_write+0x213/0x290 [ 203.461252][T28012] ? proc_fail_nth_read+0x220/0x220 [ 203.466295][T28012] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 203.471237][T28012] ? vfs_write+0x9af/0x1050 [ 203.475578][T28012] ? vmacache_update+0xb7/0x120 [ 203.480271][T28012] kernel_clone+0x22d/0x990 [ 203.484607][T28012] ? file_end_write+0x1b0/0x1b0 [ 203.489285][T28012] ? __kasan_check_write+0x14/0x20 [ 203.494234][T28012] ? create_io_thread+0x1e0/0x1e0 [ 203.499183][T28012] ? __mutex_lock_slowpath+0x10/0x10 [ 203.504397][T28012] __x64_sys_clone+0x289/0x310 [ 203.508991][T28012] ? __do_sys_vfork+0x130/0x130 [ 203.513677][T28012] ? debug_smp_processor_id+0x17/0x20 [ 203.518886][T28012] do_syscall_64+0x44/0xd0 [ 203.523143][T28012] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 203.528871][T28012] RIP: 0033:0x7f510cb420d9 [ 203.533819][T28012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 203.553346][T28012] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:41 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 34) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:41 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:41 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/158, 0x9e, 0x0, &(0x7f0000000240)=""/30, 0x1e}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) openat$cgroup_procs(r5, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r6, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, 0xffffffffffffffff, 0x6b0, '\x00', r7, r8, 0x0, 0x2, 0x3, 0xc}, 0x48) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000b00)={'lo\x00', @multicast}) r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r1, 0x4) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@bloom_filter={0x1e, 0x7fffffff, 0xfff, 0x3, 0x1, r2, 0x4, '\x00', 0x0, r3, 0x2, 0x3, 0x0, 0x5}, 0x48) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1d, 0x2, 0x7, 0x800, 0x124a, r2, 0x8, '\x00', 0x0, r2, 0x0, 0x1, 0x5}, 0x48) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x8}, 0x10) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6345}, [@btf_id={0x18, 0x9, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x5, 0x4, 0x5, 0x4, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x93a4, 0xcf, &(0x7f0000000640)=""/207, 0x41000, 0x0, '\x00', r7, 0x0, r9, 0x8, &(0x7f0000000740)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x1, 0xd, 0xf5, 0x89}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r2, 0xffffffffffffffff, r10, 0x1, r11, r12, r13]}, 0x80) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) r14 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r14, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r15, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1a, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000ff0100000000000008000000851000000400000018110000", @ANYRES32=0x1, @ANYBLOB="000000000000000047034000000000001866e50000001a0000000000f8ffffff9a830100de88014b1851000002000000000000000000000018000000ea85dd640203d686380f000095000000000000005475908dc54fbfd77a5a4a5399d731de6da5c7f301e6c72715086e1b6e7ab9d270ac037c805d079d7fa74f66bbe6c817f8c7f361aba0def9fbbb10d1a0f4c82e906fc1fcfee7d45ec8203adf1487427d52c969e5c627c8763001953b5b2f6552e93261e7c529e42108d5b17b62af04cebdcaccbb813a8f85224f29dd7a68e2e8a9ef12748f07ec0d1732000000000000b6daf41f0c956d3d1144c16b88234d1c65978de8397e39c143d05768ace9dfd06a721b9582fb7e3b5957232945cd431077aad742b30f1363069965d35d20a548879c2427368af17858886b8ebd575d2542e73084063d1755ba51c76ac92879f3"], &(0x7f0000000080)='GPL\x00', 0x7d20, 0x7, &(0x7f00000000c0)=""/7, 0x41100, 0x4, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb}, 0x10, r1, r0, 0x0, &(0x7f0000000300)=[0xffffffffffffffff, r2, r14, 0xffffffffffffffff, r2, 0x1, 0xffffffffffffffff, 0x1, r15]}, 0x80) 17:39:41 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async, rerun: 32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (rerun: 32) openat$cgroup_ro(r2, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) (async, rerun: 64) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000200)=0xff) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC=r4], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r6, &(0x7f0000000180)='blkio.bfq.time\x00', 0x0, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r7, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) 17:39:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000ff075beee05bbd6cbf4c4c840de883600000c6ba0000301e3f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x8a082200, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:41 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 203.561587][T28012] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 203.569396][T28012] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 203.577209][T28012] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 203.585028][T28012] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 203.592829][T28012] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 203.600648][T28012] 17:39:41 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/158, 0x9e, 0x0, &(0x7f0000000240)=""/30, 0x1e}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) openat$cgroup_procs(r5, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r6, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, 0xffffffffffffffff, 0x6b0, '\x00', r7, r8, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000b00)={'lo\x00', @multicast}) (async) r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r1, 0x4) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@bloom_filter={0x1e, 0x7fffffff, 0xfff, 0x3, 0x1, r2, 0x4, '\x00', 0x0, r3, 0x2, 0x3, 0x0, 0x5}, 0x48) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1d, 0x2, 0x7, 0x800, 0x124a, r2, 0x8, '\x00', 0x0, r2, 0x0, 0x1, 0x5}, 0x48) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x8}, 0x10) (async) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6345}, [@btf_id={0x18, 0x9, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x5, 0x4, 0x5, 0x4, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x93a4, 0xcf, &(0x7f0000000640)=""/207, 0x41000, 0x0, '\x00', r7, 0x0, r9, 0x8, &(0x7f0000000740)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x1, 0xd, 0xf5, 0x89}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r2, 0xffffffffffffffff, r10, 0x1, r11, r12, r13]}, 0x80) (async) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) r14 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r14, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r15, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1a, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000ff0100000000000008000000851000000400000018110000", @ANYRES32=0x1, @ANYBLOB="000000000000000047034000000000001866e50000001a0000000000f8ffffff9a830100de88014b1851000002000000000000000000000018000000ea85dd640203d686380f000095000000000000005475908dc54fbfd77a5a4a5399d731de6da5c7f301e6c72715086e1b6e7ab9d270ac037c805d079d7fa74f66bbe6c817f8c7f361aba0def9fbbb10d1a0f4c82e906fc1fcfee7d45ec8203adf1487427d52c969e5c627c8763001953b5b2f6552e93261e7c529e42108d5b17b62af04cebdcaccbb813a8f85224f29dd7a68e2e8a9ef12748f07ec0d1732000000000000b6daf41f0c956d3d1144c16b88234d1c65978de8397e39c143d05768ace9dfd06a721b9582fb7e3b5957232945cd431077aad742b30f1363069965d35d20a548879c2427368af17858886b8ebd575d2542e73084063d1755ba51c76ac92879f3"], &(0x7f0000000080)='GPL\x00', 0x7d20, 0x7, &(0x7f00000000c0)=""/7, 0x41100, 0x4, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb}, 0x10, r1, r0, 0x0, &(0x7f0000000300)=[0xffffffffffffffff, r2, r14, 0xffffffffffffffff, r2, 0x1, 0xffffffffffffffff, 0x1, r15]}, 0x80) 17:39:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000ff075beee05bbd6cbf4c4c840de883600000c6ba0000301e3f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x8a082200, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000ff075beee05bbd6cbf4c4c840de883600000c6ba0000301e3f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) (async) syz_clone(0x8a082200, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) recvmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f00000000c0)=""/203, 0xcb}, {&(0x7f00000001c0)=""/223, 0xdf}, {&(0x7f00000002c0)=""/193, 0xc1}, {&(0x7f00000003c0)=""/40, 0x28}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x5}, 0x2000) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) recvmsg(r1, &(0x7f0000001900)={&(0x7f00000014c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @dev}}}}, 0x80, &(0x7f0000001800)=[{&(0x7f0000001540)=""/249, 0xf9}, {&(0x7f0000001640)=""/59, 0x3b}, {&(0x7f0000001680)=""/182, 0xb6}, {&(0x7f0000001740)=""/179, 0xb3}], 0x4, &(0x7f0000001840)=""/187, 0xbb}, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) recvmsg(r0, &(0x7f0000001b80)={&(0x7f0000001940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000019c0)=""/62, 0x3e}, {&(0x7f0000001a00)=""/54, 0x36}, {&(0x7f0000001a40)=""/30, 0x1e}], 0x3, &(0x7f0000001ac0)=""/187, 0xbb}, 0x40000000) 17:39:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000ff075beee05bbd6cbf4c4c840de883600000c6ba0000301e3f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) (async) syz_clone(0x8a082200, 0x0, 0x0, 0x0, 0x0, 0x0) [ 203.662767][T28076] FAULT_INJECTION: forcing a failure. [ 203.662767][T28076] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 203.682884][T28076] CPU: 1 PID: 28076 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 203.692951][T28076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 203.703020][T28076] Call Trace: [ 203.706153][T28076] 17:39:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801a102ffff0700025495000017000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='f2fs_write_begin\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='flush_foreign\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xc6, 0x3, 0xff, 0x3, 0x0, 0xff, 0x80002, 0x5, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x0, @perf_config_ext={0x3f, 0x2}, 0x0, 0x1000, 0x4, 0x7, 0x9, 0x10001, 0x3f, 0x0, 0x1f, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) 17:39:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801a102ffff0700025495000017000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='f2fs_write_begin\x00', r0}, 0x10) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='flush_foreign\x00', r1}, 0x10) (async, rerun: 64) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xc6, 0x3, 0xff, 0x3, 0x0, 0xff, 0x80002, 0x5, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x0, @perf_config_ext={0x3f, 0x2}, 0x0, 0x1000, 0x4, 0x7, 0x9, 0x10001, 0x3f, 0x0, 0x1f, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) [ 203.708920][T28076] dump_stack_lvl+0x151/0x1b7 [ 203.713435][T28076] ? bfq_pos_tree_add_move+0x43e/0x43e [ 203.718726][T28076] ? stack_trace_save+0x1f0/0x1f0 [ 203.723590][T28076] ? __kernel_text_address+0x9a/0x110 [ 203.728795][T28076] dump_stack+0x15/0x17 [ 203.732787][T28076] should_fail+0x3c0/0x510 [ 203.737041][T28076] should_fail_alloc_page+0x58/0x70 [ 203.742084][T28076] __alloc_pages+0x1de/0x7c0 [ 203.746503][T28076] ? stack_trace_save+0x12d/0x1f0 [ 203.751365][T28076] ? stack_trace_snprint+0x100/0x100 [ 203.756483][T28076] ? __count_vm_events+0x30/0x30 [ 203.761253][T28076] ? __kasan_slab_alloc+0xc4/0xe0 [ 203.766119][T28076] ? __kasan_slab_alloc+0xb2/0xe0 [ 203.770974][T28076] ? kmem_cache_alloc+0x189/0x2f0 [ 203.775839][T28076] ? anon_vma_fork+0x1b9/0x4f0 [ 203.780436][T28076] get_zeroed_page+0x19/0x40 [ 203.784858][T28076] __pud_alloc+0x8b/0x260 [ 203.789026][T28076] ? do_handle_mm_fault+0x2370/0x2370 [ 203.794239][T28076] copy_page_range+0xd9e/0x1090 [ 203.798923][T28076] ? pfn_valid+0x1e0/0x1e0 [ 203.803175][T28076] dup_mmap+0x99f/0xea0 [ 203.807168][T28076] ? __delayed_free_task+0x20/0x20 [ 203.812120][T28076] ? mm_init+0x807/0x960 [ 203.816191][T28076] dup_mm+0x91/0x330 [ 203.819922][T28076] copy_mm+0x108/0x1b0 [ 203.823830][T28076] copy_process+0x1295/0x3250 [ 203.828349][T28076] ? proc_fail_nth_write+0x213/0x290 [ 203.833468][T28076] ? proc_fail_nth_read+0x220/0x220 [ 203.838497][T28076] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 203.843443][T28076] ? vfs_write+0x9af/0x1050 [ 203.847784][T28076] ? vmacache_update+0xb7/0x120 [ 203.852562][T28076] kernel_clone+0x22d/0x990 [ 203.856897][T28076] ? file_end_write+0x1b0/0x1b0 [ 203.861587][T28076] ? __kasan_check_write+0x14/0x20 [ 203.866533][T28076] ? create_io_thread+0x1e0/0x1e0 [ 203.871402][T28076] ? __mutex_lock_slowpath+0x10/0x10 [ 203.876515][T28076] __x64_sys_clone+0x289/0x310 [ 203.881118][T28076] ? __do_sys_vfork+0x130/0x130 [ 203.885975][T28076] ? debug_smp_processor_id+0x17/0x20 [ 203.891183][T28076] do_syscall_64+0x44/0xd0 [ 203.895435][T28076] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 203.901162][T28076] RIP: 0033:0x7f510cb420d9 [ 203.905425][T28076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 203.925033][T28076] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 203.933276][T28076] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 203.941097][T28076] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 203.948901][T28076] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:41 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 35) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801a102ffff0700025495000017000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='f2fs_write_begin\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='flush_foreign\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xc6, 0x3, 0xff, 0x3, 0x0, 0xff, 0x80002, 0x5, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x0, @perf_config_ext={0x3f, 0x2}, 0x0, 0x1000, 0x4, 0x7, 0x9, 0x10001, 0x3f, 0x0, 0x1f, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801a102ffff0700025495000017000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='f2fs_write_begin\x00', r0}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='flush_foreign\x00', r1}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xc6, 0x3, 0xff, 0x3, 0x0, 0xff, 0x80002, 0x5, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x0, @perf_config_ext={0x3f, 0x2}, 0x0, 0x1000, 0x4, 0x7, 0x9, 0x10001, 0x3f, 0x0, 0x1f, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) 17:39:41 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/158, 0x9e, 0x0, &(0x7f0000000240)=""/30, 0x1e}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) openat$cgroup_procs(r5, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r6, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, 0xffffffffffffffff, 0x6b0, '\x00', r7, r8, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000b00)={'lo\x00', @multicast}) (async) r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r1, 0x4) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@bloom_filter={0x1e, 0x7fffffff, 0xfff, 0x3, 0x1, r2, 0x4, '\x00', 0x0, r3, 0x2, 0x3, 0x0, 0x5}, 0x48) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1d, 0x2, 0x7, 0x800, 0x124a, r2, 0x8, '\x00', 0x0, r2, 0x0, 0x1, 0x5}, 0x48) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x8}, 0x10) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6345}, [@btf_id={0x18, 0x9, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x5, 0x4, 0x5, 0x4, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x93a4, 0xcf, &(0x7f0000000640)=""/207, 0x41000, 0x0, '\x00', r7, 0x0, r9, 0x8, &(0x7f0000000740)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x1, 0xd, 0xf5, 0x89}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r2, 0xffffffffffffffff, r10, 0x1, r11, r12, r13]}, 0x80) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async) r14 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r14, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r15, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1a, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000ff0100000000000008000000851000000400000018110000", @ANYRES32=0x1, @ANYBLOB="000000000000000047034000000000001866e50000001a0000000000f8ffffff9a830100de88014b1851000002000000000000000000000018000000ea85dd640203d686380f000095000000000000005475908dc54fbfd77a5a4a5399d731de6da5c7f301e6c72715086e1b6e7ab9d270ac037c805d079d7fa74f66bbe6c817f8c7f361aba0def9fbbb10d1a0f4c82e906fc1fcfee7d45ec8203adf1487427d52c969e5c627c8763001953b5b2f6552e93261e7c529e42108d5b17b62af04cebdcaccbb813a8f85224f29dd7a68e2e8a9ef12748f07ec0d1732000000000000b6daf41f0c956d3d1144c16b88234d1c65978de8397e39c143d05768ace9dfd06a721b9582fb7e3b5957232945cd431077aad742b30f1363069965d35d20a548879c2427368af17858886b8ebd575d2542e73084063d1755ba51c76ac92879f3"], &(0x7f0000000080)='GPL\x00', 0x7d20, 0x7, &(0x7f00000000c0)=""/7, 0x41100, 0x4, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb}, 0x10, r1, r0, 0x0, &(0x7f0000000300)=[0xffffffffffffffff, r2, r14, 0xffffffffffffffff, r2, 0x1, 0xffffffffffffffff, 0x1, r15]}, 0x80) 17:39:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) (async) recvmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f00000000c0)=""/203, 0xcb}, {&(0x7f00000001c0)=""/223, 0xdf}, {&(0x7f00000002c0)=""/193, 0xc1}, {&(0x7f00000003c0)=""/40, 0x28}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x5}, 0x2000) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) recvmsg(r1, &(0x7f0000001900)={&(0x7f00000014c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @dev}}}}, 0x80, &(0x7f0000001800)=[{&(0x7f0000001540)=""/249, 0xf9}, {&(0x7f0000001640)=""/59, 0x3b}, {&(0x7f0000001680)=""/182, 0xb6}, {&(0x7f0000001740)=""/179, 0xb3}], 0x4, &(0x7f0000001840)=""/187, 0xbb}, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) recvmsg(r0, &(0x7f0000001b80)={&(0x7f0000001940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000019c0)=""/62, 0x3e}, {&(0x7f0000001a00)=""/54, 0x36}, {&(0x7f0000001a40)=""/30, 0x1e}], 0x3, &(0x7f0000001ac0)=""/187, 0xbb}, 0x40000000) 17:39:41 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) [ 203.956709][T28076] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 203.964521][T28076] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 203.972336][T28076] [ 204.038829][T28130] FAULT_INJECTION: forcing a failure. [ 204.038829][T28130] name failslab, interval 1, probability 0, space 0, times 0 [ 204.051774][T28130] CPU: 1 PID: 28130 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 204.061828][T28130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 204.071722][T28130] Call Trace: [ 204.074849][T28130] [ 204.077632][T28130] dump_stack_lvl+0x151/0x1b7 [ 204.082139][T28130] ? bfq_pos_tree_add_move+0x43e/0x43e [ 204.087432][T28130] dump_stack+0x15/0x17 [ 204.091424][T28130] should_fail+0x3c0/0x510 [ 204.095679][T28130] __should_failslab+0x9f/0xe0 [ 204.100278][T28130] should_failslab+0x9/0x20 [ 204.104882][T28130] kmem_cache_alloc+0x4f/0x2f0 [ 204.109479][T28130] ? vm_area_dup+0x26/0x1d0 [ 204.113818][T28130] ? __kasan_check_read+0x11/0x20 [ 204.118678][T28130] vm_area_dup+0x26/0x1d0 [ 204.122848][T28130] dup_mmap+0x6b8/0xea0 [ 204.126843][T28130] ? __delayed_free_task+0x20/0x20 [ 204.131784][T28130] ? mm_init+0x807/0x960 [ 204.135865][T28130] dup_mm+0x91/0x330 [ 204.139596][T28130] copy_mm+0x108/0x1b0 [ 204.143502][T28130] copy_process+0x1295/0x3250 [ 204.148015][T28130] ? proc_fail_nth_write+0x213/0x290 [ 204.153137][T28130] ? proc_fail_nth_read+0x220/0x220 [ 204.158344][T28130] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 204.163290][T28130] ? vfs_write+0x9af/0x1050 [ 204.167630][T28130] ? vmacache_update+0xb7/0x120 [ 204.172319][T28130] kernel_clone+0x22d/0x990 [ 204.176656][T28130] ? file_end_write+0x1b0/0x1b0 [ 204.181344][T28130] ? __kasan_check_write+0x14/0x20 [ 204.186289][T28130] ? create_io_thread+0x1e0/0x1e0 [ 204.191154][T28130] ? __mutex_lock_slowpath+0x10/0x10 [ 204.196275][T28130] __x64_sys_clone+0x289/0x310 [ 204.200874][T28130] ? __do_sys_vfork+0x130/0x130 [ 204.205563][T28130] ? debug_smp_processor_id+0x17/0x20 [ 204.210769][T28130] do_syscall_64+0x44/0xd0 [ 204.215029][T28130] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 204.220749][T28130] RIP: 0033:0x7f510cb420d9 [ 204.225003][T28130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 204.244448][T28130] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 204.252698][T28130] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 204.260505][T28130] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 204.268314][T28130] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 204.276125][T28130] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 204.283935][T28130] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 204.291749][T28130] 17:39:41 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:41 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000040)}, 0x10) 17:39:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) (async) recvmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f00000000c0)=""/203, 0xcb}, {&(0x7f00000001c0)=""/223, 0xdf}, {&(0x7f00000002c0)=""/193, 0xc1}, {&(0x7f00000003c0)=""/40, 0x28}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x5}, 0x2000) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) recvmsg(r1, &(0x7f0000001900)={&(0x7f00000014c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @dev}}}}, 0x80, &(0x7f0000001800)=[{&(0x7f0000001540)=""/249, 0xf9}, {&(0x7f0000001640)=""/59, 0x3b}, {&(0x7f0000001680)=""/182, 0xb6}, {&(0x7f0000001740)=""/179, 0xb3}], 0x4, &(0x7f0000001840)=""/187, 0xbb}, 0x2) (rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) recvmsg(r0, &(0x7f0000001b80)={&(0x7f0000001940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000019c0)=""/62, 0x3e}, {&(0x7f0000001a00)=""/54, 0x36}, {&(0x7f0000001a40)=""/30, 0x1e}], 0x3, &(0x7f0000001ac0)=""/187, 0xbb}, 0x40000000) 17:39:41 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) (async) 17:39:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x5}, [@exit, @ldst={0x1, 0x1, 0x3, 0x1, 0xa, 0x10, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x0, 0x3, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x40, 0x92, &(0x7f0000000300)=""/146, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x9, 0x3, 0xda}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1]}, 0x80) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r4, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r3}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, [@map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x35}, @alu={0x4, 0x0, 0xd, 0x0, 0x7, 0xfffffffffffffff0, 0xfffffffffffffff0}]}, &(0x7f0000000440)='GPL\x00', 0x7f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, r2, 0x8, &(0x7f00000004c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x2, 0x8, 0xb11}, 0x10, r3, r1, 0x0, &(0x7f0000000540)=[0x1, r5]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:41 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 36) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:41 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 64) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) 17:39:41 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000040)}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000040)}, 0x10) (async) 17:39:41 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33fe524e75416580df9d4d8e5d2927154ca8aef36193d57942bcf58a236b361316d58335efa9bc9b31aa84577bacc41dca68086da040b9118dc4d635d8757b873d133fb4002bcf5486cce98a1a09044cf1c7b1173f125975493835bb307e5a35f45facdc1a2e971dc267ea9e5a520a7a"], 0x6a) [ 204.343073][T28145] FAULT_INJECTION: forcing a failure. [ 204.343073][T28145] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 204.389520][T28145] CPU: 0 PID: 28145 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 204.399595][T28145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 204.409496][T28145] Call Trace: [ 204.412615][T28145] [ 204.415393][T28145] dump_stack_lvl+0x151/0x1b7 [ 204.419903][T28145] ? bfq_pos_tree_add_move+0x43e/0x43e [ 204.425206][T28145] ? __kasan_check_write+0x14/0x20 [ 204.430150][T28145] ? __set_page_owner+0x2ee/0x310 [ 204.435010][T28145] dump_stack+0x15/0x17 [ 204.438997][T28145] should_fail+0x3c0/0x510 [ 204.443251][T28145] should_fail_alloc_page+0x58/0x70 [ 204.448287][T28145] __alloc_pages+0x1de/0x7c0 [ 204.452723][T28145] ? __count_vm_events+0x30/0x30 [ 204.457486][T28145] ? __count_vm_events+0x30/0x30 [ 204.462384][T28145] ? __kasan_check_write+0x14/0x20 [ 204.467294][T28145] ? _raw_spin_lock+0xa3/0x1b0 [ 204.471895][T28145] __pmd_alloc+0xb1/0x550 [ 204.476072][T28145] ? kmem_cache_alloc+0x189/0x2f0 [ 204.480919][T28145] ? anon_vma_fork+0x1b9/0x4f0 [ 204.485520][T28145] ? __pud_alloc+0x260/0x260 [ 204.490122][T28145] ? __pud_alloc+0x218/0x260 [ 204.494548][T28145] ? do_handle_mm_fault+0x2370/0x2370 [ 204.499758][T28145] copy_page_range+0xd04/0x1090 [ 204.504450][T28145] ? pfn_valid+0x1e0/0x1e0 [ 204.508697][T28145] dup_mmap+0x99f/0xea0 [ 204.512690][T28145] ? __delayed_free_task+0x20/0x20 [ 204.517636][T28145] ? mm_init+0x807/0x960 [ 204.521713][T28145] dup_mm+0x91/0x330 [ 204.525455][T28145] copy_mm+0x108/0x1b0 [ 204.529353][T28145] copy_process+0x1295/0x3250 [ 204.533866][T28145] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 204.539511][T28145] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 204.544458][T28145] ? vfs_write+0x9af/0x1050 [ 204.548796][T28145] ? vmacache_update+0xb7/0x120 [ 204.553485][T28145] kernel_clone+0x22d/0x990 [ 204.557820][T28145] ? file_end_write+0x1b0/0x1b0 [ 204.562508][T28145] ? __kasan_check_write+0x14/0x20 [ 204.567453][T28145] ? create_io_thread+0x1e0/0x1e0 [ 204.572370][T28145] ? __mutex_lock_slowpath+0x10/0x10 [ 204.577612][T28145] __x64_sys_clone+0x289/0x310 [ 204.582209][T28145] ? __do_sys_vfork+0x130/0x130 [ 204.586983][T28145] ? fpregs_restore_userregs+0x1f0/0x3a0 [ 204.592454][T28145] ? switch_fpu_return+0xe/0x10 [ 204.597926][T28145] do_syscall_64+0x44/0xd0 [ 204.602173][T28145] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 204.607897][T28145] RIP: 0033:0x7f510cb420d9 [ 204.612153][T28145] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 204.631685][T28145] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x6a) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000040)}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000040)}, 0x10) (async) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33fe524e75416580df9d4d8e5d2927154ca8aef36193d57942bcf58a236b361316d58335efa9bc9b31aa84577bacc41dca68086da040b9118dc4d635d8757b873d133fb4002bcf5486cce98a1a09044cf1c7b1173f125975493835bb307e5a35f45facdc1a2e971dc267ea9e5a520a7a"], 0x6a) [ 204.639924][T28145] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 204.648198][T28145] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 204.656637][T28145] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 204.665729][T28145] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 204.673630][T28145] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 204.681456][T28145] 17:39:42 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x5}, [@exit, @ldst={0x1, 0x1, 0x3, 0x1, 0xa, 0x10, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x0, 0x3, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x40, 0x92, &(0x7f0000000300)=""/146, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x9, 0x3, 0xda}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1]}, 0x80) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r4, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r3}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, [@map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x35}, @alu={0x4, 0x0, 0xd, 0x0, 0x7, 0xfffffffffffffff0, 0xfffffffffffffff0}]}, &(0x7f0000000440)='GPL\x00', 0x7f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, r2, 0x8, &(0x7f00000004c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x2, 0x8, 0xb11}, 0x10, r3, r1, 0x0, &(0x7f0000000540)=[0x1, r5]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x5}, [@exit, @ldst={0x1, 0x1, 0x3, 0x1, 0xa, 0x10, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x0, 0x3, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x40, 0x92, &(0x7f0000000300)=""/146, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x9, 0x3, 0xda}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1]}, 0x80) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r4, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r3}, 0x80) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, [@map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x35}, @alu={0x4, 0x0, 0xd, 0x0, 0x7, 0xfffffffffffffff0, 0xfffffffffffffff0}]}, &(0x7f0000000440)='GPL\x00', 0x7f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, r2, 0x8, &(0x7f00000004c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x2, 0x8, 0xb11}, 0x10, r3, r1, 0x0, &(0x7f0000000540)=[0x1, r5]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:42 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 37) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x6a) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33fe524e75416580df9d4d8e5d2927154ca8aef36193d57942bcf58a236b361316d58335efa9bc9b31aa84577bacc41dca68086da040b9118dc4d635d8757b873d133fb4002bcf5486cce98a1a09044cf1c7b1173f125975493835bb307e5a35f45facdc1a2e971dc267ea9e5a520a7a"], 0x6a) 17:39:42 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000240)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='io.stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x15, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xa5}, @exit, @map_fd, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @alu={0x7, 0x1, 0x0, 0x2, 0x4, 0xffffffffffffffff, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x9b, &(0x7f00000000c0)=""/155, 0x41100, 0x16, '\x00', r2, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x8, 0x2, 0x7fffffff}, 0x10, 0x0, r0, 0x0, &(0x7f0000000540)=[r3, 0xffffffffffffffff]}, 0x80) 17:39:42 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000240)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='io.stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x15, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xa5}, @exit, @map_fd, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @alu={0x7, 0x1, 0x0, 0x2, 0x4, 0xffffffffffffffff, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x9b, &(0x7f00000000c0)=""/155, 0x41100, 0x16, '\x00', r2, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x8, 0x2, 0x7fffffff}, 0x10, 0x0, r0, 0x0, &(0x7f0000000540)=[r3, 0xffffffffffffffff]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000240)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='io.stat\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x15, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xa5}, @exit, @map_fd, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @alu={0x7, 0x1, 0x0, 0x2, 0x4, 0xffffffffffffffff, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x9b, &(0x7f00000000c0)=""/155, 0x41100, 0x16, '\x00', r2, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x8, 0x2, 0x7fffffff}, 0x10, 0x0, r0, 0x0, &(0x7f0000000540)=[r3, 0xffffffffffffffff]}, 0x80) (async) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x6a) [ 204.742215][T28183] FAULT_INJECTION: forcing a failure. [ 204.742215][T28183] name failslab, interval 1, probability 0, space 0, times 0 [ 204.784483][T28183] CPU: 0 PID: 28183 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 204.794553][T28183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 204.804532][T28183] Call Trace: [ 204.807668][T28183] [ 204.810432][T28183] dump_stack_lvl+0x151/0x1b7 [ 204.815123][T28183] ? bfq_pos_tree_add_move+0x43e/0x43e [ 204.820416][T28183] dump_stack+0x15/0x17 [ 204.824406][T28183] should_fail+0x3c0/0x510 [ 204.828662][T28183] __should_failslab+0x9f/0xe0 [ 204.833261][T28183] should_failslab+0x9/0x20 [ 204.837620][T28183] kmem_cache_alloc+0x4f/0x2f0 [ 204.842200][T28183] ? vm_area_dup+0x26/0x1d0 [ 204.846543][T28183] vm_area_dup+0x26/0x1d0 [ 204.850793][T28183] dup_mmap+0x6b8/0xea0 [ 204.854786][T28183] ? __delayed_free_task+0x20/0x20 [ 204.859739][T28183] ? mm_init+0x807/0x960 [ 204.863811][T28183] dup_mm+0x91/0x330 [ 204.867544][T28183] copy_mm+0x108/0x1b0 [ 204.871450][T28183] copy_process+0x1295/0x3250 [ 204.875965][T28183] ? proc_fail_nth_write+0x213/0x290 [ 204.881083][T28183] ? proc_fail_nth_read+0x220/0x220 [ 204.886119][T28183] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 204.891089][T28183] ? vfs_write+0x9af/0x1050 [ 204.895406][T28183] ? irqentry_exit+0x30/0x40 [ 204.899831][T28183] kernel_clone+0x22d/0x990 [ 204.904171][T28183] ? file_end_write+0x1b0/0x1b0 [ 204.908859][T28183] ? __kasan_check_write+0x14/0x20 [ 204.913806][T28183] ? create_io_thread+0x1e0/0x1e0 [ 204.918667][T28183] ? __mutex_lock_slowpath+0x10/0x10 [ 204.923787][T28183] __x64_sys_clone+0x289/0x310 [ 204.928385][T28183] ? __do_sys_vfork+0x130/0x130 [ 204.933075][T28183] ? debug_smp_processor_id+0x17/0x20 [ 204.938283][T28183] do_syscall_64+0x44/0xd0 [ 204.942534][T28183] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 204.948260][T28183] RIP: 0033:0x7f510cb420d9 [ 204.952518][T28183] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 204.972131][T28183] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:42 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000240)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='io.stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x15, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0xa5}, @exit, @map_fd, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @alu={0x7, 0x1, 0x0, 0x2, 0x4, 0xffffffffffffffff, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x9b, &(0x7f00000000c0)=""/155, 0x41100, 0x16, '\x00', r2, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x8, 0x2, 0x7fffffff}, 0x10, 0x0, r0, 0x0, &(0x7f0000000540)=[r3, 0xffffffffffffffff]}, 0x80) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x6a) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x4, 0x80, 0x3f, 0x0, 0x0, 0x1, 0x200, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8800, 0x3, 0x20, 0x14e01c0d3eb94985, 0x2, 0x0, 0x4, 0x0, 0x8, 0x0, 0x8}, 0x0, 0x6, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0xd1, 0x1, 0x6, 0x81, 0x0, 0xffffffffffffffff, 0x8008, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x1f, 0x1}, 0x8, 0x7ff, 0xf4e, 0x5, 0x9, 0x3, 0x400, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0xd, r1, 0x2) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x6a) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x6a) [ 204.980375][T28183] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 204.988195][T28183] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 204.996016][T28183] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 205.003808][T28183] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 205.011621][T28183] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 205.019433][T28183] 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x5}, [@exit, @ldst={0x1, 0x1, 0x3, 0x1, 0xa, 0x10, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x0, 0x3, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x40, 0x92, &(0x7f0000000300)=""/146, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x9, 0x3, 0xda}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1]}, 0x80) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r4, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r3}, 0x80) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, [@map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x35}, @alu={0x4, 0x0, 0xd, 0x0, 0x7, 0xfffffffffffffff0, 0xfffffffffffffff0}]}, &(0x7f0000000440)='GPL\x00', 0x7f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, r2, 0x8, &(0x7f00000004c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x2, 0x8, 0xb11}, 0x10, r3, r1, 0x0, &(0x7f0000000540)=[0x1, r5]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffa8) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x3, 0x9, 0x70e, 0x4, 0x60, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xa, 0x11, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4c1e000}, [@map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @generic={0xe2, 0x7, 0x8, 0x40, 0x7fff}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xd}, @map_fd={0x18, 0x0, 0x1, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @alu={0x4, 0x0, 0x0, 0x6, 0x4, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0xe0, 0x98, &(0x7f0000000100)=""/152, 0x40f00, 0xa, '\x00', r1, 0xa, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x3, 0x800, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r2, r3, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:42 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x6a) 17:39:42 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 38) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x4, 0x80, 0x3f, 0x0, 0x0, 0x1, 0x200, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8800, 0x3, 0x20, 0x14e01c0d3eb94985, 0x2, 0x0, 0x4, 0x0, 0x8, 0x0, 0x8}, 0x0, 0x6, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0xd1, 0x1, 0x6, 0x81, 0x0, 0xffffffffffffffff, 0x8008, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x1f, 0x1}, 0x8, 0x7ff, 0xf4e, 0x5, 0x9, 0x3, 0x400, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0xd, r1, 0x2) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x6a) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffa8) (async) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x3, 0x9, 0x70e, 0x4, 0x60, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xa, 0x11, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4c1e000}, [@map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @generic={0xe2, 0x7, 0x8, 0x40, 0x7fff}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xd}, @map_fd={0x18, 0x0, 0x1, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @alu={0x4, 0x0, 0x0, 0x6, 0x4, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0xe0, 0x98, &(0x7f0000000100)=""/152, 0x40f00, 0xa, '\x00', r1, 0xa, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x3, 0x800, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r2, r3, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x49, 0xf4, 0x1, 0x7f, 0x0, 0x1267, 0x9002, 0xb, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x1, 0x3e83, 0x3584, 0x8, 0x400, 0x8, 0x3, 0x0, 0xfffffff7, 0x0, 0x3fef}, 0x0, 0x9, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x40, 0xf9, 0xbe, 0x1f, 0x0, 0x5, 0x90000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000000c0), 0x8}, 0x4, 0xfffffffffffffff9, 0xffffffff, 0x3, 0x100000001, 0x1f, 0x101, 0x0, 0xfbb, 0x0, 0x3f}, 0xffffffffffffffff, 0x2, r1, 0x8) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x4, 0x80, 0x3f, 0x0, 0x0, 0x1, 0x200, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8800, 0x3, 0x20, 0x14e01c0d3eb94985, 0x2, 0x0, 0x4, 0x0, 0x8, 0x0, 0x8}, 0x0, 0x6, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0xd1, 0x1, 0x6, 0x81, 0x0, 0xffffffffffffffff, 0x8008, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x1f, 0x1}, 0x8, 0x7ff, 0xf4e, 0x5, 0x9, 0x3, 0x400, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0xd, r1, 0x2) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x4, 0x80, 0x3f, 0x0, 0x0, 0x1, 0x200, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8800, 0x3, 0x20, 0x14e01c0d3eb94985, 0x2, 0x0, 0x4, 0x0, 0x8, 0x0, 0x8}, 0x0, 0x6, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0xd1, 0x1, 0x6, 0x81, 0x0, 0xffffffffffffffff, 0x8008, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x1f, 0x1}, 0x8, 0x7ff, 0xf4e, 0x5, 0x9, 0x3, 0x400, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0xd, r1, 0x2) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x6a) (async) 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000190000000000010000850000120700000295"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00'}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000006c0)={r1, &(0x7f0000000600)="a9b22ed4ab1c653a0750ebc8fe87c7657637244bf19788201e06b535df56d702b274ebc7013a88eb7ddf71e5faeb5772a2c59e39670ad5cb073a21ae92e128ca0f0059c1e388e30f730db19b6aac6646001b1d8f6f24360c96adbdd7e4e936069c17b2451f4217746f93741fa45c06f21dcd15931e9dd3617896c7e89c249a65", &(0x7f0000000680)}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x20, 0x14}, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r5, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r5, 0x5, 0xffffffffffffffff, 0x0) r6 = perf_event_open$cgroup(&(0x7f0000000580)={0x1, 0x80, 0xff, 0x9, 0x40, 0x6, 0x0, 0x6e, 0x20084, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000540), 0x6}, 0x20, 0x7ff, 0x3, 0x9, 0x3, 0xfffffff8, 0x1, 0x0, 0x3, 0x0, 0x1}, r4, 0x7, r2, 0xc) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xc2, 0x1, 0x1f, 0x6, 0x0, 0x64, 0x63110, 0x4, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000480)}, 0xa80, 0x3, 0x0, 0x1, 0x7, 0x0, 0xd2, 0x0, 0x309, 0x0, 0x3}, r5, 0x5, r6, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000040)=@raw=[@alu={0x4, 0x1, 0xb, 0x3, 0x0, 0x30, 0x8}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='GPL\x00', 0xc5, 0x3d, &(0x7f0000000100)=""/61, 0x40f00, 0xf089aecef962b44, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000001c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x6, 0x10000, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3, r2, 0xffffffffffffffff, 0x1, r4, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffa8) (async) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x3, 0x9, 0x70e, 0x4, 0x60, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xa, 0x11, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4c1e000}, [@map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @generic={0xe2, 0x7, 0x8, 0x40, 0x7fff}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xd}, @map_fd={0x18, 0x0, 0x1, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @alu={0x4, 0x0, 0x0, 0x6, 0x4, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0xe0, 0x98, &(0x7f0000000100)=""/152, 0x40f00, 0xa, '\x00', r1, 0xa, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x3, 0x800, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r2, r3, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 205.115365][T28240] FAULT_INJECTION: forcing a failure. [ 205.115365][T28240] name failslab, interval 1, probability 0, space 0, times 0 [ 205.148289][T28240] CPU: 1 PID: 28240 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x49, 0xf4, 0x1, 0x7f, 0x0, 0x1267, 0x9002, 0xb, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x1, 0x3e83, 0x3584, 0x8, 0x400, 0x8, 0x3, 0x0, 0xfffffff7, 0x0, 0x3fef}, 0x0, 0x9, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x40, 0xf9, 0xbe, 0x1f, 0x0, 0x5, 0x90000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000000c0), 0x8}, 0x4, 0xfffffffffffffff9, 0xffffffff, 0x3, 0x100000001, 0x1f, 0x101, 0x0, 0xfbb, 0x0, 0x3f}, 0xffffffffffffffff, 0x2, r1, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x1ff) (async) perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x49, 0xf4, 0x1, 0x7f, 0x0, 0x1267, 0x9002, 0xb, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x1, 0x3e83, 0x3584, 0x8, 0x400, 0x8, 0x3, 0x0, 0xfffffff7, 0x0, 0x3fef}, 0x0, 0x9, 0xffffffffffffffff, 0x9) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x40, 0xf9, 0xbe, 0x1f, 0x0, 0x5, 0x90000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000000c0), 0x8}, 0x4, 0xfffffffffffffff9, 0xffffffff, 0x3, 0x100000001, 0x1f, 0x101, 0x0, 0xfbb, 0x0, 0x3f}, 0xffffffffffffffff, 0x2, r1, 0x8) (async) 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000190000000000010000850000120700000295"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00'}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000006c0)={r1, &(0x7f0000000600)="a9b22ed4ab1c653a0750ebc8fe87c7657637244bf19788201e06b535df56d702b274ebc7013a88eb7ddf71e5faeb5772a2c59e39670ad5cb073a21ae92e128ca0f0059c1e388e30f730db19b6aac6646001b1d8f6f24360c96adbdd7e4e936069c17b2451f4217746f93741fa45c06f21dcd15931e9dd3617896c7e89c249a65", &(0x7f0000000680)}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x20, 0x14}, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r5, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r5, 0x5, 0xffffffffffffffff, 0x0) r6 = perf_event_open$cgroup(&(0x7f0000000580)={0x1, 0x80, 0xff, 0x9, 0x40, 0x6, 0x0, 0x6e, 0x20084, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000540), 0x6}, 0x20, 0x7ff, 0x3, 0x9, 0x3, 0xfffffff8, 0x1, 0x0, 0x3, 0x0, 0x1}, r4, 0x7, r2, 0xc) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xc2, 0x1, 0x1f, 0x6, 0x0, 0x64, 0x63110, 0x4, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000480)}, 0xa80, 0x3, 0x0, 0x1, 0x7, 0x0, 0xd2, 0x0, 0x309, 0x0, 0x3}, r5, 0x5, r6, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000040)=@raw=[@alu={0x4, 0x1, 0xb, 0x3, 0x0, 0x30, 0x8}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='GPL\x00', 0xc5, 0x3d, &(0x7f0000000100)=""/61, 0x40f00, 0xf089aecef962b44, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000001c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x6, 0x10000, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3, r2, 0xffffffffffffffff, 0x1, r4, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000190000000000010000850000120700000295"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00'}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000006c0)={r1, &(0x7f0000000600)="a9b22ed4ab1c653a0750ebc8fe87c7657637244bf19788201e06b535df56d702b274ebc7013a88eb7ddf71e5faeb5772a2c59e39670ad5cb073a21ae92e128ca0f0059c1e388e30f730db19b6aac6646001b1d8f6f24360c96adbdd7e4e936069c17b2451f4217746f93741fa45c06f21dcd15931e9dd3617896c7e89c249a65", &(0x7f0000000680)}, 0x20) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x20, 0x14}, 0xc) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) getpid() (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r5, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r5, 0x5, 0xffffffffffffffff, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000580)={0x1, 0x80, 0xff, 0x9, 0x40, 0x6, 0x0, 0x6e, 0x20084, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000540), 0x6}, 0x20, 0x7ff, 0x3, 0x9, 0x3, 0xfffffff8, 0x1, 0x0, 0x3, 0x0, 0x1}, r4, 0x7, r2, 0xc) (async) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xc2, 0x1, 0x1f, 0x6, 0x0, 0x64, 0x63110, 0x4, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000480)}, 0xa80, 0x3, 0x0, 0x1, 0x7, 0x0, 0xd2, 0x0, 0x309, 0x0, 0x3}, r5, 0x5, r6, 0x3) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000040)=@raw=[@alu={0x4, 0x1, 0xb, 0x3, 0x0, 0x30, 0x8}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='GPL\x00', 0xc5, 0x3d, &(0x7f0000000100)=""/61, 0x40f00, 0xf089aecef962b44, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000001c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x6, 0x10000, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3, r2, 0xffffffffffffffff, 0x1, r4, 0xffffffffffffffff, 0x1]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000190000000000010000850000120700000295"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00'}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000006c0)={r1, &(0x7f0000000600)="a9b22ed4ab1c653a0750ebc8fe87c7657637244bf19788201e06b535df56d702b274ebc7013a88eb7ddf71e5faeb5772a2c59e39670ad5cb073a21ae92e128ca0f0059c1e388e30f730db19b6aac6646001b1d8f6f24360c96adbdd7e4e936069c17b2451f4217746f93741fa45c06f21dcd15931e9dd3617896c7e89c249a65", &(0x7f0000000680)}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x20, 0x14}, 0xc) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r5, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r5, 0x5, 0xffffffffffffffff, 0x0) (async) r6 = perf_event_open$cgroup(&(0x7f0000000580)={0x1, 0x80, 0xff, 0x9, 0x40, 0x6, 0x0, 0x6e, 0x20084, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000540), 0x6}, 0x20, 0x7ff, 0x3, 0x9, 0x3, 0xfffffff8, 0x1, 0x0, 0x3, 0x0, 0x1}, r4, 0x7, r2, 0xc) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xc2, 0x1, 0x1f, 0x6, 0x0, 0x64, 0x63110, 0x4, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000480)}, 0xa80, 0x3, 0x0, 0x1, 0x7, 0x0, 0xd2, 0x0, 0x309, 0x0, 0x3}, r5, 0x5, r6, 0x3) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000040)=@raw=[@alu={0x4, 0x1, 0xb, 0x3, 0x0, 0x30, 0x8}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='GPL\x00', 0xc5, 0x3d, &(0x7f0000000100)=""/61, 0x40f00, 0xf089aecef962b44, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000001c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x6, 0x10000, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r3, r2, 0xffffffffffffffff, 0x1, r4, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 205.158360][T28240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 205.168257][T28240] Call Trace: [ 205.171391][T28240] [ 205.174156][T28240] dump_stack_lvl+0x151/0x1b7 [ 205.178855][T28240] ? bfq_pos_tree_add_move+0x43e/0x43e [ 205.184149][T28240] dump_stack+0x15/0x17 [ 205.188139][T28240] should_fail+0x3c0/0x510 [ 205.192576][T28240] __should_failslab+0x9f/0xe0 [ 205.197175][T28240] should_failslab+0x9/0x20 [ 205.201505][T28240] kmem_cache_alloc+0x4f/0x2f0 [ 205.206164][T28240] ? anon_vma_fork+0x1b9/0x4f0 [ 205.210705][T28240] anon_vma_fork+0x1b9/0x4f0 [ 205.215133][T28240] dup_mmap+0x750/0xea0 [ 205.219129][T28240] ? __delayed_free_task+0x20/0x20 [ 205.224082][T28240] ? mm_init+0x807/0x960 [ 205.228150][T28240] dup_mm+0x91/0x330 [ 205.231899][T28240] copy_mm+0x108/0x1b0 [ 205.235785][T28240] copy_process+0x1295/0x3250 [ 205.240303][T28240] ? proc_fail_nth_write+0x213/0x290 [ 205.245423][T28240] ? proc_fail_nth_read+0x220/0x220 [ 205.250492][T28240] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 205.255403][T28240] ? vfs_write+0x9af/0x1050 [ 205.259739][T28240] ? vmacache_update+0xb7/0x120 [ 205.264431][T28240] kernel_clone+0x22d/0x990 [ 205.268769][T28240] ? file_end_write+0x1b0/0x1b0 [ 205.273455][T28240] ? __kasan_check_write+0x14/0x20 [ 205.278408][T28240] ? create_io_thread+0x1e0/0x1e0 [ 205.283262][T28240] ? __mutex_lock_slowpath+0x10/0x10 [ 205.288385][T28240] __x64_sys_clone+0x289/0x310 [ 205.292989][T28240] ? __do_sys_vfork+0x130/0x130 [ 205.297675][T28240] ? debug_smp_processor_id+0x17/0x20 [ 205.302880][T28240] do_syscall_64+0x44/0xd0 [ 205.307136][T28240] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 205.312871][T28240] RIP: 0033:0x7f510cb420d9 [ 205.317203][T28240] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 205.336814][T28240] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 205.345061][T28240] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 205.352894][T28240] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 205.360894][T28240] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 205.368708][T28240] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 205.376516][T28240] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 205.384329][T28240] 17:39:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x39322f33, 0xffffffff, 0x6, 0xa0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0xd}, 0x48) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x49, 0xf4, 0x1, 0x7f, 0x0, 0x1267, 0x9002, 0xb, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x1, 0x3e83, 0x3584, 0x8, 0x400, 0x8, 0x3, 0x0, 0xfffffff7, 0x0, 0x3fef}, 0x0, 0x9, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x40, 0xf9, 0xbe, 0x1f, 0x0, 0x5, 0x90000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000000c0), 0x8}, 0x4, 0xfffffffffffffff9, 0xffffffff, 0x3, 0x100000001, 0x1f, 0x101, 0x0, 0xfbb, 0x0, 0x3f}, 0xffffffffffffffff, 0x2, r1, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x1ff) (async) perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x49, 0xf4, 0x1, 0x7f, 0x0, 0x1267, 0x9002, 0xb, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x1, 0x3e83, 0x3584, 0x8, 0x400, 0x8, 0x3, 0x0, 0xfffffff7, 0x0, 0x3fef}, 0x0, 0x9, 0xffffffffffffffff, 0x9) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x40, 0xf9, 0xbe, 0x1f, 0x0, 0x5, 0x90000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000000c0), 0x8}, 0x4, 0xfffffffffffffff9, 0xffffffff, 0x3, 0x100000001, 0x1f, 0x101, 0x0, 0xfbb, 0x0, 0x3f}, 0xffffffffffffffff, 0x2, r1, 0x8) (async) 17:39:42 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x6a) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffea) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:42 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 39) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:42 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x6a) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffea) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:42 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d338b0cc41677b1708b2d285529ecdb9fcbe465254b91b147f2a5a479070c812875ae00521c"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:42 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffea) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 205.445952][T28314] FAULT_INJECTION: forcing a failure. [ 205.445952][T28314] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 205.489881][T28314] CPU: 1 PID: 28314 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 205.499955][T28314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 205.509847][T28314] Call Trace: [ 205.512986][T28314] [ 205.515935][T28314] dump_stack_lvl+0x151/0x1b7 [ 205.520447][T28314] ? bfq_pos_tree_add_move+0x43e/0x43e [ 205.525741][T28314] ? stack_trace_save+0x1f0/0x1f0 [ 205.530612][T28314] ? __kernel_text_address+0x9a/0x110 [ 205.535810][T28314] dump_stack+0x15/0x17 [ 205.539801][T28314] should_fail+0x3c0/0x510 [ 205.544055][T28314] should_fail_alloc_page+0x58/0x70 [ 205.549090][T28314] __alloc_pages+0x1de/0x7c0 [ 205.553515][T28314] ? stack_trace_save+0x12d/0x1f0 [ 205.558375][T28314] ? stack_trace_snprint+0x100/0x100 [ 205.563504][T28314] ? __count_vm_events+0x30/0x30 [ 205.568271][T28314] ? __kasan_slab_alloc+0xc4/0xe0 [ 205.573130][T28314] ? __kasan_slab_alloc+0xb2/0xe0 [ 205.579010][T28314] ? kmem_cache_alloc+0x189/0x2f0 [ 205.583810][T28314] ? anon_vma_fork+0x1b9/0x4f0 [ 205.588406][T28314] get_zeroed_page+0x19/0x40 [ 205.592835][T28314] __pud_alloc+0x8b/0x260 [ 205.597001][T28314] ? do_handle_mm_fault+0x2370/0x2370 [ 205.602296][T28314] copy_page_range+0xd9e/0x1090 [ 205.607069][T28314] ? pfn_valid+0x1e0/0x1e0 [ 205.611322][T28314] dup_mmap+0x99f/0xea0 [ 205.615314][T28314] ? __delayed_free_task+0x20/0x20 [ 205.620260][T28314] ? mm_init+0x807/0x960 [ 205.624340][T28314] dup_mm+0x91/0x330 [ 205.628069][T28314] copy_mm+0x108/0x1b0 [ 205.631982][T28314] copy_process+0x1295/0x3250 [ 205.636496][T28314] ? proc_fail_nth_write+0x213/0x290 [ 205.641611][T28314] ? proc_fail_nth_read+0x220/0x220 [ 205.646650][T28314] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 205.651592][T28314] ? vfs_write+0x9af/0x1050 [ 205.655932][T28314] ? vmacache_update+0xb7/0x120 [ 205.660732][T28314] kernel_clone+0x22d/0x990 [ 205.665083][T28314] ? file_end_write+0x1b0/0x1b0 [ 205.669759][T28314] ? __kasan_check_write+0x14/0x20 [ 205.674703][T28314] ? create_io_thread+0x1e0/0x1e0 [ 205.679565][T28314] ? __mutex_lock_slowpath+0x10/0x10 [ 205.684686][T28314] __x64_sys_clone+0x289/0x310 [ 205.689293][T28314] ? __do_sys_vfork+0x130/0x130 [ 205.693982][T28314] ? debug_smp_processor_id+0x17/0x20 [ 205.699192][T28314] do_syscall_64+0x44/0xd0 [ 205.703433][T28314] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 205.709161][T28314] RIP: 0033:0x7f510cb420d9 [ 205.713414][T28314] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 205.732854][T28314] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:43 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d338b0cc41677b1708b2d285529ecdb9fcbe465254b91b147f2a5a479070c812875ae00521c"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d338b0cc41677b1708b2d285529ecdb9fcbe465254b91b147f2a5a479070c812875ae00521c"], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) 17:39:43 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x6a) (async) 17:39:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x39322f33, 0xffffffff, 0x6, 0xa0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0xd}, 0x48) 17:39:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'veth1_to_hsr\x00', 0x400}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events\x00', 0x0, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r8 = openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r8, 0x0, r7, 0x2) openat$cgroup_devices(r8, &(0x7f0000000140)='devices.allow\x00', 0x2, 0x0) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r5}, 0x8) r10 = openat$cgroup(r9, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_int(r10, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 205.741099][T28314] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 205.748916][T28314] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 205.756728][T28314] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 205.764534][T28314] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 205.772345][T28314] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 205.780163][T28314] 17:39:43 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 40) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:43 executing program 0: close(0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0xfe, 0x7, 0x81, 0x31, 0x0, 0x47fc, 0x694, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6d32, 0x2, @perf_config_ext={0x20}, 0x101, 0x7fffffffffffffff, 0x3, 0x5, 0x90e9, 0x2, 0x4, 0x0, 0x3, 0x0, 0x1}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x0, 0x0) close(r0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000080)='pids.current\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe99) 17:39:43 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d338b0cc41677b1708b2d285529ecdb9fcbe465254b91b147f2a5a479070c812875ae00521c"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d338b0cc41677b1708b2d285529ecdb9fcbe465254b91b147f2a5a479070c812875ae00521c"], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) 17:39:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'veth1_to_hsr\x00', 0x400}) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events\x00', 0x0, 0x0) (async) r3 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r8 = openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r8, 0x0, r7, 0x2) openat$cgroup_devices(r8, &(0x7f0000000140)='devices.allow\x00', 0x2, 0x0) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r5}, 0x8) r10 = openat$cgroup(r9, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_int(r10, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0) (async) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:43 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x39322f33, 0xffffffff, 0x6, 0xa0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0xd}, 0x48) 17:39:43 executing program 0: close(0xffffffffffffffff) (async) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0xfe, 0x7, 0x81, 0x31, 0x0, 0x47fc, 0x694, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6d32, 0x2, @perf_config_ext={0x20}, 0x101, 0x7fffffffffffffff, 0x3, 0x5, 0x90e9, 0x2, 0x4, 0x0, 0x3, 0x0, 0x1}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x0, 0x0) close(r0) (async) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000080)='pids.current\x00') (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe99) [ 205.858778][T28352] FAULT_INJECTION: forcing a failure. [ 205.858778][T28352] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 205.890419][T28352] CPU: 1 PID: 28352 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 205.900498][T28352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 205.910478][T28352] Call Trace: [ 205.913607][T28352] [ 205.916381][T28352] dump_stack_lvl+0x151/0x1b7 [ 205.920888][T28352] ? bfq_pos_tree_add_move+0x43e/0x43e [ 205.926188][T28352] ? __kasan_check_write+0x14/0x20 [ 205.931138][T28352] ? __set_page_owner+0x2ee/0x310 [ 205.935995][T28352] dump_stack+0x15/0x17 [ 205.940043][T28352] should_fail+0x3c0/0x510 [ 205.944326][T28352] should_fail_alloc_page+0x58/0x70 [ 205.949356][T28352] __alloc_pages+0x1de/0x7c0 [ 205.953786][T28352] ? __count_vm_events+0x30/0x30 [ 205.958555][T28352] ? __count_vm_events+0x30/0x30 [ 205.963358][T28352] ? __kasan_check_write+0x14/0x20 [ 205.968276][T28352] ? _raw_spin_lock+0xa3/0x1b0 [ 205.972875][T28352] __pmd_alloc+0xb1/0x550 [ 205.977044][T28352] ? kmem_cache_alloc+0x189/0x2f0 [ 205.981903][T28352] ? anon_vma_fork+0x1b9/0x4f0 [ 205.986503][T28352] ? __pud_alloc+0x260/0x260 [ 205.990928][T28352] ? __pud_alloc+0x218/0x260 [ 205.995356][T28352] ? do_handle_mm_fault+0x2370/0x2370 [ 206.000567][T28352] copy_page_range+0xd04/0x1090 [ 206.005254][T28352] ? pfn_valid+0x1e0/0x1e0 [ 206.009506][T28352] dup_mmap+0x99f/0xea0 [ 206.013498][T28352] ? __delayed_free_task+0x20/0x20 [ 206.018444][T28352] ? mm_init+0x807/0x960 [ 206.022524][T28352] dup_mm+0x91/0x330 [ 206.026256][T28352] copy_mm+0x108/0x1b0 [ 206.030160][T28352] copy_process+0x1295/0x3250 [ 206.034678][T28352] ? proc_fail_nth_write+0x213/0x290 [ 206.039795][T28352] ? proc_fail_nth_read+0x220/0x220 [ 206.044829][T28352] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 206.049777][T28352] ? vfs_write+0x9af/0x1050 [ 206.054118][T28352] ? vmacache_update+0xb7/0x120 [ 206.058803][T28352] kernel_clone+0x22d/0x990 [ 206.063144][T28352] ? file_end_write+0x1b0/0x1b0 [ 206.067832][T28352] ? __kasan_check_write+0x14/0x20 [ 206.072778][T28352] ? create_io_thread+0x1e0/0x1e0 [ 206.077638][T28352] ? __mutex_lock_slowpath+0x10/0x10 [ 206.082758][T28352] __x64_sys_clone+0x289/0x310 [ 206.087359][T28352] ? __do_sys_vfork+0x130/0x130 [ 206.092053][T28352] ? debug_smp_processor_id+0x17/0x20 [ 206.097259][T28352] do_syscall_64+0x44/0xd0 [ 206.101592][T28352] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 206.107320][T28352] RIP: 0033:0x7f510cb420d9 [ 206.111583][T28352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 206.131014][T28352] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 206.139261][T28352] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 206.147069][T28352] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 17:39:43 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:43 executing program 0: close(0xffffffffffffffff) (async) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0xfe, 0x7, 0x81, 0x31, 0x0, 0x47fc, 0x694, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6d32, 0x2, @perf_config_ext={0x20}, 0x101, 0x7fffffffffffffff, 0x3, 0x5, 0x90e9, 0x2, 0x4, 0x0, 0x3, 0x0, 0x1}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x2) (async) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x0, 0x0) close(r0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000080)='pids.current\x00') (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe99) 17:39:43 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 41) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:43 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) (async) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) [ 206.154883][T28352] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 206.162695][T28352] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 206.170507][T28352] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 206.178322][T28352] 17:39:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'veth1_to_hsr\x00', 0x400}) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events\x00', 0x0, 0x0) (async) r3 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 32) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async, rerun: 64) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (rerun: 64) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async, rerun: 64) r8 = openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (rerun: 64) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r8, 0x0, r7, 0x2) (async) openat$cgroup_devices(r8, &(0x7f0000000140)='devices.allow\x00', 0x2, 0x0) (async, rerun: 64) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r5}, 0x8) (rerun: 64) r10 = openat$cgroup(r9, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_int(r10, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 206.248094][T28394] FAULT_INJECTION: forcing a failure. [ 206.248094][T28394] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 206.265762][T28394] CPU: 0 PID: 28394 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 206.275823][T28394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 206.285719][T28394] Call Trace: [ 206.288843][T28394] [ 206.291622][T28394] dump_stack_lvl+0x151/0x1b7 [ 206.296133][T28394] ? bfq_pos_tree_add_move+0x43e/0x43e [ 206.301431][T28394] dump_stack+0x15/0x17 [ 206.305420][T28394] should_fail+0x3c0/0x510 [ 206.309672][T28394] should_fail_alloc_page+0x58/0x70 [ 206.314706][T28394] __alloc_pages+0x1de/0x7c0 [ 206.319136][T28394] ? __count_vm_events+0x30/0x30 [ 206.323907][T28394] ? dup_mm+0x91/0x330 [ 206.327811][T28394] ? copy_mm+0x108/0x1b0 [ 206.331896][T28394] ? copy_process+0x1295/0x3250 [ 206.336578][T28394] ? kernel_clone+0x22d/0x990 [ 206.341092][T28394] ? __x64_sys_clone+0x289/0x310 [ 206.345867][T28394] pte_alloc_one+0x73/0x1b0 [ 206.350213][T28394] ? pfn_modify_allowed+0x2e0/0x2e0 [ 206.355246][T28394] ? __kasan_check_write+0x14/0x20 [ 206.360966][T28394] ? __set_page_owner+0x2ee/0x310 [ 206.365833][T28394] __pte_alloc+0x86/0x350 [ 206.369993][T28394] ? post_alloc_hook+0x1ab/0x1b0 [ 206.374766][T28394] ? free_pgtables+0x210/0x210 [ 206.379374][T28394] ? get_page_from_freelist+0x38b/0x400 [ 206.384750][T28394] copy_pte_range+0x1b1f/0x20b0 [ 206.389617][T28394] ? __kunmap_atomic+0x80/0x80 [ 206.394210][T28394] ? __pud_alloc+0x260/0x260 [ 206.398636][T28394] ? __pud_alloc+0x218/0x260 [ 206.403063][T28394] ? do_handle_mm_fault+0x2370/0x2370 [ 206.408276][T28394] copy_page_range+0xc1e/0x1090 [ 206.412968][T28394] ? pfn_valid+0x1e0/0x1e0 [ 206.417215][T28394] dup_mmap+0x99f/0xea0 [ 206.421204][T28394] ? __delayed_free_task+0x20/0x20 [ 206.426239][T28394] ? mm_init+0x807/0x960 [ 206.430315][T28394] dup_mm+0x91/0x330 [ 206.434049][T28394] copy_mm+0x108/0x1b0 [ 206.437954][T28394] copy_process+0x1295/0x3250 [ 206.442468][T28394] ? proc_fail_nth_write+0x213/0x290 [ 206.447594][T28394] ? proc_fail_nth_read+0x220/0x220 [ 206.452624][T28394] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 206.457568][T28394] ? vfs_write+0x9af/0x1050 [ 206.461911][T28394] ? vmacache_update+0xb7/0x120 [ 206.466596][T28394] kernel_clone+0x22d/0x990 [ 206.470943][T28394] ? file_end_write+0x1b0/0x1b0 [ 206.475656][T28394] ? __kasan_check_write+0x14/0x20 [ 206.480585][T28394] ? create_io_thread+0x1e0/0x1e0 [ 206.485431][T28394] ? __mutex_lock_slowpath+0x10/0x10 [ 206.490551][T28394] __x64_sys_clone+0x289/0x310 [ 206.495157][T28394] ? __do_sys_vfork+0x130/0x130 [ 206.499840][T28394] ? debug_smp_processor_id+0x17/0x20 [ 206.505047][T28394] do_syscall_64+0x44/0xd0 [ 206.509299][T28394] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 206.515029][T28394] RIP: 0033:0x7f510cb420d9 [ 206.519282][T28394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 206.538726][T28394] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:43 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1d, 0x5, 0x2000000, 0x5, 0x101, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000040)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @generic={0x8, 0x1, 0x8, 0x1ff, 0x1000}], &(0x7f0000000180)='GPL\x00', 0x9, 0x43, &(0x7f0000000300)=""/67, 0x41000, 0x10, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x4, 0x10000}, 0x10, r2, r4, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff]}, 0x80) r7 = bpf$ITER_CREATE(0x21, &(0x7f00000004c0)={r3}, 0x8) openat$cgroup_ro(r7, &(0x7f0000000580)='memory.events.local\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:43 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)=0x5) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r1, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x9, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x2, 0x3, 0xa, 0xb, 0xfffffffffffffff4}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x6d}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xc}]}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x4, '\x00', r2, 0x3f, r3, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xd, 0x4000, 0x8000}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:43 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) (async) openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) (async) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) 17:39:43 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) [ 206.546966][T28394] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 206.554778][T28394] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 206.562588][T28394] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 206.570399][T28394] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 206.578309][T28394] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 206.586123][T28394] 17:39:44 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)=0x5) (async) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r1, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x9, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x2, 0x3, 0xa, 0xb, 0xfffffffffffffff4}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x6d}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xc}]}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x4, '\x00', r2, 0x3f, r3, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xd, 0x4000, 0x8000}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:44 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async, rerun: 32) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1d, 0x5, 0x2000000, 0x5, 0x101, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x48) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000040)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @generic={0x8, 0x1, 0x8, 0x1ff, 0x1000}], &(0x7f0000000180)='GPL\x00', 0x9, 0x43, &(0x7f0000000300)=""/67, 0x41000, 0x10, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x4, 0x10000}, 0x10, r2, r4, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff]}, 0x80) (rerun: 64) r7 = bpf$ITER_CREATE(0x21, &(0x7f00000004c0)={r3}, 0x8) openat$cgroup_ro(r7, &(0x7f0000000580)='memory.events.local\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:44 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 42) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) (async) 17:39:44 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)=0x5) (async) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r1, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x9, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x2, 0x3, 0xa, 0xb, 0xfffffffffffffff4}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x6d}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xc}]}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x4, '\x00', r2, 0x3f, r3, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xd, 0x4000, 0x8000}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 206.661854][T28428] FAULT_INJECTION: forcing a failure. [ 206.661854][T28428] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 206.687517][T28428] CPU: 1 PID: 28428 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 206.697587][T28428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 206.707526][T28428] Call Trace: [ 206.710600][T28428] [ 206.713380][T28428] dump_stack_lvl+0x151/0x1b7 [ 206.717894][T28428] ? bfq_pos_tree_add_move+0x43e/0x43e [ 206.723185][T28428] dump_stack+0x15/0x17 [ 206.727182][T28428] should_fail+0x3c0/0x510 [ 206.731431][T28428] should_fail_alloc_page+0x58/0x70 [ 206.736508][T28428] __alloc_pages+0x1de/0x7c0 [ 206.740892][T28428] ? __count_vm_events+0x30/0x30 [ 206.745664][T28428] ? dup_mm+0x91/0x330 [ 206.749577][T28428] ? copy_mm+0x108/0x1b0 [ 206.753649][T28428] ? copy_process+0x1295/0x3250 [ 206.758338][T28428] ? kernel_clone+0x22d/0x990 [ 206.762851][T28428] ? __x64_sys_clone+0x289/0x310 [ 206.767625][T28428] pte_alloc_one+0x73/0x1b0 [ 206.771964][T28428] ? pfn_modify_allowed+0x2e0/0x2e0 [ 206.776996][T28428] ? __kasan_check_write+0x14/0x20 [ 206.781967][T28428] ? __set_page_owner+0x2ee/0x310 [ 206.786804][T28428] __pte_alloc+0x86/0x350 [ 206.790988][T28428] ? post_alloc_hook+0x1ab/0x1b0 [ 206.795750][T28428] ? free_pgtables+0x210/0x210 [ 206.800345][T28428] ? get_page_from_freelist+0x38b/0x400 [ 206.805728][T28428] copy_pte_range+0x1b1f/0x20b0 [ 206.810417][T28428] ? __kunmap_atomic+0x80/0x80 [ 206.815015][T28428] ? __pud_alloc+0x260/0x260 [ 206.819438][T28428] ? __pud_alloc+0x218/0x260 [ 206.823871][T28428] ? do_handle_mm_fault+0x2370/0x2370 [ 206.829073][T28428] copy_page_range+0xc1e/0x1090 [ 206.833766][T28428] ? pfn_valid+0x1e0/0x1e0 [ 206.838015][T28428] dup_mmap+0x99f/0xea0 [ 206.842007][T28428] ? __delayed_free_task+0x20/0x20 [ 206.846954][T28428] ? mm_init+0x807/0x960 [ 206.851040][T28428] dup_mm+0x91/0x330 [ 206.854854][T28428] copy_mm+0x108/0x1b0 [ 206.858767][T28428] copy_process+0x1295/0x3250 [ 206.863283][T28428] ? proc_fail_nth_write+0x213/0x290 [ 206.868392][T28428] ? proc_fail_nth_read+0x220/0x220 [ 206.873427][T28428] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 206.878378][T28428] ? vfs_write+0x9af/0x1050 [ 206.882715][T28428] ? vmacache_update+0xb7/0x120 [ 206.887401][T28428] kernel_clone+0x22d/0x990 [ 206.891740][T28428] ? file_end_write+0x1b0/0x1b0 [ 206.896428][T28428] ? __kasan_check_write+0x14/0x20 [ 206.901373][T28428] ? create_io_thread+0x1e0/0x1e0 [ 206.906233][T28428] ? __mutex_lock_slowpath+0x10/0x10 [ 206.911357][T28428] __x64_sys_clone+0x289/0x310 [ 206.915958][T28428] ? __do_sys_vfork+0x130/0x130 [ 206.920644][T28428] ? debug_smp_processor_id+0x17/0x20 [ 206.925851][T28428] do_syscall_64+0x44/0xd0 [ 206.930104][T28428] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 206.935833][T28428] RIP: 0033:0x7f510cb420d9 [ 206.940085][T28428] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:39:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:44 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) (async) 17:39:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1d, 0x5, 0x2000000, 0x5, 0x101, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async, rerun: 64) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000040)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @generic={0x8, 0x1, 0x8, 0x1ff, 0x1000}], &(0x7f0000000180)='GPL\x00', 0x9, 0x43, &(0x7f0000000300)=""/67, 0x41000, 0x10, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x4, 0x10000}, 0x10, r2, r4, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff]}, 0x80) (async) r7 = bpf$ITER_CREATE(0x21, &(0x7f00000004c0)={r3}, 0x8) openat$cgroup_ro(r7, &(0x7f0000000580)='memory.events.local\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:44 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 43) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:44 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r7, &(0x7f0000000180), 0xfdef) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r9, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c69}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x5, 0x7, 0xa, 0xc, 0x1}, @alu={0x4, 0x1, 0x3, 0x8, 0x6, 0x18, 0x1}, @ldst={0x1, 0x2, 0x2, 0x2, 0xb, 0xc, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x0, 0x0, 0x0, 0x9, 0x5, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x64, &(0x7f00000000c0)=""/100, 0x41100, 0x1, '\x00', r4, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xa, 0x40, 0x9}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000200)=[0x1, 0x1, r6, r7, r8, r9]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 206.959527][T28428] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 206.967774][T28428] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 206.975582][T28428] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 206.983394][T28428] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 206.991211][T28428] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 206.999016][T28428] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 207.006831][T28428] 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:44 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r7, &(0x7f0000000180), 0xfdef) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r9, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c69}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x5, 0x7, 0xa, 0xc, 0x1}, @alu={0x4, 0x1, 0x3, 0x8, 0x6, 0x18, 0x1}, @ldst={0x1, 0x2, 0x2, 0x2, 0xb, 0xc, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x0, 0x0, 0x0, 0x9, 0x5, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x64, &(0x7f00000000c0)=""/100, 0x41100, 0x1, '\x00', r4, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xa, 0x40, 0x9}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000200)=[0x1, 0x1, r6, r7, r8, r9]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r7, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r9, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c69}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x5, 0x7, 0xa, 0xc, 0x1}, @alu={0x4, 0x1, 0x3, 0x8, 0x6, 0x18, 0x1}, @ldst={0x1, 0x2, 0x2, 0x2, 0xb, 0xc, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x0, 0x0, 0x0, 0x9, 0x5, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x64, &(0x7f00000000c0)=""/100, 0x41100, 0x1, '\x00', r4, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xa, 0x40, 0x9}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000200)=[0x1, 0x1, r6, r7, r8, r9]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:44 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x8, 0x0, 0x3, 0x2, 0x0, 0x8, 0x1c707, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000080), 0x9}, 0x2010, 0x8, 0x2, 0x3, 0x1, 0x8, 0x8, 0x0, 0x9, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33de9b928b01d2f58187eea09f3b3dc30108b3e818a0194ab08560fc90bcb4a68d1bfbfd9667c260d772e0efa89d2ef987bb3e991c3464ffc6d17b7df4246027f80e32ff14b7cd5c926f0483854c5bb47952c063"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:44 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r7, &(0x7f0000000180), 0xfdef) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r9, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c69}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x5, 0x7, 0xa, 0xc, 0x1}, @alu={0x4, 0x1, 0x3, 0x8, 0x6, 0x18, 0x1}, @ldst={0x1, 0x2, 0x2, 0x2, 0xb, 0xc, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x0, 0x0, 0x0, 0x9, 0x5, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x64, &(0x7f00000000c0)=""/100, 0x41100, 0x1, '\x00', r4, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xa, 0x40, 0x9}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000200)=[0x1, 0x1, r6, r7, r8, r9]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r7, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r9, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c69}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x5, 0x7, 0xa, 0xc, 0x1}, @alu={0x4, 0x1, 0x3, 0x8, 0x6, 0x18, 0x1}, @ldst={0x1, 0x2, 0x2, 0x2, 0xb, 0xc, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x0, 0x0, 0x0, 0x9, 0x5, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x64, &(0x7f00000000c0)=""/100, 0x41100, 0x1, '\x00', r4, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xa, 0x40, 0x9}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f0000000200)=[0x1, 0x1, r6, r7, r8, r9]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) [ 207.075090][T28464] FAULT_INJECTION: forcing a failure. [ 207.075090][T28464] name failslab, interval 1, probability 0, space 0, times 0 [ 207.113160][T28464] CPU: 0 PID: 28464 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 207.123239][T28464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 207.133132][T28464] Call Trace: [ 207.136251][T28464] [ 207.139033][T28464] dump_stack_lvl+0x151/0x1b7 [ 207.143546][T28464] ? bfq_pos_tree_add_move+0x43e/0x43e [ 207.148833][T28464] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 207.155206][T28464] dump_stack+0x15/0x17 [ 207.159169][T28464] should_fail+0x3c0/0x510 [ 207.163419][T28464] __should_failslab+0x9f/0xe0 [ 207.168019][T28464] should_failslab+0x9/0x20 [ 207.172360][T28464] kmem_cache_alloc+0x4f/0x2f0 [ 207.176964][T28464] ? anon_vma_fork+0xf7/0x4f0 [ 207.181475][T28464] anon_vma_fork+0xf7/0x4f0 [ 207.185813][T28464] ? anon_vma_name+0x4c/0x70 [ 207.190328][T28464] dup_mmap+0x750/0xea0 [ 207.194319][T28464] ? __delayed_free_task+0x20/0x20 [ 207.199267][T28464] ? mm_init+0x807/0x960 [ 207.203345][T28464] dup_mm+0x91/0x330 [ 207.207080][T28464] copy_mm+0x108/0x1b0 [ 207.210992][T28464] copy_process+0x1295/0x3250 [ 207.215499][T28464] ? proc_fail_nth_write+0x213/0x290 [ 207.220621][T28464] ? proc_fail_nth_read+0x220/0x220 [ 207.225651][T28464] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 207.230598][T28464] ? vfs_write+0x9af/0x1050 [ 207.234940][T28464] ? vmacache_update+0xb7/0x120 [ 207.239631][T28464] kernel_clone+0x22d/0x990 [ 207.243968][T28464] ? file_end_write+0x1b0/0x1b0 [ 207.248652][T28464] ? __kasan_check_write+0x14/0x20 [ 207.253608][T28464] ? create_io_thread+0x1e0/0x1e0 [ 207.258476][T28464] ? __mutex_lock_slowpath+0x10/0x10 [ 207.263579][T28464] __x64_sys_clone+0x289/0x310 [ 207.268358][T28464] ? __do_sys_vfork+0x130/0x130 [ 207.273096][T28464] ? debug_smp_processor_id+0x17/0x20 [ 207.278249][T28464] do_syscall_64+0x44/0xd0 [ 207.282762][T28464] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 207.288491][T28464] RIP: 0033:0x7f510cb420d9 [ 207.292752][T28464] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 207.312186][T28464] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801004000f400000000070000009500"/25], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='qrtr_ns_server_add\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d23c697a17b56b67900"], 0x6a) 17:39:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:44 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x8, 0x0, 0x3, 0x2, 0x0, 0x8, 0x1c707, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000080), 0x9}, 0x2010, 0x8, 0x2, 0x3, 0x1, 0x8, 0x8, 0x0, 0x9, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33de9b928b01d2f58187eea09f3b3dc30108b3e818a0194ab08560fc90bcb4a68d1bfbfd9667c260d772e0efa89d2ef987bb3e991c3464ffc6d17b7df4246027f80e32ff14b7cd5c926f0483854c5bb47952c063"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x8, 0x0, 0x3, 0x2, 0x0, 0x8, 0x1c707, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000080), 0x9}, 0x2010, 0x8, 0x2, 0x3, 0x1, 0x8, 0x8, 0x0, 0x9, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33de9b928b01d2f58187eea09f3b3dc30108b3e818a0194ab08560fc90bcb4a68d1bfbfd9667c260d772e0efa89d2ef987bb3e991c3464ffc6d17b7df4246027f80e32ff14b7cd5c926f0483854c5bb47952c063"], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) (async) 17:39:44 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 44) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:44 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 207.320431][T28464] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 207.328332][T28464] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 207.336138][T28464] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 207.343949][T28464] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 207.351848][T28464] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 207.359663][T28464] 17:39:44 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d23c697a17b56b67900"], 0x6a) 17:39:44 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) [ 207.397391][T28523] FAULT_INJECTION: forcing a failure. [ 207.397391][T28523] name failslab, interval 1, probability 0, space 0, times 0 [ 207.433211][T28523] CPU: 1 PID: 28523 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 207.443289][T28523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 207.453206][T28523] Call Trace: [ 207.456302][T28523] [ 207.459081][T28523] dump_stack_lvl+0x151/0x1b7 [ 207.463594][T28523] ? bfq_pos_tree_add_move+0x43e/0x43e [ 207.468889][T28523] dump_stack+0x15/0x17 [ 207.472877][T28523] should_fail+0x3c0/0x510 [ 207.477127][T28523] __should_failslab+0x9f/0xe0 [ 207.481726][T28523] should_failslab+0x9/0x20 [ 207.486274][T28523] kmem_cache_alloc+0x4f/0x2f0 [ 207.490856][T28523] ? anon_vma_fork+0x1b9/0x4f0 [ 207.495468][T28523] anon_vma_fork+0x1b9/0x4f0 [ 207.499970][T28523] dup_mmap+0x750/0xea0 [ 207.504136][T28523] ? __delayed_free_task+0x20/0x20 [ 207.509082][T28523] ? mm_init+0x807/0x960 [ 207.513162][T28523] dup_mm+0x91/0x330 [ 207.516893][T28523] copy_mm+0x108/0x1b0 [ 207.520800][T28523] copy_process+0x1295/0x3250 [ 207.525335][T28523] ? proc_fail_nth_write+0x213/0x290 [ 207.530432][T28523] ? proc_fail_nth_read+0x220/0x220 [ 207.535469][T28523] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 207.540416][T28523] ? vfs_write+0x9af/0x1050 [ 207.544753][T28523] ? vmacache_update+0xb7/0x120 [ 207.549443][T28523] kernel_clone+0x22d/0x990 [ 207.553791][T28523] ? file_end_write+0x1b0/0x1b0 [ 207.558557][T28523] ? __kasan_check_write+0x14/0x20 [ 207.563508][T28523] ? create_io_thread+0x1e0/0x1e0 [ 207.568374][T28523] ? __mutex_lock_slowpath+0x10/0x10 [ 207.573485][T28523] __x64_sys_clone+0x289/0x310 [ 207.578087][T28523] ? __do_sys_vfork+0x130/0x130 [ 207.582772][T28523] ? debug_smp_processor_id+0x17/0x20 [ 207.587978][T28523] do_syscall_64+0x44/0xd0 [ 207.592231][T28523] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 207.597966][T28523] RIP: 0033:0x7f510cb420d9 [ 207.602214][T28523] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 207.621656][T28523] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 207.629901][T28523] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 207.637710][T28523] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 17:39:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801004000f400000000070000009500"/25], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='qrtr_ns_server_add\x00', r0}, 0x10) (async, rerun: 32) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) 17:39:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:45 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x8, 0x0, 0x3, 0x2, 0x0, 0x8, 0x1c707, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000080), 0x9}, 0x2010, 0x8, 0x2, 0x3, 0x1, 0x8, 0x8, 0x0, 0x9, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33de9b928b01d2f58187eea09f3b3dc30108b3e818a0194ab08560fc90bcb4a68d1bfbfd9667c260d772e0efa89d2ef987bb3e991c3464ffc6d17b7df4246027f80e32ff14b7cd5c926f0483854c5bb47952c063"], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d23c697a17b56b67900"], 0x6a) 17:39:45 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 45) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 207.645522][T28523] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 207.653594][T28523] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 207.661408][T28523] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 207.669223][T28523] 17:39:45 executing program 5: openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_serviced\x00', 0x0, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="00000003"], 0x6a) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:45 executing program 5: openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="00000003"], 0x6a) 17:39:45 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x72) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000180)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a00), &(0x7f0000000a40), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a80)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x9, &(0x7f0000000640)=@raw=[@jmp={0x5, 0x1, 0xb, 0x3, 0x7, 0x18, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @exit, @call={0x85, 0x0, 0x0, 0x56}, @jmp={0x5, 0x1, 0xc, 0x9, 0x1, 0x100}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0xcf}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xc}], &(0x7f00000007c0)='GPL\x00', 0x8001, 0x0, 0x0, 0x41000, 0x8, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000b40)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000d00)={0x4, 0xb, 0x75, 0xeb}, 0x10}, 0x80) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x3, [@volatile={0x10, 0x0, 0x0, 0x9, 0x1}, @const={0x7, 0x0, 0x0, 0xa, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x3}, {0xd, 0x2}, {0x7, 0x3}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x3}}, @const={0xb, 0x0, 0x0, 0xa, 0x4}]}, {0x0, [0x61]}}, &(0x7f0000000480)=""/21, 0x87, 0x15}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r6, r6, r6, r6, r6, r6]}, 0x80) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r5}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r8, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r6, 0x6b0, '\x00', r9, r10, 0x0, 0x2, 0x3, 0xc}, 0x48) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r11, &(0x7f0000000180), 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x18, 0xa, &(0x7f0000000e40)=@raw=[@call={0x85, 0x0, 0x0, 0x5b}, @exit, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}, @generic={0xd6, 0x7, 0x4, 0x3, 0x1}, @map_val={0x18, 0x1, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x800}, @call={0x85, 0x0, 0x0, 0x82}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}], &(0x7f0000000ec0)='GPL\x00', 0xffffff83, 0x75, &(0x7f0000000f00)=""/117, 0x0, 0x13, '\x00', r9, 0x0, r3, 0x8, &(0x7f0000000f80)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000fc0)={0x2, 0x9, 0x0, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001000)=[r3, r11, r3, r3, 0x1]}, 0x80) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r12, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r5}, 0x80) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000e00)={0xffffffffffffffff, 0x3, 0x0, 0x406e, &(0x7f0000000dc0)=[0x0, 0x0], 0x2}, 0x20) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x2, &(0x7f0000000000)=@raw=[@map_idx={0x18, 0x4, 0x5, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x100, 0x22, &(0x7f0000000080)=""/34, 0x41000, 0x1c, '\x00', r1, 0x19, r4, 0x8, &(0x7f0000000500)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0xa, 0x27, 0x10001}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r13, 0x1]}, 0x80) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 207.734674][T28560] FAULT_INJECTION: forcing a failure. [ 207.734674][T28560] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 207.774772][T28560] CPU: 0 PID: 28560 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 207.784846][T28560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 207.794754][T28560] Call Trace: [ 207.797865][T28560] [ 207.800643][T28560] dump_stack_lvl+0x151/0x1b7 [ 207.805158][T28560] ? bfq_pos_tree_add_move+0x43e/0x43e [ 207.810454][T28560] ? __kasan_check_write+0x14/0x20 [ 207.815399][T28560] ? __set_page_owner+0x2ee/0x310 [ 207.820261][T28560] dump_stack+0x15/0x17 [ 207.824251][T28560] should_fail+0x3c0/0x510 [ 207.828505][T28560] should_fail_alloc_page+0x58/0x70 [ 207.833543][T28560] __alloc_pages+0x1de/0x7c0 [ 207.838051][T28560] ? __count_vm_events+0x30/0x30 [ 207.843522][T28560] ? __count_vm_events+0x30/0x30 [ 207.848299][T28560] ? __kasan_check_write+0x14/0x20 [ 207.853241][T28560] ? _raw_spin_lock+0xa3/0x1b0 [ 207.857842][T28560] __pmd_alloc+0xb1/0x550 [ 207.862006][T28560] ? kmem_cache_alloc+0x189/0x2f0 [ 207.866865][T28560] ? anon_vma_fork+0x1b9/0x4f0 [ 207.871564][T28560] ? __pud_alloc+0x260/0x260 [ 207.875988][T28560] ? __pud_alloc+0x218/0x260 17:39:45 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x72) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000180)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a00), &(0x7f0000000a40), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a80)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x9, &(0x7f0000000640)=@raw=[@jmp={0x5, 0x1, 0xb, 0x3, 0x7, 0x18, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @exit, @call={0x85, 0x0, 0x0, 0x56}, @jmp={0x5, 0x1, 0xc, 0x9, 0x1, 0x100}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0xcf}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xc}], &(0x7f00000007c0)='GPL\x00', 0x8001, 0x0, 0x0, 0x41000, 0x8, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000b40)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000d00)={0x4, 0xb, 0x75, 0xeb}, 0x10}, 0x80) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x3, [@volatile={0x10, 0x0, 0x0, 0x9, 0x1}, @const={0x7, 0x0, 0x0, 0xa, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x3}, {0xd, 0x2}, {0x7, 0x3}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x3}}, @const={0xb, 0x0, 0x0, 0xa, 0x4}]}, {0x0, [0x61]}}, &(0x7f0000000480)=""/21, 0x87, 0x15}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r6, r6, r6, r6, r6, r6]}, 0x80) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r5}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r8, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r6, 0x6b0, '\x00', r9, r10, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r11, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x18, 0xa, &(0x7f0000000e40)=@raw=[@call={0x85, 0x0, 0x0, 0x5b}, @exit, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}, @generic={0xd6, 0x7, 0x4, 0x3, 0x1}, @map_val={0x18, 0x1, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x800}, @call={0x85, 0x0, 0x0, 0x82}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}], &(0x7f0000000ec0)='GPL\x00', 0xffffff83, 0x75, &(0x7f0000000f00)=""/117, 0x0, 0x13, '\x00', r9, 0x0, r3, 0x8, &(0x7f0000000f80)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000fc0)={0x2, 0x9, 0x0, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001000)=[r3, r11, r3, r3, 0x1]}, 0x80) (async) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r12, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r5}, 0x80) (async) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000e00)={0xffffffffffffffff, 0x3, 0x0, 0x406e, &(0x7f0000000dc0)=[0x0, 0x0], 0x2}, 0x20) (async) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x2, &(0x7f0000000000)=@raw=[@map_idx={0x18, 0x4, 0x5, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x100, 0x22, &(0x7f0000000080)=""/34, 0x41000, 0x1c, '\x00', r1, 0x19, r4, 0x8, &(0x7f0000000500)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0xa, 0x27, 0x10001}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r13, 0x1]}, 0x80) [ 207.880500][T28560] ? do_handle_mm_fault+0x2370/0x2370 [ 207.885721][T28560] copy_page_range+0xd04/0x1090 [ 207.890412][T28560] ? pfn_valid+0x1e0/0x1e0 [ 207.894645][T28560] dup_mmap+0x99f/0xea0 [ 207.898653][T28560] ? __delayed_free_task+0x20/0x20 [ 207.903591][T28560] ? mm_init+0x807/0x960 [ 207.907671][T28560] dup_mm+0x91/0x330 [ 207.911400][T28560] copy_mm+0x108/0x1b0 [ 207.915299][T28560] copy_process+0x1295/0x3250 [ 207.919814][T28560] ? proc_fail_nth_write+0x213/0x290 [ 207.924934][T28560] ? proc_fail_nth_read+0x220/0x220 [ 207.930044][T28560] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 207.935006][T28560] ? vfs_write+0x9af/0x1050 [ 207.939352][T28560] ? vmacache_update+0xb7/0x120 [ 207.944030][T28560] kernel_clone+0x22d/0x990 [ 207.948374][T28560] ? file_end_write+0x1b0/0x1b0 [ 207.953055][T28560] ? __kasan_check_write+0x14/0x20 [ 207.958003][T28560] ? create_io_thread+0x1e0/0x1e0 [ 207.962886][T28560] ? __mutex_lock_slowpath+0x10/0x10 [ 207.967984][T28560] __x64_sys_clone+0x289/0x310 [ 207.972586][T28560] ? __do_sys_vfork+0x130/0x130 [ 207.977276][T28560] ? debug_smp_processor_id+0x17/0x20 [ 207.982565][T28560] do_syscall_64+0x44/0xd0 [ 207.986819][T28560] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 207.992547][T28560] RIP: 0033:0x7f510cb420d9 [ 207.996801][T28560] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 208.016329][T28560] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 208.024575][T28560] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 17:39:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801004000f400000000070000009500"/25], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='qrtr_ns_server_add\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:45 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x72) (async, rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000180)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000980)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a00), &(0x7f0000000a40), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a80)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x9, &(0x7f0000000640)=@raw=[@jmp={0x5, 0x1, 0xb, 0x3, 0x7, 0x18, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @exit, @call={0x85, 0x0, 0x0, 0x56}, @jmp={0x5, 0x1, 0xc, 0x9, 0x1, 0x100}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0xcf}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xc}], &(0x7f00000007c0)='GPL\x00', 0x8001, 0x0, 0x0, 0x41000, 0x8, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000b40)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000d00)={0x4, 0xb, 0x75, 0xeb}, 0x10}, 0x80) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x3, [@volatile={0x10, 0x0, 0x0, 0x9, 0x1}, @const={0x7, 0x0, 0x0, 0xa, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x3}, {0xd, 0x2}, {0x7, 0x3}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x3}}, @const={0xb, 0x0, 0x0, 0xa, 0x4}]}, {0x0, [0x61]}}, &(0x7f0000000480)=""/21, 0x87, 0x15}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async, rerun: 32) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r6, r6, r6, r6, r6, r6]}, 0x80) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r5}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r8, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r6, 0x6b0, '\x00', r9, r10, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r11, &(0x7f0000000180), 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x18, 0xa, &(0x7f0000000e40)=@raw=[@call={0x85, 0x0, 0x0, 0x5b}, @exit, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}, @generic={0xd6, 0x7, 0x4, 0x3, 0x1}, @map_val={0x18, 0x1, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x800}, @call={0x85, 0x0, 0x0, 0x82}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}], &(0x7f0000000ec0)='GPL\x00', 0xffffff83, 0x75, &(0x7f0000000f00)=""/117, 0x0, 0x13, '\x00', r9, 0x0, r3, 0x8, &(0x7f0000000f80)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000fc0)={0x2, 0x9, 0x0, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001000)=[r3, r11, r3, r3, 0x1]}, 0x80) (async) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r12, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r5}, 0x80) (async) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000e00)={0xffffffffffffffff, 0x3, 0x0, 0x406e, &(0x7f0000000dc0)=[0x0, 0x0], 0x2}, 0x20) (async) write$cgroup_type(r13, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x2, &(0x7f0000000000)=@raw=[@map_idx={0x18, 0x4, 0x5, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x100, 0x22, &(0x7f0000000080)=""/34, 0x41000, 0x1c, '\x00', r1, 0x19, r4, 0x8, &(0x7f0000000500)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0xa, 0x27, 0x10001}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r13, 0x1]}, 0x80) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:45 executing program 5: openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async, rerun: 64) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async, rerun: 64) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="00000003"], 0x6a) 17:39:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.empty_time\x00', 0x0, 0x0) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x500000, 0x18}, 0xc) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x9, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5dda}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x8}, @map_idx={0x18, 0xa30ac162226fa443, 0x5, 0x0, 0xb}, @jmp={0x5, 0x1, 0xd, 0x6, 0x5, 0xfffffffffffffffc, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x800, 0xcb, &(0x7f0000000300)=""/203, 0x40f00, 0x2, '\x00', 0x0, 0x8, r2, 0x8, &(0x7f00000001c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x3, 0x1, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)=[r3, r1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5]}, 0x80) 17:39:45 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 46) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 208.032390][T28560] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 208.040302][T28560] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 208.048104][T28560] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 208.055913][T28560] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 208.063729][T28560] 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) r4 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) openat$cgroup_ro(r7, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="decb5bf8cfec4320f13a78223b1e1ac7d73ec833e613"], 0x6a) 17:39:45 executing program 0: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000001ac0)=""/202, 0x26, 0xca, 0x1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x12, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x480000}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000240)='GPL\x00', 0xf0, 0xb4, &(0x7f0000000280)=""/180, 0x41100, 0xf, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000340)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x0, 0x2ba, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000040000000000000007f24c4cb49a23f3800"], &(0x7f0000000040)='GPL\x00', 0x5, 0xf2, &(0x7f0000000080)=""/242, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000003c0), 0x8, 0x10, 0x0}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x9, 0x2, 0xab6, 0x808, 0x1, 0x8, '\x00', 0x0, r0, 0x2, 0x3, 0x1}, 0x48) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000800)='blkio.bfq.empty_time\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000008c0)='freezer.self_freezing\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000680)=@raw=[@generic={0x20, 0x2, 0x9, 0xfff, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x3, 0x4, 0xffffffffffffffc0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x0, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x1}, @exit, @generic={0x1, 0xe, 0x2, 0x65, 0x401}, @map_fd, @map_fd={0x18, 0x7, 0x1, 0x0, r1}], &(0x7f0000000540)='syzkaller\x00', 0x0, 0xc2, &(0x7f0000000700)=""/194, 0x100, 0x12, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000840)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xd, 0x7ff, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[r3, 0x1, 0xffffffffffffffff, r4, r0, r5, 0xffffffffffffffff, 0x1, 0x1, r6]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x500000, 0x18}, 0xc) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x9, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5dda}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x8}, @map_idx={0x18, 0xa30ac162226fa443, 0x5, 0x0, 0xb}, @jmp={0x5, 0x1, 0xd, 0x6, 0x5, 0xfffffffffffffffc, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x800, 0xcb, &(0x7f0000000300)=""/203, 0x40f00, 0x2, '\x00', 0x0, 0x8, r2, 0x8, &(0x7f00000001c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x3, 0x1, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)=[r3, r1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5]}, 0x80) 17:39:45 executing program 0: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000001ac0)=""/202, 0x26, 0xca, 0x1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x12, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x480000}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000240)='GPL\x00', 0xf0, 0xb4, &(0x7f0000000280)=""/180, 0x41100, 0xf, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000340)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x0, 0x2ba, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1]}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000040000000000000007f24c4cb49a23f3800"], &(0x7f0000000040)='GPL\x00', 0x5, 0xf2, &(0x7f0000000080)=""/242, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000003c0), 0x8, 0x10, 0x0}, 0x80) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x9, 0x2, 0xab6, 0x808, 0x1, 0x8, '\x00', 0x0, r0, 0x2, 0x3, 0x1}, 0x48) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000800)='blkio.bfq.empty_time\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000008c0)='freezer.self_freezing\x00', 0x0, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000680)=@raw=[@generic={0x20, 0x2, 0x9, 0xfff, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x3, 0x4, 0xffffffffffffffc0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x0, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x1}, @exit, @generic={0x1, 0xe, 0x2, 0x65, 0x401}, @map_fd, @map_fd={0x18, 0x7, 0x1, 0x0, r1}], &(0x7f0000000540)='syzkaller\x00', 0x0, 0xc2, &(0x7f0000000700)=""/194, 0x100, 0x12, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000840)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xd, 0x7ff, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[r3, 0x1, 0xffffffffffffffff, r4, r0, r5, 0xffffffffffffffff, 0x1, 0x1, r6]}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 208.149748][T28605] FAULT_INJECTION: forcing a failure. [ 208.149748][T28605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 208.188417][T28605] CPU: 1 PID: 28605 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 208.198485][T28605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 208.208380][T28605] Call Trace: [ 208.211505][T28605] [ 208.214282][T28605] dump_stack_lvl+0x151/0x1b7 [ 208.218797][T28605] ? bfq_pos_tree_add_move+0x43e/0x43e [ 208.224090][T28605] ? __kasan_check_write+0x14/0x20 [ 208.229039][T28605] ? __set_page_owner+0x2ee/0x310 [ 208.233899][T28605] dump_stack+0x15/0x17 [ 208.237893][T28605] should_fail+0x3c0/0x510 [ 208.242142][T28605] should_fail_alloc_page+0x58/0x70 17:39:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) (async) openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) (async) r4 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) openat$cgroup_ro(r7, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="decb5bf8cfec4320f13a78223b1e1ac7d73ec833e613"], 0x6a) 17:39:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.empty_time\x00', 0x0, 0x0) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x500000, 0x18}, 0xc) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x9, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5dda}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x8}, @map_idx={0x18, 0xa30ac162226fa443, 0x5, 0x0, 0xb}, @jmp={0x5, 0x1, 0xd, 0x6, 0x5, 0xfffffffffffffffc, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x800, 0xcb, &(0x7f0000000300)=""/203, 0x40f00, 0x2, '\x00', 0x0, 0x8, r2, 0x8, &(0x7f00000001c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x3, 0x1, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)=[r3, r1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x500000, 0x18}, 0xc) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x9, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5dda}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x8}, @map_idx={0x18, 0xa30ac162226fa443, 0x5, 0x0, 0xb}, @jmp={0x5, 0x1, 0xd, 0x6, 0x5, 0xfffffffffffffffc, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x800, 0xcb, &(0x7f0000000300)=""/203, 0x40f00, 0x2, '\x00', 0x0, 0x8, r2, 0x8, &(0x7f00000001c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x3, 0x1, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)=[r3, r1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5]}, 0x80) (async) [ 208.247176][T28605] __alloc_pages+0x1de/0x7c0 [ 208.251603][T28605] ? __count_vm_events+0x30/0x30 [ 208.256375][T28605] ? __count_vm_events+0x30/0x30 [ 208.261152][T28605] ? __kasan_check_write+0x14/0x20 [ 208.266099][T28605] ? _raw_spin_lock+0xa3/0x1b0 [ 208.270699][T28605] __pmd_alloc+0xb1/0x550 [ 208.274958][T28605] ? kmem_cache_alloc+0x189/0x2f0 [ 208.279808][T28605] ? anon_vma_fork+0x1b9/0x4f0 [ 208.284415][T28605] ? __pud_alloc+0x260/0x260 [ 208.288845][T28605] ? __pud_alloc+0x218/0x260 [ 208.293267][T28605] ? do_handle_mm_fault+0x2370/0x2370 [ 208.298470][T28605] copy_page_range+0xd04/0x1090 [ 208.303162][T28605] ? pfn_valid+0x1e0/0x1e0 [ 208.307415][T28605] dup_mmap+0x99f/0xea0 [ 208.311407][T28605] ? __delayed_free_task+0x20/0x20 [ 208.316350][T28605] ? mm_init+0x807/0x960 [ 208.320444][T28605] dup_mm+0x91/0x330 [ 208.324163][T28605] copy_mm+0x108/0x1b0 [ 208.328068][T28605] copy_process+0x1295/0x3250 [ 208.332583][T28605] ? proc_fail_nth_write+0x213/0x290 [ 208.337703][T28605] ? proc_fail_nth_read+0x220/0x220 [ 208.342757][T28605] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 208.347686][T28605] ? vfs_write+0x9af/0x1050 [ 208.352030][T28605] ? vmacache_update+0xb7/0x120 [ 208.356711][T28605] kernel_clone+0x22d/0x990 [ 208.361057][T28605] ? file_end_write+0x1b0/0x1b0 [ 208.365737][T28605] ? __kasan_check_write+0x14/0x20 [ 208.370682][T28605] ? create_io_thread+0x1e0/0x1e0 [ 208.375543][T28605] ? __mutex_lock_slowpath+0x10/0x10 [ 208.380670][T28605] __x64_sys_clone+0x289/0x310 [ 208.385266][T28605] ? __do_sys_vfork+0x130/0x130 [ 208.389960][T28605] ? debug_smp_processor_id+0x17/0x20 [ 208.395251][T28605] do_syscall_64+0x44/0xd0 [ 208.399505][T28605] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 208.405231][T28605] RIP: 0033:0x7f510cb420d9 [ 208.409567][T28605] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 208.429011][T28605] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 208.437261][T28605] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 17:39:45 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 47) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r3 = openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r3, 0x0, r2, 0x2) (async) openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) (async) r4 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) openat$cgroup_ro(r7, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="decb5bf8cfec4320f13a78223b1e1ac7d73ec833e613"], 0x6a) 17:39:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:45 executing program 0: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000001ac0)=""/202, 0x26, 0xca, 0x1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x12, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x480000}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000240)='GPL\x00', 0xf0, 0xb4, &(0x7f0000000280)=""/180, 0x41100, 0xf, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000340)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x0, 0x2ba, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000040000000000000007f24c4cb49a23f3800"], &(0x7f0000000040)='GPL\x00', 0x5, 0xf2, &(0x7f0000000080)=""/242, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000003c0), 0x8, 0x10, 0x0}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x9, 0x2, 0xab6, 0x808, 0x1, 0x8, '\x00', 0x0, r0, 0x2, 0x3, 0x1}, 0x48) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000800)='blkio.bfq.empty_time\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000008c0)='freezer.self_freezing\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000680)=@raw=[@generic={0x20, 0x2, 0x9, 0xfff, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x3, 0x4, 0xffffffffffffffc0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x0, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x1}, @exit, @generic={0x1, 0xe, 0x2, 0x65, 0x401}, @map_fd, @map_fd={0x18, 0x7, 0x1, 0x0, r1}], &(0x7f0000000540)='syzkaller\x00', 0x0, 0xc2, &(0x7f0000000700)=""/194, 0x100, 0x12, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000840)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xd, 0x7ff, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[r3, 0x1, 0xffffffffffffffff, r4, r0, r5, 0xffffffffffffffff, 0x1, 0x1, r6]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000001ac0)=""/202, 0x26, 0xca, 0x1}, 0x20) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x12, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x480000}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000240)='GPL\x00', 0xf0, 0xb4, &(0x7f0000000280)=""/180, 0x41100, 0xf, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000340)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x0, 0x2ba, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1]}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000040000000000000007f24c4cb49a23f3800"], &(0x7f0000000040)='GPL\x00', 0x5, 0xf2, &(0x7f0000000080)=""/242, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000003c0), 0x8, 0x10, 0x0}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x9, 0x2, 0xab6, 0x808, 0x1, 0x8, '\x00', 0x0, r0, 0x2, 0x3, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000800)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000008c0)='freezer.self_freezing\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000680)=@raw=[@generic={0x20, 0x2, 0x9, 0xfff, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x3, 0x4, 0xffffffffffffffc0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x0, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x1}, @exit, @generic={0x1, 0xe, 0x2, 0x65, 0x401}, @map_fd, @map_fd={0x18, 0x7, 0x1, 0x0, r1}], &(0x7f0000000540)='syzkaller\x00', 0x0, 0xc2, &(0x7f0000000700)=""/194, 0x100, 0x12, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000840)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xd, 0x7ff, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[r3, 0x1, 0xffffffffffffffff, r4, r0, r5, 0xffffffffffffffff, 0x1, 0x1, r6]}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) openat$cgroup_ro(r3, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000340)='blkio.bfq.sectors\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="4f743ee0da64665f65cd28d63ed72d3343295bbacca9f73bebc4bc6a4607247335700d9ac025fd986554476d14e34322931a000ee4facd29aa0eee541c3da916fe7be25ebe1d0b162c7e3f23f90b5f8df24b8fa16d745a4d3d9dcc1b0623e100cc8ffefc1166d7f14e7c7677a8805c9cbae193ae95d2bf0271cfb1a13e50f490353bd9214bad49cd711a2b6322063f061943d4eafe7a655f16966e1a7130f0a678face363734fe87a4d797695da4f43f38020b653f52d3cc9347958fec70eafbc752a8c302125ac4"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x1ff) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) [ 208.445063][T28605] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 208.452874][T28605] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 208.460701][T28605] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 208.468508][T28605] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 208.476316][T28605] 17:39:45 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) openat$cgroup_ro(r3, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000340)='blkio.bfq.sectors\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="4f743ee0da64665f65cd28d63ed72d3343295bbacca9f73bebc4bc6a4607247335700d9ac025fd986554476d14e34322931a000ee4facd29aa0eee541c3da916fe7be25ebe1d0b162c7e3f23f90b5f8df24b8fa16d745a4d3d9dcc1b0623e100cc8ffefc1166d7f14e7c7677a8805c9cbae193ae95d2bf0271cfb1a13e50f490353bd9214bad49cd711a2b6322063f061943d4eafe7a655f16966e1a7130f0a678face363734fe87a4d797695da4f43f38020b653f52d3cc9347958fec70eafbc752a8c302125ac4"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (async) openat$cgroup_ro(r3, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x0, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r5, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(r5, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) (async) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r6, &(0x7f0000000340)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="4f743ee0da64665f65cd28d63ed72d3343295bbacca9f73bebc4bc6a4607247335700d9ac025fd986554476d14e34322931a000ee4facd29aa0eee541c3da916fe7be25ebe1d0b162c7e3f23f90b5f8df24b8fa16d745a4d3d9dcc1b0623e100cc8ffefc1166d7f14e7c7677a8805c9cbae193ae95d2bf0271cfb1a13e50f490353bd9214bad49cd711a2b6322063f061943d4eafe7a655f16966e1a7130f0a678face363734fe87a4d797695da4f43f38020b653f52d3cc9347958fec70eafbc752a8c302125ac4"], 0x6a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x1ff) (async) 17:39:45 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) 17:39:45 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffef7) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x6, 0x0, 0x0, 0x40, 0xffffffffffffffff, 0xb5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4}, 0x48) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0xd, &(0x7f0000000080)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9a2}, @alu={0x4, 0x1, 0x1, 0x6, 0x4, 0xe, 0x10}, @jmp={0x5, 0x1, 0x0, 0x8, 0x3, 0x50, 0x10}, @map_fd={0x18, 0x8, 0x1, 0x0, r1}, @generic={0x7f, 0x6, 0xb, 0x8, 0x10000}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x4}, @map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xffff}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x5, '\x00', r3, 0x26, r4, 0x8, &(0x7f00000002c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x1, 0x4, 0x6}, 0x10, r5}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 208.516144][T28653] FAULT_INJECTION: forcing a failure. [ 208.516144][T28653] name failslab, interval 1, probability 0, space 0, times 0 17:39:45 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffef7) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x6, 0x0, 0x0, 0x40, 0xffffffffffffffff, 0xb5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4}, 0x48) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0xd, &(0x7f0000000080)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9a2}, @alu={0x4, 0x1, 0x1, 0x6, 0x4, 0xe, 0x10}, @jmp={0x5, 0x1, 0x0, 0x8, 0x3, 0x50, 0x10}, @map_fd={0x18, 0x8, 0x1, 0x0, r1}, @generic={0x7f, 0x6, 0xb, 0x8, 0x10000}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x4}, @map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xffff}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x5, '\x00', r3, 0x26, r4, 0x8, &(0x7f00000002c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x1, 0x4, 0x6}, 0x10, r5}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 208.557351][T28653] CPU: 1 PID: 28653 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 208.567422][T28653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 208.577314][T28653] Call Trace: [ 208.580449][T28653] [ 208.583220][T28653] dump_stack_lvl+0x151/0x1b7 [ 208.587735][T28653] ? bfq_pos_tree_add_move+0x43e/0x43e [ 208.593026][T28653] dump_stack+0x15/0x17 [ 208.597017][T28653] should_fail+0x3c0/0x510 [ 208.601266][T28653] __should_failslab+0x9f/0xe0 [ 208.605870][T28653] should_failslab+0x9/0x20 [ 208.610205][T28653] kmem_cache_alloc+0x4f/0x2f0 [ 208.614814][T28653] ? vm_area_dup+0x26/0x1d0 [ 208.619148][T28653] vm_area_dup+0x26/0x1d0 [ 208.623311][T28653] dup_mmap+0x6b8/0xea0 [ 208.627315][T28653] ? __delayed_free_task+0x20/0x20 [ 208.632274][T28653] ? mm_init+0x807/0x960 [ 208.636330][T28653] dup_mm+0x91/0x330 [ 208.640064][T28653] copy_mm+0x108/0x1b0 [ 208.643970][T28653] copy_process+0x1295/0x3250 [ 208.648482][T28653] ? proc_fail_nth_write+0x213/0x290 [ 208.653605][T28653] ? proc_fail_nth_read+0x220/0x220 [ 208.658637][T28653] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 208.663584][T28653] ? vfs_write+0x9af/0x1050 [ 208.667922][T28653] ? vmacache_update+0xb7/0x120 [ 208.672616][T28653] kernel_clone+0x22d/0x990 [ 208.676955][T28653] ? file_end_write+0x1b0/0x1b0 [ 208.681637][T28653] ? __kasan_check_write+0x14/0x20 [ 208.686583][T28653] ? create_io_thread+0x1e0/0x1e0 [ 208.691445][T28653] ? __mutex_lock_slowpath+0x10/0x10 [ 208.696566][T28653] __x64_sys_clone+0x289/0x310 [ 208.701164][T28653] ? __do_sys_vfork+0x130/0x130 [ 208.705856][T28653] ? debug_smp_processor_id+0x17/0x20 [ 208.711238][T28653] do_syscall_64+0x44/0xd0 [ 208.715486][T28653] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 208.721213][T28653] RIP: 0033:0x7f510cb420d9 [ 208.725471][T28653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 208.744909][T28653] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:46 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async, rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 32) r3 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) (rerun: 32) openat$cgroup_ro(r3, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x0, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) (async) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000340)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="4f743ee0da64665f65cd28d63ed72d3343295bbacca9f73bebc4bc6a4607247335700d9ac025fd986554476d14e34322931a000ee4facd29aa0eee541c3da916fe7be25ebe1d0b162c7e3f23f90b5f8df24b8fa16d745a4d3d9dcc1b0623e100cc8ffefc1166d7f14e7c7677a8805c9cbae193ae95d2bf0271cfb1a13e50f490353bd9214bad49cd711a2b6322063f061943d4eafe7a655f16966e1a7130f0a678face363734fe87a4d797695da4f43f38020b653f52d3cc9347958fec70eafbc752a8c302125ac4"], 0x6a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x1ff) [ 208.753158][T28653] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 208.760965][T28653] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 208.768873][T28653] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 208.776681][T28653] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 208.784495][T28653] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 208.792318][T28653] 17:39:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000013002500000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x15c886b80, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:46 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) 17:39:46 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffef7) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x6, 0x0, 0x0, 0x40, 0xffffffffffffffff, 0xb5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4}, 0x48) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0xd, &(0x7f0000000080)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9a2}, @alu={0x4, 0x1, 0x1, 0x6, 0x4, 0xe, 0x10}, @jmp={0x5, 0x1, 0x0, 0x8, 0x3, 0x50, 0x10}, @map_fd={0x18, 0x8, 0x1, 0x0, r1}, @generic={0x7f, 0x6, 0xb, 0x8, 0x10000}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x4}, @map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xffff}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x5, '\x00', r3, 0x26, r4, 0x8, &(0x7f00000002c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x1, 0x4, 0x6}, 0x10, r5}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:46 executing program 2: openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5cd77f"], 0x6a) 17:39:46 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 48) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:46 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff96) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0xffffffffffffffff, 0x80000000, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x9, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x137, 0x0, 0x0, 0x0, 0x80}, [@generic={0x1, 0x3, 0x3, 0x1, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xa7}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x98}]}, &(0x7f00000000c0)='GPL\x00', 0x9, 0xd2, &(0x7f0000000100)=""/210, 0xaa7c613b71c049c6, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r0, r1, r2, 0x1, r3, 0x1]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) 17:39:46 executing program 5: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:46 executing program 2: openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5cd77f"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5cd77f"], 0x6a) (async) 17:39:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000013002500000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x15c886b80, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:46 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff96) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) (async) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0xffffffffffffffff, 0x80000000, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x9, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x137, 0x0, 0x0, 0x0, 0x80}, [@generic={0x1, 0x3, 0x3, 0x1, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xa7}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x98}]}, &(0x7f00000000c0)='GPL\x00', 0x9, 0xd2, &(0x7f0000000100)=""/210, 0xaa7c613b71c049c6, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r0, r1, r2, 0x1, r3, 0x1]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) [ 208.871338][T28735] FAULT_INJECTION: forcing a failure. [ 208.871338][T28735] name failslab, interval 1, probability 0, space 0, times 0 [ 208.890186][T28735] CPU: 0 PID: 28735 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 208.900340][T28735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 208.910794][T28735] Call Trace: [ 208.913883][T28735] [ 208.916661][T28735] dump_stack_lvl+0x151/0x1b7 17:39:46 executing program 5: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000013002500000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async, rerun: 64) syz_clone(0x15c886b80, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) 17:39:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:46 executing program 5: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_clone(0x20002000, &(0x7f0000000400)="14742864db94f610eaf1661f663588b8a9d8a7efb688bd8badaae00775d2ef02ead81b2a1d5a83d46dd5ede9e7ea0a1744f6d3f2aba467b361335e89f0b25428aae87e0f51a0789be13e2d05efe39eb55f06cd745fd27eed44dc5d0dfc8a2a3c99ba3262dfff46fcefbff26e156b8e17d48b4a5bbb2b58a262f73b60ce5ea009ad", 0x81, &(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)="6f6d55cfba330488132f725dcd4d9d74066d98ffde3515212418a4b4c994278b4c8de04d3bbf7b5f6329d5eb157e1be9ab8239a8cb92a71151adee43") r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000580), 0x10) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x8, 0x74, 0x1, 0x1, 0x0, 0x0, 0x58052, 0xe, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000280), 0x2}, 0x80404, 0x6, 0x2, 0x4, 0x923, 0x799a, 0x3, 0x0, 0x7f, 0x0, 0x6}, r2, 0xc, r3, 0x9) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x80, 0xc, 0x80, 0x7e, 0x0, 0x4, 0x2000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfff, 0x0, @perf_bp={&(0x7f0000000040), 0xa}, 0x0, 0xd5, 0x7, 0x0, 0x100000000, 0x6, 0xbd, 0x0, 0x1000, 0x0, 0x2}, r4, 0x6, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x7, 0x1, 0x0, 0x18, 0x0, 0x9, 0x60000, 0x9, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, @perf_config_ext={0x1, 0x6}, 0x40, 0x537, 0x1, 0x5, 0x200, 0x1, 0x20, 0x0, 0xffff, 0x0, 0xaf6f4fba000000}, r1, 0x9, 0xffffffffffffffff, 0x2) [ 208.921184][T28735] ? bfq_pos_tree_add_move+0x43e/0x43e [ 208.926470][T28735] dump_stack+0x15/0x17 [ 208.930460][T28735] should_fail+0x3c0/0x510 [ 208.934723][T28735] __should_failslab+0x9f/0xe0 [ 208.939314][T28735] should_failslab+0x9/0x20 [ 208.943653][T28735] kmem_cache_alloc+0x4f/0x2f0 [ 208.948436][T28735] ? vm_area_dup+0x26/0x1d0 [ 208.952776][T28735] vm_area_dup+0x26/0x1d0 [ 208.957027][T28735] dup_mmap+0x6b8/0xea0 [ 208.961023][T28735] ? __delayed_free_task+0x20/0x20 [ 208.965967][T28735] ? mm_init+0x807/0x960 17:39:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 208.970054][T28735] dup_mm+0x91/0x330 [ 208.973778][T28735] copy_mm+0x108/0x1b0 [ 208.977685][T28735] copy_process+0x1295/0x3250 [ 208.982204][T28735] ? proc_fail_nth_write+0x213/0x290 [ 208.987320][T28735] ? proc_fail_nth_read+0x220/0x220 [ 208.992451][T28735] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 208.997386][T28735] ? vfs_write+0x9af/0x1050 [ 209.001745][T28735] ? vmacache_update+0xb7/0x120 [ 209.006419][T28735] kernel_clone+0x22d/0x990 [ 209.010757][T28735] ? file_end_write+0x1b0/0x1b0 [ 209.015449][T28735] ? __kasan_check_write+0x14/0x20 [ 209.020404][T28735] ? create_io_thread+0x1e0/0x1e0 [ 209.025250][T28735] ? __mutex_lock_slowpath+0x10/0x10 [ 209.030371][T28735] __x64_sys_clone+0x289/0x310 [ 209.034969][T28735] ? __do_sys_vfork+0x130/0x130 [ 209.039660][T28735] ? debug_smp_processor_id+0x17/0x20 [ 209.044866][T28735] do_syscall_64+0x44/0xd0 [ 209.049123][T28735] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 209.054841][T28735] RIP: 0033:0x7f510cb420d9 [ 209.059094][T28735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 209.078536][T28735] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 209.086782][T28735] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 209.094591][T28735] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 209.102406][T28735] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 209.110216][T28735] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 17:39:46 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 49) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:46 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r3 = openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r2, &(0x7f00000004c0), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="4ac20f5aaaefd155c4b796ee7e4a3ca0646374ac6974b4ec854802779cb79a053c8c6de7de7b244bd376813d8f4342064a09926bb11c5580b9c26aa751e1f3570ef591904177dd96e782efda237e157859464a57c9ef0300000000000000430ffacc0f7cb046c5843b19392780a44ba6f4b6d32da95d98d6ab791eff77acd84c9224a97ee88261ce349d61a1f769ddf13a39d7442e3582ad5045b84c2feaa0c4dd62e6804824a1b5856ac70529c18d99b348270d915fb3d67363cdf4c6041472fe9fb32fe61a70b9a52e628f1eae5b7ebd9501"], 0x6a) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={0xffffffffffffffff, 0x12, 0x1, 0x3ffc0, &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3}, 0x20) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000400)='sched_switch\x00'}, 0x30) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='cgroup.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) openat$cgroup_ro(r0, &(0x7f0000000440)='blkio.bfq.dequeue\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x8, 0x24000, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4616, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f0000000200)=0xff) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map=r8, r8, 0x1f}, 0x10) r9 = perf_event_open$cgroup(&(0x7f0000000500)={0x1, 0x80, 0x5, 0x3, 0x18, 0x28, 0x0, 0x3cd, 0x1800d, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x4, @perf_config_ext={0x749d09ae, 0x1ff}, 0x42, 0xf0, 0x7f, 0x1, 0x3, 0x506f, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x5) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x40082406, &(0x7f0000000580)='/^\x00') r10 = openat$cgroup_ro(r7, &(0x7f00000002c0)='cpuacct.usage_all\x00', 0x0, 0x0) write$cgroup_type(r10, &(0x7f0000000300), 0x9) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r8, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x1, 0x40, 0x2, 0x0, 0x2, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xc}, 0x10040, 0xfffffffffffff800, 0xffffffff, 0x0, 0x7, 0x622, 0x100, 0x0, 0x6e, 0x0, 0x100000001}, r4, 0x1, r6, 0x0) 17:39:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:46 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff96) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) (async, rerun: 32) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (rerun: 32) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0xffffffffffffffff, 0x80000000, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x9, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x137, 0x0, 0x0, 0x0, 0x80}, [@generic={0x1, 0x3, 0x3, 0x1, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xa7}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x98}]}, &(0x7f00000000c0)='GPL\x00', 0x9, 0xd2, &(0x7f0000000100)=""/210, 0xaa7c613b71c049c6, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r0, r1, r2, 0x1, r3, 0x1]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) 17:39:46 executing program 2: openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5cd77f"], 0x6a) 17:39:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_ro(r0, &(0x7f0000001100)='blkio.throttle.io_serviced\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001240)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001200)=@raw=[@ldst={0x2, 0x1, 0x0, 0x3, 0x3, 0x40, 0x1}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}], &(0x7f00000000c0)='GPL\x00', 0x1000, 0x1000, &(0x7f0000000100)=""/4096, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001140)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001180)={0x0, 0xa, 0x3f, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[r0]}, 0x80) 17:39:46 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4ecaf2"], 0x6a) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) 17:39:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = syz_clone(0x20002000, &(0x7f0000000400)="14742864db94f610eaf1661f663588b8a9d8a7efb688bd8badaae00775d2ef02ead81b2a1d5a83d46dd5ede9e7ea0a1744f6d3f2aba467b361335e89f0b25428aae87e0f51a0789be13e2d05efe39eb55f06cd745fd27eed44dc5d0dfc8a2a3c99ba3262dfff46fcefbff26e156b8e17d48b4a5bbb2b58a262f73b60ce5ea009ad", 0x81, &(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)="6f6d55cfba330488132f725dcd4d9d74066d98ffde3515212418a4b4c994278b4c8de04d3bbf7b5f6329d5eb157e1be9ab8239a8cb92a71151adee43") (async) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000580), 0x10) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x8, 0x74, 0x1, 0x1, 0x0, 0x0, 0x58052, 0xe, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000280), 0x2}, 0x80404, 0x6, 0x2, 0x4, 0x923, 0x799a, 0x3, 0x0, 0x7f, 0x0, 0x6}, r2, 0xc, r3, 0x9) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x80, 0xc, 0x80, 0x7e, 0x0, 0x4, 0x2000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfff, 0x0, @perf_bp={&(0x7f0000000040), 0xa}, 0x0, 0xd5, 0x7, 0x0, 0x100000000, 0x6, 0xbd, 0x0, 0x1000, 0x0, 0x2}, r4, 0x6, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x7, 0x1, 0x0, 0x18, 0x0, 0x9, 0x60000, 0x9, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, @perf_config_ext={0x1, 0x6}, 0x40, 0x537, 0x1, 0x5, 0x200, 0x1, 0x20, 0x0, 0xffff, 0x0, 0xaf6f4fba000000}, r1, 0x9, 0xffffffffffffffff, 0x2) 17:39:46 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r3 = openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_freezer_state(r2, &(0x7f00000004c0), 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="4ac20f5aaaefd155c4b796ee7e4a3ca0646374ac6974b4ec854802779cb79a053c8c6de7de7b244bd376813d8f4342064a09926bb11c5580b9c26aa751e1f3570ef591904177dd96e782efda237e157859464a57c9ef0300000000000000430ffacc0f7cb046c5843b19392780a44ba6f4b6d32da95d98d6ab791eff77acd84c9224a97ee88261ce349d61a1f769ddf13a39d7442e3582ad5045b84c2feaa0c4dd62e6804824a1b5856ac70529c18d99b348270d915fb3d67363cdf4c6041472fe9fb32fe61a70b9a52e628f1eae5b7ebd9501"], 0x6a) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={0xffffffffffffffff, 0x12, 0x1, 0x3ffc0, &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3}, 0x20) (async) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000400)='sched_switch\x00'}, 0x30) (async) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='cgroup.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (async) openat$cgroup_ro(r0, &(0x7f0000000440)='blkio.bfq.dequeue\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x8, 0x24000, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4616, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f0000000200)=0xff) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map=r8, r8, 0x1f}, 0x10) (async) r9 = perf_event_open$cgroup(&(0x7f0000000500)={0x1, 0x80, 0x5, 0x3, 0x18, 0x28, 0x0, 0x3cd, 0x1800d, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x4, @perf_config_ext={0x749d09ae, 0x1ff}, 0x42, 0xf0, 0x7f, 0x1, 0x3, 0x506f, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x5) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x40082406, &(0x7f0000000580)='/^\x00') (async) r10 = openat$cgroup_ro(r7, &(0x7f00000002c0)='cpuacct.usage_all\x00', 0x0, 0x0) write$cgroup_type(r10, &(0x7f0000000300), 0x9) (async) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r8, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x1, 0x40, 0x2, 0x0, 0x2, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xc}, 0x10040, 0xfffffffffffff800, 0xffffffff, 0x0, 0x7, 0x622, 0x100, 0x0, 0x6e, 0x0, 0x100000001}, r4, 0x1, r6, 0x0) [ 209.118027][T28735] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 209.125841][T28735] 17:39:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_ro(r0, &(0x7f0000001100)='blkio.throttle.io_serviced\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001240)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001200)=@raw=[@ldst={0x2, 0x1, 0x0, 0x3, 0x3, 0x40, 0x1}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}], &(0x7f00000000c0)='GPL\x00', 0x1000, 0x1000, &(0x7f0000000100)=""/4096, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001140)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001180)={0x0, 0xa, 0x3f, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[r0]}, 0x80) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_ro(r0, &(0x7f0000001100)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001240)='./cgroup.net/syz0\x00', 0x1ff) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001200)=@raw=[@ldst={0x2, 0x1, 0x0, 0x3, 0x3, 0x40, 0x1}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}], &(0x7f00000000c0)='GPL\x00', 0x1000, 0x1000, &(0x7f0000000100)=""/4096, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001140)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001180)={0x0, 0xa, 0x3f, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[r0]}, 0x80) (async) 17:39:46 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r3 = openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_freezer_state(r2, &(0x7f00000004c0), 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="4ac20f5aaaefd155c4b796ee7e4a3ca0646374ac6974b4ec854802779cb79a053c8c6de7de7b244bd376813d8f4342064a09926bb11c5580b9c26aa751e1f3570ef591904177dd96e782efda237e157859464a57c9ef0300000000000000430ffacc0f7cb046c5843b19392780a44ba6f4b6d32da95d98d6ab791eff77acd84c9224a97ee88261ce349d61a1f769ddf13a39d7442e3582ad5045b84c2feaa0c4dd62e6804824a1b5856ac70529c18d99b348270d915fb3d67363cdf4c6041472fe9fb32fe61a70b9a52e628f1eae5b7ebd9501"], 0x6a) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={0xffffffffffffffff, 0x12, 0x1, 0x3ffc0, &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3}, 0x20) (async) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000400)='sched_switch\x00'}, 0x30) (async) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='cgroup.stat\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) openat$cgroup_ro(r0, &(0x7f0000000440)='blkio.bfq.dequeue\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r7 = openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x8, 0x24000, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4616, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x0, r6, 0x2) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f0000000200)=0xff) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map=r8, r8, 0x1f}, 0x10) (async) r9 = perf_event_open$cgroup(&(0x7f0000000500)={0x1, 0x80, 0x5, 0x3, 0x18, 0x28, 0x0, 0x3cd, 0x1800d, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x4, @perf_config_ext={0x749d09ae, 0x1ff}, 0x42, 0xf0, 0x7f, 0x1, 0x3, 0x506f, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x5) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x40082406, &(0x7f0000000580)='/^\x00') (async) r10 = openat$cgroup_ro(r7, &(0x7f00000002c0)='cpuacct.usage_all\x00', 0x0, 0x0) write$cgroup_type(r10, &(0x7f0000000300), 0x9) (async) openat$cgroup(r8, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r8, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x1, 0x40, 0x2, 0x0, 0x2, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xc}, 0x10040, 0xfffffffffffff800, 0xffffffff, 0x0, 0x7, 0x622, 0x100, 0x0, 0x6e, 0x0, 0x100000001}, r4, 0x1, r6, 0x0) 17:39:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_ro(r0, &(0x7f0000001100)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001240)='./cgroup.net/syz0\x00', 0x1ff) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001200)=@raw=[@ldst={0x2, 0x1, 0x0, 0x3, 0x3, 0x40, 0x1}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}], &(0x7f00000000c0)='GPL\x00', 0x1000, 0x1000, &(0x7f0000000100)=""/4096, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001140)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000001180)={0x0, 0xa, 0x3f, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[r0]}, 0x80) [ 209.192552][T28783] FAULT_INJECTION: forcing a failure. [ 209.192552][T28783] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 209.236273][T28783] CPU: 0 PID: 28783 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 209.246340][T28783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 209.256410][T28783] Call Trace: [ 209.259536][T28783] [ 209.262308][T28783] dump_stack_lvl+0x151/0x1b7 [ 209.266819][T28783] ? bfq_pos_tree_add_move+0x43e/0x43e [ 209.272118][T28783] dump_stack+0x15/0x17 [ 209.276105][T28783] should_fail+0x3c0/0x510 [ 209.280538][T28783] should_fail_alloc_page+0x58/0x70 [ 209.285566][T28783] __alloc_pages+0x1de/0x7c0 [ 209.289995][T28783] ? __count_vm_events+0x30/0x30 [ 209.294772][T28783] ? __this_cpu_preempt_check+0x13/0x20 [ 209.300233][T28783] ? __mod_node_page_state+0xac/0xf0 [ 209.305357][T28783] pte_alloc_one+0x73/0x1b0 [ 209.309698][T28783] ? pfn_modify_allowed+0x2e0/0x2e0 [ 209.314738][T28783] __pte_alloc+0x86/0x350 [ 209.318895][T28783] ? free_pgtables+0x210/0x210 [ 209.323494][T28783] ? _raw_spin_lock+0xa3/0x1b0 [ 209.328095][T28783] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 209.333308][T28783] ? __kernel_text_address+0x9a/0x110 [ 209.338514][T28783] copy_pte_range+0x1b1f/0x20b0 [ 209.343223][T28783] ? __kunmap_atomic+0x80/0x80 [ 209.347806][T28783] ? __kasan_slab_alloc+0xc4/0xe0 [ 209.352657][T28783] ? __kasan_slab_alloc+0xb2/0xe0 [ 209.357518][T28783] ? kmem_cache_alloc+0x189/0x2f0 [ 209.362383][T28783] ? vm_area_dup+0x26/0x1d0 [ 209.366740][T28783] ? dup_mmap+0x6b8/0xea0 [ 209.370886][T28783] ? dup_mm+0x91/0x330 [ 209.374792][T28783] ? copy_mm+0x108/0x1b0 [ 209.378869][T28783] ? copy_process+0x1295/0x3250 [ 209.383557][T28783] ? kernel_clone+0x22d/0x990 [ 209.388087][T28783] ? __x64_sys_clone+0x289/0x310 [ 209.392843][T28783] ? do_syscall_64+0x44/0xd0 [ 209.397270][T28783] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 209.403176][T28783] copy_page_range+0xc1e/0x1090 [ 209.407864][T28783] ? pfn_valid+0x1e0/0x1e0 [ 209.412114][T28783] dup_mmap+0x99f/0xea0 [ 209.416109][T28783] ? __delayed_free_task+0x20/0x20 [ 209.421052][T28783] ? mm_init+0x807/0x960 [ 209.425132][T28783] dup_mm+0x91/0x330 [ 209.428866][T28783] copy_mm+0x108/0x1b0 [ 209.432770][T28783] copy_process+0x1295/0x3250 [ 209.437283][T28783] ? proc_fail_nth_write+0x213/0x290 [ 209.442406][T28783] ? proc_fail_nth_read+0x220/0x220 [ 209.447444][T28783] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 209.452385][T28783] ? vfs_write+0x9af/0x1050 [ 209.456726][T28783] ? vmacache_update+0xb7/0x120 [ 209.461411][T28783] kernel_clone+0x22d/0x990 [ 209.465754][T28783] ? file_end_write+0x1b0/0x1b0 [ 209.470437][T28783] ? __kasan_check_write+0x14/0x20 [ 209.475386][T28783] ? create_io_thread+0x1e0/0x1e0 [ 209.480246][T28783] ? __mutex_lock_slowpath+0x10/0x10 [ 209.485371][T28783] __x64_sys_clone+0x289/0x310 [ 209.489972][T28783] ? __do_sys_vfork+0x130/0x130 [ 209.494654][T28783] ? debug_smp_processor_id+0x17/0x20 [ 209.499862][T28783] do_syscall_64+0x44/0xd0 [ 209.504114][T28783] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 209.509842][T28783] RIP: 0033:0x7f510cb420d9 [ 209.514104][T28783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 209.533635][T28783] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 209.541957][T28783] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 209.549777][T28783] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 209.557581][T28783] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 209.565389][T28783] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 209.573205][T28783] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 209.581016][T28783] 17:39:47 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 50) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4ecaf2"], 0x6a) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4ecaf2"], 0x6a) (async) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async) 17:39:47 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x80, 0xf6, 0x80, 0xe7, 0xb6, 0x0, 0xea10, 0x4000, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfff, 0x1, @perf_config_ext={0x1, 0x40009}, 0x10, 0x1000, 0x9, 0x5, 0x8, 0x6, 0x3, 0x0, 0x4, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0x6) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = syz_clone(0x20002000, &(0x7f0000000400)="14742864db94f610eaf1661f663588b8a9d8a7efb688bd8badaae00775d2ef02ead81b2a1d5a83d46dd5ede9e7ea0a1744f6d3f2aba467b361335e89f0b25428aae87e0f51a0789be13e2d05efe39eb55f06cd745fd27eed44dc5d0dfc8a2a3c99ba3262dfff46fcefbff26e156b8e17d48b4a5bbb2b58a262f73b60ce5ea009ad", 0x81, &(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)="6f6d55cfba330488132f725dcd4d9d74066d98ffde3515212418a4b4c994278b4c8de04d3bbf7b5f6329d5eb157e1be9ab8239a8cb92a71151adee43") (async) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000580), 0x10) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x8, 0x74, 0x1, 0x1, 0x0, 0x0, 0x58052, 0xe, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000280), 0x2}, 0x80404, 0x6, 0x2, 0x4, 0x923, 0x799a, 0x3, 0x0, 0x7f, 0x0, 0x6}, r2, 0xc, r3, 0x9) r4 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x80, 0xc, 0x80, 0x7e, 0x0, 0x4, 0x2000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfff, 0x0, @perf_bp={&(0x7f0000000040), 0xa}, 0x0, 0xd5, 0x7, 0x0, 0x100000000, 0x6, 0xbd, 0x0, 0x1000, 0x0, 0x2}, r4, 0x6, 0xffffffffffffffff, 0x9) (async) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x7, 0x1, 0x0, 0x18, 0x0, 0x9, 0x60000, 0x9, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, @perf_config_ext={0x1, 0x6}, 0x40, 0x537, 0x1, 0x5, 0x200, 0x1, 0x20, 0x0, 0xffff, 0x0, 0xaf6f4fba000000}, r1, 0x9, 0xffffffffffffffff, 0x2) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe08) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 17:39:47 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe08) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 17:39:47 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x80, 0xf6, 0x80, 0xe7, 0xb6, 0x0, 0xea10, 0x4000, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfff, 0x1, @perf_config_ext={0x1, 0x40009}, 0x10, 0x1000, 0x9, 0x5, 0x8, 0x6, 0x3, 0x0, 0x4, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0x6) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x80, 0xf6, 0x80, 0xe7, 0xb6, 0x0, 0xea10, 0x4000, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfff, 0x1, @perf_config_ext={0x1, 0x40009}, 0x10, 0x1000, 0x9, 0x5, 0x8, 0x6, 0x3, 0x0, 0x4, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0x6) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4ecaf2"], 0x6a) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4ecaf2"], 0x6a) (async) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe08) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async, rerun: 32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async, rerun: 32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) [ 209.802559][T28844] FAULT_INJECTION: forcing a failure. [ 209.802559][T28844] name failslab, interval 1, probability 0, space 0, times 0 [ 209.847150][T28844] CPU: 1 PID: 28844 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 209.857220][T28844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 209.867117][T28844] Call Trace: [ 209.870239][T28844] [ 209.873027][T28844] dump_stack_lvl+0x151/0x1b7 [ 209.877534][T28844] ? bfq_pos_tree_add_move+0x43e/0x43e [ 209.882913][T28844] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 209.889164][T28844] dump_stack+0x15/0x17 [ 209.893166][T28844] should_fail+0x3c0/0x510 17:39:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801007c00000000000000000001000079000000c7830e1c95"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 209.897407][T28844] __should_failslab+0x9f/0xe0 [ 209.902010][T28844] should_failslab+0x9/0x20 [ 209.906345][T28844] kmem_cache_alloc+0x4f/0x2f0 [ 209.910944][T28844] ? anon_vma_fork+0xf7/0x4f0 [ 209.915458][T28844] anon_vma_fork+0xf7/0x4f0 [ 209.919801][T28844] ? anon_vma_name+0x4c/0x70 [ 209.924227][T28844] dup_mmap+0x750/0xea0 [ 209.928221][T28844] ? __delayed_free_task+0x20/0x20 [ 209.933166][T28844] ? mm_init+0x807/0x960 [ 209.937242][T28844] dup_mm+0x91/0x330 [ 209.940983][T28844] copy_mm+0x108/0x1b0 17:39:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801007c00000000000000000001000079000000c7830e1c95"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 209.944881][T28844] copy_process+0x1295/0x3250 [ 209.949398][T28844] ? proc_fail_nth_write+0x213/0x290 [ 209.954515][T28844] ? proc_fail_nth_read+0x220/0x220 [ 209.959554][T28844] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 209.964497][T28844] ? vfs_write+0x9af/0x1050 [ 209.968834][T28844] ? vmacache_update+0xb7/0x120 [ 209.973526][T28844] kernel_clone+0x22d/0x990 [ 209.977863][T28844] ? file_end_write+0x1b0/0x1b0 [ 209.982550][T28844] ? __kasan_check_write+0x14/0x20 [ 209.987500][T28844] ? create_io_thread+0x1e0/0x1e0 [ 209.992447][T28844] ? __mutex_lock_slowpath+0x10/0x10 [ 209.997574][T28844] __x64_sys_clone+0x289/0x310 [ 210.002169][T28844] ? __do_sys_vfork+0x130/0x130 [ 210.006858][T28844] ? debug_smp_processor_id+0x17/0x20 [ 210.012061][T28844] do_syscall_64+0x44/0xd0 [ 210.016312][T28844] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 210.022041][T28844] RIP: 0033:0x7f510cb420d9 [ 210.026293][T28844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:39:47 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 51) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="5278bcada529ff0070a8e44e2d33"], 0x6a) 17:39:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801007c00000000000000000001000079000000c7830e1c95"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801007c00000000000000000001000079000000c7830e1c95"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:47 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x80, 0xf6, 0x80, 0xe7, 0xb6, 0x0, 0xea10, 0x4000, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfff, 0x1, @perf_config_ext={0x1, 0x40009}, 0x10, 0x1000, 0x9, 0x5, 0x8, 0x6, 0x3, 0x0, 0x4, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0x6) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:47 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x20000000000) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_skb\x00', r0}, 0x10) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x4, 0x81, 0x20, 0x5, 0x0, 0x8000, 0x42, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x2, 0x3}, 0x1a1a, 0x10e9f14a, 0x9, 0x7, 0x7, 0x3, 0x20, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x6, r1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 210.045738][T28844] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 210.053982][T28844] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 210.061795][T28844] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 210.069605][T28844] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 210.077414][T28844] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 210.085228][T28844] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 210.093039][T28844] 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async, rerun: 32) openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) (rerun: 32) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="5278bcada529ff0070a8e44e2d33"], 0x6a) 17:39:47 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="5278bcada529ff0070a8e44e2d33"], 0x6a) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x20000000000) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_skb\x00', r0}, 0x10) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x4, 0x81, 0x20, 0x5, 0x0, 0x8000, 0x42, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x2, 0x3}, 0x1a1a, 0x10e9f14a, 0x9, 0x7, 0x7, 0x3, 0x20, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x6, r1, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) [ 210.160334][T28888] FAULT_INJECTION: forcing a failure. [ 210.160334][T28888] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.186900][T28888] CPU: 1 PID: 28888 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 210.196969][T28888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 210.206865][T28888] Call Trace: 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_ro(r0, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) write$cgroup_int(r3, &(0x7f0000000100)=0x38, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r6 = openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r6, 0x0, r5, 0x2) openat$cgroup_ro(r6, &(0x7f0000000200)='blkio.bfq.time\x00', 0x0, 0x0) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x20000000000) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_skb\x00', r0}, 0x10) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x4, 0x81, 0x20, 0x5, 0x0, 0x8000, 0x42, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x2, 0x3}, 0x1a1a, 0x10e9f14a, 0x9, 0x7, 0x7, 0x3, 0x20, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x6, r1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x20000000000) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_skb\x00', r0}, 0x10) (async) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x4, 0x81, 0x20, 0x5, 0x0, 0x8000, 0x42, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x2, 0x3}, 0x1a1a, 0x10e9f14a, 0x9, 0x7, 0x7, 0x3, 0x20, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x6, r1, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) [ 210.209987][T28888] [ 210.212765][T28888] dump_stack_lvl+0x151/0x1b7 [ 210.217299][T28888] ? bfq_pos_tree_add_move+0x43e/0x43e [ 210.222577][T28888] dump_stack+0x15/0x17 [ 210.226585][T28888] should_fail+0x3c0/0x510 [ 210.230825][T28888] should_fail_alloc_page+0x58/0x70 [ 210.235855][T28888] __alloc_pages+0x1de/0x7c0 [ 210.240282][T28888] ? __count_vm_events+0x30/0x30 [ 210.245054][T28888] ? __this_cpu_preempt_check+0x13/0x20 [ 210.250435][T28888] ? __mod_node_page_state+0xac/0xf0 [ 210.255556][T28888] pte_alloc_one+0x73/0x1b0 [ 210.259895][T28888] ? pfn_modify_allowed+0x2e0/0x2e0 [ 210.264929][T28888] __pte_alloc+0x86/0x350 [ 210.269443][T28888] ? free_pgtables+0x210/0x210 [ 210.274040][T28888] ? _raw_spin_lock+0xa3/0x1b0 [ 210.278656][T28888] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 210.283851][T28888] ? __kernel_text_address+0x9a/0x110 [ 210.289060][T28888] copy_pte_range+0x1b1f/0x20b0 [ 210.293751][T28888] ? __kunmap_atomic+0x80/0x80 [ 210.298347][T28888] ? __kasan_slab_alloc+0xc4/0xe0 [ 210.303203][T28888] ? __kasan_slab_alloc+0xb2/0xe0 [ 210.308064][T28888] ? kmem_cache_alloc+0x189/0x2f0 [ 210.312928][T28888] ? vm_area_dup+0x26/0x1d0 [ 210.317265][T28888] ? dup_mmap+0x6b8/0xea0 [ 210.321430][T28888] ? dup_mm+0x91/0x330 [ 210.325335][T28888] ? copy_mm+0x108/0x1b0 [ 210.329418][T28888] ? copy_process+0x1295/0x3250 [ 210.334104][T28888] ? kernel_clone+0x22d/0x990 [ 210.338615][T28888] ? __x64_sys_clone+0x289/0x310 [ 210.343390][T28888] ? do_syscall_64+0x44/0xd0 [ 210.347816][T28888] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 210.353731][T28888] copy_page_range+0xc1e/0x1090 [ 210.358413][T28888] ? pfn_valid+0x1e0/0x1e0 [ 210.362672][T28888] dup_mmap+0x99f/0xea0 [ 210.366660][T28888] ? __delayed_free_task+0x20/0x20 [ 210.371609][T28888] ? mm_init+0x807/0x960 [ 210.375682][T28888] dup_mm+0x91/0x330 [ 210.379412][T28888] copy_mm+0x108/0x1b0 [ 210.383317][T28888] copy_process+0x1295/0x3250 [ 210.387832][T28888] ? proc_fail_nth_write+0x213/0x290 [ 210.393041][T28888] ? proc_fail_nth_read+0x220/0x220 [ 210.398077][T28888] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 210.403019][T28888] ? vfs_write+0x9af/0x1050 [ 210.407359][T28888] ? vmacache_update+0xb7/0x120 [ 210.412046][T28888] kernel_clone+0x22d/0x990 [ 210.416385][T28888] ? file_end_write+0x1b0/0x1b0 [ 210.421082][T28888] ? __kasan_check_write+0x14/0x20 [ 210.426021][T28888] ? create_io_thread+0x1e0/0x1e0 [ 210.430878][T28888] ? __mutex_lock_slowpath+0x10/0x10 [ 210.436002][T28888] __x64_sys_clone+0x289/0x310 [ 210.440728][T28888] ? __do_sys_vfork+0x130/0x130 [ 210.445403][T28888] ? debug_smp_processor_id+0x17/0x20 [ 210.450610][T28888] do_syscall_64+0x44/0xd0 [ 210.454860][T28888] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 210.460586][T28888] RIP: 0033:0x7f510cb420d9 [ 210.464841][T28888] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 210.484282][T28888] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 210.492525][T28888] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 210.500347][T28888] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 17:39:47 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 52) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:47 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) 17:39:47 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_ro(r0, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) write$cgroup_int(r3, &(0x7f0000000100)=0x38, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r6 = openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r6, 0x0, r5, 0x2) openat$cgroup_ro(r6, &(0x7f0000000200)='blkio.bfq.time\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x1ff) (async) openat$cgroup_ro(r0, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000100)=0x38, 0x12) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r6, 0x0, r5, 0x2) (async) openat$cgroup_ro(r6, &(0x7f0000000200)='blkio.bfq.time\x00', 0x0, 0x0) (async) 17:39:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xdp_devmap_xmit\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 210.508149][T28888] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 210.515961][T28888] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 210.523772][T28888] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 210.531588][T28888] [ 210.588226][T28922] FAULT_INJECTION: forcing a failure. [ 210.588226][T28922] name failslab, interval 1, probability 0, space 0, times 0 [ 210.611651][T28922] CPU: 1 PID: 28922 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 210.621721][T28922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 210.631618][T28922] Call Trace: [ 210.634738][T28922] [ 210.637517][T28922] dump_stack_lvl+0x151/0x1b7 [ 210.642036][T28922] ? bfq_pos_tree_add_move+0x43e/0x43e [ 210.647326][T28922] dump_stack+0x15/0x17 [ 210.651320][T28922] should_fail+0x3c0/0x510 [ 210.655572][T28922] __should_failslab+0x9f/0xe0 [ 210.660168][T28922] should_failslab+0x9/0x20 [ 210.664510][T28922] kmem_cache_alloc+0x4f/0x2f0 [ 210.669108][T28922] ? vm_area_dup+0x26/0x1d0 [ 210.673451][T28922] vm_area_dup+0x26/0x1d0 [ 210.677622][T28922] dup_mmap+0x6b8/0xea0 [ 210.681611][T28922] ? __delayed_free_task+0x20/0x20 [ 210.686553][T28922] ? mm_init+0x807/0x960 [ 210.690634][T28922] dup_mm+0x91/0x330 [ 210.694364][T28922] copy_mm+0x108/0x1b0 [ 210.698277][T28922] copy_process+0x1295/0x3250 [ 210.702787][T28922] ? proc_fail_nth_write+0x213/0x290 [ 210.707906][T28922] ? proc_fail_nth_read+0x220/0x220 [ 210.712944][T28922] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 210.717885][T28922] ? vfs_write+0x9af/0x1050 [ 210.722312][T28922] ? vmacache_update+0xb7/0x120 [ 210.727004][T28922] kernel_clone+0x22d/0x990 [ 210.731351][T28922] ? file_end_write+0x1b0/0x1b0 [ 210.736026][T28922] ? __kasan_check_write+0x14/0x20 [ 210.740975][T28922] ? create_io_thread+0x1e0/0x1e0 [ 210.745832][T28922] ? __mutex_lock_slowpath+0x10/0x10 [ 210.750952][T28922] __x64_sys_clone+0x289/0x310 [ 210.755551][T28922] ? __do_sys_vfork+0x130/0x130 [ 210.760238][T28922] ? debug_smp_processor_id+0x17/0x20 [ 210.765447][T28922] do_syscall_64+0x44/0xd0 [ 210.769699][T28922] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 210.775426][T28922] RIP: 0033:0x7f510cb420d9 [ 210.779683][T28922] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 210.799130][T28922] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 210.807369][T28922] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 210.815178][T28922] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 210.822993][T28922] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 210.830800][T28922] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 17:39:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:48 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) 17:39:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xdp_devmap_xmit\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xdp_devmap_xmit\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 64) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_ro(r0, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) write$cgroup_int(r3, &(0x7f0000000100)=0x38, 0x12) (async, rerun: 64) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async, rerun: 32) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async, rerun: 32) r6 = openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (rerun: 32) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r6, 0x0, r5, 0x2) (async) openat$cgroup_ro(r6, &(0x7f0000000200)='blkio.bfq.time\x00', 0x0, 0x0) 17:39:48 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 53) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:48 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) [ 210.838612][T28922] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 210.846429][T28922] 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xe359760aa31fc81c) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:48 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) write$cgroup_int(r2, &(0x7f0000000100)=0x8, 0x12) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="9508f34df9dc5ca7577c0ca17f37fe4e2d33c7"], 0x6a) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 210.921381][T28963] FAULT_INJECTION: forcing a failure. [ 210.921381][T28963] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.955269][T28963] CPU: 1 PID: 28963 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 210.965337][T28963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 210.975234][T28963] Call Trace: [ 210.978360][T28963] [ 210.981140][T28963] dump_stack_lvl+0x151/0x1b7 [ 210.985740][T28963] ? bfq_pos_tree_add_move+0x43e/0x43e [ 210.991032][T28963] dump_stack+0x15/0x17 [ 210.995021][T28963] should_fail+0x3c0/0x510 [ 210.999277][T28963] should_fail_alloc_page+0x58/0x70 [ 211.004307][T28963] __alloc_pages+0x1de/0x7c0 [ 211.008737][T28963] ? __count_vm_events+0x30/0x30 [ 211.013502][T28963] ? __this_cpu_preempt_check+0x13/0x20 [ 211.018889][T28963] ? __mod_node_page_state+0xac/0xf0 [ 211.024006][T28963] pte_alloc_one+0x73/0x1b0 [ 211.028344][T28963] ? pfn_modify_allowed+0x2e0/0x2e0 [ 211.033382][T28963] __pte_alloc+0x86/0x350 [ 211.037545][T28963] ? free_pgtables+0x210/0x210 [ 211.042143][T28963] ? _raw_spin_lock+0xa3/0x1b0 [ 211.046744][T28963] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 211.051950][T28963] ? __kernel_text_address+0x9a/0x110 [ 211.057173][T28963] copy_pte_range+0x1b1f/0x20b0 [ 211.061852][T28963] ? __kunmap_atomic+0x80/0x80 [ 211.066446][T28963] ? __kasan_slab_alloc+0xc4/0xe0 [ 211.071308][T28963] ? __kasan_slab_alloc+0xb2/0xe0 [ 211.076166][T28963] ? kmem_cache_alloc+0x189/0x2f0 [ 211.081033][T28963] ? vm_area_dup+0x26/0x1d0 [ 211.085368][T28963] ? dup_mmap+0x6b8/0xea0 [ 211.089536][T28963] ? dup_mm+0x91/0x330 [ 211.093442][T28963] ? copy_mm+0x108/0x1b0 [ 211.097517][T28963] ? copy_process+0x1295/0x3250 [ 211.102561][T28963] ? kernel_clone+0x22d/0x990 [ 211.107067][T28963] ? __x64_sys_clone+0x289/0x310 [ 211.111845][T28963] ? do_syscall_64+0x44/0xd0 [ 211.116269][T28963] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 211.122170][T28963] copy_page_range+0xc1e/0x1090 [ 211.126861][T28963] ? pfn_valid+0x1e0/0x1e0 [ 211.131201][T28963] dup_mmap+0x99f/0xea0 [ 211.135197][T28963] ? __delayed_free_task+0x20/0x20 [ 211.140137][T28963] ? mm_init+0x807/0x960 [ 211.144215][T28963] dup_mm+0x91/0x330 [ 211.147957][T28963] copy_mm+0x108/0x1b0 [ 211.151852][T28963] copy_process+0x1295/0x3250 [ 211.156373][T28963] ? proc_fail_nth_write+0x213/0x290 [ 211.161488][T28963] ? proc_fail_nth_read+0x220/0x220 [ 211.166537][T28963] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 211.171466][T28963] ? vfs_write+0x9af/0x1050 [ 211.175812][T28963] ? vmacache_update+0xb7/0x120 [ 211.180497][T28963] kernel_clone+0x22d/0x990 [ 211.184844][T28963] ? file_end_write+0x1b0/0x1b0 [ 211.189522][T28963] ? __kasan_check_write+0x14/0x20 [ 211.194467][T28963] ? create_io_thread+0x1e0/0x1e0 [ 211.199341][T28963] ? __mutex_lock_slowpath+0x10/0x10 [ 211.204449][T28963] __x64_sys_clone+0x289/0x310 [ 211.209073][T28963] ? __do_sys_vfork+0x130/0x130 [ 211.213747][T28963] ? debug_smp_processor_id+0x17/0x20 [ 211.218953][T28963] do_syscall_64+0x44/0xd0 [ 211.223199][T28963] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 211.228928][T28963] RIP: 0033:0x7f510cb420d9 [ 211.233179][T28963] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 211.252624][T28963] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 211.260867][T28963] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 17:39:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xe359760aa31fc81c) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 211.268677][T28963] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 211.276497][T28963] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 211.284298][T28963] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 211.292111][T28963] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 211.299927][T28963] 17:39:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xdp_devmap_xmit\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xe359760aa31fc81c) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:48 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 54) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:48 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) write$cgroup_int(r2, &(0x7f0000000100)=0x8, 0x12) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="9508f34df9dc5ca7577c0ca17f37fe4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000100)=0x8, 0x12) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="9508f34df9dc5ca7577c0ca17f37fe4e2d33c7"], 0x6a) (async) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="009fdc1737b9adb8eca32291ae97b79bf71b000049f859a07463ce52472ebeb0171157ecf7a8e0c44f6a040194cd61b855e992ac00698b5390998466b8a987a448ee0eba35b7c8638a14ff07196432e9"], 0x6a) 17:39:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="009fdc1737b9adb8eca32291ae97b79bf71b000049f859a07463ce52472ebeb0171157ecf7a8e0c44f6a040194cd61b855e992ac00698b5390998466b8a987a448ee0eba35b7c8638a14ff07196432e9"], 0x6a) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) 17:39:48 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) write$cgroup_int(r2, &(0x7f0000000100)=0x8, 0x12) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="9508f34df9dc5ca7577c0ca17f37fe4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000100)=0x8, 0x12) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="9508f34df9dc5ca7577c0ca17f37fe4e2d33c7"], 0x6a) (async) 17:39:48 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="009fdc1737b9adb8eca32291ae97b79bf71b000049f859a07463ce52472ebeb0171157ecf7a8e0c44f6a040194cd61b855e992ac00698b5390998466b8a987a448ee0eba35b7c8638a14ff07196432e9"], 0x6a) 17:39:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r3, &(0x7f0000001640)='blkio.bfq.sectors\x00', 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0xa, &(0x7f0000001380)=@raw=[@call={0x85, 0x0, 0x0, 0x72}, @alu={0x7, 0x0, 0x8, 0x2, 0x2, 0xffffffffffffffe0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @alu={0x4, 0x1, 0x1, 0x0, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x23}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x7, 0xb, 0x1, 0xffffffffffffffff}], &(0x7f0000000280)='syzkaller\x00', 0x101, 0x70, &(0x7f0000001400)=""/112, 0x41100, 0x14, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000001480)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xc, 0x80000000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001500)=[r6, r1, r1]}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x2, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000300000000000000080000001b96c0fffcffffff85000000070000e2ca0000000010000000000000050000008510000007000000f7ff0000650000008500000071000000"], &(0x7f0000000040)='GPL\x00', 0xf8, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x8, '\x00', r4, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x5, 0x4}, 0x10}, 0x80) 17:39:48 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) [ 211.506968][T29031] FAULT_INJECTION: forcing a failure. [ 211.506968][T29031] name failslab, interval 1, probability 0, space 0, times 0 [ 211.534673][T29031] CPU: 0 PID: 29031 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 211.544747][T29031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 211.554639][T29031] Call Trace: [ 211.557762][T29031] [ 211.560538][T29031] dump_stack_lvl+0x151/0x1b7 [ 211.565051][T29031] ? bfq_pos_tree_add_move+0x43e/0x43e [ 211.570347][T29031] dump_stack+0x15/0x17 [ 211.574336][T29031] should_fail+0x3c0/0x510 [ 211.578592][T29031] __should_failslab+0x9f/0xe0 [ 211.583193][T29031] should_failslab+0x9/0x20 [ 211.587529][T29031] kmem_cache_alloc+0x4f/0x2f0 [ 211.592193][T29031] ? vm_area_dup+0x26/0x1d0 [ 211.596489][T29031] vm_area_dup+0x26/0x1d0 [ 211.600639][T29031] dup_mmap+0x6b8/0xea0 [ 211.604632][T29031] ? __delayed_free_task+0x20/0x20 [ 211.609577][T29031] ? mm_init+0x807/0x960 [ 211.613654][T29031] dup_mm+0x91/0x330 [ 211.617386][T29031] copy_mm+0x108/0x1b0 [ 211.621293][T29031] copy_process+0x1295/0x3250 [ 211.625808][T29031] ? proc_fail_nth_write+0x213/0x290 [ 211.630930][T29031] ? proc_fail_nth_read+0x220/0x220 [ 211.635960][T29031] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 211.640909][T29031] ? vfs_write+0x9af/0x1050 [ 211.645247][T29031] ? vmacache_update+0xb7/0x120 [ 211.649936][T29031] kernel_clone+0x22d/0x990 [ 211.654286][T29031] ? file_end_write+0x1b0/0x1b0 [ 211.658962][T29031] ? __kasan_check_write+0x14/0x20 [ 211.663908][T29031] ? create_io_thread+0x1e0/0x1e0 [ 211.668768][T29031] ? __mutex_lock_slowpath+0x10/0x10 [ 211.673889][T29031] __x64_sys_clone+0x289/0x310 [ 211.678492][T29031] ? __do_sys_vfork+0x130/0x130 [ 211.683177][T29031] ? debug_smp_processor_id+0x17/0x20 [ 211.688391][T29031] do_syscall_64+0x44/0xd0 [ 211.692645][T29031] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 211.698366][T29031] RIP: 0033:0x7f510cb420d9 [ 211.702966][T29031] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 211.722407][T29031] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 211.730653][T29031] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 211.738465][T29031] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 211.746275][T29031] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:49 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 55) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x6, 0x80, 0x1f, 0x7, 0x0, 0x10001, 0x1a40, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x80000001, 0x7fff}, 0x800, 0x7, 0xa56, 0x6, 0x8000000000000001, 0x5, 0x7ff, 0x0, 0x4, 0x0, 0x7f}, 0xffffffffffffffff, 0x7, r0, 0x9) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="e20a5aa19d0ec8b82d1f6f040b00089bd8370081adfe3be9dd6d47b1872526deb09d3e495c79cd5e2fa3f97c640b86cf9be0f77e8ae566d3c4"], 0x6a) 17:39:49 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x39) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:49 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r3, &(0x7f0000001640)='blkio.bfq.sectors\x00', 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0xa, &(0x7f0000001380)=@raw=[@call={0x85, 0x0, 0x0, 0x72}, @alu={0x7, 0x0, 0x8, 0x2, 0x2, 0xffffffffffffffe0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @alu={0x4, 0x1, 0x1, 0x0, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x23}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x7, 0xb, 0x1, 0xffffffffffffffff}], &(0x7f0000000280)='syzkaller\x00', 0x101, 0x70, &(0x7f0000001400)=""/112, 0x41100, 0x14, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000001480)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xc, 0x80000000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001500)=[r6, r1, r1]}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x2, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000300000000000000080000001b96c0fffcffffff85000000070000e2ca0000000010000000000000050000008510000007000000f7ff0000650000008500000071000000"], &(0x7f0000000040)='GPL\x00', 0xf8, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x8, '\x00', r4, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x5, 0x4}, 0x10}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r3, &(0x7f0000001640)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000015c0)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0xa, &(0x7f0000001380)=@raw=[@call={0x85, 0x0, 0x0, 0x72}, @alu={0x7, 0x0, 0x8, 0x2, 0x2, 0xffffffffffffffe0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @alu={0x4, 0x1, 0x1, 0x0, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x23}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x7, 0xb, 0x1, 0xffffffffffffffff}], &(0x7f0000000280)='syzkaller\x00', 0x101, 0x70, &(0x7f0000001400)=""/112, 0x41100, 0x14, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000001480)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xc, 0x80000000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001500)=[r6, r1, r1]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x2, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000300000000000000080000001b96c0fffcffffff85000000070000e2ca0000000010000000000000050000008510000007000000f7ff0000650000008500000071000000"], &(0x7f0000000040)='GPL\x00', 0xf8, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x8, '\x00', r4, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x5, 0x4}, 0x10}, 0x80) (async) 17:39:49 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) [ 211.754088][T29031] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 211.761906][T29031] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 211.769713][T29031] 17:39:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x6, 0x80, 0x1f, 0x7, 0x0, 0x10001, 0x1a40, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x80000001, 0x7fff}, 0x800, 0x7, 0xa56, 0x6, 0x8000000000000001, 0x5, 0x7ff, 0x0, 0x4, 0x0, 0x7f}, 0xffffffffffffffff, 0x7, r0, 0x9) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="e20a5aa19d0ec8b82d1f6f040b00089bd8370081adfe3be9dd6d47b1872526deb09d3e495c79cd5e2fa3f97c640b86cf9be0f77e8ae566d3c4"], 0x6a) [ 211.811055][T29066] FAULT_INJECTION: forcing a failure. [ 211.811055][T29066] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 211.826602][T29066] CPU: 0 PID: 29066 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 211.836667][T29066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 211.846559][T29066] Call Trace: [ 211.849686][T29066] [ 211.852461][T29066] dump_stack_lvl+0x151/0x1b7 17:39:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r3, &(0x7f0000001640)='blkio.bfq.sectors\x00', 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0xa, &(0x7f0000001380)=@raw=[@call={0x85, 0x0, 0x0, 0x72}, @alu={0x7, 0x0, 0x8, 0x2, 0x2, 0xffffffffffffffe0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @alu={0x4, 0x1, 0x1, 0x0, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x23}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x7, 0xb, 0x1, 0xffffffffffffffff}], &(0x7f0000000280)='syzkaller\x00', 0x101, 0x70, &(0x7f0000001400)=""/112, 0x41100, 0x14, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000001480)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xc, 0x80000000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001500)=[r6, r1, r1]}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x2, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000300000000000000080000001b96c0fffcffffff85000000070000e2ca0000000010000000000000050000008510000007000000f7ff0000650000008500000071000000"], &(0x7f0000000040)='GPL\x00', 0xf8, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x8, '\x00', r4, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x5, 0x4}, 0x10}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r3, &(0x7f0000001640)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000015c0)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0xa, &(0x7f0000001380)=@raw=[@call={0x85, 0x0, 0x0, 0x72}, @alu={0x7, 0x0, 0x8, 0x2, 0x2, 0xffffffffffffffe0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @alu={0x4, 0x1, 0x1, 0x0, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x23}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0x3, 0x7, 0xb, 0x1, 0xffffffffffffffff}], &(0x7f0000000280)='syzkaller\x00', 0x101, 0x70, &(0x7f0000001400)=""/112, 0x41100, 0x14, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000001480)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xc, 0x80000000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001500)=[r6, r1, r1]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x2, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000300000000000000080000001b96c0fffcffffff85000000070000e2ca0000000010000000000000050000008510000007000000f7ff0000650000008500000071000000"], &(0x7f0000000040)='GPL\x00', 0xf8, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x8, '\x00', r4, 0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x5, 0x4}, 0x10}, 0x80) (async) 17:39:49 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x39) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:49 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) 17:39:49 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x39) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:49 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) openat$cgroup_ro(r2, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x1, 0x400, 0x1, 0x1800, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x8, 0x3ff, 0x8758, 0x1682, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0xc}, 0x48) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x8}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.time_recursive\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="abaa722c37524d6bd7ea12a555ec219802007365f09ebf9c2100"], 0x6a) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r5, &(0x7f0000000500)='net_prio.prioidx\x00', 0x0, 0x0) [ 211.856976][T29066] ? bfq_pos_tree_add_move+0x43e/0x43e [ 211.862272][T29066] dump_stack+0x15/0x17 [ 211.866267][T29066] should_fail+0x3c0/0x510 [ 211.870518][T29066] should_fail_alloc_page+0x58/0x70 [ 211.875549][T29066] __alloc_pages+0x1de/0x7c0 [ 211.879976][T29066] ? __count_vm_events+0x30/0x30 [ 211.884745][T29066] ? __this_cpu_preempt_check+0x13/0x20 [ 211.890127][T29066] ? __mod_node_page_state+0xac/0xf0 [ 211.895256][T29066] pte_alloc_one+0x73/0x1b0 [ 211.899590][T29066] ? pfn_modify_allowed+0x2e0/0x2e0 [ 211.904973][T29066] __pte_alloc+0x86/0x350 [ 211.909141][T29066] ? free_pgtables+0x210/0x210 [ 211.913736][T29066] ? _raw_spin_lock+0xa3/0x1b0 [ 211.918510][T29066] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 211.923718][T29066] ? __kernel_text_address+0x9a/0x110 [ 211.928925][T29066] copy_pte_range+0x1b1f/0x20b0 [ 211.933704][T29066] ? __kunmap_atomic+0x80/0x80 [ 211.938299][T29066] ? __kasan_slab_alloc+0xc4/0xe0 [ 211.943158][T29066] ? __kasan_slab_alloc+0xb2/0xe0 [ 211.948017][T29066] ? kmem_cache_alloc+0x189/0x2f0 [ 211.952875][T29066] ? vm_area_dup+0x26/0x1d0 [ 211.957223][T29066] ? dup_mmap+0x6b8/0xea0 [ 211.961382][T29066] ? dup_mm+0x91/0x330 [ 211.965289][T29066] ? copy_mm+0x108/0x1b0 [ 211.969366][T29066] ? copy_process+0x1295/0x3250 [ 211.974053][T29066] ? kernel_clone+0x22d/0x990 [ 211.978568][T29066] ? __x64_sys_clone+0x289/0x310 [ 211.983343][T29066] ? do_syscall_64+0x44/0xd0 [ 211.987771][T29066] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 211.993673][T29066] copy_page_range+0xc1e/0x1090 [ 211.998358][T29066] ? pfn_valid+0x1e0/0x1e0 [ 212.002617][T29066] dup_mmap+0x99f/0xea0 [ 212.006603][T29066] ? __delayed_free_task+0x20/0x20 [ 212.011557][T29066] ? mm_init+0x807/0x960 [ 212.015628][T29066] dup_mm+0x91/0x330 [ 212.019359][T29066] copy_mm+0x108/0x1b0 [ 212.023265][T29066] copy_process+0x1295/0x3250 [ 212.027779][T29066] ? proc_fail_nth_write+0x213/0x290 [ 212.032900][T29066] ? proc_fail_nth_read+0x220/0x220 [ 212.037936][T29066] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 212.042880][T29066] ? vfs_write+0x9af/0x1050 [ 212.047231][T29066] ? vmacache_update+0xb7/0x120 [ 212.051909][T29066] kernel_clone+0x22d/0x990 [ 212.056255][T29066] ? file_end_write+0x1b0/0x1b0 [ 212.060941][T29066] ? __kasan_check_write+0x14/0x20 [ 212.065880][T29066] ? create_io_thread+0x1e0/0x1e0 [ 212.070741][T29066] ? __mutex_lock_slowpath+0x10/0x10 [ 212.075863][T29066] __x64_sys_clone+0x289/0x310 [ 212.080475][T29066] ? __do_sys_vfork+0x130/0x130 [ 212.085152][T29066] ? debug_smp_processor_id+0x17/0x20 [ 212.090356][T29066] do_syscall_64+0x44/0xd0 [ 212.094610][T29066] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 212.100342][T29066] RIP: 0033:0x7f510cb420d9 [ 212.104594][T29066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 212.124297][T29066] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 212.132548][T29066] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 212.140351][T29066] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 212.148165][T29066] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:49 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 56) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:49 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) openat$cgroup_ro(r2, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x1, 0x400, 0x1, 0x1800, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x8, 0x3ff, 0x8758, 0x1682, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0xc}, 0x48) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x8}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.time_recursive\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="abaa722c37524d6bd7ea12a555ec219802007365f09ebf9c2100"], 0x6a) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r5, &(0x7f0000000500)='net_prio.prioidx\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x10) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) (async) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x1, 0x400, 0x1, 0x1800, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x8, 0x3ff, 0x8758, 0x1682, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0xc}, 0x48) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x8}, 0x10) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.time_recursive\x00', 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="abaa722c37524d6bd7ea12a555ec219802007365f09ebf9c2100"], 0x6a) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r5, &(0x7f0000000500)='net_prio.prioidx\x00', 0x0, 0x0) (async) 17:39:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 212.156007][T29066] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 212.163785][T29066] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 212.171704][T29066] 17:39:49 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:49 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffb) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x8, [@fwd={0x9}, @volatile={0xd, 0x0, 0x0, 0x9, 0x4}, @union={0x5, 0x3, 0x0, 0x5, 0x1, 0x5, [{0xf, 0x1, 0x8}, {0x3, 0x1}, {0xc, 0x2, 0x1}]}]}, {0x0, [0x2e, 0x30, 0x2e, 0x30, 0x61, 0x2e]}}, &(0x7f00000001c0)=""/82, 0x68, 0x52}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x3, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @call={0x85, 0x0, 0x0, 0x2e}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x25, &(0x7f0000000100)=""/37, 0x41100, 0x11, '\x00', 0x0, 0x13, r1, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xb, 0x7ff}, 0x10, r2, r0}, 0x80) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async, rerun: 32) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x6, 0x80, 0x1f, 0x7, 0x0, 0x10001, 0x1a40, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x80000001, 0x7fff}, 0x800, 0x7, 0xa56, 0x6, 0x8000000000000001, 0x5, 0x7ff, 0x0, 0x4, 0x0, 0x7f}, 0xffffffffffffffff, 0x7, r0, 0x9) (rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="e20a5aa19d0ec8b82d1f6f040b00089bd8370081adfe3be9dd6d47b1872526deb09d3e495c79cd5e2fa3f97c640b86cf9be0f77e8ae566d3c4"], 0x6a) 17:39:49 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x10) (async) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) openat$cgroup_ro(r2, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0xfdef) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x1, 0x400, 0x1, 0x1800, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x8, 0x3ff, 0x8758, 0x1682, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0xc}, 0x48) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x8}, 0x10) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='blkio.bfq.time_recursive\x00', 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="abaa722c37524d6bd7ea12a555ec219802007365f09ebf9c2100"], 0x6a) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r5, &(0x7f0000000500)='net_prio.prioidx\x00', 0x0, 0x0) [ 212.213135][T29123] FAULT_INJECTION: forcing a failure. [ 212.213135][T29123] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 212.229289][T29123] CPU: 1 PID: 29123 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 212.239359][T29123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 212.249252][T29123] Call Trace: [ 212.252373][T29123] [ 212.255152][T29123] dump_stack_lvl+0x151/0x1b7 [ 212.259666][T29123] ? bfq_pos_tree_add_move+0x43e/0x43e [ 212.264963][T29123] dump_stack+0x15/0x17 [ 212.268984][T29123] should_fail+0x3c0/0x510 [ 212.273206][T29123] should_fail_alloc_page+0x58/0x70 [ 212.278239][T29123] __alloc_pages+0x1de/0x7c0 [ 212.282680][T29123] ? __count_vm_events+0x30/0x30 [ 212.287456][T29123] ? __this_cpu_preempt_check+0x13/0x20 [ 212.292845][T29123] pte_alloc_one+0x73/0x1b0 [ 212.297162][T29123] ? pfn_modify_allowed+0x2e0/0x2e0 [ 212.302196][T29123] ? preempt_schedule+0xd9/0xe0 [ 212.306894][T29123] ? preempt_schedule_common+0xcb/0x100 [ 212.312262][T29123] __pte_alloc+0x86/0x350 [ 212.316439][T29123] ? free_pgtables+0x210/0x210 [ 212.321026][T29123] ? _raw_spin_lock+0xa3/0x1b0 [ 212.325629][T29123] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 212.330839][T29123] ? preempt_schedule_thunk+0x16/0x18 [ 212.336045][T29123] copy_pte_range+0x1b1f/0x20b0 [ 212.340735][T29123] ? __kunmap_atomic+0x80/0x80 [ 212.345331][T29123] ? __kasan_slab_alloc+0xc4/0xe0 [ 212.350198][T29123] ? __kasan_slab_alloc+0xb2/0xe0 [ 212.355053][T29123] ? kmem_cache_alloc+0x189/0x2f0 [ 212.359911][T29123] ? vm_area_dup+0x26/0x1d0 [ 212.364252][T29123] ? dup_mmap+0x6b8/0xea0 [ 212.368424][T29123] ? dup_mm+0x91/0x330 [ 212.372326][T29123] ? copy_mm+0x108/0x1b0 [ 212.376405][T29123] ? copy_process+0x1295/0x3250 [ 212.381089][T29123] ? kernel_clone+0x22d/0x990 [ 212.385604][T29123] ? __x64_sys_clone+0x289/0x310 [ 212.390378][T29123] ? do_syscall_64+0x44/0xd0 [ 212.394804][T29123] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 212.400706][T29123] copy_page_range+0xc1e/0x1090 [ 212.405397][T29123] ? pfn_valid+0x1e0/0x1e0 [ 212.409653][T29123] dup_mmap+0x99f/0xea0 [ 212.413641][T29123] ? __delayed_free_task+0x20/0x20 [ 212.418586][T29123] ? mm_init+0x807/0x960 [ 212.422664][T29123] dup_mm+0x91/0x330 [ 212.426417][T29123] copy_mm+0x108/0x1b0 [ 212.430303][T29123] copy_process+0x1295/0x3250 [ 212.434815][T29123] ? proc_fail_nth_write+0x213/0x290 [ 212.439938][T29123] ? proc_fail_nth_read+0x220/0x220 [ 212.444971][T29123] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 212.449917][T29123] ? vfs_write+0x9af/0x1050 [ 212.454446][T29123] ? vmacache_update+0xb7/0x120 [ 212.459121][T29123] kernel_clone+0x22d/0x990 [ 212.463464][T29123] ? file_end_write+0x1b0/0x1b0 [ 212.468403][T29123] ? __kasan_check_write+0x14/0x20 [ 212.473353][T29123] ? create_io_thread+0x1e0/0x1e0 [ 212.478215][T29123] ? __mutex_lock_slowpath+0x10/0x10 [ 212.483334][T29123] __x64_sys_clone+0x289/0x310 [ 212.487937][T29123] ? __do_sys_vfork+0x130/0x130 [ 212.492712][T29123] ? debug_smp_processor_id+0x17/0x20 [ 212.498089][T29123] do_syscall_64+0x44/0xd0 [ 212.502344][T29123] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 212.508069][T29123] RIP: 0033:0x7f510cb420d9 [ 212.512324][T29123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 212.531766][T29123] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 212.540012][T29123] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 212.547828][T29123] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 212.555632][T29123] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:50 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffb) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x8, [@fwd={0x9}, @volatile={0xd, 0x0, 0x0, 0x9, 0x4}, @union={0x5, 0x3, 0x0, 0x5, 0x1, 0x5, [{0xf, 0x1, 0x8}, {0x3, 0x1}, {0xc, 0x2, 0x1}]}]}, {0x0, [0x2e, 0x30, 0x2e, 0x30, 0x61, 0x2e]}}, &(0x7f00000001c0)=""/82, 0x68, 0x52}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x3, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @call={0x85, 0x0, 0x0, 0x2e}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x25, &(0x7f0000000100)=""/37, 0x41100, 0x11, '\x00', 0x0, 0x13, r1, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xb, 0x7ff}, 0x10, r2, r0}, 0x80) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffb) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x8, [@fwd={0x9}, @volatile={0xd, 0x0, 0x0, 0x9, 0x4}, @union={0x5, 0x3, 0x0, 0x5, 0x1, 0x5, [{0xf, 0x1, 0x8}, {0x3, 0x1}, {0xc, 0x2, 0x1}]}]}, {0x0, [0x2e, 0x30, 0x2e, 0x30, 0x61, 0x2e]}}, &(0x7f00000001c0)=""/82, 0x68, 0x52}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x3, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @call={0x85, 0x0, 0x0, 0x2e}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x25, &(0x7f0000000100)=""/37, 0x41100, 0x11, '\x00', 0x0, 0x13, r1, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xb, 0x7ff}, 0x10, r2, r0}, 0x80) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) (async) 17:39:50 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 57) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x5, 0x7, 0x9, 0x0, 0x8000000000000001, 0x100, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000100), 0x10}, 0x4000, 0x9d, 0x0, 0x3, 0x101, 0x319, 0x1, 0x0, 0x6}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x2) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000280)=0xf504) r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) openat$cgroup_ro(r5, &(0x7f0000000040)='blkio.bfq.time\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e37334653df3f66e5cba2ec8ac16c03d198bea49e612d7a90d900f39038bf7c57be1a8013f5b05ac88e7d49060ba4b3"], 0x6a) [ 212.563442][T29123] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 212.571253][T29123] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 212.579156][T29123] 17:39:50 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffb) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x8, [@fwd={0x9}, @volatile={0xd, 0x0, 0x0, 0x9, 0x4}, @union={0x5, 0x3, 0x0, 0x5, 0x1, 0x5, [{0xf, 0x1, 0x8}, {0x3, 0x1}, {0xc, 0x2, 0x1}]}]}, {0x0, [0x2e, 0x30, 0x2e, 0x30, 0x61, 0x2e]}}, &(0x7f00000001c0)=""/82, 0x68, 0x52}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x58, 0x10, &(0x7f0000000440), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0xc, 0x0, &(0x7f0000000800), &(0x7f00000008c0)='GPL\x00', 0x6b5, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x4, r3, 0x8, &(0x7f0000000900), 0x8, 0x10, &(0x7f0000000940)={0x0, 0x8, 0x2e9480, 0x2}, 0x10, r2}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x3, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @call={0x85, 0x0, 0x0, 0x2e}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x25, &(0x7f0000000100)=""/37, 0x41100, 0x11, '\x00', 0x0, 0x13, r1, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xb, 0x7ff}, 0x10, r2, r0}, 0x80) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:50 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2db3c7"], 0x6a) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) (async, rerun: 64) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x5, 0x7, 0x9, 0x0, 0x8000000000000001, 0x100, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000100), 0x10}, 0x4000, 0x9d, 0x0, 0x3, 0x101, 0x319, 0x1, 0x0, 0x6}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x2) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000280)=0xf504) (async, rerun: 64) r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (rerun: 64) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) (async, rerun: 32) openat$cgroup_ro(r5, &(0x7f0000000040)='blkio.bfq.time\x00', 0x0, 0x0) (async, rerun: 32) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e37334653df3f66e5cba2ec8ac16c03d198bea49e612d7a90d900f39038bf7c57be1a8013f5b05ac88e7d49060ba4b3"], 0x6a) [ 212.637707][T29155] FAULT_INJECTION: forcing a failure. [ 212.637707][T29155] name failslab, interval 1, probability 0, space 0, times 0 [ 212.685807][T29155] CPU: 0 PID: 29155 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 212.695885][T29155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 212.705777][T29155] Call Trace: [ 212.708904][T29155] [ 212.711673][T29155] dump_stack_lvl+0x151/0x1b7 [ 212.716186][T29155] ? bfq_pos_tree_add_move+0x43e/0x43e [ 212.721491][T29155] dump_stack+0x15/0x17 [ 212.725474][T29155] should_fail+0x3c0/0x510 [ 212.729727][T29155] __should_failslab+0x9f/0xe0 [ 212.734328][T29155] should_failslab+0x9/0x20 [ 212.738667][T29155] kmem_cache_alloc+0x4f/0x2f0 [ 212.743267][T29155] ? vm_area_dup+0x26/0x1d0 [ 212.747695][T29155] vm_area_dup+0x26/0x1d0 [ 212.751859][T29155] dup_mmap+0x6b8/0xea0 [ 212.755862][T29155] ? __delayed_free_task+0x20/0x20 [ 212.760797][T29155] ? mm_init+0x807/0x960 [ 212.764881][T29155] dup_mm+0x91/0x330 [ 212.768611][T29155] copy_mm+0x108/0x1b0 [ 212.772602][T29155] copy_process+0x1295/0x3250 [ 212.777117][T29155] ? proc_fail_nth_write+0x213/0x290 [ 212.782239][T29155] ? proc_fail_nth_read+0x220/0x220 [ 212.787272][T29155] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 212.792220][T29155] ? vfs_write+0x9af/0x1050 [ 212.796558][T29155] ? vmacache_update+0xb7/0x120 [ 212.801246][T29155] kernel_clone+0x22d/0x990 [ 212.805584][T29155] ? file_end_write+0x1b0/0x1b0 [ 212.810269][T29155] ? __kasan_check_write+0x14/0x20 [ 212.815224][T29155] ? create_io_thread+0x1e0/0x1e0 [ 212.820082][T29155] ? __mutex_lock_slowpath+0x10/0x10 [ 212.825202][T29155] __x64_sys_clone+0x289/0x310 [ 212.829801][T29155] ? __do_sys_vfork+0x130/0x130 [ 212.834574][T29155] ? debug_smp_processor_id+0x17/0x20 [ 212.839780][T29155] do_syscall_64+0x44/0xd0 [ 212.844032][T29155] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 212.849763][T29155] RIP: 0033:0x7f510cb420d9 [ 212.854019][T29155] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 212.873456][T29155] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:50 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x0, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:50 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2db3c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2db3c7"], 0x6a) (async) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001680)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001640)='\\}^+,}*)#$!.\x00'}, 0x30) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001500)={r0, 0xe0, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x8, &(0x7f0000001300), 0x8, 0x10, &(0x7f0000001340), &(0x7f0000001380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000013c0)}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x5, '\x00', r1, 0xe, r2, 0x8, &(0x7f0000001540)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001580)={0x3, 0xf, 0x3, 0x9}, 0x10, 0xffffffffffffffff, r0}, 0x80) 17:39:50 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c219318a9aeb1c1a200a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c16010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b427080000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r2, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r0, 0x6b0, '\x00', r3, r4, 0x0, 0x2, 0x3, 0xc}, 0x48) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x8, &(0x7f0000000000)=@raw=[@ldst={0x2, 0x2, 0x0, 0x9, 0x4, 0x4, 0x8}, @map_fd={0x18, 0x6}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000040)='GPL\x00', 0x10001, 0x12, &(0x7f0000000080)=""/18, 0x40f00, 0x14, '\x00', r3, 0x8, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0xf, 0x5, 0x3}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000180)=[r6]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 64) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) (async, rerun: 64) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x5, 0x7, 0x9, 0x0, 0x8000000000000001, 0x100, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000100), 0x10}, 0x4000, 0x9d, 0x0, 0x3, 0x101, 0x319, 0x1, 0x0, 0x6}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x2) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async, rerun: 32) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) (rerun: 32) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000340)='syzkaller\x00') ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000280)=0xf504) r5 = openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r5, 0x0, r4, 0x2) (async) openat$cgroup_ro(r5, &(0x7f0000000040)='blkio.bfq.time\x00', 0x0, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e37334653df3f66e5cba2ec8ac16c03d198bea49e612d7a90d900f39038bf7c57be1a8013f5b05ac88e7d49060ba4b3"], 0x6a) 17:39:50 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 58) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 212.881701][T29155] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 212.889514][T29155] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 212.897324][T29155] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 212.905137][T29155] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 212.912946][T29155] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 212.920766][T29155] 17:39:50 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c219318a9aeb1c1a200a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c16010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b427080000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r2, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r0, 0x6b0, '\x00', r3, r4, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x8, &(0x7f0000000000)=@raw=[@ldst={0x2, 0x2, 0x0, 0x9, 0x4, 0x4, 0x8}, @map_fd={0x18, 0x6}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000040)='GPL\x00', 0x10001, 0x12, &(0x7f0000000080)=""/18, 0x40f00, 0x14, '\x00', r3, 0x8, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0xf, 0x5, 0x3}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000180)=[r6]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001680)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001640)='\\}^+,}*)#$!.\x00'}, 0x30) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001500)={r0, 0xe0, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x8, &(0x7f0000001300), 0x8, 0x10, &(0x7f0000001340), &(0x7f0000001380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000013c0)}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x5, '\x00', r1, 0xe, r2, 0x8, &(0x7f0000001540)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001580)={0x3, 0xf, 0x3, 0x9}, 0x10, 0xffffffffffffffff, r0}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001680)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001640)='\\}^+,}*)#$!.\x00'}, 0x30) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001500)={r0, 0xe0, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x8, &(0x7f0000001300), 0x8, 0x10, &(0x7f0000001340), &(0x7f0000001380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000013c0)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x5, '\x00', r1, 0xe, r2, 0x8, &(0x7f0000001540)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001580)={0x3, 0xf, 0x3, 0x9}, 0x10, 0xffffffffffffffff, r0}, 0x80) (async) 17:39:50 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2db3c7"], 0x6a) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0x8, 0x6, 0x0, 0x6, 0x0, 0x4, 0x15884, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x800, 0x4, @perf_config_ext={0x80, 0x6}, 0x6000, 0x4, 0x8a7a, 0x9, 0x2, 0xc0000000, 0x401, 0x0, 0x800, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0xa) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 212.977818][T29204] FAULT_INJECTION: forcing a failure. [ 212.977818][T29204] name failslab, interval 1, probability 0, space 0, times 0 [ 213.008389][T29204] CPU: 0 PID: 29204 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 213.018463][T29204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 213.028354][T29204] Call Trace: [ 213.031477][T29204] [ 213.034262][T29204] dump_stack_lvl+0x151/0x1b7 [ 213.038767][T29204] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.044064][T29204] dump_stack+0x15/0x17 [ 213.048054][T29204] should_fail+0x3c0/0x510 [ 213.052305][T29204] __should_failslab+0x9f/0xe0 [ 213.056909][T29204] should_failslab+0x9/0x20 [ 213.061246][T29204] kmem_cache_alloc+0x4f/0x2f0 [ 213.065846][T29204] ? vm_area_dup+0x26/0x1d0 [ 213.070283][T29204] vm_area_dup+0x26/0x1d0 [ 213.074532][T29204] dup_mmap+0x6b8/0xea0 [ 213.078527][T29204] ? __delayed_free_task+0x20/0x20 [ 213.083472][T29204] ? mm_init+0x807/0x960 [ 213.087551][T29204] dup_mm+0x91/0x330 [ 213.091285][T29204] copy_mm+0x108/0x1b0 [ 213.095191][T29204] copy_process+0x1295/0x3250 [ 213.099706][T29204] ? proc_fail_nth_write+0x213/0x290 [ 213.104823][T29204] ? proc_fail_nth_read+0x220/0x220 [ 213.109858][T29204] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 213.114807][T29204] ? vfs_write+0x9af/0x1050 [ 213.119149][T29204] ? vmacache_update+0xb7/0x120 [ 213.123919][T29204] kernel_clone+0x22d/0x990 [ 213.128313][T29204] ? file_end_write+0x1b0/0x1b0 [ 213.132946][T29204] ? __kasan_check_write+0x14/0x20 [ 213.137891][T29204] ? create_io_thread+0x1e0/0x1e0 [ 213.142754][T29204] ? __mutex_lock_slowpath+0x10/0x10 [ 213.147967][T29204] __x64_sys_clone+0x289/0x310 [ 213.152562][T29204] ? __do_sys_vfork+0x130/0x130 [ 213.157451][T29204] ? debug_smp_processor_id+0x17/0x20 [ 213.162630][T29204] do_syscall_64+0x44/0xd0 [ 213.166884][T29204] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 213.172608][T29204] RIP: 0033:0x7f510cb420d9 [ 213.176864][T29204] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 213.196478][T29204] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 213.204723][T29204] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 213.212534][T29204] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 213.220344][T29204] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0x8, 0x6, 0x0, 0x6, 0x0, 0x4, 0x15884, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x800, 0x4, @perf_config_ext={0x80, 0x6}, 0x6000, 0x4, 0x8a7a, 0x9, 0x2, 0xc0000000, 0x401, 0x0, 0x800, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0xa) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:50 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c219318a9aeb1c1a200a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c16010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b427080000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r2, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r0, 0x6b0, '\x00', r3, r4, 0x0, 0x2, 0x3, 0xc}, 0x48) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x8, &(0x7f0000000000)=@raw=[@ldst={0x2, 0x2, 0x0, 0x9, 0x4, 0x4, 0x8}, @map_fd={0x18, 0x6}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000040)='GPL\x00', 0x10001, 0x12, &(0x7f0000000080)=""/18, 0x40f00, 0x14, '\x00', r3, 0x8, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0xf, 0x5, 0x3}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000180)=[r6]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r0, r0]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c219318a9aeb1c1a200a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c16010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b427080000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r2, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r0, 0x6b0, '\x00', r3, r4, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x8, &(0x7f0000000000)=@raw=[@ldst={0x2, 0x2, 0x0, 0x9, 0x4, 0x4, 0x8}, @map_fd={0x18, 0x6}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000040)='GPL\x00', 0x10001, 0x12, &(0x7f0000000080)=""/18, 0x40f00, 0x14, '\x00', r3, 0x8, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0xf, 0x5, 0x3}, 0x10, 0xffffffffffffffff, r5, 0x0, &(0x7f0000000180)=[r6]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) [ 213.228186][T29204] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 213.235969][T29204] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 213.243782][T29204] 17:39:50 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x0, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001680)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001640)='\\}^+,}*)#$!.\x00'}, 0x30) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001500)={r0, 0xe0, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x8, &(0x7f0000001300), 0x8, 0x10, &(0x7f0000001340), &(0x7f0000001380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000013c0)}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x5, '\x00', r1, 0xe, r2, 0x8, &(0x7f0000001540)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001580)={0x3, 0xf, 0x3, 0x9}, 0x10, 0xffffffffffffffff, r0}, 0x80) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0x8, 0x6, 0x0, 0x6, 0x0, 0x4, 0x15884, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x800, 0x4, @perf_config_ext={0x80, 0x6}, 0x6000, 0x4, 0x8a7a, 0x9, 0x2, 0xc0000000, 0x401, 0x0, 0x800, 0x0, 0x9}, r0, 0x5, 0xffffffffffffffff, 0xa) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:50 executing program 5: bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x20) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_int(r2, &(0x7f00000000c0)=0x6, 0x12) 17:39:50 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 59) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:50 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xc9be) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:50 executing program 5: bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x20) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) write$cgroup_int(r2, &(0x7f00000000c0)=0x6, 0x12) 17:39:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801677e22f5193650b293200000000000000099d2c6e28e6890adef3e2c05b50378066e42b971b899da926e2000000400"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={&(0x7f0000000040)="1d9fe3af994be72b40951c3b72a808bc28ddf17e139779d1f0017113d0957622f6c7e11f4133a23044", &(0x7f0000000300)=""/203, &(0x7f00000000c0), &(0x7f0000000400)="5bbb2ad50a6842f10400b5fba7f5929751d66a4f9c040a354bd1012a9fed2a61a0719829c7d28d4837102a34c6a53923818f1935ba1b02d901188df542b0f9717b5b7813c41b684bda724d7d5346afa338bb9ab03ac954097944cadad855f5e5557325165a42f12ecdcedce4cd1521c2b6d1373bd9ffed07d0ec43d94f8e0dff879c8785babe68edc99f677fb13cc1cfc22034c85bc535e76c178cc83f71de60db1f735efb3ff9c0ee59eb572234acc8e148783775cff5870dbbbd9f5b1bf38d2d7591cc3d1cd99a3b", 0x1f, r1, 0x4}, 0x38) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x6a) 17:39:50 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xc9be) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xc9be) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:39:50 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x6a) [ 213.330591][T29256] FAULT_INJECTION: forcing a failure. [ 213.330591][T29256] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 213.380798][T29256] CPU: 1 PID: 29256 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 213.390873][T29256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 213.400769][T29256] Call Trace: [ 213.403888][T29256] [ 213.406667][T29256] dump_stack_lvl+0x151/0x1b7 [ 213.411183][T29256] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.416478][T29256] dump_stack+0x15/0x17 [ 213.420469][T29256] should_fail+0x3c0/0x510 [ 213.424722][T29256] should_fail_alloc_page+0x58/0x70 [ 213.429760][T29256] __alloc_pages+0x1de/0x7c0 [ 213.434196][T29256] ? __count_vm_events+0x30/0x30 [ 213.438961][T29256] ? __this_cpu_preempt_check+0x13/0x20 [ 213.444335][T29256] ? __mod_node_page_state+0xac/0xf0 [ 213.449457][T29256] pte_alloc_one+0x73/0x1b0 [ 213.453795][T29256] ? pfn_modify_allowed+0x2e0/0x2e0 [ 213.458829][T29256] __pte_alloc+0x86/0x350 [ 213.462996][T29256] ? free_pgtables+0x210/0x210 [ 213.467679][T29256] ? _raw_spin_lock+0xa3/0x1b0 [ 213.472281][T29256] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 213.477489][T29256] ? __kernel_text_address+0x9a/0x110 [ 213.482696][T29256] copy_pte_range+0x1b1f/0x20b0 [ 213.487386][T29256] ? __kunmap_atomic+0x80/0x80 [ 213.491982][T29256] ? __kasan_slab_alloc+0xc4/0xe0 [ 213.496844][T29256] ? __kasan_slab_alloc+0xb2/0xe0 [ 213.501704][T29256] ? kmem_cache_alloc+0x189/0x2f0 [ 213.506570][T29256] ? vm_area_dup+0x26/0x1d0 [ 213.510903][T29256] ? dup_mmap+0x6b8/0xea0 [ 213.515075][T29256] ? dup_mm+0x91/0x330 [ 213.518976][T29256] ? copy_mm+0x108/0x1b0 [ 213.523053][T29256] ? copy_process+0x1295/0x3250 [ 213.527743][T29256] ? kernel_clone+0x22d/0x990 [ 213.532258][T29256] ? __x64_sys_clone+0x289/0x310 [ 213.537040][T29256] ? do_syscall_64+0x44/0xd0 [ 213.541455][T29256] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 213.547368][T29256] copy_page_range+0xc1e/0x1090 [ 213.552050][T29256] ? pfn_valid+0x1e0/0x1e0 [ 213.556300][T29256] dup_mmap+0x99f/0xea0 [ 213.560319][T29256] ? __delayed_free_task+0x20/0x20 [ 213.565238][T29256] ? mm_init+0x807/0x960 [ 213.569316][T29256] dup_mm+0x91/0x330 [ 213.573052][T29256] copy_mm+0x108/0x1b0 [ 213.576954][T29256] copy_process+0x1295/0x3250 [ 213.581480][T29256] ? proc_fail_nth_write+0x213/0x290 [ 213.586610][T29256] ? proc_fail_nth_read+0x220/0x220 [ 213.591624][T29256] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 213.596569][T29256] ? vfs_write+0x9af/0x1050 [ 213.600908][T29256] ? vmacache_update+0xb7/0x120 [ 213.605596][T29256] kernel_clone+0x22d/0x990 [ 213.609935][T29256] ? file_end_write+0x1b0/0x1b0 [ 213.614622][T29256] ? __kasan_check_write+0x14/0x20 [ 213.619571][T29256] ? create_io_thread+0x1e0/0x1e0 [ 213.624431][T29256] ? __mutex_lock_slowpath+0x10/0x10 [ 213.629552][T29256] __x64_sys_clone+0x289/0x310 [ 213.634152][T29256] ? __do_sys_vfork+0x130/0x130 [ 213.638838][T29256] ? debug_smp_processor_id+0x17/0x20 [ 213.644047][T29256] do_syscall_64+0x44/0xd0 [ 213.648300][T29256] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 213.654026][T29256] RIP: 0033:0x7f510cb420d9 [ 213.658281][T29256] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:39:50 executing program 5: bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x20) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) write$cgroup_int(r2, &(0x7f00000000c0)=0x6, 0x12) 17:39:50 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x0, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:51 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xc9be) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (rerun: 64) 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x6a) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff8c) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000000)=[0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0xffffffc4, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000040)}}, 0x10) [ 213.677809][T29256] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 213.686053][T29256] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 213.693953][T29256] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 213.701775][T29256] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 213.709574][T29256] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 213.717387][T29256] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 213.725210][T29256] 17:39:51 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 60) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000140)={'a', ' *:* ', 'rm\x00'}, 0x9) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], 0xfdbd) 17:39:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) [ 213.800262][T29297] FAULT_INJECTION: forcing a failure. [ 213.800262][T29297] name failslab, interval 1, probability 0, space 0, times 0 [ 213.826348][T29297] CPU: 1 PID: 29297 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 213.836440][T29297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 213.846315][T29297] Call Trace: [ 213.849524][T29297] [ 213.852304][T29297] dump_stack_lvl+0x151/0x1b7 [ 213.856815][T29297] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.862114][T29297] dump_stack+0x15/0x17 [ 213.866104][T29297] should_fail+0x3c0/0x510 [ 213.870356][T29297] __should_failslab+0x9f/0xe0 [ 213.874955][T29297] should_failslab+0x9/0x20 [ 213.879402][T29297] kmem_cache_alloc+0x4f/0x2f0 [ 213.883979][T29297] ? vm_area_dup+0x26/0x1d0 [ 213.888324][T29297] vm_area_dup+0x26/0x1d0 [ 213.892491][T29297] dup_mmap+0x6b8/0xea0 [ 213.896482][T29297] ? __delayed_free_task+0x20/0x20 [ 213.901429][T29297] ? mm_init+0x807/0x960 [ 213.905506][T29297] dup_mm+0x91/0x330 [ 213.909247][T29297] copy_mm+0x108/0x1b0 [ 213.913230][T29297] copy_process+0x1295/0x3250 [ 213.917751][T29297] ? proc_fail_nth_write+0x213/0x290 [ 213.922864][T29297] ? proc_fail_nth_read+0x220/0x220 [ 213.927904][T29297] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 213.932849][T29297] ? vfs_write+0x9af/0x1050 [ 213.937195][T29297] ? vmacache_update+0xb7/0x120 [ 213.941872][T29297] kernel_clone+0x22d/0x990 [ 213.946209][T29297] ? file_end_write+0x1b0/0x1b0 [ 213.950898][T29297] ? __kasan_check_write+0x14/0x20 [ 213.955842][T29297] ? create_io_thread+0x1e0/0x1e0 [ 213.960705][T29297] ? __mutex_lock_slowpath+0x10/0x10 [ 213.965828][T29297] __x64_sys_clone+0x289/0x310 [ 213.970424][T29297] ? __do_sys_vfork+0x130/0x130 [ 213.975202][T29297] ? debug_smp_processor_id+0x17/0x20 [ 213.980404][T29297] do_syscall_64+0x44/0xd0 [ 213.984659][T29297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 213.990386][T29297] RIP: 0033:0x7f510cb420d9 [ 213.994641][T29297] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 214.014342][T29297] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 214.022586][T29297] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 214.030398][T29297] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 214.038208][T29297] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801677e22f5193650b293200000000000000099d2c6e28e6890adef3e2c05b50378066e42b971b899da926e2000000400"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={&(0x7f0000000040)="1d9fe3af994be72b40951c3b72a808bc28ddf17e139779d1f0017113d0957622f6c7e11f4133a23044", &(0x7f0000000300)=""/203, &(0x7f00000000c0), &(0x7f0000000400)="5bbb2ad50a6842f10400b5fba7f5929751d66a4f9c040a354bd1012a9fed2a61a0719829c7d28d4837102a34c6a53923818f1935ba1b02d901188df542b0f9717b5b7813c41b684bda724d7d5346afa338bb9ab03ac954097944cadad855f5e5557325165a42f12ecdcedce4cd1521c2b6d1373bd9ffed07d0ec43d94f8e0dff879c8785babe68edc99f677fb13cc1cfc22034c85bc535e76c178cc83f71de60db1f735efb3ff9c0ee59eb572234acc8e148783775cff5870dbbbd9f5b1bf38d2d7591cc3d1cd99a3b", 0x1f, r1, 0x4}, 0x38) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801677e22f5193650b293200000000000000099d2c6e28e6890adef3e2c05b50378066e42b971b899da926e2000000400"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={&(0x7f0000000040)="1d9fe3af994be72b40951c3b72a808bc28ddf17e139779d1f0017113d0957622f6c7e11f4133a23044", &(0x7f0000000300)=""/203, &(0x7f00000000c0), &(0x7f0000000400)="5bbb2ad50a6842f10400b5fba7f5929751d66a4f9c040a354bd1012a9fed2a61a0719829c7d28d4837102a34c6a53923818f1935ba1b02d901188df542b0f9717b5b7813c41b684bda724d7d5346afa338bb9ab03ac954097944cadad855f5e5557325165a42f12ecdcedce4cd1521c2b6d1373bd9ffed07d0ec43d94f8e0dff879c8785babe68edc99f677fb13cc1cfc22034c85bc535e76c178cc83f71de60db1f735efb3ff9c0ee59eb572234acc8e148783775cff5870dbbbd9f5b1bf38d2d7591cc3d1cd99a3b", 0x1f, r1, 0x4}, 0x38) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff8c) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000000)=[0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0xffffffc4, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000040)}}, 0x10) 17:39:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async, rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000140)={'a', ' *:* ', 'rm\x00'}, 0x9) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], 0xfdbd) 17:39:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:51 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 61) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 214.046021][T29297] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 214.053833][T29297] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 214.061648][T29297] 17:39:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff8c) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000000)=[0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0xffffffc4, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000040)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff8c) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000000)=[0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0xffffffc4, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000040)}}, 0x10) (async) [ 214.110102][T29315] FAULT_INJECTION: forcing a failure. [ 214.110102][T29315] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 214.128408][T29315] CPU: 1 PID: 29315 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 214.138484][T29315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 214.148370][T29315] Call Trace: [ 214.151490][T29315] [ 214.154269][T29315] dump_stack_lvl+0x151/0x1b7 [ 214.158791][T29315] ? bfq_pos_tree_add_move+0x43e/0x43e [ 214.164075][T29315] dump_stack+0x15/0x17 [ 214.168070][T29315] should_fail+0x3c0/0x510 [ 214.172330][T29315] should_fail_alloc_page+0x58/0x70 [ 214.177362][T29315] __alloc_pages+0x1de/0x7c0 [ 214.181839][T29315] ? __count_vm_events+0x30/0x30 [ 214.186560][T29315] ? __this_cpu_preempt_check+0x13/0x20 [ 214.191945][T29315] ? __mod_node_page_state+0xac/0xf0 [ 214.197061][T29315] pte_alloc_one+0x73/0x1b0 [ 214.201396][T29315] ? pfn_modify_allowed+0x2e0/0x2e0 [ 214.206432][T29315] __pte_alloc+0x86/0x350 [ 214.210606][T29315] ? free_pgtables+0x210/0x210 [ 214.215198][T29315] ? _raw_spin_lock+0xa3/0x1b0 [ 214.219798][T29315] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 214.225006][T29315] ? __kernel_text_address+0x9a/0x110 [ 214.230220][T29315] copy_pte_range+0x1b1f/0x20b0 [ 214.234914][T29315] ? __kunmap_atomic+0x80/0x80 [ 214.239848][T29315] ? __kasan_slab_alloc+0xc4/0xe0 [ 214.244800][T29315] ? __kasan_slab_alloc+0xb2/0xe0 [ 214.249654][T29315] ? kmem_cache_alloc+0x189/0x2f0 [ 214.254513][T29315] ? vm_area_dup+0x26/0x1d0 [ 214.258866][T29315] ? dup_mmap+0x6b8/0xea0 [ 214.263022][T29315] ? dup_mm+0x91/0x330 [ 214.266928][T29315] ? copy_mm+0x108/0x1b0 [ 214.271063][T29315] ? copy_process+0x1295/0x3250 [ 214.275694][T29315] ? kernel_clone+0x22d/0x990 [ 214.280208][T29315] ? __x64_sys_clone+0x289/0x310 [ 214.284979][T29315] ? do_syscall_64+0x44/0xd0 [ 214.289407][T29315] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 214.295316][T29315] copy_page_range+0xc1e/0x1090 [ 214.300035][T29315] ? pfn_valid+0x1e0/0x1e0 [ 214.304251][T29315] dup_mmap+0x99f/0xea0 [ 214.308241][T29315] ? __delayed_free_task+0x20/0x20 [ 214.313187][T29315] ? mm_init+0x807/0x960 [ 214.317268][T29315] dup_mm+0x91/0x330 [ 214.321000][T29315] copy_mm+0x108/0x1b0 [ 214.324914][T29315] copy_process+0x1295/0x3250 [ 214.329420][T29315] ? proc_fail_nth_write+0x213/0x290 [ 214.334540][T29315] ? proc_fail_nth_read+0x220/0x220 [ 214.339576][T29315] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 214.344557][T29315] ? vfs_write+0x9af/0x1050 [ 214.348860][T29315] ? vmacache_update+0xb7/0x120 [ 214.353549][T29315] kernel_clone+0x22d/0x990 [ 214.357892][T29315] ? file_end_write+0x1b0/0x1b0 [ 214.362573][T29315] ? __kasan_check_write+0x14/0x20 [ 214.367520][T29315] ? create_io_thread+0x1e0/0x1e0 [ 214.372382][T29315] ? __mutex_lock_slowpath+0x10/0x10 [ 214.377504][T29315] __x64_sys_clone+0x289/0x310 [ 214.382104][T29315] ? __do_sys_vfork+0x130/0x130 [ 214.386794][T29315] ? debug_smp_processor_id+0x17/0x20 [ 214.392001][T29315] do_syscall_64+0x44/0xd0 [ 214.396259][T29315] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 214.401982][T29315] RIP: 0033:0x7f510cb420d9 [ 214.406232][T29315] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 214.425854][T29315] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 214.434091][T29315] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 214.441902][T29315] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 214.449802][T29315] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000140)={'a', ' *:* ', 'rm\x00'}, 0x9) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], 0xfdbd) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe83) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000400), 0x8) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0xfffffffb, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x1, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x0, 0x5, 0x5, 0x8, 0x100, 0xfffffffffffffff0}], &(0x7f0000000340)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x12, r2, 0x8, &(0x7f0000000380)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x3, 0x3, 0x4}, 0x10, r1, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[0x1, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5, 0xffffffffffffffff, 0x1]}, 0x80) 17:39:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801677e22f5193650b293200000000000000099d2c6e28e6890adef3e2c05b50378066e42b971b899da926e2000000400"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={&(0x7f0000000040)="1d9fe3af994be72b40951c3b72a808bc28ddf17e139779d1f0017113d0957622f6c7e11f4133a23044", &(0x7f0000000300)=""/203, &(0x7f00000000c0), &(0x7f0000000400)="5bbb2ad50a6842f10400b5fba7f5929751d66a4f9c040a354bd1012a9fed2a61a0719829c7d28d4837102a34c6a53923818f1935ba1b02d901188df542b0f9717b5b7813c41b684bda724d7d5346afa338bb9ab03ac954097944cadad855f5e5557325165a42f12ecdcedce4cd1521c2b6d1373bd9ffed07d0ec43d94f8e0dff879c8785babe68edc99f677fb13cc1cfc22034c85bc535e76c178cc83f71de60db1f735efb3ff9c0ee59eb572234acc8e148783775cff5870dbbbd9f5b1bf38d2d7591cc3d1cd99a3b", 0x1f, r1, 0x4}, 0x38) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.empty_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe83) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000400), 0x8) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0xfffffffb, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x1, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x0, 0x5, 0x5, 0x8, 0x100, 0xfffffffffffffff0}], &(0x7f0000000340)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x12, r2, 0x8, &(0x7f0000000380)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x3, 0x3, 0x4}, 0x10, r1, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[0x1, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5, 0xffffffffffffffff, 0x1]}, 0x80) [ 214.457656][T29315] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 214.465425][T29315] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 214.473239][T29315] 17:39:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0xd5, 0x1, 0xfc, 0x7f, 0x0, 0x3, 0x128, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_config_ext={0x6, 0x101}, 0x10, 0x100, 0x3, 0x0, 0x51b6ea80, 0x0, 0x1f, 0x0, 0x3, 0x0, 0x40}, 0xffffffffffffffff, 0x7, r1, 0x2) 17:39:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000"], 0x6a) 17:39:51 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe83) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (async, rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async, rerun: 32) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000400), 0x8) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) openat$cgroup(r4, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0xfffffffb, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x1, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x0, 0x5, 0x5, 0x8, 0x100, 0xfffffffffffffff0}], &(0x7f0000000340)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x12, r2, 0x8, &(0x7f0000000380)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0x3, 0x3, 0x4}, 0x10, r1, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[0x1, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, r4, r5, 0xffffffffffffffff, 0x1]}, 0x80) 17:39:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:51 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 62) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000"], 0x6a) (async) 17:39:51 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.empty_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0xd5, 0x1, 0xfc, 0x7f, 0x0, 0x3, 0x128, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_config_ext={0x6, 0x101}, 0x10, 0x100, 0x3, 0x0, 0x51b6ea80, 0x0, 0x1f, 0x0, 0x3, 0x0, 0x40}, 0xffffffffffffffff, 0x7, r1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0xd5, 0x1, 0xfc, 0x7f, 0x0, 0x3, 0x128, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_config_ext={0x6, 0x101}, 0x10, 0x100, 0x3, 0x0, 0x51b6ea80, 0x0, 0x1f, 0x0, 0x3, 0x0, 0x40}, 0xffffffffffffffff, 0x7, r1, 0x2) (async) 17:39:52 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffcc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='rxrpc_rx_packet\x00', r0}, 0x10) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r3, 0xffffffffffffff78, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r2, r2, r2, r2, r2, r2]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xa, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x2, 0x1, 0x0, 0xa, 0x1, 0xfffffffffffffff8, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3d14}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff}]}, &(0x7f0000000880)='GPL\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000900)={0x3, 0x0, 0x3, 0x4}, 0x10}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x9, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000030000000000000004000000180000000800800000000000900000007058fefffcffffff18120000e1ee0084d2b166a851cdb58e075e6971133f6479bfc25bddeda3d7f0ee24e72b7e8ad43763862e0779a8a8664c427b894652db111c8c93378a4b00f8af62847d48e90f58f3fd347f9bc55bcb9524f1b6738fe390e24a70be415c3abfd569a750872e49ebb1ee76d5da694ef9f2a6324f6d6cc27ca5e601662db50183c02b5e4c6b7bb1dd5663ef347ddb885040eda23f85b671ab51a509eca315cdb3c760615542981d45d98d53fec1198a2b33b9620b342d027cc6d65cc577aba85988a49921d222d994f821a9e987cc3a8f0c726c6f36d31215bedf5ee92fe3528f1a8bc24a3c9eb24b44e359e0d83f441becb91336a1817875509557f0e279336778ae149018d71e4eddcbfbe9f065b78b9aafaf19e9f47a677b998b2746f6a541a3a4061c08bc067a1a7f946726d0cfb76b741243cadfd2330988424d89407e874f98139c", @ANYRES32=r5, @ANYBLOB="00000000000000007dbafffffcffffff9500000000000000"], &(0x7f0000000200)='GPL\x00', 0xfffffff7, 0x48, &(0x7f0000000240)=""/72, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0x7, 0x7, 0x1}, 0x10}, 0x80) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = syz_clone(0x2000000, &(0x7f0000000180)="ccf8197e543c43cf59841a3f15e1201458", 0x11, &(0x7f00000001c0), &(0x7f0000000640), &(0x7f0000000680)="6f9e2436e8360eb58651e7d2cbed76191c5006ebc7ff429d73288c3b301751dda720e1990e978e9b9b994054d76b0f9a3e3cc5660f0a214badcae0006ba503b14cf15ad8a3c1e8436ec67efe2fcf015d9153fb335827025d48f0774ff7") r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000700)='objagg_obj_root_create\x00', r1}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r6, r7, 0x0, 0x2, &(0x7f0000000780)='\\\x00'}, 0x30) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='devlink_health_recover_aborted\x00', r5}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000440)=0x9) 17:39:52 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.empty_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000"], 0x6a) (async) 17:39:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x80, 0xd5, 0x1, 0xfc, 0x7f, 0x0, 0x3, 0x128, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_config_ext={0x6, 0x101}, 0x10, 0x100, 0x3, 0x0, 0x51b6ea80, 0x0, 0x1f, 0x0, 0x3, 0x0, 0x40}, 0xffffffffffffffff, 0x7, r1, 0x2) 17:39:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 214.592702][T29360] FAULT_INJECTION: forcing a failure. [ 214.592702][T29360] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 214.644226][T29360] CPU: 1 PID: 29360 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 214.654307][T29360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 214.664206][T29360] Call Trace: [ 214.667318][T29360] [ 214.670103][T29360] dump_stack_lvl+0x151/0x1b7 [ 214.674610][T29360] ? bfq_pos_tree_add_move+0x43e/0x43e [ 214.679906][T29360] dump_stack+0x15/0x17 [ 214.683896][T29360] should_fail+0x3c0/0x510 [ 214.688151][T29360] should_fail_alloc_page+0x58/0x70 [ 214.693181][T29360] __alloc_pages+0x1de/0x7c0 [ 214.697610][T29360] ? __count_vm_events+0x30/0x30 [ 214.702386][T29360] ? __this_cpu_preempt_check+0x13/0x20 [ 214.707762][T29360] ? __mod_node_page_state+0xac/0xf0 [ 214.712885][T29360] pte_alloc_one+0x73/0x1b0 [ 214.717223][T29360] ? pfn_modify_allowed+0x2e0/0x2e0 [ 214.722263][T29360] __pte_alloc+0x86/0x350 [ 214.726423][T29360] ? free_pgtables+0x210/0x210 [ 214.731027][T29360] ? _raw_spin_lock+0xa3/0x1b0 [ 214.735625][T29360] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 214.740839][T29360] ? __kernel_text_address+0x9a/0x110 [ 214.746043][T29360] copy_pte_range+0x1b1f/0x20b0 [ 214.750736][T29360] ? __kunmap_atomic+0x80/0x80 [ 214.755329][T29360] ? __kasan_slab_alloc+0xc4/0xe0 [ 214.760183][T29360] ? __kasan_slab_alloc+0xb2/0xe0 [ 214.765042][T29360] ? kmem_cache_alloc+0x189/0x2f0 [ 214.769903][T29360] ? vm_area_dup+0x26/0x1d0 [ 214.774250][T29360] ? dup_mmap+0x6b8/0xea0 [ 214.778419][T29360] ? dup_mm+0x91/0x330 [ 214.782319][T29360] ? copy_mm+0x108/0x1b0 [ 214.786394][T29360] ? copy_process+0x1295/0x3250 [ 214.791080][T29360] ? kernel_clone+0x22d/0x990 [ 214.795595][T29360] ? __x64_sys_clone+0x289/0x310 [ 214.800371][T29360] ? do_syscall_64+0x44/0xd0 [ 214.804794][T29360] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 214.810707][T29360] copy_page_range+0xc1e/0x1090 [ 214.815388][T29360] ? pfn_valid+0x1e0/0x1e0 [ 214.819648][T29360] dup_mmap+0x99f/0xea0 [ 214.823632][T29360] ? __delayed_free_task+0x20/0x20 [ 214.828583][T29360] ? mm_init+0x807/0x960 [ 214.832660][T29360] dup_mm+0x91/0x330 [ 214.836390][T29360] copy_mm+0x108/0x1b0 [ 214.840296][T29360] copy_process+0x1295/0x3250 [ 214.844809][T29360] ? proc_fail_nth_write+0x213/0x290 [ 214.849927][T29360] ? proc_fail_nth_read+0x220/0x220 [ 214.854963][T29360] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 214.859915][T29360] ? vfs_write+0x9af/0x1050 [ 214.864250][T29360] ? vmacache_update+0xb7/0x120 [ 214.868938][T29360] kernel_clone+0x22d/0x990 [ 214.873278][T29360] ? file_end_write+0x1b0/0x1b0 [ 214.877963][T29360] ? __kasan_check_write+0x14/0x20 [ 214.882910][T29360] ? create_io_thread+0x1e0/0x1e0 [ 214.887769][T29360] ? __mutex_lock_slowpath+0x10/0x10 [ 214.892900][T29360] __x64_sys_clone+0x289/0x310 [ 214.897491][T29360] ? __do_sys_vfork+0x130/0x130 [ 214.902180][T29360] ? debug_smp_processor_id+0x17/0x20 [ 214.907387][T29360] do_syscall_64+0x44/0xd0 [ 214.911641][T29360] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 214.917376][T29360] RIP: 0033:0x7f510cb420d9 [ 214.921619][T29360] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:39:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r0, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='^~'], 0x6a) 17:39:52 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 63) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:52 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_type(r2, &(0x7f0000000180), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4ee95d593b0ad976d2ac2c142d79e2f3273917ed2321aeb2f808f69e2955576823dca4"], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events.local\x00', 0x0, 0x0) [ 214.941061][T29360] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 214.949308][T29360] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 214.957120][T29360] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 214.964927][T29360] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 214.972748][T29360] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 214.980551][T29360] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 214.988365][T29360] 17:39:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:52 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffcc) (async, rerun: 32) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 32) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='rxrpc_rx_packet\x00', r0}, 0x10) (async) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) (async) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async, rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r3, 0xffffffffffffff78, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x6) (rerun: 32) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r2, r2, r2, r2, r2, r2]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xa, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x2, 0x1, 0x0, 0xa, 0x1, 0xfffffffffffffff8, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3d14}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff}]}, &(0x7f0000000880)='GPL\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000900)={0x3, 0x0, 0x3, 0x4}, 0x10}, 0x80) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x9, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000030000000000000004000000180000000800800000000000900000007058fefffcffffff18120000e1ee0084d2b166a851cdb58e075e6971133f6479bfc25bddeda3d7f0ee24e72b7e8ad43763862e0779a8a8664c427b894652db111c8c93378a4b00f8af62847d48e90f58f3fd347f9bc55bcb9524f1b6738fe390e24a70be415c3abfd569a750872e49ebb1ee76d5da694ef9f2a6324f6d6cc27ca5e601662db50183c02b5e4c6b7bb1dd5663ef347ddb885040eda23f85b671ab51a509eca315cdb3c760615542981d45d98d53fec1198a2b33b9620b342d027cc6d65cc577aba85988a49921d222d994f821a9e987cc3a8f0c726c6f36d31215bedf5ee92fe3528f1a8bc24a3c9eb24b44e359e0d83f441becb91336a1817875509557f0e279336778ae149018d71e4eddcbfbe9f065b78b9aafaf19e9f47a677b998b2746f6a541a3a4061c08bc067a1a7f946726d0cfb76b741243cadfd2330988424d89407e874f98139c", @ANYRES32=r5, @ANYBLOB="00000000000000007dbafffffcffffff9500000000000000"], &(0x7f0000000200)='GPL\x00', 0xfffffff7, 0x48, &(0x7f0000000240)=""/72, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0x7, 0x7, 0x1}, 0x10}, 0x80) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) (async) r6 = syz_clone(0x2000000, &(0x7f0000000180)="ccf8197e543c43cf59841a3f15e1201458", 0x11, &(0x7f00000001c0), &(0x7f0000000640), &(0x7f0000000680)="6f9e2436e8360eb58651e7d2cbed76191c5006ebc7ff429d73288c3b301751dda720e1990e978e9b9b994054d76b0f9a3e3cc5660f0a214badcae0006ba503b14cf15ad8a3c1e8436ec67efe2fcf015d9153fb335827025d48f0774ff7") (async, rerun: 64) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000700)='objagg_obj_root_create\x00', r1}, 0x10) (rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r6, r7, 0x0, 0x2, &(0x7f0000000780)='\\\x00'}, 0x30) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='devlink_health_recover_aborted\x00', r5}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000440)=0x9) 17:39:52 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_type(r2, &(0x7f0000000180), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4ee95d593b0ad976d2ac2c142d79e2f3273917ed2321aeb2f808f69e2955576823dca4"], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events.local\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_type(r2, &(0x7f0000000180), 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4ee95d593b0ad976d2ac2c142d79e2f3273917ed2321aeb2f808f69e2955576823dca4"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events.local\x00', 0x0, 0x0) (async) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r0, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='^~'], 0x6a) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r0, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='^~'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_devices(r0, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='^~'], 0x6a) (async) [ 215.061889][T29423] FAULT_INJECTION: forcing a failure. [ 215.061889][T29423] name failslab, interval 1, probability 0, space 0, times 0 [ 215.080605][T29423] CPU: 0 PID: 29423 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 215.090677][T29423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 215.100576][T29423] Call Trace: [ 215.103694][T29423] [ 215.106469][T29423] dump_stack_lvl+0x151/0x1b7 [ 215.110993][T29423] ? bfq_pos_tree_add_move+0x43e/0x43e [ 215.116288][T29423] dump_stack+0x15/0x17 [ 215.120271][T29423] should_fail+0x3c0/0x510 [ 215.124525][T29423] __should_failslab+0x9f/0xe0 [ 215.129126][T29423] should_failslab+0x9/0x20 [ 215.133463][T29423] kmem_cache_alloc+0x4f/0x2f0 [ 215.138068][T29423] ? vm_area_dup+0x26/0x1d0 [ 215.142410][T29423] vm_area_dup+0x26/0x1d0 [ 215.146917][T29423] dup_mmap+0x6b8/0xea0 [ 215.150911][T29423] ? __delayed_free_task+0x20/0x20 [ 215.155877][T29423] ? mm_init+0x807/0x960 [ 215.159937][T29423] dup_mm+0x91/0x330 [ 215.163666][T29423] copy_mm+0x108/0x1b0 [ 215.167573][T29423] copy_process+0x1295/0x3250 [ 215.172090][T29423] ? proc_fail_nth_write+0x213/0x290 [ 215.177206][T29423] ? proc_fail_nth_read+0x220/0x220 [ 215.182251][T29423] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 215.187189][T29423] ? vfs_write+0x9af/0x1050 [ 215.191529][T29423] ? vmacache_update+0xb7/0x120 [ 215.196220][T29423] kernel_clone+0x22d/0x990 [ 215.200553][T29423] ? file_end_write+0x1b0/0x1b0 [ 215.205249][T29423] ? __kasan_check_write+0x14/0x20 [ 215.210187][T29423] ? create_io_thread+0x1e0/0x1e0 [ 215.215051][T29423] ? __mutex_lock_slowpath+0x10/0x10 [ 215.220175][T29423] __x64_sys_clone+0x289/0x310 [ 215.224781][T29423] ? __do_sys_vfork+0x130/0x130 [ 215.229467][T29423] ? debug_smp_processor_id+0x17/0x20 [ 215.234665][T29423] do_syscall_64+0x44/0xd0 [ 215.238915][T29423] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 215.244746][T29423] RIP: 0033:0x7f510cb420d9 [ 215.248998][T29423] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 215.268525][T29423] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 215.276771][T29423] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 215.284582][T29423] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 215.292396][T29423] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 215.300212][T29423] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 17:39:52 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x7, &(0x7f0000000ac0)=ANY=[@ANYBLOB="8510000005000000077d98300800000095fdff00000000001820b00a721657d24d64db9482cb0a117a0000", @ANYRES32, @ANYBLOB="00000000050000008500400036000000850000007d0000007e750eeed40a1325942bcdc90e22c2fc72cdd8ab823317e3136bffbf4e9fa3db097762a7ee0debdb3722"], &(0x7f00000000c0)='GPL\x00', 0x80000001, 0x4b, &(0x7f0000000180)=""/75, 0x40f00, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x10, 0xe91f, 0xfffffffc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x1, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r0, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x18}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x4, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0x7, 0x9, 0x1, 0x20, 0x10}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @exit], &(0x7f0000000400)='syzkaller\x00', 0xd44, 0xe6, &(0x7f0000000440)=""/230, 0x40f00, 0x16, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000000880)={0x4, 0x1ff}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x1, 0xedd62383}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r4, r5, 0xffffffffffffffff]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='fsi_dev_init\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:52 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_type(r2, &(0x7f0000000180), 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4ee95d593b0ad976d2ac2c142d79e2f3273917ed2321aeb2f808f69e2955576823dca4"], 0x6a) openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events.local\x00', 0x0, 0x0) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) 17:39:52 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x18}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000a80)=ANY=[@ANYBLOB="4f00331ee934a39e4c003784ae5ec773eb22d1683b50692a4097e2a8dd0df43b1f4c3839d8e8adb77b1dd98b0710d5b82f0d565c008fe40636aa510dceae76a35cd25a25c6dae1e9e8fa67de65ed35bd7312e90d32e83d09a0fbe90846b255ae3cfd72ca8d067719160bd2058dbac968991f3d279447f2680734e96da2dea6e662b990486f7b00000000000035d77dbf9014d52f12e9aaad3d68d9380b5cded2b664673561de8750defc9fc258caed71a159ceeae267213f8324c21490ac68323857b2fa5ee917e6da1177d053e281a81723945885c3539394e28743e892c182e91713b2be560f06b339650b95e9d83a010af5b20dd6935fcb31eee5404dae28a858c879e4f4ecb5b108f6a64ea3fdf81e4a"], 0x6a) r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000200)='io.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x9, 0x3, 0xb3, 0x17, 0x0, 0x3, 0x4400, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000880), 0x8}, 0x19082, 0x8dbd, 0x7, 0x3, 0xf580000000000000, 0x4, 0x1, 0x0, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000800)={r3}, 0x8) r7 = openat$cgroup(r6, &(0x7f00000008c0)='syz1\x00', 0x200002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)) openat$cgroup_int(r7, &(0x7f0000000840)='memory.oom.group\x00', 0x2, 0x0) r9 = openat$cgroup_ro(r2, &(0x7f0000000640)='cpuacct.usage_sys\x00', 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0xaa, 0x2, 0x501, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x1}, 0x48) r11 = openat$cgroup_ro(r2, &(0x7f0000000700)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x9, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800001869000003000000790600000900000018000000ff030000000000000900000018260000", @ANYRES32=r4, @ANYBLOB="00000000070000009500000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0xe9, &(0x7f00000004c0)=""/233, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x6, 0x6, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000740)=[r9, r10, r2, r2, r11]}, 0x80) openat$cgroup(r8, &(0x7f0000000380)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x5, 0x0, 0x14, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x4, r5, 0x2) openat$cgroup_int(r7, &(0x7f0000000300)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) openat$cgroup_ro(r9, &(0x7f0000000400)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) r12 = openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) write$cgroup_subtree(r12, &(0x7f0000000100)={[{0x2d, 'io'}, {0x2b, 'io'}, {0x2b, 'memory'}, {0x2b, 'rlimit'}]}, 0x18) openat$cgroup_ro(r0, &(0x7f00000002c0)='freezer.state\x00', 0x0, 0x0) 17:39:52 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 64) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 215.308055][T29423] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 215.315929][T29423] 17:39:52 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x7, &(0x7f0000000ac0)=ANY=[@ANYBLOB="8510000005000000077d98300800000095fdff00000000001820b00a721657d24d64db9482cb0a117a0000", @ANYRES32, @ANYBLOB="00000000050000008500400036000000850000007d0000007e750eeed40a1325942bcdc90e22c2fc72cdd8ab823317e3136bffbf4e9fa3db097762a7ee0debdb3722"], &(0x7f00000000c0)='GPL\x00', 0x80000001, 0x4b, &(0x7f0000000180)=""/75, 0x40f00, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x10, 0xe91f, 0xfffffffc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x1, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r0, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async, rerun: 32) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x18}, 0x10) (async, rerun: 32) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x4, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0x7, 0x9, 0x1, 0x20, 0x10}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @exit], &(0x7f0000000400)='syzkaller\x00', 0xd44, 0xe6, &(0x7f0000000440)=""/230, 0x40f00, 0x16, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000000880)={0x4, 0x1ff}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x1, 0xedd62383}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r4, r5, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='fsi_dev_init\x00', r0}, 0x10) (async, rerun: 64) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) [ 215.407187][T29486] FAULT_INJECTION: forcing a failure. [ 215.407187][T29486] name failslab, interval 1, probability 0, space 0, times 0 [ 215.428625][T29486] CPU: 0 PID: 29486 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 215.438692][T29486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 215.448589][T29486] Call Trace: [ 215.451709][T29486] [ 215.454488][T29486] dump_stack_lvl+0x151/0x1b7 [ 215.459028][T29486] ? bfq_pos_tree_add_move+0x43e/0x43e [ 215.464301][T29486] dump_stack+0x15/0x17 [ 215.468290][T29486] should_fail+0x3c0/0x510 [ 215.472539][T29486] __should_failslab+0x9f/0xe0 [ 215.477140][T29486] should_failslab+0x9/0x20 [ 215.481486][T29486] kmem_cache_alloc+0x4f/0x2f0 [ 215.486080][T29486] ? anon_vma_clone+0xa1/0x4f0 [ 215.490680][T29486] anon_vma_clone+0xa1/0x4f0 [ 215.495106][T29486] anon_vma_fork+0x91/0x4f0 [ 215.499445][T29486] ? anon_vma_name+0x43/0x70 [ 215.503875][T29486] dup_mmap+0x750/0xea0 [ 215.507870][T29486] ? __delayed_free_task+0x20/0x20 [ 215.512813][T29486] ? mm_init+0x807/0x960 [ 215.516891][T29486] dup_mm+0x91/0x330 [ 215.520625][T29486] copy_mm+0x108/0x1b0 [ 215.524529][T29486] copy_process+0x1295/0x3250 [ 215.529045][T29486] ? proc_fail_nth_write+0x213/0x290 [ 215.534165][T29486] ? proc_fail_nth_read+0x220/0x220 [ 215.539198][T29486] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 215.544147][T29486] ? vfs_write+0x9af/0x1050 [ 215.548483][T29486] ? vmacache_update+0xb7/0x120 [ 215.553175][T29486] kernel_clone+0x22d/0x990 [ 215.557519][T29486] ? file_end_write+0x1b0/0x1b0 [ 215.562197][T29486] ? __kasan_check_write+0x14/0x20 [ 215.567146][T29486] ? create_io_thread+0x1e0/0x1e0 [ 215.572007][T29486] ? __mutex_lock_slowpath+0x10/0x10 [ 215.577128][T29486] __x64_sys_clone+0x289/0x310 [ 215.581729][T29486] ? __do_sys_vfork+0x130/0x130 [ 215.586417][T29486] ? debug_smp_processor_id+0x17/0x20 [ 215.591624][T29486] do_syscall_64+0x44/0xd0 [ 215.595963][T29486] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 215.601692][T29486] RIP: 0033:0x7f510cb420d9 [ 215.605944][T29486] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 215.625386][T29486] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 215.633629][T29486] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 215.641438][T29486] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 215.649252][T29486] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 215.657062][T29486] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 215.664874][T29486] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 215.672691][T29486] 17:39:53 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffcc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='rxrpc_rx_packet\x00', r0}, 0x10) (async) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r3, 0xffffffffffffff78, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r2, r2, r2, r2, r2, r2]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xa, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @ldst={0x2, 0x1, 0x0, 0xa, 0x1, 0xfffffffffffffff8, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3d14}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff}]}, &(0x7f0000000880)='GPL\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x10, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000900)={0x3, 0x0, 0x3, 0x4}, 0x10}, 0x80) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x9, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000030000000000000004000000180000000800800000000000900000007058fefffcffffff18120000e1ee0084d2b166a851cdb58e075e6971133f6479bfc25bddeda3d7f0ee24e72b7e8ad43763862e0779a8a8664c427b894652db111c8c93378a4b00f8af62847d48e90f58f3fd347f9bc55bcb9524f1b6738fe390e24a70be415c3abfd569a750872e49ebb1ee76d5da694ef9f2a6324f6d6cc27ca5e601662db50183c02b5e4c6b7bb1dd5663ef347ddb885040eda23f85b671ab51a509eca315cdb3c760615542981d45d98d53fec1198a2b33b9620b342d027cc6d65cc577aba85988a49921d222d994f821a9e987cc3a8f0c726c6f36d31215bedf5ee92fe3528f1a8bc24a3c9eb24b44e359e0d83f441becb91336a1817875509557f0e279336778ae149018d71e4eddcbfbe9f065b78b9aafaf19e9f47a677b998b2746f6a541a3a4061c08bc067a1a7f946726d0cfb76b741243cadfd2330988424d89407e874f98139c", @ANYRES32=r5, @ANYBLOB="00000000000000007dbafffffcffffff9500000000000000"], &(0x7f0000000200)='GPL\x00', 0xfffffff7, 0x48, &(0x7f0000000240)=""/72, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0x7, 0x7, 0x1}, 0x10}, 0x80) (async) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = syz_clone(0x2000000, &(0x7f0000000180)="ccf8197e543c43cf59841a3f15e1201458", 0x11, &(0x7f00000001c0), &(0x7f0000000640), &(0x7f0000000680)="6f9e2436e8360eb58651e7d2cbed76191c5006ebc7ff429d73288c3b301751dda720e1990e978e9b9b994054d76b0f9a3e3cc5660f0a214badcae0006ba503b14cf15ad8a3c1e8436ec67efe2fcf015d9153fb335827025d48f0774ff7") (async) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000700)='objagg_obj_root_create\x00', r1}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r6, r7, 0x0, 0x2, &(0x7f0000000780)='\\\x00'}, 0x30) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='devlink_health_recover_aborted\x00', r5}, 0x10) (async, rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz1\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000440)=0x9) 17:39:53 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:53 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x18}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000a80)=ANY=[@ANYBLOB="4f00331ee934a39e4c003784ae5ec773eb22d1683b50692a4097e2a8dd0df43b1f4c3839d8e8adb77b1dd98b0710d5b82f0d565c008fe40636aa510dceae76a35cd25a25c6dae1e9e8fa67de65ed35bd7312e90d32e83d09a0fbe90846b255ae3cfd72ca8d067719160bd2058dbac968991f3d279447f2680734e96da2dea6e662b990486f7b00000000000035d77dbf9014d52f12e9aaad3d68d9380b5cded2b664673561de8750defc9fc258caed71a159ceeae267213f8324c21490ac68323857b2fa5ee917e6da1177d053e281a81723945885c3539394e28743e892c182e91713b2be560f06b339650b95e9d83a010af5b20dd6935fcb31eee5404dae28a858c879e4f4ecb5b108f6a64ea3fdf81e4a"], 0x6a) (async, rerun: 32) r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) (rerun: 32) r3 = openat$cgroup_ro(r2, &(0x7f0000000200)='io.stat\x00', 0x0, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) (async, rerun: 32) perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x9, 0x3, 0xb3, 0x17, 0x0, 0x3, 0x4400, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000880), 0x8}, 0x19082, 0x8dbd, 0x7, 0x3, 0xf580000000000000, 0x4, 0x1, 0x0, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10) (async, rerun: 32) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000800)={r3}, 0x8) r7 = openat$cgroup(r6, &(0x7f00000008c0)='syz1\x00', 0x200002, 0x0) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)) openat$cgroup_int(r7, &(0x7f0000000840)='memory.oom.group\x00', 0x2, 0x0) (async) r9 = openat$cgroup_ro(r2, &(0x7f0000000640)='cpuacct.usage_sys\x00', 0x0, 0x0) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0xaa, 0x2, 0x501, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x1}, 0x48) r11 = openat$cgroup_ro(r2, &(0x7f0000000700)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x9, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800001869000003000000790600000900000018000000ff030000000000000900000018260000", @ANYRES32=r4, @ANYBLOB="00000000070000009500000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0xe9, &(0x7f00000004c0)=""/233, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x6, 0x6, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000740)=[r9, r10, r2, r2, r11]}, 0x80) (async) openat$cgroup(r8, &(0x7f0000000380)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x5, 0x0, 0x14, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x4, r5, 0x2) openat$cgroup_int(r7, &(0x7f0000000300)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) (async) openat$cgroup_ro(r9, &(0x7f0000000400)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) r12 = openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) write$cgroup_subtree(r12, &(0x7f0000000100)={[{0x2d, 'io'}, {0x2b, 'io'}, {0x2b, 'memory'}, {0x2b, 'rlimit'}]}, 0x18) (async, rerun: 64) openat$cgroup_ro(r0, &(0x7f00000002c0)='freezer.state\x00', 0x0, 0x0) (rerun: 64) 17:39:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:53 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 65) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:53 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x7, &(0x7f0000000ac0)=ANY=[@ANYBLOB="8510000005000000077d98300800000095fdff00000000001820b00a721657d24d64db9482cb0a117a0000", @ANYRES32, @ANYBLOB="00000000050000008500400036000000850000007d0000007e750eeed40a1325942bcdc90e22c2fc72cdd8ab823317e3136bffbf4e9fa3db097762a7ee0debdb3722"], &(0x7f00000000c0)='GPL\x00', 0x80000001, 0x4b, &(0x7f0000000180)=""/75, 0x40f00, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x10, 0xe91f, 0xfffffffc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x1, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r0, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x18}, 0x10) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r5, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x4, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0x7, 0x9, 0x1, 0x20, 0x10}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @exit], &(0x7f0000000400)='syzkaller\x00', 0xd44, 0xe6, &(0x7f0000000440)=""/230, 0x40f00, 0x16, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000000880)={0x4, 0x1ff}, 0x8, 0x10, &(0x7f00000008c0)={0x3, 0xa, 0x1, 0xedd62383}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r3, r4, r5, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='fsi_dev_init\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:53 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'memory'}, {0x2d, 'blkio'}]}, 0x24) 17:39:53 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x18}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000a80)=ANY=[@ANYBLOB="4f00331ee934a39e4c003784ae5ec773eb22d1683b50692a4097e2a8dd0df43b1f4c3839d8e8adb77b1dd98b0710d5b82f0d565c008fe40636aa510dceae76a35cd25a25c6dae1e9e8fa67de65ed35bd7312e90d32e83d09a0fbe90846b255ae3cfd72ca8d067719160bd2058dbac968991f3d279447f2680734e96da2dea6e662b990486f7b00000000000035d77dbf9014d52f12e9aaad3d68d9380b5cded2b664673561de8750defc9fc258caed71a159ceeae267213f8324c21490ac68323857b2fa5ee917e6da1177d053e281a81723945885c3539394e28743e892c182e91713b2be560f06b339650b95e9d83a010af5b20dd6935fcb31eee5404dae28a858c879e4f4ecb5b108f6a64ea3fdf81e4a"], 0x6a) r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000200)='io.stat\x00', 0x0, 0x0) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x6, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0xd5, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000900)={0x4, 0x80, 0x9, 0x3, 0xb3, 0x17, 0x0, 0x3, 0x4400, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000880), 0x8}, 0x19082, 0x8dbd, 0x7, 0x3, 0xf580000000000000, 0x4, 0x1, 0x0, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10) (async) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000340)='syzkaller\x00') (async) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000800)={r3}, 0x8) r7 = openat$cgroup(r6, &(0x7f00000008c0)='syz1\x00', 0x200002, 0x0) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)) (async, rerun: 32) openat$cgroup_int(r7, &(0x7f0000000840)='memory.oom.group\x00', 0x2, 0x0) (rerun: 32) r9 = openat$cgroup_ro(r2, &(0x7f0000000640)='cpuacct.usage_sys\x00', 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0xaa, 0x2, 0x501, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x1}, 0x48) (async) r11 = openat$cgroup_ro(r2, &(0x7f0000000700)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x9, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800001869000003000000790600000900000018000000ff030000000000000900000018260000", @ANYRES32=r4, @ANYBLOB="00000000070000009500000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0xe9, &(0x7f00000004c0)=""/233, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x6, 0x6, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000740)=[r9, r10, r2, r2, r11]}, 0x80) (async) openat$cgroup(r8, &(0x7f0000000380)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000a00)={0x4, 0x80, 0x1, 0x3, 0x4, 0x0, 0x0, 0x5, 0x0, 0x14, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000009c0), 0x1}, 0x4602, 0x8001, 0x8, 0x1, 0x0, 0x35bb, 0xff, 0x0, 0x863e, 0x0, 0xffffffffffffffff}, r7, 0x4, r5, 0x2) (async) openat$cgroup_int(r7, &(0x7f0000000300)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) (async) openat$cgroup_ro(r9, &(0x7f0000000400)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) r12 = openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) write$cgroup_subtree(r12, &(0x7f0000000100)={[{0x2d, 'io'}, {0x2b, 'io'}, {0x2b, 'memory'}, {0x2b, 'rlimit'}]}, 0x18) (async) openat$cgroup_ro(r0, &(0x7f00000002c0)='freezer.state\x00', 0x0, 0x0) 17:39:53 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'memory'}, {0x2d, 'blkio'}]}, 0x24) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'memory'}, {0x2d, 'blkio'}]}, 0x24) (async) 17:39:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000440)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, @generic={0x10, 0x3, 0x8, 0x6, 0x1}], &(0x7f0000000480)='syzkaller\x00', 0xff, 0xf1, &(0x7f00000004c0)=""/241, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x5, 0x8, 0xfffffff8, 0x1}, 0x10, 0xffffffffffffffff}, 0x80) r4 = bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_sys\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000740)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r7, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000780)='page_pool_state_hold\x00', r0}, 0x10) write$cgroup_type(r8, &(0x7f0000000180), 0xfdef) r9 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x12, 0x3, &(0x7f0000000040)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000000c0)='GPL\x00', 0x7, 0xfc, &(0x7f0000000300)=""/252, 0x40f00, 0x1, '\x00', r2, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x10, 0xfff, 0x8}, 0x10, 0xffffffffffffffff, r3, 0x0, &(0x7f0000000800)=[r4, r5, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r7, r8, 0x1, r9]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 216.005686][T29509] FAULT_INJECTION: forcing a failure. [ 216.005686][T29509] name failslab, interval 1, probability 0, space 0, times 0 17:39:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:53 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) r3 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000140)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x4c, 0x2f, &(0x7f0000000180)="b308231730f233102d7b7db11db9f1154f89ef8e132fb6e57723f7e0926edd967122074ae8dc69994681924ab45a65df0b8ae72f238f9042c5b0f17b81c53c6d58b5657fec8fa79640144367", &(0x7f0000000200)=""/47, 0x7, 0x0, 0x4f, 0x7f, &(0x7f0000000240)="e0d84191dd4e8fd3a79ce2a1274926ccb45f0eea63bf8c33aa03eb52269467a1fe613319c351451f9ed66993728ff39b7cb856af1587e44059393613dd62da99c457a9bdc2792fb9a43ab9dc71a7ac", &(0x7f00000002c0)="c1f6766a4efcba6373545d4e66610e2eafb5e9f52108a6817754649a7c7c2faf15af1923eabc0eaf92b11612058cb98d8a941d245e1978d0f8c263bc04bcacce915f55bc485872df629d6ecfc054b88634f813ad9694d10b5d8c1f236d7d9ca4ba26d44307785221b2bb15a48372ab655cac96e5c8a832b72773e27067b8c9", 0x1, 0xffffff00}, 0x48) [ 216.088557][T29509] CPU: 0 PID: 29509 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 216.098626][T29509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 216.108524][T29509] Call Trace: [ 216.111641][T29509] [ 216.114424][T29509] dump_stack_lvl+0x151/0x1b7 [ 216.118934][T29509] ? bfq_pos_tree_add_move+0x43e/0x43e [ 216.124230][T29509] dump_stack+0x15/0x17 [ 216.128221][T29509] should_fail+0x3c0/0x510 [ 216.132483][T29509] __should_failslab+0x9f/0xe0 [ 216.137074][T29509] should_failslab+0x9/0x20 [ 216.141424][T29509] kmem_cache_alloc+0x4f/0x2f0 [ 216.146101][T29509] ? anon_vma_fork+0x1b9/0x4f0 [ 216.150699][T29509] anon_vma_fork+0x1b9/0x4f0 [ 216.155129][T29509] dup_mmap+0x750/0xea0 [ 216.159119][T29509] ? __delayed_free_task+0x20/0x20 [ 216.164064][T29509] ? mm_init+0x807/0x960 [ 216.168147][T29509] dup_mm+0x91/0x330 [ 216.171885][T29509] copy_mm+0x108/0x1b0 [ 216.175784][T29509] copy_process+0x1295/0x3250 [ 216.180303][T29509] ? proc_fail_nth_write+0x213/0x290 [ 216.185420][T29509] ? proc_fail_nth_read+0x220/0x220 [ 216.190553][T29509] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 216.195488][T29509] ? vfs_write+0x9af/0x1050 [ 216.199827][T29509] ? vmacache_update+0xb7/0x120 [ 216.204521][T29509] kernel_clone+0x22d/0x990 [ 216.208853][T29509] ? file_end_write+0x1b0/0x1b0 [ 216.213550][T29509] ? __kasan_check_write+0x14/0x20 [ 216.218488][T29509] ? create_io_thread+0x1e0/0x1e0 [ 216.223395][T29509] ? __mutex_lock_slowpath+0x10/0x10 [ 216.228469][T29509] __x64_sys_clone+0x289/0x310 [ 216.233069][T29509] ? __do_sys_vfork+0x130/0x130 [ 216.237760][T29509] ? debug_smp_processor_id+0x17/0x20 [ 216.243048][T29509] do_syscall_64+0x44/0xd0 [ 216.247304][T29509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 216.253028][T29509] RIP: 0033:0x7f510cb420d9 [ 216.257283][T29509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 216.276728][T29509] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 216.284976][T29509] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 216.292783][T29509] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 216.300591][T29509] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 216.308405][T29509] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 216.316215][T29509] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 216.324038][T29509] 17:39:53 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001480)={&(0x7f0000001440)='./file0\x00'}, 0x10) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001500)={&(0x7f00000014c0)='./file0\x00', 0x0, 0x18}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)=@base={0x1a, 0x0, 0x2, 0x9, 0x200, 0xffffffffffffffff, 0x16d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1d, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffeb}, [@btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffa}, @ldst={0x2, 0x3, 0x3, 0x3, 0xb, 0x0, 0x4}, @alu={0x4, 0x0, 0x4, 0x3, 0xb, 0xfffffffffffffff8, 0x4}, @alu={0xd, 0x1, 0x5, 0x5, 0x3, 0x10, 0x10}]}, &(0x7f0000000380)='syzkaller\x00', 0x4, 0x1002, &(0x7f0000001680)=""/4098, 0x40f00, 0x9, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x8, &(0x7f00000013c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001400)={0x3, 0xe, 0x40, 0xffff}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f00000015c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2, 0x1, 0x1, 0x1, r3]}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x71ff, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x77, &(0x7f0000000080)=""/119, 0x40f00, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000280)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x5, 0x8d88, 0x202}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, r5, r6]}, 0x80) 17:39:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async, rerun: 64) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000440)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, @generic={0x10, 0x3, 0x8, 0x6, 0x1}], &(0x7f0000000480)='syzkaller\x00', 0xff, 0xf1, &(0x7f00000004c0)=""/241, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x5, 0x8, 0xfffffff8, 0x1}, 0x10, 0xffffffffffffffff}, 0x80) (rerun: 64) r4 = bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8) (async, rerun: 32) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_sys\x00', 0x0, 0x0) (async, rerun: 32) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000740)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (async, rerun: 64) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (rerun: 64) openat$cgroup(r7, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000780)='page_pool_state_hold\x00', r0}, 0x10) write$cgroup_type(r8, &(0x7f0000000180), 0xfdef) (async) r9 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x12, 0x3, &(0x7f0000000040)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000000c0)='GPL\x00', 0x7, 0xfc, &(0x7f0000000300)=""/252, 0x40f00, 0x1, '\x00', r2, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x10, 0xfff, 0x8}, 0x10, 0xffffffffffffffff, r3, 0x0, &(0x7f0000000800)=[r4, r5, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r7, r8, 0x1, r9]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:53 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'memory'}, {0x2d, 'blkio'}]}, 0x24) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'memory'}, {0x2d, 'blkio'}]}, 0x24) (async) 17:39:53 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) r3 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000140)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x4c, 0x2f, &(0x7f0000000180)="b308231730f233102d7b7db11db9f1154f89ef8e132fb6e57723f7e0926edd967122074ae8dc69994681924ab45a65df0b8ae72f238f9042c5b0f17b81c53c6d58b5657fec8fa79640144367", &(0x7f0000000200)=""/47, 0x7, 0x0, 0x4f, 0x7f, &(0x7f0000000240)="e0d84191dd4e8fd3a79ce2a1274926ccb45f0eea63bf8c33aa03eb52269467a1fe613319c351451f9ed66993728ff39b7cb856af1587e44059393613dd62da99c457a9bdc2792fb9a43ab9dc71a7ac", &(0x7f00000002c0)="c1f6766a4efcba6373545d4e66610e2eafb5e9f52108a6817754649a7c7c2faf15af1923eabc0eaf92b11612058cb98d8a941d245e1978d0f8c263bc04bcacce915f55bc485872df629d6ecfc054b88634f813ad9694d10b5d8c1f236d7d9ca4ba26d44307785221b2bb15a48372ab655cac96e5c8a832b72773e27067b8c9", 0x1, 0xffffff00}, 0x48) 17:39:54 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 66) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:54 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r1, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000440)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, @generic={0x10, 0x3, 0x8, 0x6, 0x1}], &(0x7f0000000480)='syzkaller\x00', 0xff, 0xf1, &(0x7f00000004c0)=""/241, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x5, 0x8, 0xfffffff8, 0x1}, 0x10, 0xffffffffffffffff}, 0x80) (async) r4 = bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_sys\x00', 0x0, 0x0) (async, rerun: 64) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000740)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (rerun: 64) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r7, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000780)='page_pool_state_hold\x00', r0}, 0x10) (async) write$cgroup_type(r8, &(0x7f0000000180), 0xfdef) r9 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x12, 0x3, &(0x7f0000000040)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000000c0)='GPL\x00', 0x7, 0xfc, &(0x7f0000000300)=""/252, 0x40f00, 0x1, '\x00', r2, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x10, 0xfff, 0x8}, 0x10, 0xffffffffffffffff, r3, 0x0, &(0x7f0000000800)=[r4, r5, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r7, r8, 0x1, r9]}, 0x80) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (rerun: 64) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:54 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'team0\x00', 0x20}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000100), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x26e1, 0x0) write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000280)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x660c, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff) write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) r6 = syz_clone(0x80000100, &(0x7f0000000240)="c9af879e7568a34e4b0a4403e7b33fafae29966509e8f68bffdceacadf9ec4a9a87ce00798811af20607411dc978aaa1f52a7e80f39162f8df6f5d2d6979a025e0a8c1aff91ab51d50724e3288760d381fb7a3beea2b6761b1edd47cd97451e34d68577e3a268920df5fb96fa36b46df10ca4fba51d3ebd7beb35f8cb15781d9b7afbe99cd517a94fa18df44e1982e5c66eff03f1cf7d3e6e233bcc9f8e50fd0017f3eaf5dc24e79790d58c3f5e9a6e1113ca361cbc7a42c055802331c2f7f374bea588b11b7998e932bb46586f4af2aad0d2cecfaf454310cb24347054c7090fa553b989eaf3042396b08a54df1", 0xee, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="b47075a81099115e05cef4f59da02de6d08f23bc021c15d39ac087311384409362a27b88fcf16c296a59e2d3bae70f764908c340775372128738ef584849a92d60bb80ce5238219802088b12de4d1f15725257f131d775c7a0bb1dcc3e10e810aeca1c76470e12e5cbaaf7a8b6bca69c3c0fff0b9649e042b7148b316dc7ecc6870a201a8cbd51ccc3a49d85d49fb6200e59aaa9777f512f480d9bcf32b7afd0ebbb44e1fb75b2f8a86fa81c960bebb0b589cf26e8710f070b257fd9c1793bec392a2b89853bff470c5b2c6906212afdd0cc1ace82eae919bddc5cd7cbeccf64e657228e4472a1d917794906e6557c45811a9d6e39d5747c484d8fa422742b8f663b98832ba8c863deb1b47dd8360723b898fc700b49eeb42d8700eca0770d10362945f2e9ce519b3c5fbdf533d8dff4930fc83a0bd7f133676580c9e01ab86355b0d50e46557863cad98a1e01980432370380bac615bf1f408bec287a4fbd5b583f81bff4c84c9ca67c3da11882ffb1c0356891dfea5d5eef10aedf5cf56c54c6d27409f38cd5df1fa1df6bd0317195436811b89ba7b057d405c266fd7e41ab4b8cda9e3ad977309fa53b0548d2dd8f78ac6a3dfcb192036bf6a13093a4430a675948b9524fd2c1f5dfa1594e125c885591a865b00e5cdea6c5cacfd54d013ac720866ba16dc1a7cd1d690e2f4dc58613a4f1f0e0be079cf2f6be2a9f15b1e3347159ba650cbc57af0517878932442c0fa5eaf5457a2241703774a9677f18185f5bf9c837b076f40c30ba1c1c20ae58fa8eb557aa825ce5c7f1c544e9e3028c02bffbc22f6008fde5aaad851650abb3b8904974be7798b2cfd27ed810d7fbb9a2acab9053d773c5ee34808ac8a7368eea7cfc83dc0a9be65d2eae5126591661543bbe65824b14c8b8d2e368c76c6cb65d8912ec5c659f5c170efa28b47a5fd151c33663f1bd40b2606017a0b41d94b3fda27e0c76afa018ecbd727a1530e28b5a9423b24c0e975dad639e57ed3941801a6764de0332928ad581100f203bd9e49276ab352301db1f83444b9e6e8c6e0f9472c9fdebf29d0ab469ec9bc5de1db1415786ed6592b7af0b9a1354368ac5666c0498412b7514c77c2fded801c41e7e563a2f703144c12e9c9da17bca917ce8e47a2a7bb220c934d168088509eb8494b01c1cf9c94c5c745e11f7ab99652884a69f2e3598a3dd514b744ecffa41e012ee5014741c86da76638450570e17fab4519f1cb7da428ca14cee212101d5b86db7306fe6512ea6d8451b23e129054eaa711c76c93c747f7b2e389cc3827fcfc16633985941d5c96935a22dfcc1b8ac96d4d17dfd78b1dc803d4d8891f07178ecf27e6273d4c24c4794295f8bfd14e1a3c1c325029da96d876d5b43fb4d598e07528f70586bd812b12bb5ece14191d01c4ca42f46ddd459b02545ab491daf37b99b6f1103d762223db0ef6e346ea36e965eac95829ef79622a5adcaa6f97a952dbfb5beeb91fe360aa61e892deb5d4d740ffea0df7e8d2368f4676c77c9cbcc43096be5cce974c897513a7738d2cf719739a10dfcb8d1e84e6a1d3c96c04b495df6005a934254fa8c5662fcd8013e6defb7d94659ee3ec84baed82db7d626305a104a675367503698d2060b3e41b02eb2fb6c871968ae136dca0b5f0cc52c92506a6ddfa52a45716426dbbeb2142e328852afa757d1d987993cb47a3dd3bc714e428061d1d5ec76cab5bed7503927006369ee023e7d70a9aa75437a85e4137636de7f28a84eb172255951c40a67b910eb90657bcdbe0b352ac026dda05ba06321df830720031d86b9103ce65f66b163355b1a7b87b3777a0ffa22698364512ec92a815ee191355443864405b7e03afaaf952494c11e23880c8cb72daa68c441e0ebba34c4e05aada6ac4006db0337db61b5d369d0be877e7d003dd63d16f080b3efbf8f728f6f80f4e97e72722186b2b5618e428509571b76bc353bfd9d20bcc42ae749789eaf6d64e85054f849530f15d43ac61a7431850801db8c1429c645decf18665165c522727ec1b6f972edb038f098a277480797bcd975aab8f4f44021d96623c4deab50ea1d8d0b8955ce70c3ee5e373b14618ec3b8d6e0d926f194b793d8d4546c2449efc59925a38a33bde7525449651dcd2da05df5144789377b771e29bfbda287746bcded229e59073637f35d8080d2e09dc40798ced6d1df9e55b3bd8d504900be0f3859ae669846f4ef8c5084fb8bfebcc29fc94053116e414d3e057cff9a30d5b4c178986e3c38e08d841a0111983a0ad2ec5789238b3bf177d1c7d74033e1c42e6d6f7245e08587de6084422d69259226a2b4256becb6b4726a1f7ad3833f62c1944562265bea95cbc3cac6c706c21862cc55c71dc416961980ba06b08e3dc8d64278135fe39b5d7f80dc151e224e148d8fbb587645bb4ba6394a2be5cb4294ee1fd64eacf761e3f7fa20c01203a6f7ffc34b45e2b08529800e55b29f8c4af961cac414218a55a490241bf13d02809113fa25a5ead01d83275431fa73aa8e32547b1ca82875bcbfcd26c68090972a21b11f472bf65bcb5679b8542e566d48aa5283dfe907fed1430744b6fc0bc1f3aa3453b3df937a0e7dd36eb5f9d2adfd23161363d3a70c225ad2b3b9d33b0acf5b95da9e18f30e9f5abf108b3b052f1ff41a0fd2b7efd5ee704c914d4e8bb7aef1bf51d7f3d7960e4eb260bf66d363be69186aa86c05a5e7654996ffe198f60c4bee78c2efcaeb9cca8085f78ea722b368c4a3d231cb559f784cece98bc5370dbac91419b52950644f4d3f0f4ea58ea342fd0b012d7afdf771ac357bcf353de6b950235ad4ebccb3250dde43985fc2710be04f17438e35bf9afebbd46f27d01253fb3c56d83ee7d03473a88a6c560325f210d5b01e18d8805573bff7a9427b414b0cc926d49c1db5de99344a8b5e3ce7153e3f2bd180c4cc8e44d8ef9042b7fb0b632963b810f99289d6e0190a682f0be270cd78576ac637f5cf28b81a17a0da9d810c28aa5ddf889978fb727775c37f3a2883fd3d72fa45d74d1c910c0de5cce4fbb3dda989cf7444240a1f9e988b76be2918ff3e8b1e8bfdda03e4bbf1d1208009e2abfb7d74e734a44e13fe7bc9cbc00d6610302b03cb2a4f9b870927e12c86541c2cf5bc0646174913c32abea7fc3b2739865e95afd742afd1813db8cb20cae5b2306d1a30b169dcccaf4e53749fa84e9686812fd5617fe8d8a50b9e21dad4d735163508a5ccd91bb8c284fe6499e895734fb6bcda454fb450bea88fa417b282cb2e2764d323278fbdebdd74850f2f6be217d3ccfe00add8b9f45d8e0533e6d889840d8106ed4c9c9a8b8e1d8db15cd6283e8543659d22adf2d1570ce8c11edc9573622787495e4a01222cc5a5d22e199db45020199f55bf3f7c020ea0e4315a70aff3983d50be8fa24be77956901f67da9de5a75a127c88da062a5f8b36ab11dcf893b8999b5e6c90fcb768eef536936cb55208a0ceb9e75e224e094b24619aac7f033ecb5e8b3adbd68c3846d5479527d41ccaaa7793a897624ee26d98bb8dfe2c5df5a4fd89a36f3755a0763539358d1e36120196fa00dbad48455fc08d201086516ccca0e205e0674c2d528a9e77a967e28aa81e18c5054487bc0b1f63fdaf2979062129938ec49f633633e715bd83f9a8245b45d05c0a8d201a5b3f6053c6b7039f7f230e8c1c52541f00101336f0cd134341a1ec08710ab35f2fe0ac982d017d6d139911cb375f285a31dbd2f48db48b3aa7ddbd1e42aa65a707f1dff84072506ed5f838890acbdb3ef5b52370854130b864cc94977f338e9e7562f449cb93addf3ae4e95ca1e46f596a6ea67989346259ef8f6b8725aa1457438c7642bb171332903947b55ad5981189854de497e9f1fd84a2aca8cce7e472052ad0fa73d05deb3fee9b9dc735fada582bc2d48d3cb77b80a1d88c872a2927c1f73e1be0889caafa363a4913da2911101fcdf43140b25538f7ef7d8ce98e2e5ad8dfbba39f23e8d1bf672c892f022fb847469c830dbf28de64d8640f02572f57fdccc7eef013d9d6c4229c0c58e095b9038df7da47e7d801ff0ce73128f075f9d4e8494d25d6b80f1abca4caf60817f8187620e8e3be57b2624e6189e0efcd71e45d9e23b5185f5dce6c7a0a201feab6375dc110133e4e6e82d1f17e6759e072dc8dadf492c336a6b1682f220e501b50d1381c8850d6137d5d91db2df8f1571b894b3ceceb5be9a34eda6caa5170ba2a71a614f70c372dd1e6f986315ce338f6badfbd938b822f4e43314ef4b3603a022591aa975878b8fdbb7776a4f2948611043c9ecc20f45016df0e68893f93171cf78aabd132913c78b31e996b62e4743672ba7973357f7db3c331cb531921d503a16e068fbf6acd606468ff8ed7116fc774d444c8e10263256807489c65a2ce6490325ae524031570d0c5fd4a549d405547249e7d2bb4b379e304ed4f7e564300984b91b02faf7ed727e0c1e852b213365b15254961eadf8045f01301ed1622b486a2e197cbda73a52e2b76072a3a7a2a178a237813b3be727d0eed44d2865af185137d7a07d604d792bada39d56d7ffcfd6a651d06beeaad8e28c93b55522333ed7ed8f0782602c6606d1c170ff877ab096ae786487a0d25097003520d9bd9ed192b65fec343e7fbe3dab0818252d59cf76f5d3e4538b29ce717185b134bfff4b87dc6d32e7ae4e0816733139d96d6a4933a46c3e4652175bf69786e03746df9835652636533041f606cfeb2388b27ffd49be2d7edaba9bcfb022f3489b26a9b894862817f5d8304fef48f72c58c63c5a2ac12e381cefd4cab1ad9d77366ae60233b55df2f80ecaa696091d6deacb01cdf54ef31d318813d3f5469f0eb816b5b7df799320889c94359aa0015581c6e1f814e90d1aba5b038c7ca37cee8bff47eb80e646a60ecb4bd7f6540163548802edace60a250c0e51f943684d041ed6697721d5349db5d714dfcf0b2a92a22c407908ba18d09d884d132db773d37faafae09cb7afac596e98ff6fbee6babee0db67ac620f8c1fae9996412fdbfd29ea2a7d513f7ae1458b5102ec244114c6b66893ff46ab22e181d33baee11858357c1484ba73153fa1136086e469ad5513c6a28d940eadde594814751af60b113728d4c917f333a4fa5a9643372a721c90fc36ed728158276d0746313677ece05dda85b504e7e4574be47b16a44853bbce79d201a9dae8a5fac34b0dc34b4aaf8b3af528ae5e3af9ba178e5a53ee241015b48e02fc2c07b356baf314ba14766b82681ff52dc34b5d5c01581fec4158c6c28153ca2568b901f136598c26cb4be6d7848187a6c7f8f52cf980dff551fd6835524c2ad9867b433badeb73e0ff1a0c04cd74ba971236d687c7db2fca9e3a278b124c7392c448dae8309679ee43fc1f106e093c9f84028cec6d17b533e4bd22c519aa0123a31fd6cff054338f7fe9a646f9e540718e5e3d831de7ea0d706207efb03cbb2322e79ce083640787298a8702b2983543f3fad21cd8f64220231e203e90f84bbeebd78730241907b4ccdba6dc9047bec9dfb43fc5ab0f6ca477a1c65db823c96971163aa9634071ae3b289af29e120776d0014be63cc951ddae7ed351fb384ee6cbcd05a445e74e8d5726bf36cf6d22992433fd8b970ae25da140df21cec24ab64bfb683d30dc09bd79c88f31b883977f835bb110bbecef95343936a1d94286c6a9d53a8d30dd76168460b58efb0a1ba46ca703efcfe38613e254abd2e6c599a3a43ce1218b5457d3478") r7 = perf_event_open(&(0x7f0000001400)={0x2, 0x80, 0x2, 0xc0, 0xc9, 0x80, 0x0, 0x1ff, 0x80956, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xedd4, 0x4, @perf_bp={&(0x7f00000013c0), 0x4}, 0x8841, 0xffffffffffff5772, 0x9, 0x4, 0x5, 0xff, 0x1ff, 0x0, 0x7, 0x0, 0xfff}, 0x0, 0x2, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x40, 0x44, 0x6c, 0x2, 0x0, 0x42, 0x40, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000180), 0x4}, 0x0, 0x1f, 0xc6, 0x0, 0xffffffffffffffff, 0x81, 0x8, 0x0, 0xd0, 0x0, 0x1}, r6, 0x2, r7, 0x0) 17:39:54 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) r3 = openat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000140)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x4c, 0x2f, &(0x7f0000000180)="b308231730f233102d7b7db11db9f1154f89ef8e132fb6e57723f7e0926edd967122074ae8dc69994681924ab45a65df0b8ae72f238f9042c5b0f17b81c53c6d58b5657fec8fa79640144367", &(0x7f0000000200)=""/47, 0x7, 0x0, 0x4f, 0x7f, &(0x7f0000000240)="e0d84191dd4e8fd3a79ce2a1274926ccb45f0eea63bf8c33aa03eb52269467a1fe613319c351451f9ed66993728ff39b7cb856af1587e44059393613dd62da99c457a9bdc2792fb9a43ab9dc71a7ac", &(0x7f00000002c0)="c1f6766a4efcba6373545d4e66610e2eafb5e9f52108a6817754649a7c7c2faf15af1923eabc0eaf92b11612058cb98d8a941d245e1978d0f8c263bc04bcacce915f55bc485872df629d6ecfc054b88634f813ad9694d10b5d8c1f236d7d9ca4ba26d44307785221b2bb15a48372ab655cac96e5c8a832b72773e27067b8c9", 0x1, 0xffffff00}, 0x48) 17:39:54 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='rdma.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:54 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='rdma.max\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:54 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x8000}, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@map=r3, 0xffffffffffffffff, 0x24}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000440)='cgroup.events\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x4, &(0x7f00000000c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xbc63}, @map_fd={0x18, 0x5, 0x1, 0x0, r2}], &(0x7f0000000100)='GPL\x00', 0x5, 0x2b, &(0x7f0000000180)=""/43, 0x40f00, 0x8, '\x00', 0x0, 0xc, r0, 0x8, &(0x7f00000001c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xa, 0x9, 0x1000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r4, r5, r6, r7]}, 0x80) syz_clone(0x94020000, 0x0, 0x1b, 0x0, 0x0, 0x0) 17:39:54 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001480)={&(0x7f0000001440)='./file0\x00'}, 0x10) (rerun: 32) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001500)={&(0x7f00000014c0)='./file0\x00', 0x0, 0x18}, 0x10) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)=@base={0x1a, 0x0, 0x2, 0x9, 0x200, 0xffffffffffffffff, 0x16d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1d, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffeb}, [@btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffa}, @ldst={0x2, 0x3, 0x3, 0x3, 0xb, 0x0, 0x4}, @alu={0x4, 0x0, 0x4, 0x3, 0xb, 0xfffffffffffffff8, 0x4}, @alu={0xd, 0x1, 0x5, 0x5, 0x3, 0x10, 0x10}]}, &(0x7f0000000380)='syzkaller\x00', 0x4, 0x1002, &(0x7f0000001680)=""/4098, 0x40f00, 0x9, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x8, &(0x7f00000013c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001400)={0x3, 0xe, 0x40, 0xffff}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f00000015c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2, 0x1, 0x1, 0x1, r3]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 32) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x71ff, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x77, &(0x7f0000000080)=""/119, 0x40f00, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000280)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x5, 0x8d88, 0x202}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, r5, r6]}, 0x80) 17:39:54 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:39:54 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='rdma.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_int(r0, &(0x7f00000000c0)='rdma.max\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) [ 216.645905][T29576] FAULT_INJECTION: forcing a failure. [ 216.645905][T29576] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 216.715784][T29576] CPU: 0 PID: 29576 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 216.725955][T29576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 216.735842][T29576] Call Trace: [ 216.738966][T29576] [ 216.741744][T29576] dump_stack_lvl+0x151/0x1b7 [ 216.746255][T29576] ? bfq_pos_tree_add_move+0x43e/0x43e [ 216.751551][T29576] dump_stack+0x15/0x17 [ 216.755540][T29576] should_fail+0x3c0/0x510 [ 216.759799][T29576] should_fail_alloc_page+0x58/0x70 [ 216.764829][T29576] __alloc_pages+0x1de/0x7c0 [ 216.769257][T29576] ? __count_vm_events+0x30/0x30 [ 216.774033][T29576] ? __this_cpu_preempt_check+0x13/0x20 [ 216.779498][T29576] pte_alloc_one+0x73/0x1b0 [ 216.783838][T29576] ? pfn_modify_allowed+0x2e0/0x2e0 [ 216.788871][T29576] __pte_alloc+0x86/0x350 [ 216.793043][T29576] ? free_pgtables+0x210/0x210 [ 216.797723][T29576] ? _raw_spin_lock+0xa3/0x1b0 [ 216.802323][T29576] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 216.807531][T29576] ? __kernel_text_address+0x9a/0x110 [ 216.812742][T29576] copy_pte_range+0x1b1f/0x20b0 [ 216.817437][T29576] ? __kunmap_atomic+0x80/0x80 [ 216.822027][T29576] ? __kasan_slab_alloc+0xc4/0xe0 [ 216.826885][T29576] ? __kasan_slab_alloc+0xb2/0xe0 [ 216.831753][T29576] ? kmem_cache_alloc+0x189/0x2f0 [ 216.836609][T29576] ? vm_area_dup+0x26/0x1d0 [ 216.841124][T29576] ? dup_mmap+0x6b8/0xea0 [ 216.845287][T29576] ? dup_mm+0x91/0x330 [ 216.849198][T29576] ? copy_mm+0x108/0x1b0 [ 216.853278][T29576] ? copy_process+0x1295/0x3250 [ 216.857961][T29576] ? kernel_clone+0x22d/0x990 [ 216.862471][T29576] ? __x64_sys_clone+0x289/0x310 [ 216.867247][T29576] ? do_syscall_64+0x44/0xd0 [ 216.871669][T29576] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 216.877577][T29576] copy_page_range+0xc1e/0x1090 [ 216.882346][T29576] ? pfn_valid+0x1e0/0x1e0 [ 216.886518][T29576] dup_mmap+0x99f/0xea0 [ 216.890512][T29576] ? __delayed_free_task+0x20/0x20 [ 216.895453][T29576] ? mm_init+0x807/0x960 [ 216.899533][T29576] dup_mm+0x91/0x330 [ 216.903268][T29576] copy_mm+0x108/0x1b0 [ 216.907170][T29576] copy_process+0x1295/0x3250 [ 216.911688][T29576] ? proc_fail_nth_write+0x213/0x290 [ 216.916807][T29576] ? proc_fail_nth_read+0x220/0x220 [ 216.921839][T29576] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 216.926787][T29576] ? vfs_write+0x9af/0x1050 [ 216.931126][T29576] ? vmacache_update+0xb7/0x120 [ 216.935813][T29576] kernel_clone+0x22d/0x990 [ 216.940153][T29576] ? file_end_write+0x1b0/0x1b0 [ 216.944839][T29576] ? __kasan_check_write+0x14/0x20 [ 216.949796][T29576] ? create_io_thread+0x1e0/0x1e0 [ 216.954650][T29576] ? __mutex_lock_slowpath+0x10/0x10 [ 216.959772][T29576] __x64_sys_clone+0x289/0x310 [ 216.964368][T29576] ? __do_sys_vfork+0x130/0x130 [ 216.969061][T29576] ? debug_smp_processor_id+0x17/0x20 [ 216.974272][T29576] do_syscall_64+0x44/0xd0 [ 216.978605][T29576] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 216.984330][T29576] RIP: 0033:0x7f510cb420d9 [ 216.988588][T29576] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 217.008036][T29576] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:54 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x8000}, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@map=r3, 0xffffffffffffffff, 0x24}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000440)='cgroup.events\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x4, &(0x7f00000000c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xbc63}, @map_fd={0x18, 0x5, 0x1, 0x0, r2}], &(0x7f0000000100)='GPL\x00', 0x5, 0x2b, &(0x7f0000000180)=""/43, 0x40f00, 0x8, '\x00', 0x0, 0xc, r0, 0x8, &(0x7f00000001c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xa, 0x9, 0x1000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r4, r5, r6, r7]}, 0x80) syz_clone(0x94020000, 0x0, 0x1b, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x8000}, 0xc) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@map=r3, 0xffffffffffffffff, 0x24}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000440)='cgroup.events\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x4, &(0x7f00000000c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xbc63}, @map_fd={0x18, 0x5, 0x1, 0x0, r2}], &(0x7f0000000100)='GPL\x00', 0x5, 0x2b, &(0x7f0000000180)=""/43, 0x40f00, 0x8, '\x00', 0x0, 0xc, r0, 0x8, &(0x7f00000001c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xa, 0x9, 0x1000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r4, r5, r6, r7]}, 0x80) (async) syz_clone(0x94020000, 0x0, 0x1b, 0x0, 0x0, 0x0) (async) [ 217.016274][T29576] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 217.024080][T29576] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 217.031896][T29576] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 217.039878][T29576] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 217.047690][T29576] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 217.055505][T29576] 17:39:54 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 67) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:54 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) 17:39:54 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 217.230067][T29716] FAULT_INJECTION: forcing a failure. [ 217.230067][T29716] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 217.290130][T29716] CPU: 0 PID: 29716 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 217.300206][T29716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 217.310104][T29716] Call Trace: [ 217.313226][T29716] [ 217.315998][T29716] dump_stack_lvl+0x151/0x1b7 [ 217.320515][T29716] ? bfq_pos_tree_add_move+0x43e/0x43e [ 217.325810][T29716] dump_stack+0x15/0x17 [ 217.329801][T29716] should_fail+0x3c0/0x510 [ 217.334052][T29716] should_fail_alloc_page+0x58/0x70 [ 217.339088][T29716] __alloc_pages+0x1de/0x7c0 [ 217.343520][T29716] ? __count_vm_events+0x30/0x30 [ 217.348290][T29716] ? __this_cpu_preempt_check+0x13/0x20 [ 217.353686][T29716] ? __mod_node_page_state+0xac/0xf0 [ 217.358789][T29716] ? __mod_lruvec_page_state+0x15f/0x1c0 [ 217.364347][T29716] pte_alloc_one+0x73/0x1b0 [ 217.368696][T29716] ? pfn_modify_allowed+0x2e0/0x2e0 [ 217.373720][T29716] __pte_alloc+0x86/0x350 [ 217.377889][T29716] ? free_pgtables+0x210/0x210 [ 217.382487][T29716] ? _raw_spin_lock+0xa3/0x1b0 [ 217.387086][T29716] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 217.392292][T29716] ? unwind_get_return_address+0x4c/0x90 [ 217.397764][T29716] copy_pte_range+0x1b1f/0x20b0 [ 217.402449][T29716] ? stack_trace_save+0x12d/0x1f0 [ 217.407310][T29716] ? anon_vma_clone+0xa1/0x4f0 [ 217.411909][T29716] ? __kunmap_atomic+0x80/0x80 [ 217.416510][T29716] ? dup_mmap+0x750/0xea0 [ 217.420675][T29716] ? copy_mm+0x108/0x1b0 [ 217.424752][T29716] ? copy_process+0x1295/0x3250 [ 217.429440][T29716] ? kernel_clone+0x22d/0x990 [ 217.434040][T29716] ? __x64_sys_clone+0x289/0x310 [ 217.438815][T29716] ? do_syscall_64+0x44/0xd0 [ 217.443238][T29716] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 217.449144][T29716] copy_page_range+0xc1e/0x1090 [ 217.453835][T29716] ? pfn_valid+0x1e0/0x1e0 [ 217.458170][T29716] dup_mmap+0x99f/0xea0 [ 217.462164][T29716] ? __delayed_free_task+0x20/0x20 [ 217.467109][T29716] ? mm_init+0x807/0x960 [ 217.471190][T29716] dup_mm+0x91/0x330 [ 217.475012][T29716] copy_mm+0x108/0x1b0 [ 217.478920][T29716] copy_process+0x1295/0x3250 [ 217.483439][T29716] ? proc_fail_nth_write+0x213/0x290 [ 217.488549][T29716] ? proc_fail_nth_read+0x220/0x220 [ 217.493586][T29716] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 217.498533][T29716] ? vfs_write+0x9af/0x1050 [ 217.502955][T29716] ? vmacache_update+0xb7/0x120 [ 217.507645][T29716] kernel_clone+0x22d/0x990 [ 217.511983][T29716] ? file_end_write+0x1b0/0x1b0 [ 217.516669][T29716] ? __kasan_check_write+0x14/0x20 [ 217.521613][T29716] ? create_io_thread+0x1e0/0x1e0 [ 217.526477][T29716] ? __mutex_lock_slowpath+0x10/0x10 [ 217.531613][T29716] __x64_sys_clone+0x289/0x310 [ 217.536206][T29716] ? __do_sys_vfork+0x130/0x130 [ 217.540886][T29716] ? debug_smp_processor_id+0x17/0x20 [ 217.546101][T29716] do_syscall_64+0x44/0xd0 [ 217.550348][T29716] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 217.556071][T29716] RIP: 0033:0x7f510cb420d9 [ 217.560324][T29716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 217.579777][T29716] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:55 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'team0\x00', 0x20}) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000100), 0x2, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) (async, rerun: 32) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) (async, rerun: 32) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x26e1, 0x0) (rerun: 64) write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1) (async) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000280)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) (async, rerun: 32) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 32) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x660c, 0x0) (async) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff) (async, rerun: 32) write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (rerun: 32) r6 = syz_clone(0x80000100, &(0x7f0000000240)="c9af879e7568a34e4b0a4403e7b33fafae29966509e8f68bffdceacadf9ec4a9a87ce00798811af20607411dc978aaa1f52a7e80f39162f8df6f5d2d6979a025e0a8c1aff91ab51d50724e3288760d381fb7a3beea2b6761b1edd47cd97451e34d68577e3a268920df5fb96fa36b46df10ca4fba51d3ebd7beb35f8cb15781d9b7afbe99cd517a94fa18df44e1982e5c66eff03f1cf7d3e6e233bcc9f8e50fd0017f3eaf5dc24e79790d58c3f5e9a6e1113ca361cbc7a42c055802331c2f7f374bea588b11b7998e932bb46586f4af2aad0d2cecfaf454310cb24347054c7090fa553b989eaf3042396b08a54df1", 0xee, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="b47075a81099115e05cef4f59da02de6d08f23bc021c15d39ac087311384409362a27b88fcf16c296a59e2d3bae70f764908c340775372128738ef584849a92d60bb80ce5238219802088b12de4d1f15725257f131d775c7a0bb1dcc3e10e810aeca1c76470e12e5cbaaf7a8b6bca69c3c0fff0b9649e042b7148b316dc7ecc6870a201a8cbd51ccc3a49d85d49fb6200e59aaa9777f512f480d9bcf32b7afd0ebbb44e1fb75b2f8a86fa81c960bebb0b589cf26e8710f070b257fd9c1793bec392a2b89853bff470c5b2c6906212afdd0cc1ace82eae919bddc5cd7cbeccf64e657228e4472a1d917794906e6557c45811a9d6e39d5747c484d8fa422742b8f663b98832ba8c863deb1b47dd8360723b898fc700b49eeb42d8700eca0770d10362945f2e9ce519b3c5fbdf533d8dff4930fc83a0bd7f133676580c9e01ab86355b0d50e46557863cad98a1e01980432370380bac615bf1f408bec287a4fbd5b583f81bff4c84c9ca67c3da11882ffb1c0356891dfea5d5eef10aedf5cf56c54c6d27409f38cd5df1fa1df6bd0317195436811b89ba7b057d405c266fd7e41ab4b8cda9e3ad977309fa53b0548d2dd8f78ac6a3dfcb192036bf6a13093a4430a675948b9524fd2c1f5dfa1594e125c885591a865b00e5cdea6c5cacfd54d013ac720866ba16dc1a7cd1d690e2f4dc58613a4f1f0e0be079cf2f6be2a9f15b1e3347159ba650cbc57af0517878932442c0fa5eaf5457a2241703774a9677f18185f5bf9c837b076f40c30ba1c1c20ae58fa8eb557aa825ce5c7f1c544e9e3028c02bffbc22f6008fde5aaad851650abb3b8904974be7798b2cfd27ed810d7fbb9a2acab9053d773c5ee34808ac8a7368eea7cfc83dc0a9be65d2eae5126591661543bbe65824b14c8b8d2e368c76c6cb65d8912ec5c659f5c170efa28b47a5fd151c33663f1bd40b2606017a0b41d94b3fda27e0c76afa018ecbd727a1530e28b5a9423b24c0e975dad639e57ed3941801a6764de0332928ad581100f203bd9e49276ab352301db1f83444b9e6e8c6e0f9472c9fdebf29d0ab469ec9bc5de1db1415786ed6592b7af0b9a1354368ac5666c0498412b7514c77c2fded801c41e7e563a2f703144c12e9c9da17bca917ce8e47a2a7bb220c934d168088509eb8494b01c1cf9c94c5c745e11f7ab99652884a69f2e3598a3dd514b744ecffa41e012ee5014741c86da76638450570e17fab4519f1cb7da428ca14cee212101d5b86db7306fe6512ea6d8451b23e129054eaa711c76c93c747f7b2e389cc3827fcfc16633985941d5c96935a22dfcc1b8ac96d4d17dfd78b1dc803d4d8891f07178ecf27e6273d4c24c4794295f8bfd14e1a3c1c325029da96d876d5b43fb4d598e07528f70586bd812b12bb5ece14191d01c4ca42f46ddd459b02545ab491daf37b99b6f1103d762223db0ef6e346ea36e965eac95829ef79622a5adcaa6f97a952dbfb5beeb91fe360aa61e892deb5d4d740ffea0df7e8d2368f4676c77c9cbcc43096be5cce974c897513a7738d2cf719739a10dfcb8d1e84e6a1d3c96c04b495df6005a934254fa8c5662fcd8013e6defb7d94659ee3ec84baed82db7d626305a104a675367503698d2060b3e41b02eb2fb6c871968ae136dca0b5f0cc52c92506a6ddfa52a45716426dbbeb2142e328852afa757d1d987993cb47a3dd3bc714e428061d1d5ec76cab5bed7503927006369ee023e7d70a9aa75437a85e4137636de7f28a84eb172255951c40a67b910eb90657bcdbe0b352ac026dda05ba06321df830720031d86b9103ce65f66b163355b1a7b87b3777a0ffa22698364512ec92a815ee191355443864405b7e03afaaf952494c11e23880c8cb72daa68c441e0ebba34c4e05aada6ac4006db0337db61b5d369d0be877e7d003dd63d16f080b3efbf8f728f6f80f4e97e72722186b2b5618e428509571b76bc353bfd9d20bcc42ae749789eaf6d64e85054f849530f15d43ac61a7431850801db8c1429c645decf18665165c522727ec1b6f972edb038f098a277480797bcd975aab8f4f44021d96623c4deab50ea1d8d0b8955ce70c3ee5e373b14618ec3b8d6e0d926f194b793d8d4546c2449efc59925a38a33bde7525449651dcd2da05df5144789377b771e29bfbda287746bcded229e59073637f35d8080d2e09dc40798ced6d1df9e55b3bd8d504900be0f3859ae669846f4ef8c5084fb8bfebcc29fc94053116e414d3e057cff9a30d5b4c178986e3c38e08d841a0111983a0ad2ec5789238b3bf177d1c7d74033e1c42e6d6f7245e08587de6084422d69259226a2b4256becb6b4726a1f7ad3833f62c1944562265bea95cbc3cac6c706c21862cc55c71dc416961980ba06b08e3dc8d64278135fe39b5d7f80dc151e224e148d8fbb587645bb4ba6394a2be5cb4294ee1fd64eacf761e3f7fa20c01203a6f7ffc34b45e2b08529800e55b29f8c4af961cac414218a55a490241bf13d02809113fa25a5ead01d83275431fa73aa8e32547b1ca82875bcbfcd26c68090972a21b11f472bf65bcb5679b8542e566d48aa5283dfe907fed1430744b6fc0bc1f3aa3453b3df937a0e7dd36eb5f9d2adfd23161363d3a70c225ad2b3b9d33b0acf5b95da9e18f30e9f5abf108b3b052f1ff41a0fd2b7efd5ee704c914d4e8bb7aef1bf51d7f3d7960e4eb260bf66d363be69186aa86c05a5e7654996ffe198f60c4bee78c2efcaeb9cca8085f78ea722b368c4a3d231cb559f784cece98bc5370dbac91419b52950644f4d3f0f4ea58ea342fd0b012d7afdf771ac357bcf353de6b950235ad4ebccb3250dde43985fc2710be04f17438e35bf9afebbd46f27d01253fb3c56d83ee7d03473a88a6c560325f210d5b01e18d8805573bff7a9427b414b0cc926d49c1db5de99344a8b5e3ce7153e3f2bd180c4cc8e44d8ef9042b7fb0b632963b810f99289d6e0190a682f0be270cd78576ac637f5cf28b81a17a0da9d810c28aa5ddf889978fb727775c37f3a2883fd3d72fa45d74d1c910c0de5cce4fbb3dda989cf7444240a1f9e988b76be2918ff3e8b1e8bfdda03e4bbf1d1208009e2abfb7d74e734a44e13fe7bc9cbc00d6610302b03cb2a4f9b870927e12c86541c2cf5bc0646174913c32abea7fc3b2739865e95afd742afd1813db8cb20cae5b2306d1a30b169dcccaf4e53749fa84e9686812fd5617fe8d8a50b9e21dad4d735163508a5ccd91bb8c284fe6499e895734fb6bcda454fb450bea88fa417b282cb2e2764d323278fbdebdd74850f2f6be217d3ccfe00add8b9f45d8e0533e6d889840d8106ed4c9c9a8b8e1d8db15cd6283e8543659d22adf2d1570ce8c11edc9573622787495e4a01222cc5a5d22e199db45020199f55bf3f7c020ea0e4315a70aff3983d50be8fa24be77956901f67da9de5a75a127c88da062a5f8b36ab11dcf893b8999b5e6c90fcb768eef536936cb55208a0ceb9e75e224e094b24619aac7f033ecb5e8b3adbd68c3846d5479527d41ccaaa7793a897624ee26d98bb8dfe2c5df5a4fd89a36f3755a0763539358d1e36120196fa00dbad48455fc08d201086516ccca0e205e0674c2d528a9e77a967e28aa81e18c5054487bc0b1f63fdaf2979062129938ec49f633633e715bd83f9a8245b45d05c0a8d201a5b3f6053c6b7039f7f230e8c1c52541f00101336f0cd134341a1ec08710ab35f2fe0ac982d017d6d139911cb375f285a31dbd2f48db48b3aa7ddbd1e42aa65a707f1dff84072506ed5f838890acbdb3ef5b52370854130b864cc94977f338e9e7562f449cb93addf3ae4e95ca1e46f596a6ea67989346259ef8f6b8725aa1457438c7642bb171332903947b55ad5981189854de497e9f1fd84a2aca8cce7e472052ad0fa73d05deb3fee9b9dc735fada582bc2d48d3cb77b80a1d88c872a2927c1f73e1be0889caafa363a4913da2911101fcdf43140b25538f7ef7d8ce98e2e5ad8dfbba39f23e8d1bf672c892f022fb847469c830dbf28de64d8640f02572f57fdccc7eef013d9d6c4229c0c58e095b9038df7da47e7d801ff0ce73128f075f9d4e8494d25d6b80f1abca4caf60817f8187620e8e3be57b2624e6189e0efcd71e45d9e23b5185f5dce6c7a0a201feab6375dc110133e4e6e82d1f17e6759e072dc8dadf492c336a6b1682f220e501b50d1381c8850d6137d5d91db2df8f1571b894b3ceceb5be9a34eda6caa5170ba2a71a614f70c372dd1e6f986315ce338f6badfbd938b822f4e43314ef4b3603a022591aa975878b8fdbb7776a4f2948611043c9ecc20f45016df0e68893f93171cf78aabd132913c78b31e996b62e4743672ba7973357f7db3c331cb531921d503a16e068fbf6acd606468ff8ed7116fc774d444c8e10263256807489c65a2ce6490325ae524031570d0c5fd4a549d405547249e7d2bb4b379e304ed4f7e564300984b91b02faf7ed727e0c1e852b213365b15254961eadf8045f01301ed1622b486a2e197cbda73a52e2b76072a3a7a2a178a237813b3be727d0eed44d2865af185137d7a07d604d792bada39d56d7ffcfd6a651d06beeaad8e28c93b55522333ed7ed8f0782602c6606d1c170ff877ab096ae786487a0d25097003520d9bd9ed192b65fec343e7fbe3dab0818252d59cf76f5d3e4538b29ce717185b134bfff4b87dc6d32e7ae4e0816733139d96d6a4933a46c3e4652175bf69786e03746df9835652636533041f606cfeb2388b27ffd49be2d7edaba9bcfb022f3489b26a9b894862817f5d8304fef48f72c58c63c5a2ac12e381cefd4cab1ad9d77366ae60233b55df2f80ecaa696091d6deacb01cdf54ef31d318813d3f5469f0eb816b5b7df799320889c94359aa0015581c6e1f814e90d1aba5b038c7ca37cee8bff47eb80e646a60ecb4bd7f6540163548802edace60a250c0e51f943684d041ed6697721d5349db5d714dfcf0b2a92a22c407908ba18d09d884d132db773d37faafae09cb7afac596e98ff6fbee6babee0db67ac620f8c1fae9996412fdbfd29ea2a7d513f7ae1458b5102ec244114c6b66893ff46ab22e181d33baee11858357c1484ba73153fa1136086e469ad5513c6a28d940eadde594814751af60b113728d4c917f333a4fa5a9643372a721c90fc36ed728158276d0746313677ece05dda85b504e7e4574be47b16a44853bbce79d201a9dae8a5fac34b0dc34b4aaf8b3af528ae5e3af9ba178e5a53ee241015b48e02fc2c07b356baf314ba14766b82681ff52dc34b5d5c01581fec4158c6c28153ca2568b901f136598c26cb4be6d7848187a6c7f8f52cf980dff551fd6835524c2ad9867b433badeb73e0ff1a0c04cd74ba971236d687c7db2fca9e3a278b124c7392c448dae8309679ee43fc1f106e093c9f84028cec6d17b533e4bd22c519aa0123a31fd6cff054338f7fe9a646f9e540718e5e3d831de7ea0d706207efb03cbb2322e79ce083640787298a8702b2983543f3fad21cd8f64220231e203e90f84bbeebd78730241907b4ccdba6dc9047bec9dfb43fc5ab0f6ca477a1c65db823c96971163aa9634071ae3b289af29e120776d0014be63cc951ddae7ed351fb384ee6cbcd05a445e74e8d5726bf36cf6d22992433fd8b970ae25da140df21cec24ab64bfb683d30dc09bd79c88f31b883977f835bb110bbecef95343936a1d94286c6a9d53a8d30dd76168460b58efb0a1ba46ca703efcfe38613e254abd2e6c599a3a43ce1218b5457d3478") r7 = perf_event_open(&(0x7f0000001400)={0x2, 0x80, 0x2, 0xc0, 0xc9, 0x80, 0x0, 0x1ff, 0x80956, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xedd4, 0x4, @perf_bp={&(0x7f00000013c0), 0x4}, 0x8841, 0xffffffffffff5772, 0x9, 0x4, 0x5, 0xff, 0x1ff, 0x0, 0x7, 0x0, 0xfff}, 0x0, 0x2, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x40, 0x44, 0x6c, 0x2, 0x0, 0x42, 0x40, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000180), 0x4}, 0x0, 0x1f, 0xc6, 0x0, 0xffffffffffffffff, 0x81, 0x8, 0x0, 0xd0, 0x0, 0x1}, r6, 0x2, r7, 0x0) 17:39:55 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x8000}, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@map=r3, 0xffffffffffffffff, 0x24}, 0x10) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r6, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r0, &(0x7f0000000440)='cgroup.events\x00', 0x0, 0x0) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x4, &(0x7f00000000c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xbc63}, @map_fd={0x18, 0x5, 0x1, 0x0, r2}], &(0x7f0000000100)='GPL\x00', 0x5, 0x2b, &(0x7f0000000180)=""/43, 0x40f00, 0x8, '\x00', 0x0, 0xc, r0, 0x8, &(0x7f00000001c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xa, 0x9, 0x1000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r4, r5, r6, r7]}, 0x80) (rerun: 32) syz_clone(0x94020000, 0x0, 0x1b, 0x0, 0x0, 0x0) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async) 17:39:55 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001480)={&(0x7f0000001440)='./file0\x00'}, 0x10) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001500)={&(0x7f00000014c0)='./file0\x00', 0x0, 0x18}, 0x10) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)=@base={0x1a, 0x0, 0x2, 0x9, 0x200, 0xffffffffffffffff, 0x16d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1d, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffeb}, [@btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffa}, @ldst={0x2, 0x3, 0x3, 0x3, 0xb, 0x0, 0x4}, @alu={0x4, 0x0, 0x4, 0x3, 0xb, 0xfffffffffffffff8, 0x4}, @alu={0xd, 0x1, 0x5, 0x5, 0x3, 0x10, 0x10}]}, &(0x7f0000000380)='syzkaller\x00', 0x4, 0x1002, &(0x7f0000001680)=""/4098, 0x40f00, 0x9, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x8, &(0x7f00000013c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000001400)={0x3, 0xe, 0x40, 0xffff}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f00000015c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2, 0x1, 0x1, 0x1, r3]}, 0x80) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x71ff, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x77, &(0x7f0000000080)=""/119, 0x40f00, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000280)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x5, 0x8d88, 0x202}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, r5, r6]}, 0x80) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) 17:39:55 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 217.588015][T29716] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 217.595825][T29716] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 217.603635][T29716] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 217.611447][T29716] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 217.619267][T29716] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 217.627076][T29716] 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000f8690000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:55 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 68) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0x6a) [ 217.733517][T29759] FAULT_INJECTION: forcing a failure. [ 217.733517][T29759] name failslab, interval 1, probability 0, space 0, times 0 [ 217.788907][T29759] CPU: 1 PID: 29759 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 217.798976][T29759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 217.808871][T29759] Call Trace: [ 217.811992][T29759] [ 217.814769][T29759] dump_stack_lvl+0x151/0x1b7 [ 217.819286][T29759] ? bfq_pos_tree_add_move+0x43e/0x43e [ 217.824581][T29759] dump_stack+0x15/0x17 [ 217.828574][T29759] should_fail+0x3c0/0x510 [ 217.832825][T29759] __should_failslab+0x9f/0xe0 [ 217.837423][T29759] should_failslab+0x9/0x20 [ 217.841768][T29759] kmem_cache_alloc+0x4f/0x2f0 [ 217.846365][T29759] ? vm_area_dup+0x26/0x1d0 [ 217.850715][T29759] vm_area_dup+0x26/0x1d0 [ 217.854959][T29759] dup_mmap+0x6b8/0xea0 [ 217.858951][T29759] ? __delayed_free_task+0x20/0x20 [ 217.863896][T29759] ? mm_init+0x807/0x960 [ 217.867978][T29759] dup_mm+0x91/0x330 [ 217.871707][T29759] copy_mm+0x108/0x1b0 [ 217.875617][T29759] copy_process+0x1295/0x3250 [ 217.880129][T29759] ? proc_fail_nth_write+0x213/0x290 [ 217.885250][T29759] ? proc_fail_nth_read+0x220/0x220 [ 217.890284][T29759] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 217.895229][T29759] ? vfs_write+0x9af/0x1050 [ 217.899568][T29759] ? vmacache_update+0xb7/0x120 [ 217.904345][T29759] kernel_clone+0x22d/0x990 [ 217.908680][T29759] ? file_end_write+0x1b0/0x1b0 [ 217.913369][T29759] ? __kasan_check_write+0x14/0x20 [ 217.918316][T29759] ? create_io_thread+0x1e0/0x1e0 [ 217.923185][T29759] ? __mutex_lock_slowpath+0x10/0x10 [ 217.928298][T29759] __x64_sys_clone+0x289/0x310 [ 217.932899][T29759] ? __do_sys_vfork+0x130/0x130 [ 217.937587][T29759] ? debug_smp_processor_id+0x17/0x20 [ 217.942800][T29759] do_syscall_64+0x44/0xd0 [ 217.947049][T29759] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 217.952784][T29759] RIP: 0033:0x7f510cb420d9 [ 217.957026][T29759] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 217.976556][T29759] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 217.984805][T29759] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 217.992616][T29759] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 218.000425][T29759] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 218.008249][T29759] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 218.016052][T29759] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 218.023863][T29759] 17:39:55 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'team0\x00', 0x20}) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async, rerun: 32) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000100), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) (async) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x26e1, 0x0) (rerun: 64) write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000280)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) (async, rerun: 64) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x660c, 0x0) (async, rerun: 64) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff) write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async, rerun: 64) r6 = syz_clone(0x80000100, &(0x7f0000000240)="c9af879e7568a34e4b0a4403e7b33fafae29966509e8f68bffdceacadf9ec4a9a87ce00798811af20607411dc978aaa1f52a7e80f39162f8df6f5d2d6979a025e0a8c1aff91ab51d50724e3288760d381fb7a3beea2b6761b1edd47cd97451e34d68577e3a268920df5fb96fa36b46df10ca4fba51d3ebd7beb35f8cb15781d9b7afbe99cd517a94fa18df44e1982e5c66eff03f1cf7d3e6e233bcc9f8e50fd0017f3eaf5dc24e79790d58c3f5e9a6e1113ca361cbc7a42c055802331c2f7f374bea588b11b7998e932bb46586f4af2aad0d2cecfaf454310cb24347054c7090fa553b989eaf3042396b08a54df1", 0xee, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="b47075a81099115e05cef4f59da02de6d08f23bc021c15d39ac087311384409362a27b88fcf16c296a59e2d3bae70f764908c340775372128738ef584849a92d60bb80ce5238219802088b12de4d1f15725257f131d775c7a0bb1dcc3e10e810aeca1c76470e12e5cbaaf7a8b6bca69c3c0fff0b9649e042b7148b316dc7ecc6870a201a8cbd51ccc3a49d85d49fb6200e59aaa9777f512f480d9bcf32b7afd0ebbb44e1fb75b2f8a86fa81c960bebb0b589cf26e8710f070b257fd9c1793bec392a2b89853bff470c5b2c6906212afdd0cc1ace82eae919bddc5cd7cbeccf64e657228e4472a1d917794906e6557c45811a9d6e39d5747c484d8fa422742b8f663b98832ba8c863deb1b47dd8360723b898fc700b49eeb42d8700eca0770d10362945f2e9ce519b3c5fbdf533d8dff4930fc83a0bd7f133676580c9e01ab86355b0d50e46557863cad98a1e01980432370380bac615bf1f408bec287a4fbd5b583f81bff4c84c9ca67c3da11882ffb1c0356891dfea5d5eef10aedf5cf56c54c6d27409f38cd5df1fa1df6bd0317195436811b89ba7b057d405c266fd7e41ab4b8cda9e3ad977309fa53b0548d2dd8f78ac6a3dfcb192036bf6a13093a4430a675948b9524fd2c1f5dfa1594e125c885591a865b00e5cdea6c5cacfd54d013ac720866ba16dc1a7cd1d690e2f4dc58613a4f1f0e0be079cf2f6be2a9f15b1e3347159ba650cbc57af0517878932442c0fa5eaf5457a2241703774a9677f18185f5bf9c837b076f40c30ba1c1c20ae58fa8eb557aa825ce5c7f1c544e9e3028c02bffbc22f6008fde5aaad851650abb3b8904974be7798b2cfd27ed810d7fbb9a2acab9053d773c5ee34808ac8a7368eea7cfc83dc0a9be65d2eae5126591661543bbe65824b14c8b8d2e368c76c6cb65d8912ec5c659f5c170efa28b47a5fd151c33663f1bd40b2606017a0b41d94b3fda27e0c76afa018ecbd727a1530e28b5a9423b24c0e975dad639e57ed3941801a6764de0332928ad581100f203bd9e49276ab352301db1f83444b9e6e8c6e0f9472c9fdebf29d0ab469ec9bc5de1db1415786ed6592b7af0b9a1354368ac5666c0498412b7514c77c2fded801c41e7e563a2f703144c12e9c9da17bca917ce8e47a2a7bb220c934d168088509eb8494b01c1cf9c94c5c745e11f7ab99652884a69f2e3598a3dd514b744ecffa41e012ee5014741c86da76638450570e17fab4519f1cb7da428ca14cee212101d5b86db7306fe6512ea6d8451b23e129054eaa711c76c93c747f7b2e389cc3827fcfc16633985941d5c96935a22dfcc1b8ac96d4d17dfd78b1dc803d4d8891f07178ecf27e6273d4c24c4794295f8bfd14e1a3c1c325029da96d876d5b43fb4d598e07528f70586bd812b12bb5ece14191d01c4ca42f46ddd459b02545ab491daf37b99b6f1103d762223db0ef6e346ea36e965eac95829ef79622a5adcaa6f97a952dbfb5beeb91fe360aa61e892deb5d4d740ffea0df7e8d2368f4676c77c9cbcc43096be5cce974c897513a7738d2cf719739a10dfcb8d1e84e6a1d3c96c04b495df6005a934254fa8c5662fcd8013e6defb7d94659ee3ec84baed82db7d626305a104a675367503698d2060b3e41b02eb2fb6c871968ae136dca0b5f0cc52c92506a6ddfa52a45716426dbbeb2142e328852afa757d1d987993cb47a3dd3bc714e428061d1d5ec76cab5bed7503927006369ee023e7d70a9aa75437a85e4137636de7f28a84eb172255951c40a67b910eb90657bcdbe0b352ac026dda05ba06321df830720031d86b9103ce65f66b163355b1a7b87b3777a0ffa22698364512ec92a815ee191355443864405b7e03afaaf952494c11e23880c8cb72daa68c441e0ebba34c4e05aada6ac4006db0337db61b5d369d0be877e7d003dd63d16f080b3efbf8f728f6f80f4e97e72722186b2b5618e428509571b76bc353bfd9d20bcc42ae749789eaf6d64e85054f849530f15d43ac61a7431850801db8c1429c645decf18665165c522727ec1b6f972edb038f098a277480797bcd975aab8f4f44021d96623c4deab50ea1d8d0b8955ce70c3ee5e373b14618ec3b8d6e0d926f194b793d8d4546c2449efc59925a38a33bde7525449651dcd2da05df5144789377b771e29bfbda287746bcded229e59073637f35d8080d2e09dc40798ced6d1df9e55b3bd8d504900be0f3859ae669846f4ef8c5084fb8bfebcc29fc94053116e414d3e057cff9a30d5b4c178986e3c38e08d841a0111983a0ad2ec5789238b3bf177d1c7d74033e1c42e6d6f7245e08587de6084422d69259226a2b4256becb6b4726a1f7ad3833f62c1944562265bea95cbc3cac6c706c21862cc55c71dc416961980ba06b08e3dc8d64278135fe39b5d7f80dc151e224e148d8fbb587645bb4ba6394a2be5cb4294ee1fd64eacf761e3f7fa20c01203a6f7ffc34b45e2b08529800e55b29f8c4af961cac414218a55a490241bf13d02809113fa25a5ead01d83275431fa73aa8e32547b1ca82875bcbfcd26c68090972a21b11f472bf65bcb5679b8542e566d48aa5283dfe907fed1430744b6fc0bc1f3aa3453b3df937a0e7dd36eb5f9d2adfd23161363d3a70c225ad2b3b9d33b0acf5b95da9e18f30e9f5abf108b3b052f1ff41a0fd2b7efd5ee704c914d4e8bb7aef1bf51d7f3d7960e4eb260bf66d363be69186aa86c05a5e7654996ffe198f60c4bee78c2efcaeb9cca8085f78ea722b368c4a3d231cb559f784cece98bc5370dbac91419b52950644f4d3f0f4ea58ea342fd0b012d7afdf771ac357bcf353de6b950235ad4ebccb3250dde43985fc2710be04f17438e35bf9afebbd46f27d01253fb3c56d83ee7d03473a88a6c560325f210d5b01e18d8805573bff7a9427b414b0cc926d49c1db5de99344a8b5e3ce7153e3f2bd180c4cc8e44d8ef9042b7fb0b632963b810f99289d6e0190a682f0be270cd78576ac637f5cf28b81a17a0da9d810c28aa5ddf889978fb727775c37f3a2883fd3d72fa45d74d1c910c0de5cce4fbb3dda989cf7444240a1f9e988b76be2918ff3e8b1e8bfdda03e4bbf1d1208009e2abfb7d74e734a44e13fe7bc9cbc00d6610302b03cb2a4f9b870927e12c86541c2cf5bc0646174913c32abea7fc3b2739865e95afd742afd1813db8cb20cae5b2306d1a30b169dcccaf4e53749fa84e9686812fd5617fe8d8a50b9e21dad4d735163508a5ccd91bb8c284fe6499e895734fb6bcda454fb450bea88fa417b282cb2e2764d323278fbdebdd74850f2f6be217d3ccfe00add8b9f45d8e0533e6d889840d8106ed4c9c9a8b8e1d8db15cd6283e8543659d22adf2d1570ce8c11edc9573622787495e4a01222cc5a5d22e199db45020199f55bf3f7c020ea0e4315a70aff3983d50be8fa24be77956901f67da9de5a75a127c88da062a5f8b36ab11dcf893b8999b5e6c90fcb768eef536936cb55208a0ceb9e75e224e094b24619aac7f033ecb5e8b3adbd68c3846d5479527d41ccaaa7793a897624ee26d98bb8dfe2c5df5a4fd89a36f3755a0763539358d1e36120196fa00dbad48455fc08d201086516ccca0e205e0674c2d528a9e77a967e28aa81e18c5054487bc0b1f63fdaf2979062129938ec49f633633e715bd83f9a8245b45d05c0a8d201a5b3f6053c6b7039f7f230e8c1c52541f00101336f0cd134341a1ec08710ab35f2fe0ac982d017d6d139911cb375f285a31dbd2f48db48b3aa7ddbd1e42aa65a707f1dff84072506ed5f838890acbdb3ef5b52370854130b864cc94977f338e9e7562f449cb93addf3ae4e95ca1e46f596a6ea67989346259ef8f6b8725aa1457438c7642bb171332903947b55ad5981189854de497e9f1fd84a2aca8cce7e472052ad0fa73d05deb3fee9b9dc735fada582bc2d48d3cb77b80a1d88c872a2927c1f73e1be0889caafa363a4913da2911101fcdf43140b25538f7ef7d8ce98e2e5ad8dfbba39f23e8d1bf672c892f022fb847469c830dbf28de64d8640f02572f57fdccc7eef013d9d6c4229c0c58e095b9038df7da47e7d801ff0ce73128f075f9d4e8494d25d6b80f1abca4caf60817f8187620e8e3be57b2624e6189e0efcd71e45d9e23b5185f5dce6c7a0a201feab6375dc110133e4e6e82d1f17e6759e072dc8dadf492c336a6b1682f220e501b50d1381c8850d6137d5d91db2df8f1571b894b3ceceb5be9a34eda6caa5170ba2a71a614f70c372dd1e6f986315ce338f6badfbd938b822f4e43314ef4b3603a022591aa975878b8fdbb7776a4f2948611043c9ecc20f45016df0e68893f93171cf78aabd132913c78b31e996b62e4743672ba7973357f7db3c331cb531921d503a16e068fbf6acd606468ff8ed7116fc774d444c8e10263256807489c65a2ce6490325ae524031570d0c5fd4a549d405547249e7d2bb4b379e304ed4f7e564300984b91b02faf7ed727e0c1e852b213365b15254961eadf8045f01301ed1622b486a2e197cbda73a52e2b76072a3a7a2a178a237813b3be727d0eed44d2865af185137d7a07d604d792bada39d56d7ffcfd6a651d06beeaad8e28c93b55522333ed7ed8f0782602c6606d1c170ff877ab096ae786487a0d25097003520d9bd9ed192b65fec343e7fbe3dab0818252d59cf76f5d3e4538b29ce717185b134bfff4b87dc6d32e7ae4e0816733139d96d6a4933a46c3e4652175bf69786e03746df9835652636533041f606cfeb2388b27ffd49be2d7edaba9bcfb022f3489b26a9b894862817f5d8304fef48f72c58c63c5a2ac12e381cefd4cab1ad9d77366ae60233b55df2f80ecaa696091d6deacb01cdf54ef31d318813d3f5469f0eb816b5b7df799320889c94359aa0015581c6e1f814e90d1aba5b038c7ca37cee8bff47eb80e646a60ecb4bd7f6540163548802edace60a250c0e51f943684d041ed6697721d5349db5d714dfcf0b2a92a22c407908ba18d09d884d132db773d37faafae09cb7afac596e98ff6fbee6babee0db67ac620f8c1fae9996412fdbfd29ea2a7d513f7ae1458b5102ec244114c6b66893ff46ab22e181d33baee11858357c1484ba73153fa1136086e469ad5513c6a28d940eadde594814751af60b113728d4c917f333a4fa5a9643372a721c90fc36ed728158276d0746313677ece05dda85b504e7e4574be47b16a44853bbce79d201a9dae8a5fac34b0dc34b4aaf8b3af528ae5e3af9ba178e5a53ee241015b48e02fc2c07b356baf314ba14766b82681ff52dc34b5d5c01581fec4158c6c28153ca2568b901f136598c26cb4be6d7848187a6c7f8f52cf980dff551fd6835524c2ad9867b433badeb73e0ff1a0c04cd74ba971236d687c7db2fca9e3a278b124c7392c448dae8309679ee43fc1f106e093c9f84028cec6d17b533e4bd22c519aa0123a31fd6cff054338f7fe9a646f9e540718e5e3d831de7ea0d706207efb03cbb2322e79ce083640787298a8702b2983543f3fad21cd8f64220231e203e90f84bbeebd78730241907b4ccdba6dc9047bec9dfb43fc5ab0f6ca477a1c65db823c96971163aa9634071ae3b289af29e120776d0014be63cc951ddae7ed351fb384ee6cbcd05a445e74e8d5726bf36cf6d22992433fd8b970ae25da140df21cec24ab64bfb683d30dc09bd79c88f31b883977f835bb110bbecef95343936a1d94286c6a9d53a8d30dd76168460b58efb0a1ba46ca703efcfe38613e254abd2e6c599a3a43ce1218b5457d3478") (async, rerun: 64) r7 = perf_event_open(&(0x7f0000001400)={0x2, 0x80, 0x2, 0xc0, 0xc9, 0x80, 0x0, 0x1ff, 0x80956, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xedd4, 0x4, @perf_bp={&(0x7f00000013c0), 0x4}, 0x8841, 0xffffffffffff5772, 0x9, 0x4, 0x5, 0xff, 0x1ff, 0x0, 0x7, 0x0, 0xfff}, 0x0, 0x2, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x40, 0x44, 0x6c, 0x2, 0x0, 0x42, 0x40, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000180), 0x4}, 0x0, 0x1f, 0xc6, 0x0, 0xffffffffffffffff, 0x81, 0x8, 0x0, 0xd0, 0x0, 0x1}, r6, 0x2, r7, 0x0) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0x6a) 17:39:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000f8690000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000f8690000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:39:55 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:55 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x5f) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x2, 0x1, 0xb, 0x5, 0x8, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x8, &(0x7f00000000c0)=""/8, 0x40f00, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x7, 0x7f, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 17:39:55 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0xfdef) (async) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0x6a) 17:39:55 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:55 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x8, 0x3ff, 0x1, 0x100, 0xffffffffffffffff, 0x3ac, '\x00', 0x0, r0, 0xb, 0x5, 0x2}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r3, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e2d33a66755a49b3a1aeedf2aef3573d5783067bd8d8925bab0db079ec62579cc7f961f8464c4a615276d4ea2933e168a98d1cda4c0c9eef413020027176a1b366facc4092dbb4b6bdf8782fd88e2e41c6ba211e5403f7d8128907e03d240fba3e2e261a32e54d0a3c89a56845619eeaaf1af09b81681be2255f9bba65ce7180ff51057d926fab7e5cf80b32500"], 0x6a) openat$cgroup_ro(r4, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x0, 0x0) 17:39:55 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x8, 0x3ff, 0x1, 0x100, 0xffffffffffffffff, 0x3ac, '\x00', 0x0, r0, 0xb, 0x5, 0x2}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r3, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e2d33a66755a49b3a1aeedf2aef3573d5783067bd8d8925bab0db079ec62579cc7f961f8464c4a615276d4ea2933e168a98d1cda4c0c9eef413020027176a1b366facc4092dbb4b6bdf8782fd88e2e41c6ba211e5403f7d8128907e03d240fba3e2e261a32e54d0a3c89a56845619eeaaf1af09b81681be2255f9bba65ce7180ff51057d926fab7e5cf80b32500"], 0x6a) openat$cgroup_ro(r4, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x8, 0x3ff, 0x1, 0x100, 0xffffffffffffffff, 0x3ac, '\x00', 0x0, r0, 0xb, 0x5, 0x2}, 0x48) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r3, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e2d33a66755a49b3a1aeedf2aef3573d5783067bd8d8925bab0db079ec62579cc7f961f8464c4a615276d4ea2933e168a98d1cda4c0c9eef413020027176a1b366facc4092dbb4b6bdf8782fd88e2e41c6ba211e5403f7d8128907e03d240fba3e2e261a32e54d0a3c89a56845619eeaaf1af09b81681be2255f9bba65ce7180ff51057d926fab7e5cf80b32500"], 0x6a) (async) openat$cgroup_ro(r4, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x0, 0x0) (async) 17:39:55 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 69) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:55 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:55 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x8, 0x3ff, 0x1, 0x100, 0xffffffffffffffff, 0x3ac, '\x00', 0x0, r0, 0xb, 0x5, 0x2}, 0x48) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r3, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="4e2d33a66755a49b3a1aeedf2aef3573d5783067bd8d8925bab0db079ec62579cc7f961f8464c4a615276d4ea2933e168a98d1cda4c0c9eef413020027176a1b366facc4092dbb4b6bdf8782fd88e2e41c6ba211e5403f7d8128907e03d240fba3e2e261a32e54d0a3c89a56845619eeaaf1af09b81681be2255f9bba65ce7180ff51057d926fab7e5cf80b32500"], 0x6a) openat$cgroup_ro(r4, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x0, 0x0) [ 218.446360][T29818] FAULT_INJECTION: forcing a failure. [ 218.446360][T29818] name failslab, interval 1, probability 0, space 0, times 0 [ 218.499122][T29818] CPU: 1 PID: 29818 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 218.509197][T29818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 218.519091][T29818] Call Trace: [ 218.522214][T29818] [ 218.524991][T29818] dump_stack_lvl+0x151/0x1b7 [ 218.529509][T29818] ? bfq_pos_tree_add_move+0x43e/0x43e [ 218.534802][T29818] dump_stack+0x15/0x17 [ 218.538794][T29818] should_fail+0x3c0/0x510 [ 218.543052][T29818] __should_failslab+0x9f/0xe0 [ 218.547645][T29818] should_failslab+0x9/0x20 [ 218.551982][T29818] kmem_cache_alloc+0x4f/0x2f0 [ 218.556584][T29818] ? vm_area_dup+0x26/0x1d0 [ 218.560938][T29818] ? __kasan_check_read+0x11/0x20 [ 218.565785][T29818] vm_area_dup+0x26/0x1d0 [ 218.569952][T29818] dup_mmap+0x6b8/0xea0 [ 218.573954][T29818] ? __delayed_free_task+0x20/0x20 [ 218.578895][T29818] ? mm_init+0x807/0x960 [ 218.582970][T29818] dup_mm+0x91/0x330 [ 218.586705][T29818] copy_mm+0x108/0x1b0 [ 218.590610][T29818] copy_process+0x1295/0x3250 [ 218.595133][T29818] ? proc_fail_nth_write+0x213/0x290 [ 218.600249][T29818] ? proc_fail_nth_read+0x220/0x220 [ 218.605278][T29818] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 218.610228][T29818] ? vfs_write+0x9af/0x1050 [ 218.614561][T29818] ? vmacache_update+0xb7/0x120 [ 218.619255][T29818] kernel_clone+0x22d/0x990 [ 218.623596][T29818] ? file_end_write+0x1b0/0x1b0 [ 218.628275][T29818] ? __kasan_check_write+0x14/0x20 [ 218.633226][T29818] ? create_io_thread+0x1e0/0x1e0 [ 218.638088][T29818] ? __mutex_lock_slowpath+0x10/0x10 [ 218.643214][T29818] __x64_sys_clone+0x289/0x310 [ 218.647806][T29818] ? __do_sys_vfork+0x130/0x130 [ 218.652582][T29818] ? debug_smp_processor_id+0x17/0x20 [ 218.657786][T29818] do_syscall_64+0x44/0xd0 [ 218.662076][T29818] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 218.667948][T29818] RIP: 0033:0x7f510cb420d9 [ 218.672202][T29818] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 218.691732][T29818] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 218.700072][T29818] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 218.707885][T29818] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 218.715695][T29818] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 218.723509][T29818] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 218.731321][T29818] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 218.739140][T29818] 17:39:56 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:56 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2d33838d54cba8d29e5ab7abc18251b0cb90c00dc7"], 0x6a) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000100)=0xcac) 17:39:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000f8690000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:56 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:56 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x5f) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x2, 0x1, 0xb, 0x5, 0x8, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x8, &(0x7f00000000c0)=""/8, 0x40f00, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x7, 0x7f, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x5f) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x2, 0x1, 0xb, 0x5, 0x8, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x8, &(0x7f00000000c0)=""/8, 0x40f00, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x7, 0x7f, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) 17:39:56 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 70) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:56 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000a2437703f6adb782cbf11775ddbedf5300"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_clone(0x4016600, &(0x7f0000000300)="53287f11812ba4643c6317a4e074bc26dac01cd2c199f7d27d9efda67a84e26eee0a351204e0464676dda1ac60c10a1a200ec675c8d4609e3a1f3e61f68afd15fb883bbbcd982fe6b150411b3d814e2e9900f0592e19e20cf772c46ccb880f37d48b05d78d2ca682d753092c168c3f453744b2d7e7d7eda282420996763e01031944a790a2b8f62f1328d5a49cec0c", 0x8f, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000003c0)="da205c6b6d976bdf3b68038dc44124fc908b898e43e40d002eb768385fa5345f49b0bc8eb621175d08054b13edc4a932cd6fc5201ae409591fe1d6c0e91802810b6a46f1197e7d1720811be297bb6f632abe6c1c6713fb8a7f10180ddd452bbfe5f2b9505e5004929bba0fe98035c8e76366dd0e20d48914bfaa9842ab2b5491ae75a55acb1e4f20a0f4df5b644581c02f996c697652b989ccd191c2e9e0e3f70fa8e9a5cc6a8e7565c1") r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x7afd7f4c5947e61b, 0x7, &(0x7f00000004c0)=@raw=[@ldst={0x2, 0x3, 0x3, 0xa, 0x9, 0x4}, @generic={0x7, 0x4, 0x1, 0x81, 0x6f31}, @ldst={0x1, 0x1, 0x2, 0x0, 0x7, 0x4, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x5, 0x1, 0x8, 0x30, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x68}, @call={0x85, 0x0, 0x0, 0xd1}], &(0x7f0000000500)='syzkaller\x00', 0xf00, 0x40, &(0x7f0000000540)=""/64, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x1, 0x1, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000480)='xprt_transmit\x00', r2}, 0x10) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x1, 0x3f, 0x2f, 0x3f, 0x0, 0x7fffffffffffffff, 0x2010, 0xb, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x80000, 0x2, 0x1ff, 0x2, 0x24b3, 0x6, 0xf801, 0x0, 0xfa7}, r1, 0x8, 0xffffffffffffffff, 0x8) r3 = gettid() syz_open_procfs$namespace(r3, &(0x7f0000000280)='ns/pid\x00') 17:39:56 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) [ 219.253074][T29856] FAULT_INJECTION: forcing a failure. [ 219.253074][T29856] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 219.290308][T29856] CPU: 0 PID: 29856 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 219.300384][T29856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 219.310279][T29856] Call Trace: [ 219.313399][T29856] [ 219.316178][T29856] dump_stack_lvl+0x151/0x1b7 [ 219.320693][T29856] ? bfq_pos_tree_add_move+0x43e/0x43e [ 219.326000][T29856] dump_stack+0x15/0x17 [ 219.329979][T29856] should_fail+0x3c0/0x510 [ 219.334234][T29856] should_fail_alloc_page+0x58/0x70 [ 219.339267][T29856] __alloc_pages+0x1de/0x7c0 [ 219.343695][T29856] ? __count_vm_events+0x30/0x30 [ 219.348465][T29856] ? __this_cpu_preempt_check+0x13/0x20 [ 219.353848][T29856] pte_alloc_one+0x73/0x1b0 [ 219.358188][T29856] ? pfn_modify_allowed+0x2e0/0x2e0 [ 219.363222][T29856] ? preempt_schedule+0xd9/0xe0 [ 219.368081][T29856] ? preempt_schedule_common+0xcb/0x100 [ 219.373465][T29856] __pte_alloc+0x86/0x350 [ 219.377715][T29856] ? free_pgtables+0x210/0x210 [ 219.382314][T29856] ? _raw_spin_lock+0xa3/0x1b0 [ 219.387003][T29856] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 219.392210][T29856] ? preempt_schedule_thunk+0x16/0x18 [ 219.397418][T29856] copy_pte_range+0x1b1f/0x20b0 17:39:56 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x5f) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x2, 0x1, 0xb, 0x5, 0x8, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x8, &(0x7f00000000c0)=""/8, 0x40f00, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x7, 0x7f, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x5f) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x2, 0x1, 0xb, 0x5, 0x8, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x8, &(0x7f00000000c0)=""/8, 0x40f00, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x7, 0x7f, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1]}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x10, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) [ 219.402113][T29856] ? __kunmap_atomic+0x80/0x80 [ 219.406715][T29856] ? __kasan_slab_alloc+0xc4/0xe0 [ 219.411562][T29856] ? __kasan_slab_alloc+0xb2/0xe0 [ 219.416433][T29856] ? kmem_cache_alloc+0x189/0x2f0 [ 219.422076][T29856] ? vm_area_dup+0x26/0x1d0 [ 219.426407][T29856] ? dup_mmap+0x6b8/0xea0 [ 219.430576][T29856] ? dup_mm+0x91/0x330 [ 219.434475][T29856] ? copy_mm+0x108/0x1b0 [ 219.438556][T29856] ? copy_process+0x1295/0x3250 [ 219.443244][T29856] ? kernel_clone+0x22d/0x990 [ 219.447757][T29856] ? __x64_sys_clone+0x289/0x310 [ 219.452532][T29856] ? do_syscall_64+0x44/0xd0 [ 219.456959][T29856] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 219.462864][T29856] copy_page_range+0xc1e/0x1090 [ 219.467817][T29856] ? pfn_valid+0x1e0/0x1e0 [ 219.472095][T29856] dup_mmap+0x99f/0xea0 [ 219.476057][T29856] ? __delayed_free_task+0x20/0x20 [ 219.481000][T29856] ? mm_init+0x807/0x960 [ 219.485088][T29856] dup_mm+0x91/0x330 [ 219.488817][T29856] copy_mm+0x108/0x1b0 [ 219.492721][T29856] copy_process+0x1295/0x3250 [ 219.497231][T29856] ? proc_fail_nth_write+0x213/0x290 [ 219.502358][T29856] ? proc_fail_nth_read+0x220/0x220 [ 219.507385][T29856] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 219.512333][T29856] ? vfs_write+0x9af/0x1050 [ 219.516672][T29856] ? vmacache_update+0xb7/0x120 [ 219.521365][T29856] kernel_clone+0x22d/0x990 [ 219.525701][T29856] ? file_end_write+0x1b0/0x1b0 [ 219.530386][T29856] ? __kasan_check_write+0x14/0x20 [ 219.535334][T29856] ? create_io_thread+0x1e0/0x1e0 [ 219.540194][T29856] ? __mutex_lock_slowpath+0x10/0x10 [ 219.545313][T29856] __x64_sys_clone+0x289/0x310 [ 219.549925][T29856] ? __do_sys_vfork+0x130/0x130 [ 219.554608][T29856] ? debug_smp_processor_id+0x17/0x20 [ 219.559809][T29856] do_syscall_64+0x44/0xd0 [ 219.564070][T29856] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 219.569791][T29856] RIP: 0033:0x7f510cb420d9 [ 219.574055][T29856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 219.593486][T29856] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:57 executing program 0: ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000040)=""/4096) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x96e76a7abeeae005) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:57 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000100)='memory.swap.events\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2e33d29d5761b14df778e73d936a2e2c697e2b2eaf16d9a9549f1327810000000000000000"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) [ 219.602077][T29856] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 219.609888][T29856] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 219.617703][T29856] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 219.625510][T29856] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 219.633354][T29856] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 219.641138][T29856] 17:39:57 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2d33838d54cba8d29e5ab7abc18251b0cb90c00dc7"], 0x6a) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000100)=0xcac) 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) openat$cgroup_ro(r2, &(0x7f0000000100)='memory.swap.events\x00', 0x0, 0x0) (async, rerun: 32) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2e33d29d5761b14df778e73d936a2e2c697e2b2eaf16d9a9549f1327810000000000000000"], 0x6a) (async, rerun: 32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000a2437703f6adb782cbf11775ddbedf5300"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_clone(0x4016600, &(0x7f0000000300)="53287f11812ba4643c6317a4e074bc26dac01cd2c199f7d27d9efda67a84e26eee0a351204e0464676dda1ac60c10a1a200ec675c8d4609e3a1f3e61f68afd15fb883bbbcd982fe6b150411b3d814e2e9900f0592e19e20cf772c46ccb880f37d48b05d78d2ca682d753092c168c3f453744b2d7e7d7eda282420996763e01031944a790a2b8f62f1328d5a49cec0c", 0x8f, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000003c0)="da205c6b6d976bdf3b68038dc44124fc908b898e43e40d002eb768385fa5345f49b0bc8eb621175d08054b13edc4a932cd6fc5201ae409591fe1d6c0e91802810b6a46f1197e7d1720811be297bb6f632abe6c1c6713fb8a7f10180ddd452bbfe5f2b9505e5004929bba0fe98035c8e76366dd0e20d48914bfaa9842ab2b5491ae75a55acb1e4f20a0f4df5b644581c02f996c697652b989ccd191c2e9e0e3f70fa8e9a5cc6a8e7565c1") r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x7afd7f4c5947e61b, 0x7, &(0x7f00000004c0)=@raw=[@ldst={0x2, 0x3, 0x3, 0xa, 0x9, 0x4}, @generic={0x7, 0x4, 0x1, 0x81, 0x6f31}, @ldst={0x1, 0x1, 0x2, 0x0, 0x7, 0x4, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x5, 0x1, 0x8, 0x30, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x68}, @call={0x85, 0x0, 0x0, 0xd1}], &(0x7f0000000500)='syzkaller\x00', 0xf00, 0x40, &(0x7f0000000540)=""/64, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x1, 0x1, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000480)='xprt_transmit\x00', r2}, 0x10) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x1, 0x3f, 0x2f, 0x3f, 0x0, 0x7fffffffffffffff, 0x2010, 0xb, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x80000, 0x2, 0x1ff, 0x2, 0x24b3, 0x6, 0xf801, 0x0, 0xfa7}, r1, 0x8, 0xffffffffffffffff, 0x8) r3 = gettid() syz_open_procfs$namespace(r3, &(0x7f0000000280)='ns/pid\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000a2437703f6adb782cbf11775ddbedf5300"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x4016600, &(0x7f0000000300)="53287f11812ba4643c6317a4e074bc26dac01cd2c199f7d27d9efda67a84e26eee0a351204e0464676dda1ac60c10a1a200ec675c8d4609e3a1f3e61f68afd15fb883bbbcd982fe6b150411b3d814e2e9900f0592e19e20cf772c46ccb880f37d48b05d78d2ca682d753092c168c3f453744b2d7e7d7eda282420996763e01031944a790a2b8f62f1328d5a49cec0c", 0x8f, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000003c0)="da205c6b6d976bdf3b68038dc44124fc908b898e43e40d002eb768385fa5345f49b0bc8eb621175d08054b13edc4a932cd6fc5201ae409591fe1d6c0e91802810b6a46f1197e7d1720811be297bb6f632abe6c1c6713fb8a7f10180ddd452bbfe5f2b9505e5004929bba0fe98035c8e76366dd0e20d48914bfaa9842ab2b5491ae75a55acb1e4f20a0f4df5b644581c02f996c697652b989ccd191c2e9e0e3f70fa8e9a5cc6a8e7565c1") (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x7afd7f4c5947e61b, 0x7, &(0x7f00000004c0)=@raw=[@ldst={0x2, 0x3, 0x3, 0xa, 0x9, 0x4}, @generic={0x7, 0x4, 0x1, 0x81, 0x6f31}, @ldst={0x1, 0x1, 0x2, 0x0, 0x7, 0x4, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x5, 0x1, 0x8, 0x30, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x68}, @call={0x85, 0x0, 0x0, 0xd1}], &(0x7f0000000500)='syzkaller\x00', 0xf00, 0x40, &(0x7f0000000540)=""/64, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x1, 0x1, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000480)='xprt_transmit\x00', r2}, 0x10) (async) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x1, 0x3f, 0x2f, 0x3f, 0x0, 0x7fffffffffffffff, 0x2010, 0xb, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x80000, 0x2, 0x1ff, 0x2, 0x24b3, 0x6, 0xf801, 0x0, 0xfa7}, r1, 0x8, 0xffffffffffffffff, 0x8) (async) gettid() (async) syz_open_procfs$namespace(r3, &(0x7f0000000280)='ns/pid\x00') (async) 17:39:57 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:57 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 71) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:57 executing program 0: ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000040)=""/4096) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x96e76a7abeeae005) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async, rerun: 32) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (rerun: 32) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000100)='memory.swap.events\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2e33d29d5761b14df778e73d936a2e2c697e2b2eaf16d9a9549f1327810000000000000000"], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000a2437703f6adb782cbf11775ddbedf5300"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r1 = syz_clone(0x4016600, &(0x7f0000000300)="53287f11812ba4643c6317a4e074bc26dac01cd2c199f7d27d9efda67a84e26eee0a351204e0464676dda1ac60c10a1a200ec675c8d4609e3a1f3e61f68afd15fb883bbbcd982fe6b150411b3d814e2e9900f0592e19e20cf772c46ccb880f37d48b05d78d2ca682d753092c168c3f453744b2d7e7d7eda282420996763e01031944a790a2b8f62f1328d5a49cec0c", 0x8f, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000003c0)="da205c6b6d976bdf3b68038dc44124fc908b898e43e40d002eb768385fa5345f49b0bc8eb621175d08054b13edc4a932cd6fc5201ae409591fe1d6c0e91802810b6a46f1197e7d1720811be297bb6f632abe6c1c6713fb8a7f10180ddd452bbfe5f2b9505e5004929bba0fe98035c8e76366dd0e20d48914bfaa9842ab2b5491ae75a55acb1e4f20a0f4df5b644581c02f996c697652b989ccd191c2e9e0e3f70fa8e9a5cc6a8e7565c1") (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x7afd7f4c5947e61b, 0x7, &(0x7f00000004c0)=@raw=[@ldst={0x2, 0x3, 0x3, 0xa, 0x9, 0x4}, @generic={0x7, 0x4, 0x1, 0x81, 0x6f31}, @ldst={0x1, 0x1, 0x2, 0x0, 0x7, 0x4, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x5, 0x1, 0x8, 0x30, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x68}, @call={0x85, 0x0, 0x0, 0xd1}], &(0x7f0000000500)='syzkaller\x00', 0xf00, 0x40, &(0x7f0000000540)=""/64, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x1, 0x1, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000480)='xprt_transmit\x00', r2}, 0x10) (async) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x1, 0x3f, 0x2f, 0x3f, 0x0, 0x7fffffffffffffff, 0x2010, 0xb, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x80000, 0x2, 0x1ff, 0x2, 0x24b3, 0x6, 0xf801, 0x0, 0xfa7}, r1, 0x8, 0xffffffffffffffff, 0x8) (async) r3 = gettid() syz_open_procfs$namespace(r3, &(0x7f0000000280)='ns/pid\x00') 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_type(r2, &(0x7f00000000c0), 0x9) [ 219.897101][T29901] FAULT_INJECTION: forcing a failure. [ 219.897101][T29901] name failslab, interval 1, probability 0, space 0, times 0 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r3, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x40, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x64064, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0x4be3, 0x0, 0x726}, r3, 0x2, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x80, 0x80, 0x4c, 0xcf, 0x0, 0x4, 0x80040, 0x8, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x28, 0x4, @perf_config_ext={0x34, 0x6}, 0x0, 0x9, 0x9, 0x8, 0x3ff, 0x7, 0x2, 0x0, 0x5, 0x0, 0x9}, r2, 0xa, r1, 0x3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r5, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000280)={'veth1_to_team\x00', 0x200}) [ 219.962076][T29901] CPU: 1 PID: 29901 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 219.972144][T29901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 219.982039][T29901] Call Trace: [ 219.985163][T29901] [ 219.987939][T29901] dump_stack_lvl+0x151/0x1b7 [ 219.992452][T29901] ? bfq_pos_tree_add_move+0x43e/0x43e [ 219.997749][T29901] dump_stack+0x15/0x17 [ 220.001738][T29901] should_fail+0x3c0/0x510 [ 220.006000][T29901] __should_failslab+0x9f/0xe0 [ 220.010591][T29901] should_failslab+0x9/0x20 [ 220.014929][T29901] kmem_cache_alloc+0x4f/0x2f0 [ 220.019534][T29901] ? vm_area_dup+0x26/0x1d0 [ 220.023872][T29901] vm_area_dup+0x26/0x1d0 [ 220.028039][T29901] dup_mmap+0x6b8/0xea0 [ 220.032031][T29901] ? __delayed_free_task+0x20/0x20 [ 220.036976][T29901] ? mm_init+0x807/0x960 [ 220.041057][T29901] dup_mm+0x91/0x330 [ 220.044794][T29901] copy_mm+0x108/0x1b0 [ 220.048698][T29901] copy_process+0x1295/0x3250 [ 220.053211][T29901] ? proc_fail_nth_write+0x213/0x290 [ 220.058327][T29901] ? proc_fail_nth_read+0x220/0x220 [ 220.063363][T29901] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 220.068313][T29901] ? vfs_write+0x9af/0x1050 [ 220.072657][T29901] ? vmacache_update+0xb7/0x120 [ 220.077335][T29901] kernel_clone+0x22d/0x990 [ 220.081675][T29901] ? file_end_write+0x1b0/0x1b0 [ 220.086361][T29901] ? __kasan_check_write+0x14/0x20 [ 220.091314][T29901] ? create_io_thread+0x1e0/0x1e0 [ 220.096171][T29901] ? __mutex_lock_slowpath+0x10/0x10 [ 220.101293][T29901] __x64_sys_clone+0x289/0x310 [ 220.105894][T29901] ? __do_sys_vfork+0x130/0x130 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async, rerun: 64) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async, rerun: 32) write$cgroup_type(r2, &(0x7f00000000c0), 0x9) (rerun: 32) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r3, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x40, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x64064, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0x4be3, 0x0, 0x726}, r3, 0x2, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x80, 0x80, 0x4c, 0xcf, 0x0, 0x4, 0x80040, 0x8, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x28, 0x4, @perf_config_ext={0x34, 0x6}, 0x0, 0x9, 0x9, 0x8, 0x3ff, 0x7, 0x2, 0x0, 0x5, 0x0, 0x9}, r2, 0xa, r1, 0x3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r5, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000280)={'veth1_to_team\x00', 0x200}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) getpid() (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r3, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x40, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x64064, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0x4be3, 0x0, 0x726}, r3, 0x2, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x80, 0x80, 0x4c, 0xcf, 0x0, 0x4, 0x80040, 0x8, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x28, 0x4, @perf_config_ext={0x34, 0x6}, 0x0, 0x9, 0x9, 0x8, 0x3ff, 0x7, 0x2, 0x0, 0x5, 0x0, 0x9}, r2, 0xa, r1, 0x3) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r5, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) (async) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000280)={'veth1_to_team\x00', 0x200}) (async) [ 220.110582][T29901] ? debug_smp_processor_id+0x17/0x20 [ 220.115982][T29901] do_syscall_64+0x44/0xd0 [ 220.120224][T29901] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 220.126038][T29901] RIP: 0033:0x7f510cb420d9 [ 220.130290][T29901] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 220.149733][T29901] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 220.157978][T29901] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 220.165792][T29901] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 220.173602][T29901] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 220.181425][T29901] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 220.189238][T29901] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 220.197036][T29901] 17:39:57 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4e2d33838d54cba8d29e5ab7abc18251b0cb90c00dc7"], 0x6a) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000100)=0xcac) 17:39:57 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async, rerun: 32) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async, rerun: 32) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async, rerun: 64) write$cgroup_type(r2, &(0x7f00000000c0), 0x9) (rerun: 64) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001640)={r3, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='sched_switch\x00'}, 0x30) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000380)={0x92d0f413169f2f73, 0x80, 0x40, 0x8, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x64064, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3a36, 0x0, @perf_config_ext={0xa3, 0xff}, 0x2000, 0x9, 0xf2f, 0x0, 0xac9b, 0xffffffc1, 0x4, 0x0, 0x4be3, 0x0, 0x726}, r3, 0x2, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x80, 0x80, 0x4c, 0xcf, 0x0, 0x4, 0x80040, 0x8, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x28, 0x4, @perf_config_ext={0x34, 0x6}, 0x0, 0x9, 0x9, 0x8, 0x3ff, 0x7, 0x2, 0x0, 0x5, 0x0, 0x9}, r2, 0xa, r1, 0x3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r5, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) (async) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000280)={'veth1_to_team\x00', 0x200}) 17:39:57 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 72) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:57 executing program 0: ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000040)=""/4096) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x96e76a7abeeae005) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 17:39:57 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={0x0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:57 executing program 2: syz_clone(0xc4040000, &(0x7f0000000540)="4cebc9c7bc7567ec91964123e8f740cfa7d782709cb822aa8fa1f0331a9dbad528219581e303de4a2cd3cfa4536d6e9789bfdb179be11ffea94b", 0x3a, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="310450839eaec14827172a04aaab39de8a221be637da20b533ba69420f77f2b77acf6385270ea394a60a05c83933ba4e00aa19b1a64a9e32a3e558565fa1f92fc12b3728f04b701c0e7144fd3b8cf14d9ecf39aab8cb") socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="10a9256c522882caf6fe53b40e7560ee944add9094ed6e1b6a6f179ce08f454ffdab8ce9c7230260ca91c166341b0fc55cdf49c60bba317dd5eb36bc400e1434712590ef2b648a404b1c7bf84b0df4b099a66253b4d35473c8c95df020", 0x5d}, {&(0x7f0000000180)="e90a73cc70", 0x5}, {&(0x7f00000001c0)="9584815ae498a7d923b56219d719e9d8848906b18086b477de0fbe90a9fbac205a5f0eae16dd8a7c1bf194e4817f273f4ccda772ff99c8afeafa646e15f9e0e116322ec602a0b731cf87", 0x4a}, {&(0x7f0000000240)="e24fd4aa0754569478e63059e8dd95da459182a204fa54363f85939cb6a1e6b909478bdfe275ccb704182a905618824edfab8c1c678be87487223d39c54c637d273a17083402e52c8359569ca9c32e4551b745dfbfa8568de71af970dfa511c2e5b552411db539e81d6720334f0e7ccebaa9799aaf17f895e49f7214ec96f41c90a6faa09249838e722b2e7a2c1553437135307a1a710d1c604ccd8a823dfd8df3e3c56d4889575328dd90824fafd2ecbaa6624c6587073ba4fa65a0b9e164200e6d5fc863e88732fc67d4bf877f59c36d1b02d713560afaa18b5bd73fda5b1877456785c90f", 0xe6}], 0x4, &(0x7f0000000380)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x80}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x3f, 0x1, 0x3, [{@remote, 0x7}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1f5d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xa0}}, @ip_retopts={{0x78, 0x0, 0x7, {[@ssrr={0x89, 0x23, 0x5f, [@loopback, @dev={0xac, 0x14, 0x14, 0x25}, @multicast1, @private=0xa010101, @loopback, @loopback, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xc}]}, @timestamp_addr={0x44, 0x34, 0xa2, 0x1, 0x8, [{@loopback, 0x50}, {@remote, 0xec}, {@private=0xa010102, 0x3}, {@multicast1, 0x8}, {@remote, 0xc587}, {@dev={0xac, 0x14, 0x14, 0x20}, 0xc89}]}, @generic={0x82, 0xa, "9f0d42130d1af540"}, @ra={0x94, 0x4, 0x1}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@end, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x12, [@multicast1]}, @lsrr={0x83, 0xf, 0xa2, [@multicast1, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @loopback}}}], 0x160}, 0x20044041) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x9, 0x0, 0x6, 0x2a7, 0xffffffffffffffff, 0x7fff, '\x00', r4, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x9, 0x0, 0x6, 0x2a7, 0xffffffffffffffff, 0x7fff, '\x00', r4, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)}, 0x10) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x9, 0x0, 0x6, 0x2a7, 0xffffffffffffffff, 0x7fff, '\x00', r4, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 220.343852][T29966] FAULT_INJECTION: forcing a failure. [ 220.343852][T29966] name failslab, interval 1, probability 0, space 0, times 0 [ 220.426231][T29966] CPU: 1 PID: 29966 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 220.436322][T29966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 220.446196][T29966] Call Trace: [ 220.449318][T29966] [ 220.452097][T29966] dump_stack_lvl+0x151/0x1b7 [ 220.456610][T29966] ? bfq_pos_tree_add_move+0x43e/0x43e [ 220.461906][T29966] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 220.468162][T29966] dump_stack+0x15/0x17 [ 220.472147][T29966] should_fail+0x3c0/0x510 [ 220.476401][T29966] __should_failslab+0x9f/0xe0 [ 220.481000][T29966] should_failslab+0x9/0x20 [ 220.485337][T29966] kmem_cache_alloc+0x4f/0x2f0 [ 220.489940][T29966] ? anon_vma_fork+0xf7/0x4f0 [ 220.494457][T29966] anon_vma_fork+0xf7/0x4f0 [ 220.498792][T29966] ? anon_vma_name+0x43/0x70 [ 220.503220][T29966] dup_mmap+0x750/0xea0 [ 220.507210][T29966] ? __delayed_free_task+0x20/0x20 [ 220.512154][T29966] ? mm_init+0x807/0x960 [ 220.516235][T29966] dup_mm+0x91/0x330 [ 220.519968][T29966] copy_mm+0x108/0x1b0 [ 220.523874][T29966] copy_process+0x1295/0x3250 [ 220.528392][T29966] ? proc_fail_nth_write+0x213/0x290 [ 220.533507][T29966] ? proc_fail_nth_read+0x220/0x220 [ 220.538556][T29966] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 220.543487][T29966] ? vfs_write+0x9af/0x1050 [ 220.547832][T29966] ? vmacache_update+0xb7/0x120 [ 220.552519][T29966] kernel_clone+0x22d/0x990 [ 220.556856][T29966] ? file_end_write+0x1b0/0x1b0 [ 220.561550][T29966] ? __kasan_check_write+0x14/0x20 [ 220.566493][T29966] ? create_io_thread+0x1e0/0x1e0 [ 220.571394][T29966] ? __mutex_lock_slowpath+0x10/0x10 [ 220.576472][T29966] __x64_sys_clone+0x289/0x310 [ 220.581160][T29966] ? __do_sys_vfork+0x130/0x130 [ 220.585851][T29966] ? debug_smp_processor_id+0x17/0x20 [ 220.591053][T29966] do_syscall_64+0x44/0xd0 [ 220.595306][T29966] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 220.601032][T29966] RIP: 0033:0x7f510cb420d9 [ 220.605286][T29966] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:39:58 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={0x0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:58 executing program 2: syz_clone(0xc4040000, &(0x7f0000000540)="4cebc9c7bc7567ec91964123e8f740cfa7d782709cb822aa8fa1f0331a9dbad528219581e303de4a2cd3cfa4536d6e9789bfdb179be11ffea94b", 0x3a, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="310450839eaec14827172a04aaab39de8a221be637da20b533ba69420f77f2b77acf6385270ea394a60a05c83933ba4e00aa19b1a64a9e32a3e558565fa1f92fc12b3728f04b701c0e7144fd3b8cf14d9ecf39aab8cb") socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="10a9256c522882caf6fe53b40e7560ee944add9094ed6e1b6a6f179ce08f454ffdab8ce9c7230260ca91c166341b0fc55cdf49c60bba317dd5eb36bc400e1434712590ef2b648a404b1c7bf84b0df4b099a66253b4d35473c8c95df020", 0x5d}, {&(0x7f0000000180)="e90a73cc70", 0x5}, {&(0x7f00000001c0)="9584815ae498a7d923b56219d719e9d8848906b18086b477de0fbe90a9fbac205a5f0eae16dd8a7c1bf194e4817f273f4ccda772ff99c8afeafa646e15f9e0e116322ec602a0b731cf87", 0x4a}, {&(0x7f0000000240)="e24fd4aa0754569478e63059e8dd95da459182a204fa54363f85939cb6a1e6b909478bdfe275ccb704182a905618824edfab8c1c678be87487223d39c54c637d273a17083402e52c8359569ca9c32e4551b745dfbfa8568de71af970dfa511c2e5b552411db539e81d6720334f0e7ccebaa9799aaf17f895e49f7214ec96f41c90a6faa09249838e722b2e7a2c1553437135307a1a710d1c604ccd8a823dfd8df3e3c56d4889575328dd90824fafd2ecbaa6624c6587073ba4fa65a0b9e164200e6d5fc863e88732fc67d4bf877f59c36d1b02d713560afaa18b5bd73fda5b1877456785c90f", 0xe6}], 0x4, &(0x7f0000000380)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x80}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x3f, 0x1, 0x3, [{@remote, 0x7}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1f5d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xa0}}, @ip_retopts={{0x78, 0x0, 0x7, {[@ssrr={0x89, 0x23, 0x5f, [@loopback, @dev={0xac, 0x14, 0x14, 0x25}, @multicast1, @private=0xa010101, @loopback, @loopback, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xc}]}, @timestamp_addr={0x44, 0x34, 0xa2, 0x1, 0x8, [{@loopback, 0x50}, {@remote, 0xec}, {@private=0xa010102, 0x3}, {@multicast1, 0x8}, {@remote, 0xc587}, {@dev={0xac, 0x14, 0x14, 0x20}, 0xc89}]}, @generic={0x82, 0xa, "9f0d42130d1af540"}, @ra={0x94, 0x4, 0x1}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@end, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x12, [@multicast1]}, @lsrr={0x83, 0xf, 0xa2, [@multicast1, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @loopback}}}], 0x160}, 0x20044041) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 220.624734][T29966] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 220.633063][T29966] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 220.640873][T29966] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 220.648687][T29966] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 220.656495][T29966] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 220.664308][T29966] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 220.672125][T29966] 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000081ffffebffffff9500080000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x53f7, 0x26, &(0x7f0000000500)=""/38, 0x41100, 0x6, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x2, 0x6, 0xfffffffd}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1]}, 0x80) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000001380)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b244ccc42606d25dfd73a015e0ca7fc2506a1468a7d46d7535f7866907b627377a05f8817bd10751c985dc6771c40151dfb265a0e3b02fa5cfc5ccae669e173a649c1cfd6597d452d6453559c3421eed73d5661cfe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe0026e7a23129d6606fd28ae7b49d552a04bda9df2c3af36effff9af2551c4cb0f327cb3f011a7d06602e2fd5234712596b696418f143d19d02000000000000005bfacba83109751fe6c0541cd027edd68149ee99eebc677d6dd4aed4af7500d7900a820b63278f4e9a217b98000000002a92895614cd50cbe43a1ed2526814bc0000000000e585a744d7e0429f9596e9e086ce48e90defb6670c291c254479106a91893ed20fa7a040fbbef9e326e827e513e96068fd1e8a43e89f32d08806bc376e3e493f52b59d13182e1f24ed200ada12f7a1525320e71666f472f75bc7a941a2d0b2874df30ed5eb1affb87ba5080000008e9f40b4ae7d01000000d11cd22c35e3348993de314ccb37dc9c4aafb212d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebf1c893bb97a068bd10734a83584898eccb26f3b789cfc4d37b729ac83f0d8b4f48f3c3357f000000fc455a97690b6f7f9ccbe44b13000000000000b77c7e23b03f2a834391ad24fe7d9b20cfde6c25a3836900000068d7604bf251b6224fc22052e50000000000000000000000001d702646d17ef2c71e27e9265cf82e090000000000000000000000000000000000036745ecd8313e521a2a9b36b131a74472362300006f3a3504f07ffc0d2fa95fa60892c2d1d1857b784f974705ca7d8d6681e822cb891e6e4fbe73008d7d8b2a78bbca48035c0cf4230943aa47156b1fba84b44144a9b2469dd93201477050f2d98a0b4f128e904e6fcb77afdf7dbfa228495d9c1b3c1d60476563802bf6cc4ea904b9a73377890fd2951c513d98a79156541ec17921be59526b027c8b3ee7b31a3f05e1281f5dbbc26a1688d99e5a9a36dad66a27f11dc80ddbdae4a0d4b8aaa65bbc42ed9a978428f3aaa7a3e5039700d37200ee43646f950c7f836e101db43479d8152dade1d566eb4caeb2ce2da111b0f5e68ae2cf3bb70e1a2bcbfcdbdbcf22a03392d180974fe24d57de77d44744c3c928a1a17dfe427ca58cbffb1ac55665fb8e68a009ed095fa5edb8193135bf0038ecaa41ef08b249544b5144e1c8cf8b5f54c0d6e7f91a148e06f7bb6ea1c5f91f539e61f8a3a093de2a9fc6648adc1ca6c67d33ba3b0558b0e6baf8c7535d096d7c2a4f18bb0a5d5aa57ca3b8a2cf5e18373eaadcd3547349afde626c2c65f6b4d67017144ee66a69c8bd87abd42fe6629f39c4e97d21000000000000000000000300000030b10800c54a807660283d8de5e799ba252c39881ad14cb3f3f23d731a37cbc4b920f43e2b49e10901b20ff10736eb946333d74807cb5f4ecec693b3936ab559f141067c8ba8d28a4cdb199f9055b577e51cf97550cde886ede49c13d9825d88c4717008ac0354187f2c7c953b5688b64bc7000000000000000000000000000000000000000000c20000000094f678004488f9734592bb9a740690fab2d3c9fbc8710c485981a085c295270c0e656298587841f30e70eb0161785361bd0487804e737b0c5318ccd25de1e7fdad069204682918d6ba354e24eabad62845000000c700005b640c7d1b0f815ae09055006007a0b5d90204d0338a2866d212fe4cf0b3ff46780f3a5fcf96a6a7c1c6e5a9d5d0c735edcf11097b8481876341ad2153f7dfe31cc6eb687829f9894840b4797f20a972887c7c1fa08fbc9c72735628052a8dcd601ba42865639b46f8105c1154142f7506f8bf98b007b342fa45fd5a8d5627afdee086ac2f2aa1bd80e1636fbfe145116e5c5f13208dc7e277186ae30ad845500000000000006fb4bc7cfb3a263a03c2c8b13c1ee09534a5f57a2c5e7556bd6d66aedd9cc5f8721ff5496a65cb101f5ef0ca0f8bd29400936d813a0eb3501a1d62306d448b9c6a3463c884a4556c99bd4d1500000080000000000cdf760000000000000000a886d0a939badb3e000000000061756de0725aa4983d3fc6106cfbac1bc851138c2a65e7069a340a28080948e0752235819061a21d15efa6b4564b30cffb389718ee3483eb42c74513b15460435b823c2193a30f37553deec21440ba2144d67fd6c1ed556859508b4342356f2c1a8477a27ff499a67cf067524e37ffd132fbd52e47fdf6864a13a60b5ed78146158e9ecd8f5a7371995a405fdd7d3aa1636653d38329ef3f00000000000000ab31802c0a75b0389a751577f7ca78b1d7690f03cea884c567466cd07ae5b124633b42b545b5ddb99bb218af1126ef52a4d5aeee06885eb43cdd9a74a0a5cb188fdb8a56e5407bd5000000003bd3fd919517aa73dccdab73277a49340a704d385fb371ce45683886c52e14750fe7407fe0cefe0624ef79feb64b0d394d90ca09ce9224ec1a3c161898010840c5f7f788bc76403e78c83220fc00ae7646e86c4843b8685ac83e80aa0a801fd1db4d6f4109ab66ece65553133a2c78ed46cb85901113475963aba9e270f1b2c2ea1f9e44743679c83a45273f60db0a72fe9a6d6f86d22e599d29341a6fa6f94800800000d7223ef3fde2085c61e55163ea4f290e83a4b19222849aa6056f415160dbf6cb0c9006ff6dff89140815e5b73a33600313d3e33e1259c75dc01a0455fa255a80659dcc76b1202ea493d121a24703cfd85c2d65e058e509e4b7d01190e5f8e75dc20142bf9570085f5cf153891f838062bbc71b60f4a00b9a8587563e58cebd1d70e8850962210ec0d57196b99c25237252193010d8111a6f55954d76ccaec6db4390c6a4813f638762f46c324ee97c00a4acc9d7b6dd08879083a839e1da4645ab82923a08bd11f845f92f359f169ed2324cc973ce0fc800000000000000000000000000000000000000009cd8f4ad95446c4f9c5bca196e040b705aac0525d072af96c506a5217d4eeee4f96305fd90f165b2a1a25840518e4a59472c5c96f650e2b2450cbba8fee79773422b0c5d846cbd85e68a4875ec81ea7270afdb8b9e60266c1428b2deaf48c4fd9d354a6aeb3aae5a8c4d253eafa3a9bb6a51f7bb2246eb624f6c8fb9fde75cdaf8c1c7897be2c0d1aa4d31b40c6565db1e6478ecc6aa8a24349c3d0030dc818436855244e69ae96328873474c3bd9ee0eb27df20694556ff94210daa7252630c1b7886ae9bddfbf0de8bef15dae531de3b4e21b8eaa808d553ded136ebeb4002f8a26b28e567a9a45418b29e42c5f3b6f742b81ceaa7f87650e5a3be3cd0fdf9aa552f788eb000d99c42d6055603348c1dcd10721893e94a1d22cd0401ea35e6ba0af751314c82ecdb4f563e68b2fad375a780ed1c07605e38aafb6257738d94a2f47a093fb74fc832898bb535dabccdb6d10ec804420e0ea352b87307fb00fec4095b0b302dd218c33639b650f6bbb3e60bd3cc7fca554a4cb95c25e7a4ab4d1a284bab0273bb6eb1bf4adc2cb1b4eff060e9b105e02e62602d952867eb7df3b3d10fc81b60080e71346cafd22bc045692ec9c7d013c10048d79e7af0331f3cf774c06cad41c8117febc2fd009dee9cfcb824c1c1072aa8f12db40229b8d3242e922ca3095d3419c5e2851c2324603b992d6db0815f60af4f0d06bfbb250b761f49aceeea736fdf92236b8a0d25049c75e8a5ff29fb47259b4639fc6c1a7147969925d48d583c48ea27f7d3b6150ba573067e998e6fccd40c7fc0988f50df0c97f3683b8019945fefddcc8f0766967bf2c6b9524bbc008f0418b82727d31fdd9e7286c584b16e50f23593b80b343426f646dd7d86aa50f0c3f6cae154ecd14e2a23caaeaa0dc8d87b8a355d30696d3f2cc426737521ed04758dbdab2321a07a2d3355120e632774fcb0dba3c4dcd3a000000000000000007b34cad6d72da0821bd62cdfbc53adc7cec056f12f78e9ccdeeffb4e02696c6dbf3f1a15003662b42708"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r3, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@bloom_filter={0x1e, 0x200, 0x7, 0x2, 0x408, r1, 0x6b0, '\x00', r4, r5, 0x0, 0x2, 0x3, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x9, 0x0, 0x6, 0x2a7, 0xffffffffffffffff, 0x7fff, '\x00', r4, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:58 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:39:58 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={0x0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180100000000000000850000000700000095000000000000000556cfc37aca66a638e9364c05c3b1411b1a09f365ea26824fdfbac80dabb6af2f693cd5bdf48ab20ce6b796797f8fd197e54806e33ebd044a36fbb210f20c9e33e6a3bd74fe48fce9c1198be88e07c8710e4333405bb1570a63d8c2f2a742fd3b08dcbe2a3f9e97c83617ea61f1c04c812a6a47c8262c0998d03b1a66cc4e78182ad0"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000100)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0xffffffffffffffff]}, 0x80) syz_clone(0x42810800, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:58 executing program 2: syz_clone(0xc4040000, &(0x7f0000000540)="4cebc9c7bc7567ec91964123e8f740cfa7d782709cb822aa8fa1f0331a9dbad528219581e303de4a2cd3cfa4536d6e9789bfdb179be11ffea94b", 0x3a, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="310450839eaec14827172a04aaab39de8a221be637da20b533ba69420f77f2b77acf6385270ea394a60a05c83933ba4e00aa19b1a64a9e32a3e558565fa1f92fc12b3728f04b701c0e7144fd3b8cf14d9ecf39aab8cb") socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="10a9256c522882caf6fe53b40e7560ee944add9094ed6e1b6a6f179ce08f454ffdab8ce9c7230260ca91c166341b0fc55cdf49c60bba317dd5eb36bc400e1434712590ef2b648a404b1c7bf84b0df4b099a66253b4d35473c8c95df020", 0x5d}, {&(0x7f0000000180)="e90a73cc70", 0x5}, {&(0x7f00000001c0)="9584815ae498a7d923b56219d719e9d8848906b18086b477de0fbe90a9fbac205a5f0eae16dd8a7c1bf194e4817f273f4ccda772ff99c8afeafa646e15f9e0e116322ec602a0b731cf87", 0x4a}, {&(0x7f0000000240)="e24fd4aa0754569478e63059e8dd95da459182a204fa54363f85939cb6a1e6b909478bdfe275ccb704182a905618824edfab8c1c678be87487223d39c54c637d273a17083402e52c8359569ca9c32e4551b745dfbfa8568de71af970dfa511c2e5b552411db539e81d6720334f0e7ccebaa9799aaf17f895e49f7214ec96f41c90a6faa09249838e722b2e7a2c1553437135307a1a710d1c604ccd8a823dfd8df3e3c56d4889575328dd90824fafd2ecbaa6624c6587073ba4fa65a0b9e164200e6d5fc863e88732fc67d4bf877f59c36d1b02d713560afaa18b5bd73fda5b1877456785c90f", 0xe6}], 0x4, &(0x7f0000000380)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x80}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x3f, 0x1, 0x3, [{@remote, 0x7}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1f5d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xa0}}, @ip_retopts={{0x78, 0x0, 0x7, {[@ssrr={0x89, 0x23, 0x5f, [@loopback, @dev={0xac, 0x14, 0x14, 0x25}, @multicast1, @private=0xa010101, @loopback, @loopback, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xc}]}, @timestamp_addr={0x44, 0x34, 0xa2, 0x1, 0x8, [{@loopback, 0x50}, {@remote, 0xec}, {@private=0xa010102, 0x3}, {@multicast1, 0x8}, {@remote, 0xc587}, {@dev={0xac, 0x14, 0x14, 0x20}, 0xc89}]}, @generic={0x82, 0xa, "9f0d42130d1af540"}, @ra={0x94, 0x4, 0x1}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@end, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x12, [@multicast1]}, @lsrr={0x83, 0xf, 0xa2, [@multicast1, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @loopback}}}], 0x160}, 0x20044041) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) syz_clone(0xc4040000, &(0x7f0000000540)="4cebc9c7bc7567ec91964123e8f740cfa7d782709cb822aa8fa1f0331a9dbad528219581e303de4a2cd3cfa4536d6e9789bfdb179be11ffea94b", 0x3a, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="310450839eaec14827172a04aaab39de8a221be637da20b533ba69420f77f2b77acf6385270ea394a60a05c83933ba4e00aa19b1a64a9e32a3e558565fa1f92fc12b3728f04b701c0e7144fd3b8cf14d9ecf39aab8cb") (async) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)) (async) sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="10a9256c522882caf6fe53b40e7560ee944add9094ed6e1b6a6f179ce08f454ffdab8ce9c7230260ca91c166341b0fc55cdf49c60bba317dd5eb36bc400e1434712590ef2b648a404b1c7bf84b0df4b099a66253b4d35473c8c95df020", 0x5d}, {&(0x7f0000000180)="e90a73cc70", 0x5}, {&(0x7f00000001c0)="9584815ae498a7d923b56219d719e9d8848906b18086b477de0fbe90a9fbac205a5f0eae16dd8a7c1bf194e4817f273f4ccda772ff99c8afeafa646e15f9e0e116322ec602a0b731cf87", 0x4a}, {&(0x7f0000000240)="e24fd4aa0754569478e63059e8dd95da459182a204fa54363f85939cb6a1e6b909478bdfe275ccb704182a905618824edfab8c1c678be87487223d39c54c637d273a17083402e52c8359569ca9c32e4551b745dfbfa8568de71af970dfa511c2e5b552411db539e81d6720334f0e7ccebaa9799aaf17f895e49f7214ec96f41c90a6faa09249838e722b2e7a2c1553437135307a1a710d1c604ccd8a823dfd8df3e3c56d4889575328dd90824fafd2ecbaa6624c6587073ba4fa65a0b9e164200e6d5fc863e88732fc67d4bf877f59c36d1b02d713560afaa18b5bd73fda5b1877456785c90f", 0xe6}], 0x4, &(0x7f0000000380)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x80}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x3f, 0x1, 0x3, [{@remote, 0x7}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1f5d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xa0}}, @ip_retopts={{0x78, 0x0, 0x7, {[@ssrr={0x89, 0x23, 0x5f, [@loopback, @dev={0xac, 0x14, 0x14, 0x25}, @multicast1, @private=0xa010101, @loopback, @loopback, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xc}]}, @timestamp_addr={0x44, 0x34, 0xa2, 0x1, 0x8, [{@loopback, 0x50}, {@remote, 0xec}, {@private=0xa010102, 0x3}, {@multicast1, 0x8}, {@remote, 0xc587}, {@dev={0xac, 0x14, 0x14, 0x20}, 0xc89}]}, @generic={0x82, 0xa, "9f0d42130d1af540"}, @ra={0x94, 0x4, 0x1}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@end, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x12, [@multicast1]}, @lsrr={0x83, 0xf, 0xa2, [@multicast1, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @loopback}}}], 0x160}, 0x20044041) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:39:58 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 73) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:39:58 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x9a) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180100000000000000850000000700000095000000000000000556cfc37aca66a638e9364c05c3b1411b1a09f365ea26824fdfbac80dabb6af2f693cd5bdf48ab20ce6b796797f8fd197e54806e33ebd044a36fbb210f20c9e33e6a3bd74fe48fce9c1198be88e07c8710e4333405bb1570a63d8c2f2a742fd3b08dcbe2a3f9e97c83617ea61f1c04c812a6a47c8262c0998d03b1a66cc4e78182ad0"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000100)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0xffffffffffffffff]}, 0x80) (async) syz_clone(0x42810800, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:58 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180100000000000000850000000700000095000000000000000556cfc37aca66a638e9364c05c3b1411b1a09f365ea26824fdfbac80dabb6af2f693cd5bdf48ab20ce6b796797f8fd197e54806e33ebd044a36fbb210f20c9e33e6a3bd74fe48fce9c1198be88e07c8710e4333405bb1570a63d8c2f2a742fd3b08dcbe2a3f9e97c83617ea61f1c04c812a6a47c8262c0998d03b1a66cc4e78182ad0"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000100)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0xffffffffffffffff]}, 0x80) syz_clone(0x42810800, 0x0, 0x0, 0x0, 0x0, 0x0) 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x2, 0x0, 0x100000001, 0x10, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000040), 0xc}, 0x2081, 0x0, 0x654, 0x0, 0xf0bb, 0x20, 0x2, 0x0, 0x9, 0x0, 0x7}, r2, 0x2, r1, 0x9) [ 221.217110][T30038] FAULT_INJECTION: forcing a failure. [ 221.217110][T30038] name failslab, interval 1, probability 0, space 0, times 0 [ 221.263241][T30038] CPU: 0 PID: 30038 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 221.273316][T30038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 221.283207][T30038] Call Trace: [ 221.286332][T30038] [ 221.289110][T30038] dump_stack_lvl+0x151/0x1b7 [ 221.293625][T30038] ? bfq_pos_tree_add_move+0x43e/0x43e [ 221.298918][T30038] dump_stack+0x15/0x17 [ 221.302908][T30038] should_fail+0x3c0/0x510 [ 221.307164][T30038] __should_failslab+0x9f/0xe0 [ 221.311763][T30038] should_failslab+0x9/0x20 [ 221.316106][T30038] kmem_cache_alloc+0x4f/0x2f0 [ 221.320702][T30038] ? vm_area_dup+0x26/0x1d0 [ 221.325037][T30038] ? __kasan_check_read+0x11/0x20 [ 221.329902][T30038] vm_area_dup+0x26/0x1d0 [ 221.334068][T30038] dup_mmap+0x6b8/0xea0 [ 221.338063][T30038] ? __delayed_free_task+0x20/0x20 [ 221.343006][T30038] ? mm_init+0x807/0x960 [ 221.347086][T30038] dup_mm+0x91/0x330 [ 221.350820][T30038] copy_mm+0x108/0x1b0 [ 221.354723][T30038] copy_process+0x1295/0x3250 [ 221.359238][T30038] ? proc_fail_nth_write+0x213/0x290 [ 221.364357][T30038] ? proc_fail_nth_read+0x220/0x220 [ 221.369425][T30038] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 221.374341][T30038] ? vfs_write+0x9af/0x1050 [ 221.378687][T30038] ? vmacache_update+0xb7/0x120 [ 221.383373][T30038] kernel_clone+0x22d/0x990 [ 221.387707][T30038] ? file_end_write+0x1b0/0x1b0 [ 221.392393][T30038] ? __kasan_check_write+0x14/0x20 [ 221.397339][T30038] ? create_io_thread+0x1e0/0x1e0 [ 221.402209][T30038] ? __mutex_lock_slowpath+0x10/0x10 [ 221.407329][T30038] __x64_sys_clone+0x289/0x310 [ 221.411926][T30038] ? __do_sys_vfork+0x130/0x130 [ 221.416612][T30038] ? debug_smp_processor_id+0x17/0x20 [ 221.421820][T30038] do_syscall_64+0x44/0xd0 [ 221.426075][T30038] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 221.431798][T30038] RIP: 0033:0x7f510cb420d9 [ 221.436051][T30038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 221.455495][T30038] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x2, 0x0, 0x100000001, 0x10, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000040), 0xc}, 0x2081, 0x0, 0x654, 0x0, 0xf0bb, 0x20, 0x2, 0x0, 0x9, 0x0, 0x7}, r2, 0x2, r1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x2, 0x0, 0x100000001, 0x10, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000040), 0xc}, 0x2081, 0x0, 0x654, 0x0, 0xf0bb, 0x20, 0x2, 0x0, 0x9, 0x0, 0x7}, r2, 0x2, r1, 0x9) (async) 17:39:58 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) (async) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) [ 221.463739][T30038] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 221.471552][T30038] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 221.479370][T30038] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 221.487263][T30038] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 221.495070][T30038] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 221.502888][T30038] 17:39:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r2 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x2, 0x0, 0x100000001, 0x10, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000040), 0xc}, 0x2081, 0x0, 0x654, 0x0, 0xf0bb, 0x20, 0x2, 0x0, 0x9, 0x0, 0x7}, r2, 0x2, r1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x2, 0x0, 0x100000001, 0x10, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000040), 0xc}, 0x2081, 0x0, 0x654, 0x0, 0xf0bb, 0x20, 0x2, 0x0, 0x9, 0x0, 0x7}, r2, 0x2, r1, 0x9) (async) 17:39:58 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12) 17:39:59 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000e00000d000085000000070000005b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:00 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000e00000d000085000000070000005b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000e00000d000085000000070000005b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:40:00 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12) 17:40:00 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:00 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 74) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:00 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x9a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:40:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000e00000d000085000000070000005b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 223.173109][T30076] FAULT_INJECTION: forcing a failure. [ 223.173109][T30076] name failslab, interval 1, probability 0, space 0, times 0 [ 223.240397][T30076] CPU: 1 PID: 30076 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 223.250900][T30076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 223.260797][T30076] Call Trace: [ 223.263921][T30076] [ 223.266699][T30076] dump_stack_lvl+0x151/0x1b7 [ 223.271207][T30076] ? bfq_pos_tree_add_move+0x43e/0x43e [ 223.276506][T30076] dump_stack+0x15/0x17 [ 223.280496][T30076] should_fail+0x3c0/0x510 [ 223.284749][T30076] __should_failslab+0x9f/0xe0 [ 223.289354][T30076] should_failslab+0x9/0x20 [ 223.293684][T30076] kmem_cache_alloc+0x4f/0x2f0 [ 223.298375][T30076] ? vm_area_dup+0x26/0x1d0 [ 223.302713][T30076] ? __kasan_check_read+0x11/0x20 [ 223.307578][T30076] vm_area_dup+0x26/0x1d0 [ 223.311744][T30076] dup_mmap+0x6b8/0xea0 [ 223.315744][T30076] ? __delayed_free_task+0x20/0x20 [ 223.320681][T30076] ? mm_init+0x807/0x960 [ 223.324761][T30076] dup_mm+0x91/0x330 [ 223.328491][T30076] copy_mm+0x108/0x1b0 [ 223.332399][T30076] copy_process+0x1295/0x3250 [ 223.336913][T30076] ? proc_fail_nth_write+0x213/0x290 [ 223.342032][T30076] ? proc_fail_nth_read+0x220/0x220 [ 223.347066][T30076] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 223.352013][T30076] ? vfs_write+0x9af/0x1050 [ 223.356442][T30076] ? vmacache_update+0xb7/0x120 [ 223.361131][T30076] kernel_clone+0x22d/0x990 [ 223.365469][T30076] ? file_end_write+0x1b0/0x1b0 [ 223.370157][T30076] ? __kasan_check_write+0x14/0x20 [ 223.375111][T30076] ? create_io_thread+0x1e0/0x1e0 [ 223.379959][T30076] ? __mutex_lock_slowpath+0x10/0x10 [ 223.385082][T30076] __x64_sys_clone+0x289/0x310 17:40:00 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000003c0)=""/151, 0x97}], 0x2, &(0x7f0000000480)=""/159, 0x9f}, 0xc0010050) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 223.389683][T30076] ? __do_sys_vfork+0x130/0x130 [ 223.394374][T30076] ? debug_smp_processor_id+0x17/0x20 [ 223.399578][T30076] do_syscall_64+0x44/0xd0 [ 223.403831][T30076] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 223.409555][T30076] RIP: 0033:0x7f510cb420d9 [ 223.413808][T30076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:40:00 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) [ 223.433264][T30076] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 223.441493][T30076] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 223.449304][T30076] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 223.457115][T30076] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 223.464925][T30076] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 223.472744][T30076] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 223.480557][T30076] 17:40:00 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async, rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) (rerun: 32) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:01 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r0, 0x0, 0x0) 17:40:01 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000003c0)=""/151, 0x97}], 0x2, &(0x7f0000000480)=""/159, 0x9f}, 0xc0010050) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000003c0)=""/151, 0x97}], 0x2, &(0x7f0000000480)=""/159, 0x9f}, 0xc0010050) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:01 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000003c0)=""/151, 0x97}], 0x2, &(0x7f0000000480)=""/159, 0x9f}, 0xc0010050) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async, rerun: 64) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) 17:40:01 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) 17:40:01 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 75) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:01 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r0, 0x0, 0x0) 17:40:01 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x9a) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:40:01 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) (async) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x6a) 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x6a) [ 224.203904][T30130] FAULT_INJECTION: forcing a failure. [ 224.203904][T30130] name failslab, interval 1, probability 0, space 0, times 0 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x6a) [ 224.261417][T30130] CPU: 1 PID: 30130 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 224.271495][T30130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 224.281387][T30130] Call Trace: [ 224.284518][T30130] [ 224.287289][T30130] dump_stack_lvl+0x151/0x1b7 [ 224.291804][T30130] ? bfq_pos_tree_add_move+0x43e/0x43e [ 224.297107][T30130] ? do_syscall_64+0x44/0xd0 [ 224.301531][T30130] dump_stack+0x15/0x17 [ 224.305514][T30130] should_fail+0x3c0/0x510 17:40:01 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) [ 224.309777][T30130] __should_failslab+0x9f/0xe0 [ 224.314369][T30130] should_failslab+0x9/0x20 [ 224.318712][T30130] kmem_cache_alloc+0x4f/0x2f0 [ 224.323309][T30130] ? anon_vma_clone+0xa1/0x4f0 [ 224.327909][T30130] anon_vma_clone+0xa1/0x4f0 [ 224.332338][T30130] anon_vma_fork+0x91/0x4f0 [ 224.336672][T30130] ? anon_vma_name+0x43/0x70 [ 224.341099][T30130] dup_mmap+0x750/0xea0 [ 224.345095][T30130] ? __delayed_free_task+0x20/0x20 [ 224.350041][T30130] ? mm_init+0x807/0x960 [ 224.354207][T30130] dup_mm+0x91/0x330 [ 224.357937][T30130] copy_mm+0x108/0x1b0 [ 224.361843][T30130] copy_process+0x1295/0x3250 [ 224.366360][T30130] ? proc_fail_nth_write+0x213/0x290 [ 224.371479][T30130] ? proc_fail_nth_read+0x220/0x220 [ 224.376512][T30130] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 224.381466][T30130] ? vfs_write+0x9af/0x1050 [ 224.385800][T30130] ? vmacache_update+0xb7/0x120 [ 224.390488][T30130] kernel_clone+0x22d/0x990 [ 224.394830][T30130] ? file_end_write+0x1b0/0x1b0 [ 224.399520][T30130] ? __kasan_check_write+0x14/0x20 [ 224.404460][T30130] ? create_io_thread+0x1e0/0x1e0 [ 224.409320][T30130] ? __mutex_lock_slowpath+0x10/0x10 [ 224.414443][T30130] __x64_sys_clone+0x289/0x310 [ 224.419044][T30130] ? __do_sys_vfork+0x130/0x130 [ 224.423735][T30130] ? debug_smp_processor_id+0x17/0x20 [ 224.428945][T30130] do_syscall_64+0x44/0xd0 [ 224.433197][T30130] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 224.438916][T30130] RIP: 0033:0x7f510cb420d9 [ 224.443172][T30130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 224.462711][T30130] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 224.470958][T30130] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 224.478775][T30130] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 224.486579][T30130] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 224.494390][T30130] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 224.502202][T30130] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 224.510015][T30130] 17:40:02 executing program 1: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000100)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000280), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000e8e3b1a991eda008000100006d0000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cgroup.kill\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040)={0x0, r2}, 0x10) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:02 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 76) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:02 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:02 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_user\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0xfffffffd, 0x18}, 0xc) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0xac, 0xffffffff, 0x16b0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x3, 0x9}, 0x48) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='rdma.current\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r6, &(0x7f0000000180), 0xfdef) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.bfq.dequeue\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ad}, [@ldst={0x0, 0x0, 0x3, 0x6, 0x5, 0x100, 0xffffffffffffffff}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x7}, @ldst={0x2, 0x3, 0x2, 0x0, 0x3, 0x0, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, &(0x7f00000000c0), 0x41000, 0xc, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0x10, 0x69cb, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r1, r2, 0xffffffffffffffff, r3, r4, r5, r6, r7, 0x1]}, 0x80) 17:40:02 executing program 1: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000100)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000280), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000e8e3b1a991eda008000100006d0000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cgroup.kill\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040)={0x0, r2}, 0x10) 17:40:02 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) (async) 17:40:02 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:02 executing program 1: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000100)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000280), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000e8e3b1a991eda008000100006d0000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cgroup.kill\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040)={0x0, r2}, 0x10) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:02 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xprtrdma_err_chunk\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 224.814771][T30177] FAULT_INJECTION: forcing a failure. [ 224.814771][T30177] name failslab, interval 1, probability 0, space 0, times 0 [ 224.916046][T30177] CPU: 0 PID: 30177 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 224.926122][T30177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 224.936016][T30177] Call Trace: [ 224.939138][T30177] [ 224.941916][T30177] dump_stack_lvl+0x151/0x1b7 [ 224.946434][T30177] ? bfq_pos_tree_add_move+0x43e/0x43e [ 224.951725][T30177] dump_stack+0x15/0x17 [ 224.955718][T30177] should_fail+0x3c0/0x510 [ 224.959975][T30177] __should_failslab+0x9f/0xe0 [ 224.964569][T30177] should_failslab+0x9/0x20 [ 224.968909][T30177] kmem_cache_alloc+0x4f/0x2f0 [ 224.973516][T30177] ? vm_area_dup+0x26/0x1d0 [ 224.977936][T30177] ? __kasan_check_read+0x11/0x20 [ 224.982803][T30177] vm_area_dup+0x26/0x1d0 [ 224.986964][T30177] dup_mmap+0x6b8/0xea0 [ 224.990960][T30177] ? __delayed_free_task+0x20/0x20 [ 224.995905][T30177] ? mm_init+0x807/0x960 [ 224.999981][T30177] dup_mm+0x91/0x330 [ 225.003721][T30177] copy_mm+0x108/0x1b0 [ 225.007622][T30177] copy_process+0x1295/0x3250 [ 225.012136][T30177] ? proc_fail_nth_write+0x213/0x290 [ 225.017256][T30177] ? proc_fail_nth_read+0x220/0x220 [ 225.022289][T30177] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 225.027236][T30177] ? vfs_write+0x9af/0x1050 [ 225.031575][T30177] ? vmacache_update+0xb7/0x120 [ 225.036263][T30177] kernel_clone+0x22d/0x990 [ 225.040603][T30177] ? file_end_write+0x1b0/0x1b0 [ 225.045292][T30177] ? __kasan_check_write+0x14/0x20 [ 225.050234][T30177] ? create_io_thread+0x1e0/0x1e0 [ 225.055100][T30177] ? __mutex_lock_slowpath+0x10/0x10 [ 225.060220][T30177] __x64_sys_clone+0x289/0x310 [ 225.064819][T30177] ? __do_sys_vfork+0x130/0x130 [ 225.069505][T30177] ? debug_smp_processor_id+0x17/0x20 [ 225.074716][T30177] do_syscall_64+0x44/0xd0 [ 225.078963][T30177] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 225.084692][T30177] RIP: 0033:0x7f510cb420d9 [ 225.088949][T30177] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 225.108391][T30177] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 225.116633][T30177] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 225.124445][T30177] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 225.132255][T30177] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 225.140068][T30177] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 225.147879][T30177] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 225.155696][T30177] 17:40:02 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 77) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:02 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0x80, 0x6, 0x4d, 0x5, 0x0, 0x8000000000000001, 0x20, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x4010, 0x897a, 0x7, 0x3, 0x4, 0x7ff, 0x1f, 0x0, 0x6, 0x0, 0x400}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xc) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:02 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) (async, rerun: 64) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xprtrdma_err_chunk\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:02 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:02 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_user\x00', 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0xfffffffd, 0x18}, 0xc) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0xac, 0xffffffff, 0x16b0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x3, 0x9}, 0x48) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='rdma.current\x00', 0x0, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r6, &(0x7f0000000180), 0xfdef) (async) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.bfq.dequeue\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ad}, [@ldst={0x0, 0x0, 0x3, 0x6, 0x5, 0x100, 0xffffffffffffffff}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x7}, @ldst={0x2, 0x3, 0x2, 0x0, 0x3, 0x0, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, &(0x7f00000000c0), 0x41000, 0xc, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0x10, 0x69cb, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r1, r2, 0xffffffffffffffff, r3, r4, r5, r6, r7, 0x1]}, 0x80) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:02 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0x80, 0x6, 0x4d, 0x5, 0x0, 0x8000000000000001, 0x20, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x4010, 0x897a, 0x7, 0x3, 0x4, 0x7ff, 0x1f, 0x0, 0x6, 0x0, 0x400}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xc) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0x80, 0x6, 0x4d, 0x5, 0x0, 0x8000000000000001, 0x20, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x4010, 0x897a, 0x7, 0x3, 0x4, 0x7ff, 0x1f, 0x0, 0x6, 0x0, 0x400}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xc) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:40:02 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0xfdef) (async) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xprtrdma_err_chunk\x00', r1}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:02 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) [ 225.435020][T30210] FAULT_INJECTION: forcing a failure. [ 225.435020][T30210] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 225.491359][T30210] CPU: 0 PID: 30210 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 225.501433][T30210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 225.511322][T30210] Call Trace: [ 225.514448][T30210] [ 225.517228][T30210] dump_stack_lvl+0x151/0x1b7 [ 225.521736][T30210] ? bfq_pos_tree_add_move+0x43e/0x43e [ 225.527036][T30210] ? stack_trace_save+0x12d/0x1f0 [ 225.531891][T30210] dump_stack+0x15/0x17 [ 225.535884][T30210] should_fail+0x3c0/0x510 [ 225.540139][T30210] should_fail_alloc_page+0x58/0x70 [ 225.545181][T30210] __alloc_pages+0x1de/0x7c0 [ 225.549601][T30210] ? __kasan_slab_alloc+0xb2/0xe0 [ 225.554462][T30210] ? anon_vma_fork+0x91/0x4f0 [ 225.558984][T30210] ? do_syscall_64+0x44/0xd0 [ 225.563403][T30210] ? __count_vm_events+0x30/0x30 [ 225.568178][T30210] allocate_slab+0x62/0x580 [ 225.572513][T30210] ___slab_alloc+0x2e2/0x6f0 [ 225.576939][T30210] ? anon_vma_clone+0xa1/0x4f0 [ 225.581540][T30210] ? anon_vma_clone+0xa1/0x4f0 [ 225.586138][T30210] __slab_alloc+0x4a/0x90 [ 225.590322][T30210] kmem_cache_alloc+0x205/0x2f0 [ 225.594992][T30210] ? anon_vma_clone+0xa1/0x4f0 [ 225.599593][T30210] anon_vma_clone+0xa1/0x4f0 [ 225.604022][T30210] anon_vma_fork+0x91/0x4f0 [ 225.608358][T30210] ? anon_vma_name+0x43/0x70 [ 225.612785][T30210] dup_mmap+0x750/0xea0 [ 225.616778][T30210] ? __delayed_free_task+0x20/0x20 [ 225.621725][T30210] ? mm_init+0x807/0x960 [ 225.625806][T30210] dup_mm+0x91/0x330 [ 225.629543][T30210] copy_mm+0x108/0x1b0 [ 225.633444][T30210] copy_process+0x1295/0x3250 [ 225.637955][T30210] ? proc_fail_nth_write+0x213/0x290 [ 225.643078][T30210] ? proc_fail_nth_read+0x220/0x220 [ 225.648120][T30210] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 225.653057][T30210] ? vfs_write+0x9af/0x1050 [ 225.657398][T30210] ? vmacache_update+0xb7/0x120 [ 225.662091][T30210] kernel_clone+0x22d/0x990 [ 225.666430][T30210] ? file_end_write+0x1b0/0x1b0 [ 225.671116][T30210] ? __kasan_check_write+0x14/0x20 [ 225.676057][T30210] ? create_io_thread+0x1e0/0x1e0 [ 225.680921][T30210] ? __mutex_lock_slowpath+0x10/0x10 [ 225.686040][T30210] __x64_sys_clone+0x289/0x310 [ 225.690642][T30210] ? __do_sys_vfork+0x130/0x130 [ 225.695329][T30210] ? debug_smp_processor_id+0x17/0x20 [ 225.700536][T30210] do_syscall_64+0x44/0xd0 [ 225.704790][T30210] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 225.710516][T30210] RIP: 0033:0x7f510cb420d9 [ 225.714769][T30210] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 225.734209][T30210] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:40:03 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) 17:40:03 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 225.742456][T30210] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 225.750352][T30210] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 225.758171][T30210] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 225.765976][T30210] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 225.773787][T30210] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 225.781602][T30210] 17:40:03 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 78) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:03 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0x80, 0x6, 0x4d, 0x5, 0x0, 0x8000000000000001, 0x20, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x4010, 0x897a, 0x7, 0x3, 0x4, 0x7ff, 0x1f, 0x0, 0x6, 0x0, 0x400}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xc) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:03 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:03 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) 17:40:03 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:03 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_user\x00', 0x0, 0x0) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (rerun: 64) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0xfffffffd, 0x18}, 0xc) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0xac, 0xffffffff, 0x16b0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x3, 0x9}, 0x48) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='rdma.current\x00', 0x0, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r6, &(0x7f0000000180), 0xfdef) (async) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.bfq.dequeue\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ad}, [@ldst={0x0, 0x0, 0x3, 0x6, 0x5, 0x100, 0xffffffffffffffff}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x7}, @ldst={0x2, 0x3, 0x2, 0x0, 0x3, 0x0, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, &(0x7f00000000c0), 0x41000, 0xc, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0x10, 0x69cb, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r1, r2, 0xffffffffffffffff, r3, r4, r5, r6, r7, 0x1]}, 0x80) 17:40:03 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d33595d1375f81fc4adde38e0c467ce1cd814812ce70edefa59ea35769c55a1df6654956efb9d26d4f641acc3d515b1f496c6d33492d8bac090d06c45b87c8be095a76223d4fbf786053017c9051eccdeeb05cf4c11e8d4265ee60b634b9ff8e0d8829bb84e"], 0x6a) 17:40:03 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:40:03 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:03 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d33595d1375f81fc4adde38e0c467ce1cd814812ce70edefa59ea35769c55a1df6654956efb9d26d4f641acc3d515b1f496c6d33492d8bac090d06c45b87c8be095a76223d4fbf786053017c9051eccdeeb05cf4c11e8d4265ee60b634b9ff8e0d8829bb84e"], 0x6a) 17:40:03 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:03 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d33595d1375f81fc4adde38e0c467ce1cd814812ce70edefa59ea35769c55a1df6654956efb9d26d4f641acc3d515b1f496c6d33492d8bac090d06c45b87c8be095a76223d4fbf786053017c9051eccdeeb05cf4c11e8d4265ee60b634b9ff8e0d8829bb84e"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="4e2d33595d1375f81fc4adde38e0c467ce1cd814812ce70edefa59ea35769c55a1df6654956efb9d26d4f641acc3d515b1f496c6d33492d8bac090d06c45b87c8be095a76223d4fbf786053017c9051eccdeeb05cf4c11e8d4265ee60b634b9ff8e0d8829bb84e"], 0x6a) (async) [ 226.376942][T30252] FAULT_INJECTION: forcing a failure. [ 226.376942][T30252] name failslab, interval 1, probability 0, space 0, times 0 [ 226.419552][T30252] CPU: 0 PID: 30252 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 226.429621][T30252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 226.439520][T30252] Call Trace: [ 226.442644][T30252] [ 226.445423][T30252] dump_stack_lvl+0x151/0x1b7 [ 226.449937][T30252] ? bfq_pos_tree_add_move+0x43e/0x43e [ 226.455227][T30252] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 226.461477][T30252] dump_stack+0x15/0x17 [ 226.465469][T30252] should_fail+0x3c0/0x510 [ 226.469721][T30252] __should_failslab+0x9f/0xe0 [ 226.474322][T30252] should_failslab+0x9/0x20 [ 226.478667][T30252] kmem_cache_alloc+0x4f/0x2f0 [ 226.483275][T30252] ? anon_vma_fork+0xf7/0x4f0 [ 226.487777][T30252] anon_vma_fork+0xf7/0x4f0 [ 226.492113][T30252] ? anon_vma_name+0x43/0x70 [ 226.496543][T30252] dup_mmap+0x750/0xea0 [ 226.500536][T30252] ? __delayed_free_task+0x20/0x20 [ 226.505480][T30252] ? mm_init+0x807/0x960 [ 226.509562][T30252] dup_mm+0x91/0x330 [ 226.513290][T30252] copy_mm+0x108/0x1b0 [ 226.517202][T30252] copy_process+0x1295/0x3250 [ 226.521712][T30252] ? proc_fail_nth_write+0x213/0x290 [ 226.526834][T30252] ? proc_fail_nth_read+0x220/0x220 [ 226.531875][T30252] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 226.536812][T30252] ? vfs_write+0x9af/0x1050 [ 226.541152][T30252] ? vmacache_update+0xb7/0x120 [ 226.545838][T30252] kernel_clone+0x22d/0x990 [ 226.550180][T30252] ? file_end_write+0x1b0/0x1b0 [ 226.554867][T30252] ? __kasan_check_write+0x14/0x20 [ 226.559813][T30252] ? create_io_thread+0x1e0/0x1e0 [ 226.564673][T30252] ? __mutex_lock_slowpath+0x10/0x10 [ 226.569795][T30252] __x64_sys_clone+0x289/0x310 [ 226.574396][T30252] ? __do_sys_vfork+0x130/0x130 [ 226.579082][T30252] ? debug_smp_processor_id+0x17/0x20 [ 226.584289][T30252] do_syscall_64+0x44/0xd0 [ 226.588542][T30252] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 226.594270][T30252] RIP: 0033:0x7f510cb420d9 [ 226.598525][T30252] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 226.617967][T30252] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 226.626211][T30252] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 226.634107][T30252] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 226.641923][T30252] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 226.649730][T30252] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 226.657538][T30252] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 226.665357][T30252] [ 226.958354][T30252] ================================================================== [ 226.966511][T30252] BUG: KASAN: use-after-free in vm_area_free+0x7e/0x230 [ 226.973280][T30252] Write of size 4 at addr ffff8881230d5998 by task syz-executor.3/30252 [ 226.981446][T30252] [ 226.983610][T30252] CPU: 0 PID: 30252 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 226.993674][T30252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 227.003570][T30252] Call Trace: [ 227.006697][T30252] [ 227.009471][T30252] dump_stack_lvl+0x151/0x1b7 [ 227.013984][T30252] ? bfq_pos_tree_add_move+0x43e/0x43e [ 227.019285][T30252] ? panic+0x727/0x727 [ 227.023185][T30252] ? slab_free_freelist_hook+0xc9/0x1a0 [ 227.028566][T30252] print_address_description+0x87/0x3d0 [ 227.034036][T30252] kasan_report+0x1a6/0x1f0 [ 227.038370][T30252] ? vm_area_free+0x7e/0x230 [ 227.042802][T30252] ? vm_area_free+0x7e/0x230 [ 227.047234][T30252] kasan_check_range+0x2aa/0x2e0 [ 227.052000][T30252] __kasan_check_write+0x14/0x20 [ 227.056774][T30252] vm_area_free+0x7e/0x230 [ 227.061029][T30252] dup_mmap+0xbcd/0xea0 [ 227.065023][T30252] ? __delayed_free_task+0x20/0x20 [ 227.070065][T30252] ? mm_init+0x807/0x960 [ 227.074132][T30252] dup_mm+0x91/0x330 [ 227.077866][T30252] copy_mm+0x108/0x1b0 [ 227.081773][T30252] copy_process+0x1295/0x3250 [ 227.086286][T30252] ? proc_fail_nth_write+0x213/0x290 [ 227.091410][T30252] ? proc_fail_nth_read+0x220/0x220 [ 227.096439][T30252] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 227.101386][T30252] ? vfs_write+0x9af/0x1050 [ 227.105727][T30252] ? vmacache_update+0xb7/0x120 [ 227.110424][T30252] kernel_clone+0x22d/0x990 [ 227.114751][T30252] ? file_end_write+0x1b0/0x1b0 [ 227.119440][T30252] ? __kasan_check_write+0x14/0x20 [ 227.124385][T30252] ? create_io_thread+0x1e0/0x1e0 [ 227.129247][T30252] ? __mutex_lock_slowpath+0x10/0x10 [ 227.134366][T30252] __x64_sys_clone+0x289/0x310 [ 227.139056][T30252] ? __do_sys_vfork+0x130/0x130 [ 227.143742][T30252] ? debug_smp_processor_id+0x17/0x20 [ 227.148950][T30252] do_syscall_64+0x44/0xd0 [ 227.153202][T30252] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 227.158930][T30252] RIP: 0033:0x7f510cb420d9 [ 227.163184][T30252] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 227.182713][T30252] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 227.190973][T30252] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 227.198771][T30252] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 227.206586][T30252] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 227.214392][T30252] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 227.222203][T30252] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 227.230104][T30252] [ 227.232969][T30252] [ 227.235142][T30252] Allocated by task 30210: [ 227.239395][T30252] __kasan_slab_alloc+0xb2/0xe0 [ 227.244163][T30252] kmem_cache_alloc+0x189/0x2f0 [ 227.248850][T30252] vm_area_dup+0x26/0x1d0 [ 227.253014][T30252] dup_mmap+0x6b8/0xea0 [ 227.257011][T30252] dup_mm+0x91/0x330 [ 227.260739][T30252] copy_mm+0x108/0x1b0 [ 227.264644][T30252] copy_process+0x1295/0x3250 [ 227.269163][T30252] kernel_clone+0x22d/0x990 [ 227.273501][T30252] __x64_sys_clone+0x289/0x310 [ 227.278190][T30252] do_syscall_64+0x44/0xd0 [ 227.282440][T30252] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 227.288166][T30252] [ 227.290338][T30252] Freed by task 30235: [ 227.294242][T30252] kasan_set_track+0x4c/0x70 [ 227.298680][T30252] kasan_set_free_info+0x23/0x40 [ 227.303445][T30252] ____kasan_slab_free+0x126/0x160 [ 227.308415][T30252] __kasan_slab_free+0x11/0x20 [ 227.312991][T30252] slab_free_freelist_hook+0xc9/0x1a0 [ 227.318198][T30252] kmem_cache_free+0x11a/0x2e0 [ 227.322807][T30252] vm_area_free+0x1ae/0x230 [ 227.327144][T30252] exit_mmap+0x5dd/0x7a0 [ 227.331216][T30252] __mmput+0x95/0x300 [ 227.335046][T30252] mmput+0x50/0x60 [ 227.338594][T30252] exit_mm+0x50d/0x760 [ 227.342498][T30252] do_exit+0x63c/0x24d0 [ 227.346491][T30252] __ia32_sys_exit+0x0/0x40 [ 227.350832][T30252] do_syscall_64+0x44/0xd0 [ 227.355091][T30252] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 227.360811][T30252] [ 227.362982][T30252] The buggy address belongs to the object at ffff8881230d5940 [ 227.362982][T30252] which belongs to the cache vm_area_struct of size 232 [ 227.377132][T30252] The buggy address is located 88 bytes inside of [ 227.377132][T30252] 232-byte region [ffff8881230d5940, ffff8881230d5a28) [ 227.390174][T30252] The buggy address belongs to the page: [ 227.395794][T30252] page:ffffea00048c3540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1230d5 [ 227.405862][T30252] flags: 0x4000000000000200(slab|zone=1) [ 227.411346][T30252] raw: 4000000000000200 0000000000000000 0000000400000001 ffff888100274c00 [ 227.419759][T30252] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 [ 227.428169][T30252] page dumped because: kasan: bad access detected [ 227.434413][T30252] page_owner tracks the page as allocated [ 227.439969][T30252] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 1017, ts 35312196585, free_ts 35179779157 [ 227.456117][T30252] post_alloc_hook+0x1ab/0x1b0 [ 227.460715][T30252] get_page_from_freelist+0x38b/0x400 [ 227.466013][T30252] __alloc_pages+0x3a8/0x7c0 [ 227.470437][T30252] allocate_slab+0x62/0x580 [ 227.474776][T30252] ___slab_alloc+0x2e2/0x6f0 [ 227.479294][T30252] __slab_alloc+0x4a/0x90 [ 227.483462][T30252] kmem_cache_alloc+0x205/0x2f0 [ 227.488157][T30252] vm_area_dup+0x26/0x1d0 [ 227.492315][T30252] dup_mmap+0x6b8/0xea0 [ 227.496491][T30252] dup_mm+0x91/0x330 [ 227.500218][T30252] copy_mm+0x108/0x1b0 [ 227.504125][T30252] copy_process+0x1295/0x3250 [ 227.508640][T30252] kernel_clone+0x22d/0x990 [ 227.512980][T30252] __x64_sys_clone+0x289/0x310 [ 227.517580][T30252] do_syscall_64+0x44/0xd0 [ 227.521830][T30252] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 227.527564][T30252] page last free stack trace: [ 227.532074][T30252] free_pcp_prepare+0x448/0x450 [ 227.536759][T30252] free_unref_page_list+0x16a/0xad0 [ 227.541792][T30252] release_pages+0xf3e/0xf90 [ 227.546223][T30252] free_pages_and_swap_cache+0x97/0xb0 [ 227.551516][T30252] tlb_flush_mmu+0x860/0xa00 [ 227.555945][T30252] tlb_finish_mmu+0xd2/0x1f0 [ 227.560367][T30252] exit_mmap+0x46e/0x7a0 [ 227.564448][T30252] __mmput+0x95/0x300 [ 227.568264][T30252] mmput+0x50/0x60 [ 227.571830][T30252] exit_mm+0x50d/0x760 [ 227.575728][T30252] do_exit+0x63c/0x24d0 [ 227.579725][T30252] do_group_exit+0x13a/0x300 [ 227.584148][T30252] get_signal+0x77e/0x1600 [ 227.588401][T30252] arch_do_signal_or_restart+0x9f/0x670 [ 227.593785][T30252] exit_to_user_mode_loop+0xd4/0x110 [ 227.598903][T30252] syscall_exit_to_user_mode+0x79/0xc0 [ 227.604221][T30252] [ 227.606371][T30252] Memory state around the buggy address: [ 227.611842][T30252] ffff8881230d5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 227.619742][T30252] ffff8881230d5900: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 227.627642][T30252] >ffff8881230d5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 227.635534][T30252] ^ [ 227.640226][T30252] ffff8881230d5a00: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb [ 227.648122][T30252] ffff8881230d5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 17:40:05 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 79) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:05 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:05 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18600a001c000000000000000000000000846ea900", @ANYRESDEC=0x0], &(0x7f0000000140)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x58000, &(0x7f0000000300)="ada50b539618744433520d006c84e8e4536dad69cfdac9e005f6b8cd0504546229cdd8e53f40dc7ff1f11001107b555c9b49d6fb5261905b8d19a79d82bfed3bf5533c15d1e88ac705480b0ef44d24528402948fed79790be3be1bdc74141d2b38cb3c8796444c34ff51ff94949e8aee1da58b31cf0796a11123e706124c45eaebe43312be195d32d60141e1b791ed205af647b758d76175d8ef135ab10e132a2bb645f9f0a2ec85b09215ab607779fb3fa9f889df3c69ef5302518197d49b86d6e305c2bdb03e26638642a7e0ff6ae3060f9342a2ed6b92305c62a80fe31dfd28f5", 0xe2, &(0x7f0000000040), &(0x7f00000001c0), &(0x7f0000000100)="81106efc07000000") 17:40:05 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:05 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r3}, 0x8) 17:40:05 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) [ 227.656019][T30252] ================================================================== [ 227.663916][T30252] Disabling lock debugging due to kernel taint 17:40:05 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:05 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r3}, 0x8) 17:40:05 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18600a001c000000000000000000000000846ea900", @ANYRESDEC=0x0], &(0x7f0000000140)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x58000, &(0x7f0000000300)="ada50b539618744433520d006c84e8e4536dad69cfdac9e005f6b8cd0504546229cdd8e53f40dc7ff1f11001107b555c9b49d6fb5261905b8d19a79d82bfed3bf5533c15d1e88ac705480b0ef44d24528402948fed79790be3be1bdc74141d2b38cb3c8796444c34ff51ff94949e8aee1da58b31cf0796a11123e706124c45eaebe43312be195d32d60141e1b791ed205af647b758d76175d8ef135ab10e132a2bb645f9f0a2ec85b09215ab607779fb3fa9f889df3c69ef5302518197d49b86d6e305c2bdb03e26638642a7e0ff6ae3060f9342a2ed6b92305c62a80fe31dfd28f5", 0xe2, &(0x7f0000000040), &(0x7f00000001c0), &(0x7f0000000100)="81106efc07000000") 17:40:05 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:05 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18600a001c000000000000000000000000846ea900", @ANYRESDEC=0x0], &(0x7f0000000140)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x58000, &(0x7f0000000300)="ada50b539618744433520d006c84e8e4536dad69cfdac9e005f6b8cd0504546229cdd8e53f40dc7ff1f11001107b555c9b49d6fb5261905b8d19a79d82bfed3bf5533c15d1e88ac705480b0ef44d24528402948fed79790be3be1bdc74141d2b38cb3c8796444c34ff51ff94949e8aee1da58b31cf0796a11123e706124c45eaebe43312be195d32d60141e1b791ed205af647b758d76175d8ef135ab10e132a2bb645f9f0a2ec85b09215ab607779fb3fa9f889df3c69ef5302518197d49b86d6e305c2bdb03e26638642a7e0ff6ae3060f9342a2ed6b92305c62a80fe31dfd28f5", 0xe2, &(0x7f0000000040), &(0x7f00000001c0), &(0x7f0000000100)="81106efc07000000") 17:40:05 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) r2 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r3}, 0x8) [ 227.792112][T30293] FAULT_INJECTION: forcing a failure. [ 227.792112][T30293] name failslab, interval 1, probability 0, space 0, times 0 [ 227.888704][T30293] CPU: 0 PID: 30293 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 227.900175][T30293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 227.910072][T30293] Call Trace: [ 227.913197][T30293] [ 227.915971][T30293] dump_stack_lvl+0x151/0x1b7 [ 227.920486][T30293] ? bfq_pos_tree_add_move+0x43e/0x43e [ 227.925783][T30293] dump_stack+0x15/0x17 [ 227.929770][T30293] should_fail+0x3c0/0x510 [ 227.934036][T30293] __should_failslab+0x9f/0xe0 [ 227.938631][T30293] should_failslab+0x9/0x20 [ 227.942963][T30293] kmem_cache_alloc+0x4f/0x2f0 [ 227.947563][T30293] ? anon_vma_fork+0x1b9/0x4f0 [ 227.952250][T30293] anon_vma_fork+0x1b9/0x4f0 [ 227.956678][T30293] dup_mmap+0x750/0xea0 [ 227.960670][T30293] ? __delayed_free_task+0x20/0x20 [ 227.965619][T30293] ? mm_init+0x807/0x960 [ 227.969712][T30293] dup_mm+0x91/0x330 [ 227.973433][T30293] copy_mm+0x108/0x1b0 [ 227.977332][T30293] copy_process+0x1295/0x3250 [ 227.981849][T30293] ? proc_fail_nth_write+0x213/0x290 [ 227.986969][T30293] ? proc_fail_nth_read+0x220/0x220 [ 227.992013][T30293] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 227.996950][T30293] ? vfs_write+0x9af/0x1050 [ 228.001287][T30293] ? vmacache_update+0xb7/0x120 [ 228.005978][T30293] kernel_clone+0x22d/0x990 [ 228.010318][T30293] ? file_end_write+0x1b0/0x1b0 [ 228.015001][T30293] ? __kasan_check_write+0x14/0x20 [ 228.019952][T30293] ? create_io_thread+0x1e0/0x1e0 [ 228.024813][T30293] ? __mutex_lock_slowpath+0x10/0x10 [ 228.029932][T30293] __x64_sys_clone+0x289/0x310 [ 228.034533][T30293] ? __do_sys_vfork+0x130/0x130 [ 228.039223][T30293] ? debug_smp_processor_id+0x17/0x20 [ 228.044436][T30293] do_syscall_64+0x44/0xd0 [ 228.048679][T30293] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 228.054408][T30293] RIP: 0033:0x7f510cb420d9 [ 228.058663][T30293] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 228.078103][T30293] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 228.086359][T30293] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 228.094247][T30293] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 228.102060][T30293] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 228.110043][T30293] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 228.117854][T30293] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 228.125850][T30293] 17:40:05 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 80) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:05 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair(0x27, 0x6, 0x20, &(0x7f0000000040)) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d69662e5c14e4fb677abd9eab9c730c300a54dfe9a7ca73a3d3d1be3e9d6225bacc150641011027fd9e15866a52169af531d61efe7ccd1e8fb9a5197021c99777af0d6df73cce49c7e231b853d33d91d556dc0117fe4de4ee5c4229fa76521dbb6f665c69"], 0x6a) 17:40:05 executing program 1: r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0x4, [@restrict={0x2, 0x0, 0x0, 0xb, 0x5}, @enum={0xd, 0x2, 0x0, 0x6, 0x4, [{0xc, 0x3}, {0xa, 0x5}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @enum={0xf, 0x1, 0x0, 0x6, 0x4, [{0xc, 0x100}]}, @const={0x2, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0x70, 0x1000, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0xa, 0xf, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf424, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x10001}, @ldst={0x2, 0x1, 0x0, 0x8, 0x8, 0x100, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xb5}, @exit, @alu={0x7, 0x1, 0xb, 0x5, 0xb, 0x2, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @jmp={0x5, 0x0, 0x9, 0x1, 0x0, 0x8, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000340)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, 0x15, r4, 0x8, &(0x7f0000001600)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000001640)={0x0, 0x7, 0x0, 0x913}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000001680)}, 0x80) openat$cgroup_ro(r2, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) r5 = openat$cgroup_devices(r1, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="63202a9d7586076d00"], 0x9) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095c90980f266565c61f0f69efdd2b033569afcf80a8eb884b9e82f17a1e3411b725c784c935c880d6733a2b48b17d7846de969a1e8dccd793f4d5629bca96f3debe275140e0ec778581b29eba2a7903129667634f75a5c774a79d23acc01ae7f798e7e9a3d7a85bfbde0dcf05526ec19c99e240cd8386940300502f43c3f41bdd037f315c9431ec045971fac6e554af324eeb27c09fa33aaaaaafd35e0a2cd9d3a218796d8e52810a80233a636905247c4f05d2057b83fae7832842a7c8c13042481b1120a065d9d733d028644b5b361b71a13231a604c2610009be5f5c9c8f85b3fa384751010696454727ca1cbc0db8c5770e8b733c7603a2e5167cdce49", @ANYRES32=r0, @ANYRES8=r1, @ANYRES64=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:05 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:05 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) r3 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x7f, 0xca, 0x0, 0x8, 0x40, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000700), 0x11}, 0x440, 0x7fffffff, 0x66, 0x6, 0x0, 0x7ff, 0xffff, 0x0, 0x6, 0x0, 0x9}, r3, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000680)={0x5, 0x80, 0x20, 0x1, 0x0, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000600)}, 0x0, 0x80000001, 0x81, 0x0, 0x7, 0x0, 0x708, 0x0, 0xe80, 0x0, 0x6}, 0x0, 0x3, r4, 0x5) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x7, 0x3f, 0x1, 0x0, 0x0, 0x1822c228, 0x10000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000240), 0x2}, 0x22, 0x10001, 0x8, 0x9, 0x8, 0x6, 0x3f, 0x0, 0x10001, 0x0, 0xffffffffffffff69}, 0x0, 0x4, r1, 0x3) r5 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="855d4cf24656291778a38489042c045271abd95c7ef32bf4a71093e61a32a2b776192c1aece179e1367554e0dad0936b432227e6e43dcd703957c4a31dbb20de2ba22b28c2988f34341a3abad5be8f02356a4b205412bb70dbd40c12155bbee380a3521f5702e5fbf5c73fa27f34d7977625e47a3180c32b538e2a6e378761cae7d6d1b1f8cc08a032729ad404cd29"], 0x6a) [ 228.478961][ T30] audit: type=1400 audit(1671126005.869:106): avc: denied { create } for pid=30311 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 228.506245][T30315] FAULT_INJECTION: forcing a failure. [ 228.506245][T30315] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 228.558952][T30315] CPU: 1 PID: 30315 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 228.570445][T30315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 228.580335][T30315] Call Trace: [ 228.583456][T30315] [ 228.586236][T30315] dump_stack_lvl+0x151/0x1b7 [ 228.590760][T30315] ? bfq_pos_tree_add_move+0x43e/0x43e [ 228.596054][T30315] dump_stack+0x15/0x17 [ 228.600035][T30315] should_fail+0x3c0/0x510 [ 228.604341][T30315] should_fail_alloc_page+0x58/0x70 17:40:06 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) 17:40:06 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair(0x27, 0x6, 0x20, &(0x7f0000000040)) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d69662e5c14e4fb677abd9eab9c730c300a54dfe9a7ca73a3d3d1be3e9d6225bacc150641011027fd9e15866a52169af531d61efe7ccd1e8fb9a5197021c99777af0d6df73cce49c7e231b853d33d91d556dc0117fe4de4ee5c4229fa76521dbb6f665c69"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) socketpair(0x27, 0x6, 0x20, &(0x7f0000000040)) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d69662e5c14e4fb677abd9eab9c730c300a54dfe9a7ca73a3d3d1be3e9d6225bacc150641011027fd9e15866a52169af531d61efe7ccd1e8fb9a5197021c99777af0d6df73cce49c7e231b853d33d91d556dc0117fe4de4ee5c4229fa76521dbb6f665c69"], 0x6a) (async) 17:40:06 executing program 1: r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0x4, [@restrict={0x2, 0x0, 0x0, 0xb, 0x5}, @enum={0xd, 0x2, 0x0, 0x6, 0x4, [{0xc, 0x3}, {0xa, 0x5}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @enum={0xf, 0x1, 0x0, 0x6, 0x4, [{0xc, 0x100}]}, @const={0x2, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0x70, 0x1000, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0xa, 0xf, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf424, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x10001}, @ldst={0x2, 0x1, 0x0, 0x8, 0x8, 0x100, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xb5}, @exit, @alu={0x7, 0x1, 0xb, 0x5, 0xb, 0x2, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @jmp={0x5, 0x0, 0x9, 0x1, 0x0, 0x8, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000340)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, 0x15, r4, 0x8, &(0x7f0000001600)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000001640)={0x0, 0x7, 0x0, 0x913}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000001680)}, 0x80) openat$cgroup_ro(r2, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) r5 = openat$cgroup_devices(r1, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="63202a9d7586076d00"], 0x9) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095c90980f266565c61f0f69efdd2b033569afcf80a8eb884b9e82f17a1e3411b725c784c935c880d6733a2b48b17d7846de969a1e8dccd793f4d5629bca96f3debe275140e0ec778581b29eba2a7903129667634f75a5c774a79d23acc01ae7f798e7e9a3d7a85bfbde0dcf05526ec19c99e240cd8386940300502f43c3f41bdd037f315c9431ec045971fac6e554af324eeb27c09fa33aaaaaafd35e0a2cd9d3a218796d8e52810a80233a636905247c4f05d2057b83fae7832842a7c8c13042481b1120a065d9d733d028644b5b361b71a13231a604c2610009be5f5c9c8f85b3fa384751010696454727ca1cbc0db8c5770e8b733c7603a2e5167cdce49", @ANYRES32=r0, @ANYRES8=r1, @ANYRES64=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r1, 0x58, &(0x7f0000000280)}, 0x10) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0x4, [@restrict={0x2, 0x0, 0x0, 0xb, 0x5}, @enum={0xd, 0x2, 0x0, 0x6, 0x4, [{0xc, 0x3}, {0xa, 0x5}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @enum={0xf, 0x1, 0x0, 0x6, 0x4, [{0xc, 0x100}]}, @const={0x2, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0x70, 0x1000, 0x1}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0xa, 0xf, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf424, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x10001}, @ldst={0x2, 0x1, 0x0, 0x8, 0x8, 0x100, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xb5}, @exit, @alu={0x7, 0x1, 0xb, 0x5, 0xb, 0x2, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @jmp={0x5, 0x0, 0x9, 0x1, 0x0, 0x8, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000340)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, 0x15, r4, 0x8, &(0x7f0000001600)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000001640)={0x0, 0x7, 0x0, 0x913}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000001680)}, 0x80) (async) openat$cgroup_ro(r2, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) openat$cgroup_devices(r1, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) (async) write$cgroup_devices(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="63202a9d7586076d00"], 0x9) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095c90980f266565c61f0f69efdd2b033569afcf80a8eb884b9e82f17a1e3411b725c784c935c880d6733a2b48b17d7846de969a1e8dccd793f4d5629bca96f3debe275140e0ec778581b29eba2a7903129667634f75a5c774a79d23acc01ae7f798e7e9a3d7a85bfbde0dcf05526ec19c99e240cd8386940300502f43c3f41bdd037f315c9431ec045971fac6e554af324eeb27c09fa33aaaaaafd35e0a2cd9d3a218796d8e52810a80233a636905247c4f05d2057b83fae7832842a7c8c13042481b1120a065d9d733d028644b5b361b71a13231a604c2610009be5f5c9c8f85b3fa384751010696454727ca1cbc0db8c5770e8b733c7603a2e5167cdce49", @ANYRES32=r0, @ANYRES8=r1, @ANYRES64=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) [ 228.609321][T30315] __alloc_pages+0x1de/0x7c0 [ 228.613759][T30315] ? __count_vm_events+0x30/0x30 [ 228.618527][T30315] pte_alloc_one+0x73/0x1b0 [ 228.622955][T30315] ? pfn_modify_allowed+0x2e0/0x2e0 [ 228.627991][T30315] __pte_alloc+0x86/0x350 [ 228.632164][T30315] ? free_pgtables+0x210/0x210 [ 228.636756][T30315] ? _raw_spin_lock+0xa3/0x1b0 [ 228.641358][T30315] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 228.646575][T30315] ? unwind_get_return_address+0x4c/0x90 [ 228.652035][T30315] copy_pte_range+0x1b1f/0x20b0 [ 228.656723][T30315] ? stack_trace_save+0x12d/0x1f0 [ 228.661668][T30315] ? anon_vma_clone+0xa1/0x4f0 [ 228.666265][T30315] ? __kunmap_atomic+0x80/0x80 [ 228.670949][T30315] ? dup_mmap+0x750/0xea0 [ 228.675115][T30315] ? copy_mm+0x108/0x1b0 [ 228.679197][T30315] ? copy_process+0x1295/0x3250 [ 228.683947][T30315] ? kernel_clone+0x22d/0x990 [ 228.688409][T30315] ? __x64_sys_clone+0x289/0x310 [ 228.693169][T30315] ? do_syscall_64+0x44/0xd0 [ 228.697695][T30315] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 228.703598][T30315] copy_page_range+0xc1e/0x1090 [ 228.708287][T30315] ? pfn_valid+0x1e0/0x1e0 [ 228.712538][T30315] dup_mmap+0x99f/0xea0 [ 228.716616][T30315] ? __delayed_free_task+0x20/0x20 [ 228.721567][T30315] ? mm_init+0x807/0x960 [ 228.725732][T30315] dup_mm+0x91/0x330 [ 228.729465][T30315] copy_mm+0x108/0x1b0 [ 228.733377][T30315] copy_process+0x1295/0x3250 [ 228.737881][T30315] ? proc_fail_nth_write+0x213/0x290 [ 228.743003][T30315] ? proc_fail_nth_read+0x220/0x220 [ 228.748038][T30315] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 228.752980][T30315] ? vfs_write+0x9af/0x1050 [ 228.757323][T30315] ? vmacache_update+0xb7/0x120 [ 228.762010][T30315] kernel_clone+0x22d/0x990 [ 228.766349][T30315] ? file_end_write+0x1b0/0x1b0 [ 228.771038][T30315] ? __kasan_check_write+0x14/0x20 [ 228.775982][T30315] ? create_io_thread+0x1e0/0x1e0 [ 228.780844][T30315] ? __mutex_lock_slowpath+0x10/0x10 [ 228.785973][T30315] __x64_sys_clone+0x289/0x310 [ 228.790566][T30315] ? __do_sys_vfork+0x130/0x130 [ 228.795255][T30315] ? debug_smp_processor_id+0x17/0x20 [ 228.800463][T30315] do_syscall_64+0x44/0xd0 [ 228.804730][T30315] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 228.810441][T30315] RIP: 0033:0x7f510cb420d9 [ 228.814696][T30315] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 228.834135][T30315] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 228.842409][T30315] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 228.850190][T30315] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:06 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair(0x27, 0x6, 0x20, &(0x7f0000000040)) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) (async, rerun: 64) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d69662e5c14e4fb677abd9eab9c730c300a54dfe9a7ca73a3d3d1be3e9d6225bacc150641011027fd9e15866a52169af531d61efe7ccd1e8fb9a5197021c99777af0d6df73cce49c7e231b853d33d91d556dc0117fe4de4ee5c4229fa76521dbb6f665c69"], 0x6a) (rerun: 64) [ 228.858005][T30315] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 228.865814][T30315] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 228.873625][T30315] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 228.881442][T30315] 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:06 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 81) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:06 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="bfd771eed3e985679b5bcedeec8152b172acabf1c16a2d7d801c41aa6d72864748acc7f017e8d3ef5a41253602d84ee0447eda5eab452319a1d27abad4af2e9df60141715c2d20fd9c67840ca623bae4d75e500aa8dff914813742578715fe79bfe66502e00e8cdbfc1304d0707294350809caec69318ca05d57a063e973bca8b6acf924c0421209217757e3c84846d0f7b26e1e7583d655b052d6e7"], 0x6a) 17:40:06 executing program 1: r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0x4, [@restrict={0x2, 0x0, 0x0, 0xb, 0x5}, @enum={0xd, 0x2, 0x0, 0x6, 0x4, [{0xc, 0x3}, {0xa, 0x5}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @enum={0xf, 0x1, 0x0, 0x6, 0x4, [{0xc, 0x100}]}, @const={0x2, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0x70, 0x1000, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0xa, 0xf, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf424, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x10001}, @ldst={0x2, 0x1, 0x0, 0x8, 0x8, 0x100, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xb5}, @exit, @alu={0x7, 0x1, 0xb, 0x5, 0xb, 0x2, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @jmp={0x5, 0x0, 0x9, 0x1, 0x0, 0x8, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000340)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, 0x15, r4, 0x8, &(0x7f0000001600)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000001640)={0x0, 0x7, 0x0, 0x913}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000001680)}, 0x80) openat$cgroup_ro(r2, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) r5 = openat$cgroup_devices(r1, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="63202a9d7586076d00"], 0x9) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095c90980f266565c61f0f69efdd2b033569afcf80a8eb884b9e82f17a1e3411b725c784c935c880d6733a2b48b17d7846de969a1e8dccd793f4d5629bca96f3debe275140e0ec778581b29eba2a7903129667634f75a5c774a79d23acc01ae7f798e7e9a3d7a85bfbde0dcf05526ec19c99e240cd8386940300502f43c3f41bdd037f315c9431ec045971fac6e554af324eeb27c09fa33aaaaaafd35e0a2cd9d3a218796d8e52810a80233a636905247c4f05d2057b83fae7832842a7c8c13042481b1120a065d9d733d028644b5b361b71a13231a604c2610009be5f5c9c8f85b3fa384751010696454727ca1cbc0db8c5770e8b733c7603a2e5167cdce49", @ANYRES32=r0, @ANYRES8=r1, @ANYRES64=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) [ 228.998896][T30358] FAULT_INJECTION: forcing a failure. [ 228.998896][T30358] name failslab, interval 1, probability 0, space 0, times 0 [ 229.044826][T30358] CPU: 1 PID: 30358 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 229.056289][T30358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 229.066187][T30358] Call Trace: [ 229.069311][T30358] [ 229.072084][T30358] dump_stack_lvl+0x151/0x1b7 [ 229.076597][T30358] ? bfq_pos_tree_add_move+0x43e/0x43e [ 229.081909][T30358] dump_stack+0x15/0x17 [ 229.085887][T30358] should_fail+0x3c0/0x510 [ 229.090140][T30358] __should_failslab+0x9f/0xe0 [ 229.094740][T30358] should_failslab+0x9/0x20 [ 229.099077][T30358] kmem_cache_alloc+0x4f/0x2f0 [ 229.103676][T30358] ? vm_area_dup+0x26/0x1d0 [ 229.108105][T30358] ? __kasan_check_read+0x11/0x20 [ 229.112967][T30358] vm_area_dup+0x26/0x1d0 [ 229.117217][T30358] dup_mmap+0x6b8/0xea0 [ 229.121214][T30358] ? __delayed_free_task+0x20/0x20 [ 229.126156][T30358] ? mm_init+0x807/0x960 [ 229.130236][T30358] dup_mm+0x91/0x330 [ 229.133967][T30358] copy_mm+0x108/0x1b0 [ 229.138751][T30358] copy_process+0x1295/0x3250 [ 229.143289][T30358] ? proc_fail_nth_write+0x213/0x290 [ 229.148377][T30358] ? proc_fail_nth_read+0x220/0x220 [ 229.153417][T30358] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 229.158359][T30358] ? vfs_write+0x9af/0x1050 [ 229.162829][T30358] ? vmacache_update+0xb7/0x120 [ 229.167518][T30358] kernel_clone+0x22d/0x990 [ 229.171852][T30358] ? file_end_write+0x1b0/0x1b0 [ 229.176540][T30358] ? __kasan_check_write+0x14/0x20 [ 229.181486][T30358] ? create_io_thread+0x1e0/0x1e0 [ 229.186345][T30358] ? __mutex_lock_slowpath+0x10/0x10 [ 229.191559][T30358] __x64_sys_clone+0x289/0x310 [ 229.196149][T30358] ? __do_sys_vfork+0x130/0x130 [ 229.200838][T30358] ? debug_smp_processor_id+0x17/0x20 [ 229.206051][T30358] do_syscall_64+0x44/0xd0 [ 229.210299][T30358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 229.216022][T30358] RIP: 0033:0x7f510cb420d9 [ 229.220303][T30358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 229.239721][T30358] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 229.247966][T30358] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 229.255782][T30358] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 229.263588][T30358] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 229.271397][T30358] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 229.279210][T30358] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 229.287114][T30358] 17:40:06 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) (async) r3 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x7f, 0xca, 0x0, 0x8, 0x40, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000700), 0x11}, 0x440, 0x7fffffff, 0x66, 0x6, 0x0, 0x7ff, 0xffff, 0x0, 0x6, 0x0, 0x9}, r3, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000680)={0x5, 0x80, 0x20, 0x1, 0x0, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000600)}, 0x0, 0x80000001, 0x81, 0x0, 0x7, 0x0, 0x708, 0x0, 0xe80, 0x0, 0x6}, 0x0, 0x3, r4, 0x5) (async) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x7, 0x3f, 0x1, 0x0, 0x0, 0x1822c228, 0x10000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000240), 0x2}, 0x22, 0x10001, 0x8, 0x9, 0x8, 0x6, 0x3f, 0x0, 0x10001, 0x0, 0xffffffffffffff69}, 0x0, 0x4, r1, 0x3) r5 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="855d4cf24656291778a38489042c045271abd95c7ef32bf4a71093e61a32a2b776192c1aece179e1367554e0dad0936b432227e6e43dcd703957c4a31dbb20de2ba22b28c2988f34341a3abad5be8f02356a4b205412bb70dbd40c12155bbee380a3521f5702e5fbf5c73fa27f34d7977625e47a3180c32b538e2a6e378761cae7d6d1b1f8cc08a032729ad404cd29"], 0x6a) 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) 17:40:06 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="bfd771eed3e985679b5bcedeec8152b172acabf1c16a2d7d801c41aa6d72864748acc7f017e8d3ef5a41253602d84ee0447eda5eab452319a1d27abad4af2e9df60141715c2d20fd9c67840ca623bae4d75e500aa8dff914813742578715fe79bfe66502e00e8cdbfc1304d0707294350809caec69318ca05d57a063e973bca8b6acf924c0421209217757e3c84846d0f7b26e1e7583d655b052d6e7"], 0x6a) 17:40:06 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0x80, 0x40, 0x51, 0x5, 0x0, 0xf49, 0x3000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x8, 0x1353, 0xfff, 0x6, 0x7fffffff, 0x2, 0x8001, 0x0, 0x8, 0x0, 0x10001}, r1, 0x8, r2, 0x8) 17:40:06 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) 17:40:06 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 82) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0xd74a, 0x12) 17:40:06 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="bfd771eed3e985679b5bcedeec8152b172acabf1c16a2d7d801c41aa6d72864748acc7f017e8d3ef5a41253602d84ee0447eda5eab452319a1d27abad4af2e9df60141715c2d20fd9c67840ca623bae4d75e500aa8dff914813742578715fe79bfe66502e00e8cdbfc1304d0707294350809caec69318ca05d57a063e973bca8b6acf924c0421209217757e3c84846d0f7b26e1e7583d655b052d6e7"], 0x6a) [ 229.501869][T30372] FAULT_INJECTION: forcing a failure. [ 229.501869][T30372] name failslab, interval 1, probability 0, space 0, times 0 17:40:06 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, 0x0, 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:06 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async, rerun: 64) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0x80, 0x40, 0x51, 0x5, 0x0, 0xf49, 0x3000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x8, 0x1353, 0xfff, 0x6, 0x7fffffff, 0x2, 0x8001, 0x0, 0x8, 0x0, 0x10001}, r1, 0x8, r2, 0x8) [ 229.543941][T30372] CPU: 1 PID: 30372 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 229.555398][T30372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 229.565295][T30372] Call Trace: [ 229.568421][T30372] [ 229.571199][T30372] dump_stack_lvl+0x151/0x1b7 [ 229.575710][T30372] ? bfq_pos_tree_add_move+0x43e/0x43e [ 229.580997][T30372] ? do_syscall_64+0x44/0xd0 [ 229.585427][T30372] dump_stack+0x15/0x17 [ 229.589418][T30372] should_fail+0x3c0/0x510 [ 229.593669][T30372] __should_failslab+0x9f/0xe0 [ 229.598270][T30372] should_failslab+0x9/0x20 [ 229.602609][T30372] kmem_cache_alloc+0x4f/0x2f0 [ 229.607209][T30372] ? anon_vma_clone+0xa1/0x4f0 [ 229.611812][T30372] anon_vma_clone+0xa1/0x4f0 [ 229.616236][T30372] anon_vma_fork+0x91/0x4f0 [ 229.620574][T30372] ? anon_vma_name+0x43/0x70 [ 229.625003][T30372] dup_mmap+0x750/0xea0 [ 229.628999][T30372] ? __delayed_free_task+0x20/0x20 [ 229.633943][T30372] ? mm_init+0x807/0x960 [ 229.638022][T30372] dup_mm+0x91/0x330 [ 229.641757][T30372] copy_mm+0x108/0x1b0 [ 229.645660][T30372] copy_process+0x1295/0x3250 [ 229.650177][T30372] ? proc_fail_nth_write+0x213/0x290 [ 229.655305][T30372] ? proc_fail_nth_read+0x220/0x220 [ 229.660331][T30372] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 229.665278][T30372] ? vfs_write+0x9af/0x1050 [ 229.669614][T30372] ? vmacache_update+0xb7/0x120 [ 229.674389][T30372] kernel_clone+0x22d/0x990 [ 229.678735][T30372] ? file_end_write+0x1b0/0x1b0 [ 229.683415][T30372] ? __kasan_check_write+0x14/0x20 [ 229.688360][T30372] ? create_io_thread+0x1e0/0x1e0 [ 229.693222][T30372] ? __mutex_lock_slowpath+0x10/0x10 [ 229.698344][T30372] __x64_sys_clone+0x289/0x310 [ 229.702942][T30372] ? __do_sys_vfork+0x130/0x130 [ 229.707632][T30372] ? debug_smp_processor_id+0x17/0x20 [ 229.712844][T30372] do_syscall_64+0x44/0xd0 [ 229.717096][T30372] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 229.722818][T30372] RIP: 0033:0x7f510cb420d9 [ 229.727084][T30372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 229.746522][T30372] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 229.754757][T30372] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 229.762569][T30372] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 229.770383][T30372] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 229.778278][T30372] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 229.786091][T30372] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 17:40:07 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:07 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, 0x0, 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) [ 229.793908][T30372] 17:40:08 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) (async) r3 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x7f, 0xca, 0x0, 0x8, 0x40, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000700), 0x11}, 0x440, 0x7fffffff, 0x66, 0x6, 0x0, 0x7ff, 0xffff, 0x0, 0x6, 0x0, 0x9}, r3, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000680)={0x5, 0x80, 0x20, 0x1, 0x0, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000600)}, 0x0, 0x80000001, 0x81, 0x0, 0x7, 0x0, 0x708, 0x0, 0xe80, 0x0, 0x6}, 0x0, 0x3, r4, 0x5) (async) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x7, 0x3f, 0x1, 0x0, 0x0, 0x1822c228, 0x10000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000240), 0x2}, 0x22, 0x10001, 0x8, 0x9, 0x8, 0x6, 0x3f, 0x0, 0x10001, 0x0, 0xffffffffffffff69}, 0x0, 0x4, r1, 0x3) (async) r5 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="855d4cf24656291778a38489042c045271abd95c7ef32bf4a71093e61a32a2b776192c1aece179e1367554e0dad0936b432227e6e43dcd703957c4a31dbb20de2ba22b28c2988f34341a3abad5be8f02356a4b205412bb70dbd40c12155bbee380a3521f5702e5fbf5c73fa27f34d7977625e47a3180c32b538e2a6e378761cae7d6d1b1f8cc08a032729ad404cd29"], 0x6a) 17:40:08 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:40:08 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, 0x0, 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xd74a, 0x12) 17:40:08 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x7ff, 0x18}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x6, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xcae3}, @exit], &(0x7f0000000040)='GPL\x00', 0x7e1, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x3, 0xfffffff9, 0x94}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x1, r1]}, 0x80) 17:40:08 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 83) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:08 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup(r2, &(0x7f00000008c0)='syz0\x00', 0x200002, 0x0) (async) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0x80, 0x40, 0x51, 0x5, 0x0, 0xf49, 0x3000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x8, 0x1353, 0xfff, 0x6, 0x7fffffff, 0x2, 0x8001, 0x0, 0x8, 0x0, 0x10001}, r1, 0x8, r2, 0x8) 17:40:08 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:08 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:08 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x3cac) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:08 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:08 executing program 2: syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time_for_children\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:08 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x3cac) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 230.795284][T30415] FAULT_INJECTION: forcing a failure. [ 230.795284][T30415] name failslab, interval 1, probability 0, space 0, times 0 [ 230.898394][T30415] CPU: 1 PID: 30415 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 230.909869][T30415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 230.919757][T30415] Call Trace: [ 230.922879][T30415] [ 230.925652][T30415] dump_stack_lvl+0x151/0x1b7 [ 230.930166][T30415] ? bfq_pos_tree_add_move+0x43e/0x43e [ 230.935459][T30415] ? do_syscall_64+0x44/0xd0 [ 230.939893][T30415] dump_stack+0x15/0x17 [ 230.943886][T30415] should_fail+0x3c0/0x510 [ 230.948153][T30415] __should_failslab+0x9f/0xe0 [ 230.952735][T30415] should_failslab+0x9/0x20 [ 230.957158][T30415] kmem_cache_alloc+0x4f/0x2f0 [ 230.961759][T30415] ? anon_vma_clone+0xa1/0x4f0 [ 230.966363][T30415] anon_vma_clone+0xa1/0x4f0 [ 230.970788][T30415] anon_vma_fork+0x91/0x4f0 [ 230.975128][T30415] ? anon_vma_name+0x43/0x70 [ 230.979555][T30415] dup_mmap+0x750/0xea0 [ 230.983549][T30415] ? __delayed_free_task+0x20/0x20 [ 230.988492][T30415] ? mm_init+0x807/0x960 [ 230.992573][T30415] dup_mm+0x91/0x330 [ 230.996305][T30415] copy_mm+0x108/0x1b0 [ 231.000217][T30415] copy_process+0x1295/0x3250 [ 231.004732][T30415] ? proc_fail_nth_write+0x213/0x290 [ 231.009850][T30415] ? proc_fail_nth_read+0x220/0x220 [ 231.014967][T30415] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 231.019914][T30415] ? vfs_write+0x9af/0x1050 [ 231.024258][T30415] ? vmacache_update+0xb7/0x120 [ 231.028940][T30415] kernel_clone+0x22d/0x990 [ 231.033280][T30415] ? file_end_write+0x1b0/0x1b0 [ 231.037965][T30415] ? __kasan_check_write+0x14/0x20 [ 231.042916][T30415] ? create_io_thread+0x1e0/0x1e0 [ 231.047777][T30415] ? __mutex_lock_slowpath+0x10/0x10 [ 231.052897][T30415] __x64_sys_clone+0x289/0x310 [ 231.057515][T30415] ? __do_sys_vfork+0x130/0x130 [ 231.062184][T30415] ? debug_smp_processor_id+0x17/0x20 [ 231.067397][T30415] do_syscall_64+0x44/0xd0 [ 231.071643][T30415] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 231.077370][T30415] RIP: 0033:0x7f510cb420d9 [ 231.081627][T30415] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 231.101068][T30415] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 231.109309][T30415] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 231.117122][T30415] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 231.124936][T30415] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 231.132744][T30415] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 231.140556][T30415] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 231.148374][T30415] 17:40:09 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:09 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0xd74a, 0x12) 17:40:09 executing program 2: syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time_for_children\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time_for_children\x00') (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) (async) 17:40:09 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x3cac) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x3cac) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) 17:40:09 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x7ff, 0x18}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x6, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xcae3}, @exit], &(0x7f0000000040)='GPL\x00', 0x7e1, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x3, 0xfffffff9, 0x94}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x1, r1]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x7ff, 0x18}, 0xc) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x6, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xcae3}, @exit], &(0x7f0000000040)='GPL\x00', 0x7e1, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x3, 0xfffffff9, 0x94}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x1, r1]}, 0x80) (async) 17:40:09 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 84) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:09 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, 0x0, 0x0) 17:40:09 executing program 2: syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time_for_children\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async, rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='N-3'], 0x6a) 17:40:09 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, 0x0, 0x0) 17:40:09 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0xffffffffffffffff, 0x80, 0x18}, 0xc) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0xb}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x401}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, 0x17, r1, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0x6}, 0x10, 0x18842, 0xffffffffffffffff, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r3, r4]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:09 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, 0x0, 0x0) 17:40:09 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33242d64e9d1ca57c088f5dcf03b1f723e18fee816966e831749b99501bfd86fad5bf996044a0f70374e637ab094563b837c"], 0x6a) [ 232.044994][T30444] FAULT_INJECTION: forcing a failure. [ 232.044994][T30444] name failslab, interval 1, probability 0, space 0, times 0 17:40:09 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:09 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0xffffffffffffffff, 0x80, 0x18}, 0xc) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0xb}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x401}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, 0x17, r1, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0x6}, 0x10, 0x18842, 0xffffffffffffffff, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r3, r4]}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0xffffffffffffffff, 0x80, 0x18}, 0xc) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0xb}, 0x48) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x401}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, 0x17, r1, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0x6}, 0x10, 0x18842, 0xffffffffffffffff, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r3, r4]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 232.122881][T30444] CPU: 1 PID: 30444 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 232.134352][T30444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 232.144246][T30444] Call Trace: [ 232.147452][T30444] [ 232.150228][T30444] dump_stack_lvl+0x151/0x1b7 [ 232.154744][T30444] ? bfq_pos_tree_add_move+0x43e/0x43e [ 232.160032][T30444] dump_stack+0x15/0x17 [ 232.164025][T30444] should_fail+0x3c0/0x510 [ 232.168290][T30444] __should_failslab+0x9f/0xe0 [ 232.172878][T30444] should_failslab+0x9/0x20 [ 232.177218][T30444] kmem_cache_alloc+0x4f/0x2f0 [ 232.181923][T30444] ? anon_vma_clone+0xa1/0x4f0 [ 232.186503][T30444] anon_vma_clone+0xa1/0x4f0 [ 232.190932][T30444] anon_vma_fork+0x91/0x4f0 [ 232.195269][T30444] ? anon_vma_name+0x43/0x70 [ 232.199697][T30444] dup_mmap+0x750/0xea0 [ 232.203691][T30444] ? __delayed_free_task+0x20/0x20 [ 232.208635][T30444] ? mm_init+0x807/0x960 [ 232.212725][T30444] dup_mm+0x91/0x330 [ 232.216447][T30444] copy_mm+0x108/0x1b0 [ 232.220353][T30444] copy_process+0x1295/0x3250 [ 232.224876][T30444] ? proc_fail_nth_write+0x213/0x290 [ 232.229988][T30444] ? proc_fail_nth_read+0x220/0x220 [ 232.235024][T30444] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 232.239970][T30444] ? vfs_write+0x9af/0x1050 [ 232.244306][T30444] ? vmacache_update+0xb7/0x120 [ 232.248996][T30444] kernel_clone+0x22d/0x990 [ 232.253334][T30444] ? file_end_write+0x1b0/0x1b0 [ 232.258026][T30444] ? __kasan_check_write+0x14/0x20 [ 232.262970][T30444] ? create_io_thread+0x1e0/0x1e0 [ 232.267841][T30444] ? __mutex_lock_slowpath+0x10/0x10 [ 232.272950][T30444] __x64_sys_clone+0x289/0x310 [ 232.277646][T30444] ? __do_sys_vfork+0x130/0x130 [ 232.282336][T30444] ? debug_smp_processor_id+0x17/0x20 [ 232.287543][T30444] do_syscall_64+0x44/0xd0 [ 232.291882][T30444] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 232.297607][T30444] RIP: 0033:0x7f510cb420d9 [ 232.301864][T30444] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:40:09 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) 17:40:09 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x7ff, 0x18}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x6, &(0x7f0000000000)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xcae3}, @exit], &(0x7f0000000040)='GPL\x00', 0x7e1, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x3, 0xfffffff9, 0x94}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x1, r1]}, 0x80) 17:40:09 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33242d64e9d1ca57c088f5dcf03b1f723e18fee816966e831749b99501bfd86fad5bf996044a0f70374e637ab094563b837c"], 0x6a) [ 232.321305][T30444] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 232.329549][T30444] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 232.337357][T30444] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 232.345172][T30444] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 232.352982][T30444] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 232.360798][T30444] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 232.368613][T30444] 17:40:10 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 85) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:10 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) r3 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x7f, 0xca, 0x0, 0x8, 0x40, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000700), 0x11}, 0x440, 0x7fffffff, 0x66, 0x6, 0x0, 0x7ff, 0xffff, 0x0, 0x6, 0x0, 0x9}, r3, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000680)={0x5, 0x80, 0x20, 0x1, 0x0, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000600)}, 0x0, 0x80000001, 0x81, 0x0, 0x7, 0x0, 0x708, 0x0, 0xe80, 0x0, 0x6}, 0x0, 0x3, r4, 0x5) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x7, 0x3f, 0x1, 0x0, 0x0, 0x1822c228, 0x10000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000240), 0x2}, 0x22, 0x10001, 0x8, 0x9, 0x8, 0x6, 0x3f, 0x0, 0x10001, 0x0, 0xffffffffffffff69}, 0x0, 0x4, r1, 0x3) r5 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="855d4cf24656291778a38489042c045271abd95c7ef32bf4a71093e61a32a2b776192c1aece179e1367554e0dad0936b432227e6e43dcd703957c4a31dbb20de2ba22b28c2988f34341a3abad5be8f02356a4b205412bb70dbd40c12155bbee380a3521f5702e5fbf5c73fa27f34d7977625e47a3180c32b538e2a6e378761cae7d6d1b1f8cc08a032729ad404cd29"], 0x6a) 17:40:10 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33242d64e9d1ca57c088f5dcf03b1f723e18fee816966e831749b99501bfd86fad5bf996044a0f70374e637ab094563b837c"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4e2d33242d64e9d1ca57c088f5dcf03b1f723e18fee816966e831749b99501bfd86fad5bf996044a0f70374e637ab094563b837c"], 0x6a) (async) 17:40:10 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) (async) 17:40:10 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe91) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:40:10 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) (async) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0xffffffffffffffff, 0x80, 0x18}, 0xc) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0xb}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x401}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, 0x17, r1, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0x6}, 0x10, 0x18842, 0xffffffffffffffff, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r3, r4]}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:10 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000780)}, 0x400, 0x0, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) 17:40:10 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0)={0x0, 0xffffbdd6, 0x8}, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = getpid() r6 = perf_event_open(&(0x7f0000000a40)={0x2, 0x80, 0x2, 0xea, 0x81, 0xf5, 0x0, 0x3f, 0x29824, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000a00), 0x1}, 0x920, 0x2, 0x0, 0x8, 0x8, 0x9604, 0x9, 0x0, 0x67, 0x0, 0x10001}, r1, 0xd, r4, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b00)={r5, r6, 0x0, 0x4, &(0x7f0000000ac0)='GPL\x00'}, 0x30) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000380)={r2}, 0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000740)={r7, 0x20, &(0x7f0000000700)={&(0x7f0000000580)=""/151, 0x97, 0x0, &(0x7f0000000640)=""/169, 0xa9}}, 0x10) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)={&(0x7f0000000780)='./file0\x00', 0x0, 0x8}, 0x10) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x4, 0x6, 0x811, 0x3ff, 0x840, 0x1, 0x3, '\x00', 0x0, r4, 0x0, 0x2}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1, 0x5, 0x8, 0x8, 0x892, r7, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48) r13 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0xfffeffff, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xc, 0xb, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1ff}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x6, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x80000001}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x95e8, 0x0, 0x0, 0x0, 0x1ff}]}, &(0x7f0000000440)='GPL\x00', 0x3ff, 0x7c, &(0x7f0000000480)=""/124, 0x41000, 0x2, '\x00', 0x0, 0xa, r7, 0x8, &(0x7f0000000500)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x9, 0xffffffff, 0x400}, 0x10, r9, r10, 0x0, &(0x7f0000000940)=[r11, r3, r12, r13]}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1b, 0x2, &(0x7f0000000040)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0x7, 0x7, 0x9}, 0x10, 0x0, r2, 0x0, &(0x7f0000000280)=[0xffffffffffffffff, r3, r4, r7, 0x1]}, 0x80) [ 233.004172][T30519] FAULT_INJECTION: forcing a failure. [ 233.004172][T30519] name failslab, interval 1, probability 0, space 0, times 0 [ 233.055596][T30519] CPU: 0 PID: 30519 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 233.067115][T30519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 233.076957][T30519] Call Trace: [ 233.080071][T30519] [ 233.082849][T30519] dump_stack_lvl+0x151/0x1b7 [ 233.087361][T30519] ? bfq_pos_tree_add_move+0x43e/0x43e [ 233.092658][T30519] dump_stack+0x15/0x17 [ 233.096649][T30519] should_fail+0x3c0/0x510 [ 233.100903][T30519] __should_failslab+0x9f/0xe0 [ 233.105501][T30519] should_failslab+0x9/0x20 [ 233.109842][T30519] kmem_cache_alloc+0x4f/0x2f0 [ 233.114456][T30519] ? anon_vma_clone+0xa1/0x4f0 [ 233.119066][T30519] anon_vma_clone+0xa1/0x4f0 [ 233.123470][T30519] anon_vma_fork+0x91/0x4f0 [ 233.127810][T30519] ? anon_vma_name+0x43/0x70 [ 233.132234][T30519] dup_mmap+0x750/0xea0 [ 233.136316][T30519] ? __delayed_free_task+0x20/0x20 [ 233.141347][T30519] ? mm_init+0x807/0x960 [ 233.145426][T30519] dup_mm+0x91/0x330 [ 233.149162][T30519] copy_mm+0x108/0x1b0 [ 233.153064][T30519] copy_process+0x1295/0x3250 [ 233.157579][T30519] ? proc_fail_nth_write+0x213/0x290 [ 233.162699][T30519] ? proc_fail_nth_read+0x220/0x220 [ 233.167733][T30519] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 233.172680][T30519] ? vfs_write+0x9af/0x1050 [ 233.177019][T30519] ? vmacache_update+0xb7/0x120 [ 233.181708][T30519] kernel_clone+0x22d/0x990 [ 233.186046][T30519] ? file_end_write+0x1b0/0x1b0 [ 233.190741][T30519] ? __kasan_check_write+0x14/0x20 [ 233.195681][T30519] ? create_io_thread+0x1e0/0x1e0 [ 233.200543][T30519] ? __mutex_lock_slowpath+0x10/0x10 [ 233.205665][T30519] __x64_sys_clone+0x289/0x310 [ 233.210265][T30519] ? __do_sys_vfork+0x130/0x130 [ 233.214955][T30519] ? debug_smp_processor_id+0x17/0x20 [ 233.220244][T30519] do_syscall_64+0x44/0xd0 [ 233.224509][T30519] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 233.230225][T30519] RIP: 0033:0x7f510cb420d9 [ 233.234482][T30519] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 17:40:10 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0)={0x0, 0xffffbdd6, 0x8}, 0xc) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) (async) r5 = getpid() (async) r6 = perf_event_open(&(0x7f0000000a40)={0x2, 0x80, 0x2, 0xea, 0x81, 0xf5, 0x0, 0x3f, 0x29824, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000a00), 0x1}, 0x920, 0x2, 0x0, 0x8, 0x8, 0x9604, 0x9, 0x0, 0x67, 0x0, 0x10001}, r1, 0xd, r4, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b00)={r5, r6, 0x0, 0x4, &(0x7f0000000ac0)='GPL\x00'}, 0x30) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) (async) r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000380)={r2}, 0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000740)={r7, 0x20, &(0x7f0000000700)={&(0x7f0000000580)=""/151, 0x97, 0x0, &(0x7f0000000640)=""/169, 0xa9}}, 0x10) (async) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)={&(0x7f0000000780)='./file0\x00', 0x0, 0x8}, 0x10) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x4, 0x6, 0x811, 0x3ff, 0x840, 0x1, 0x3, '\x00', 0x0, r4, 0x0, 0x2}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1, 0x5, 0x8, 0x8, 0x892, r7, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48) (async) r13 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0xfffeffff, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xc, 0xb, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1ff}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x6, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x80000001}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x95e8, 0x0, 0x0, 0x0, 0x1ff}]}, &(0x7f0000000440)='GPL\x00', 0x3ff, 0x7c, &(0x7f0000000480)=""/124, 0x41000, 0x2, '\x00', 0x0, 0xa, r7, 0x8, &(0x7f0000000500)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x9, 0xffffffff, 0x400}, 0x10, r9, r10, 0x0, &(0x7f0000000940)=[r11, r3, r12, r13]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1b, 0x2, &(0x7f0000000040)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0x7, 0x7, 0x9}, 0x10, 0x0, r2, 0x0, &(0x7f0000000280)=[0xffffffffffffffff, r3, r4, r7, 0x1]}, 0x80) [ 233.253928][T30519] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 233.262164][T30519] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 233.269975][T30519] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 233.277788][T30519] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 233.285686][T30519] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 233.293505][T30519] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 233.301320][T30519] 17:40:10 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) 17:40:10 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 86) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 17:40:10 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async, rerun: 64) r1 = syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0xfdef) (async, rerun: 32) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0)={0x0, 0xffffbdd6, 0x8}, 0xc) (rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = getpid() (async) r6 = perf_event_open(&(0x7f0000000a40)={0x2, 0x80, 0x2, 0xea, 0x81, 0xf5, 0x0, 0x3f, 0x29824, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000a00), 0x1}, 0x920, 0x2, 0x0, 0x8, 0x8, 0x9604, 0x9, 0x0, 0x67, 0x0, 0x10001}, r1, 0xd, r4, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b00)={r5, r6, 0x0, 0x4, &(0x7f0000000ac0)='GPL\x00'}, 0x30) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040)) (async) r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000380)={r2}, 0x8) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000740)={r7, 0x20, &(0x7f0000000700)={&(0x7f0000000580)=""/151, 0x97, 0x0, &(0x7f0000000640)=""/169, 0xa9}}, 0x10) (async) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)={&(0x7f0000000780)='./file0\x00', 0x0, 0x8}, 0x10) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x4, 0x6, 0x811, 0x3ff, 0x840, 0x1, 0x3, '\x00', 0x0, r4, 0x0, 0x2}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1, 0x5, 0x8, 0x8, 0x892, r7, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48) r13 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0xfffeffff, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xc, 0xb, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1ff}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x6, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x80000001}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x95e8, 0x0, 0x0, 0x0, 0x1ff}]}, &(0x7f0000000440)='GPL\x00', 0x3ff, 0x7c, &(0x7f0000000480)=""/124, 0x41000, 0x2, '\x00', 0x0, 0xa, r7, 0x8, &(0x7f0000000500)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x9, 0xffffffff, 0x400}, 0x10, r9, r10, 0x0, &(0x7f0000000940)=[r11, r3, r12, r13]}, 0x80) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1b, 0x2, &(0x7f0000000040)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0x7, 0x7, 0x9}, 0x10, 0x0, r2, 0x0, &(0x7f0000000280)=[0xffffffffffffffff, r3, r4, r7, 0x1]}, 0x80) 17:40:10 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe91) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe91) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) [ 233.438286][T30543] FAULT_INJECTION: forcing a failure. [ 233.438286][T30543] name failslab, interval 1, probability 0, space 0, times 0 17:40:10 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:40:10 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000010000850000000700000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7f}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xb}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xb7, &(0x7f0000000300)=""/183, 0x41100, 0x1, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xa, 0x1, 0x5}, 0x10, 0x13e77}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x884, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x2, 0x10, 0x8, 0x0, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}]}, &(0x7f0000000700)='syzkaller\x00', 0x7f, 0x5c, &(0x7f0000000740)=""/92, 0x40f00, 0x11, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f00000007c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x7, 0x12, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r2, r2, r2, r2, r2, r2, r2, r2, r2]}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x15, 0x7, &(0x7f0000000480)=@raw=[@generic={0x6, 0x5, 0x5, 0x2, 0x3}, @ldst={0x0, 0x3, 0x2, 0x8, 0xb, 0x30, 0x4}, @generic={0x9, 0xd, 0x2, 0x2, 0x7fffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0x2}], &(0x7f00000004c0)='syzkaller\x00', 0x210000, 0xcc, &(0x7f0000000500)=""/204, 0x40f00, 0x3, '\x00', r1, 0x1c, r3, 0x8, &(0x7f0000000600)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x0, 0x7, 0x4}, 0x10, 0x0, r4, 0x0, &(0x7f0000000900)=[r5]}, 0x80) syz_clone(0x148886380, 0x0, 0x0, 0x0, 0x0, 0x0) [ 233.493924][T30543] CPU: 1 PID: 30543 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 233.505392][T30543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 233.515282][T30543] Call Trace: [ 233.518406][T30543] [ 233.521183][T30543] dump_stack_lvl+0x151/0x1b7 [ 233.525700][T30543] ? bfq_pos_tree_add_move+0x43e/0x43e [ 233.530995][T30543] dump_stack+0x15/0x17 [ 233.534983][T30543] should_fail+0x3c0/0x510 [ 233.539242][T30543] __should_failslab+0x9f/0xe0 [ 233.543851][T30543] should_failslab+0x9/0x20 [ 233.548177][T30543] kmem_cache_alloc+0x4f/0x2f0 [ 233.552775][T30543] ? anon_vma_fork+0x1b9/0x4f0 [ 233.557379][T30543] anon_vma_fork+0x1b9/0x4f0 [ 233.561805][T30543] dup_mmap+0x750/0xea0 [ 233.565808][T30543] ? __delayed_free_task+0x20/0x20 [ 233.570745][T30543] ? mm_init+0x807/0x960 [ 233.574825][T30543] dup_mm+0x91/0x330 [ 233.578558][T30543] copy_mm+0x108/0x1b0 [ 233.582461][T30543] copy_process+0x1295/0x3250 [ 233.586986][T30543] ? proc_fail_nth_write+0x213/0x290 [ 233.592094][T30543] ? proc_fail_nth_read+0x220/0x220 [ 233.597130][T30543] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 233.602081][T30543] ? vfs_write+0x9af/0x1050 [ 233.606417][T30543] ? vmacache_update+0xb7/0x120 [ 233.611109][T30543] kernel_clone+0x22d/0x990 [ 233.615443][T30543] ? file_end_write+0x1b0/0x1b0 [ 233.620127][T30543] ? __kasan_check_write+0x14/0x20 [ 233.625079][T30543] ? create_io_thread+0x1e0/0x1e0 [ 233.629939][T30543] ? __mutex_lock_slowpath+0x10/0x10 [ 233.635060][T30543] __x64_sys_clone+0x289/0x310 [ 233.639660][T30543] ? __do_sys_vfork+0x130/0x130 [ 233.644347][T30543] ? debug_smp_processor_id+0x17/0x20 [ 233.649552][T30543] do_syscall_64+0x44/0xd0 [ 233.653806][T30543] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 233.659550][T30543] RIP: 0033:0x7f510cb420d9 [ 233.663793][T30543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 233.683498][T30543] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:40:11 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="4e2d33c7"], 0x6a) 17:40:11 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe91) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe91) (async) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) 17:40:11 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000018c00)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB='\r'], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xb0, &(0x7f0000000480)=""/176, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x0, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000880)=[0xffffffffffffffff]}, 0x80) r0 = syz_clone(0x74809480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={0xffffffffffffffff}, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00') perf_event_open(&(0x7f0000000a80)={0x3, 0xe3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x902, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000000780), 0x4}, 0x400, 0x0, 0x31, 0x9, 0x2, 0x3, 0x1, 0x0, 0x400, 0x0, 0x73}, r0, 0x7, 0xffffffffffffffff, 0x1) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f0000000400)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 17:40:11 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 87) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 233.692518][T30543] RAX: ffffffffffffffda RBX: 00007f510cc61f80 RCX: 00007f510cb420d9 [ 233.700354][T30543] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000074809480 [ 233.708138][T30543] RBP: 00007f510b8b51d0 R08: 0000000000000000 R09: 0000000000000000 [ 233.715949][T30543] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 233.723758][T30543] R13: 00007ffd93b830bf R14: 00007f510b8b5300 R15: 0000000000022000 [ 233.731576][T30543] [ 233.786483][T30563] FAULT_INJECTION: forcing a failure. [ 233.786483][T30563] name failslab, interval 1, probability 0, space 0, times 0 [ 233.834933][T30563] CPU: 0 PID: 30563 Comm: syz-executor.3 Tainted: G B 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 233.846406][T30563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 233.856297][T30563] Call Trace: [ 233.859422][T30563] [ 233.862199][T30563] dump_stack_lvl+0x151/0x1b7 [ 233.866713][T30563] ? bfq_pos_tree_add_move+0x43e/0x43e [ 233.872013][T30563] dump_stack+0x15/0x17 [ 233.876000][T30563] should_fail+0x3c0/0x510 [ 233.880253][T30563] __should_failslab+0x9f/0xe0 [ 233.884850][T30563] should_failslab+0x9/0x20 [ 233.889193][T30563] kmem_cache_alloc+0x4f/0x2f0 [ 233.893791][T30563] ? anon_vma_fork+0x1b9/0x4f0 [ 233.898393][T30563] anon_vma_fork+0x1b9/0x4f0 [ 233.902814][T30563] dup_mmap+0x750/0xea0 [ 233.906809][T30563] ? __delayed_free_task+0x20/0x20 [ 233.911756][T30563] ? mm_init+0x807/0x960 [ 233.915833][T30563] dup_mm+0x91/0x330 [ 233.919572][T30563] copy_mm+0x108/0x1b0 [ 233.923472][T30563] copy_process+0x1295/0x3250 [ 233.927988][T30563] ? proc_fail_nth_write+0x213/0x290 [ 233.933105][T30563] ? proc_fail_nth_read+0x220/0x220 [ 233.938149][T30563] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 233.943091][T30563] ? vfs_write+0x9af/0x1050 [ 233.947425][T30563] ? vmacache_update+0xb7/0x120 [ 233.952115][T30563] kernel_clone+0x22d/0x990 [ 233.956547][T30563] ? file_end_write+0x1b0/0x1b0 [ 233.961227][T30563] ? __kasan_check_write+0x14/0x20 [ 233.966174][T30563] ? create_io_thread+0x1e0/0x1e0 [ 233.971033][T30563] ? __mutex_lock_slowpath+0x10/0x10 [ 233.976242][T30563] __x64_sys_clone+0x289/0x310 [ 233.980843][T30563] ? __do_sys_vfork+0x130/0x130 [ 233.985553][T30563] ? debug_smp_processor_id+0x17/0x20 [ 233.990736][T30563] do_syscall_64+0x44/0xd0 [ 233.994998][T30563] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 234.000719][T30563] RIP: 0033:0x7f510cb420d9 [ 234.004973][T30563] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 234.024411][T30563] RSP: 002b:00007f510b8b5118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 17:40:11 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x74809480, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (fail_nth: 88) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(