0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1d, 0x8, &(0x7f0000002d00)=ANY=[@ANYBLOB="180000002b00000000000000df59cc2c09757a020800000018370000040000000000000000000000182400008562682d341c07df435a9346409b40a19a13cf12745d9488adf203", @ANYRES32=r0, @ANYBLOB="00000000090000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0xf30, 0x4d, &(0x7f00000002c0)=""/77, 0x40f00, 0x1, '\x00', r3, 0x1a, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000680)={0x4, 0x7, 0x81, 0x3}, 0x10, r5, 0xffffffffffffffff, 0x2, &(0x7f00000007c0)=[r11, r0, r13, r14, r15, r16], &(0x7f0000000800)=[{0x5, 0x4, 0x0, 0x6}, {0x3, 0x2, 0xf, 0x6}], 0x10, 0x3ff}, 0x90) (async) r17 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x17, 0x0, 0x1b, 0x2, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r17, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r18, 0x0, &(0x7f0000001780)=""/4096}, 0x20) 22:26:18 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0xa, 0x8000, 0x1, 0x800}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="3a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="3a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:18 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002f00)={0x11, 0x9, &(0x7f0000002bc0)=@raw=[@jmp={0x5, 0x1, 0xd, 0xb, 0x2, 0xffffffffffffffc0, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, @alu={0x4, 0x1, 0xb, 0x1, 0xa, 0x50}, @ldst={0x0, 0x1, 0x1, 0x1, 0x2, 0xfffffffffffffffc, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @jmp={0x5, 0x0, 0xb, 0x1, 0x8, 0xffffffffffffffc0, 0xffffffffffffffff}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}], &(0x7f0000002c40)='GPL\x00', 0x1, 0x3b, &(0x7f0000002c80)=""/59, 0x41100, 0x58, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000002e00)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0x5, 0xffff, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000002e80)=[r2, 0xffffffffffffffff], &(0x7f0000002ec0)=[{0x3, 0x3, 0x3, 0x4}], 0x10, 0x7fff}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x90, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x6a, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x90, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x6a, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000640)=0xffffffffffffffff, 0x4) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000740)={0x401, 0x0}, 0x52) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x9, 0x0, &(0x7f0000000540), &(0x7f0000000340)='GPL\x00', 0x0, 0x1000, &(0x7f0000000d40)=""/4096, 0x40f00, 0x32, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x8, 0x3}, 0xfffffffffffffec1, 0x10, &(0x7f0000000700)={0x5, 0x2, 0x8, 0x3}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r6, 0xffffffffffffffff, r6]}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000007000018010000202070250000a763b0cf0bac1e4df8ff00000000bfa100000000000007010000f8ffffffb702002000000000b703000000000000850000000400000095"], &(0x7f0000002cc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0x0, 0x0}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r8, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x0, 0x0, &(0x7f0000000540), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e80)={0x6, 0x0, 0x0, &(0x7f0000000440)='syzkaller\x00', 0xb38, 0x8a, &(0x7f0000000d80)=""/138, 0x41000, 0x20, '\x00', r9, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000007c0)=[0xffffffffffffffff], &(0x7f0000000e40)=[{0x4, 0x0, 0xc}, {0x0, 0x5, 0x6, 0x2}, {0x0, 0x5, 0x1}], 0x10, 0x7}, 0x90) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000029c0)={0x15, 0x8, &(0x7f0000002800)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x4}], &(0x7f0000002840)='syzkaller\x00', 0x7, 0x5, &(0x7f0000002880)=""/5, 0x41000, 0x25, '\x00', r3, 0x2d, r4, 0x8, &(0x7f00000028c0)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000002900)={0x1, 0x1, 0x200, 0x3}, 0x10, r5, r7, 0x3, &(0x7f0000002940)=[r6, r6, r6, r6, r1], &(0x7f0000002980)=[{0x2, 0x4, 0x0, 0x6}, {0x1, 0x5, 0xe, 0x1}, {0x2, 0x1, 0x0, 0xc}], 0x10, 0x10001}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000002b00)={0x0, 0x9, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5fe0, 0x0, 0x0, 0x0, 0x4}, [@map_idx_val={0x18, 0xc, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffb}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1ff}]}, &(0x7f0000000b00)='GPL\x00', 0x4c8, 0xcb, &(0x7f0000000c40)=""/203, 0x40f00, 0x1, '\x00', r3, 0x7, 0xffffffffffffffff, 0x8, &(0x7f0000002780)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000027c0)={0x4, 0x3, 0xfff, 0xee3}, 0x10, 0xffffffffffffffff, r10, 0x4, &(0x7f0000002a80)=[r6, r6, r6, r6, r6], &(0x7f0000002ac0)=[{0x2, 0x5, 0x3, 0x3}, {0x2, 0x5, 0x0, 0x9}, {0x2, 0x1, 0xb, 0x7}, {0x1, 0x4, 0x7, 0x3}], 0x10, 0x6}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x20004, 0x80000001, 0x80000000, 0x2875, 0xffffffffffffffff, 0x7fff, '\x00', r9, 0xffffffffffffffff, 0x20004, 0x2, 0x1}, 0x2b) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x20004, 0x80000001, 0x80000000, 0x2875, 0xffffffffffffffff, 0x7fff, '\x00', r9, 0xffffffffffffffff, 0x20004, 0x2, 0x1}, 0x2b) r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000b40), 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000b80), 0x4) (async) r12 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000b80), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001180)={0x6, 0x5, &(0x7f0000001240)=ANY=[@ANYBLOB="07fb0900f9e4ffff183800000400000000000000000000001838086743000000000000000000000084c154f60c90d739294a79763b2e1319a6062915e00c6d598277c49dc83f63b9801e2e7213631590821605efa3e21817435e7be9e8542953b5a89b93ee3e2e64dbfb80ba5f24cd67278814cefb005ddfb37509fbb473d0c2aa5f473f6667d88471f4479adeb3eb12db8087c6637797bfbd07b710985108421a6d6a4052d751e1c33b58fbf16a8cb8722ff5d7a6375b18adb666f88cd4fd141b9c2f889b855c076de0086650cc6443e5c811802324fe8ae54b6aea7097c39bd52c9f0db3e3c6ec9521ffa3a7df13b33e13dab29c4979e6c75aea9cde3b27ec306e98d6abba30843a562972653e54c62a3a08ad5094f61bbed9ccd230223d42d36c772521c87d8952ffd20a3d4faf"], &(0x7f0000000a40)='syzkaller\x00', 0x9, 0x4c, &(0x7f0000000a80)=""/76, 0x40f00, 0x2c, '\x00', r9, 0x25, r12, 0x8, &(0x7f0000000bc0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000c00)={0x1, 0xa, 0x6c, 0x6da}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000fc0)=[0xffffffffffffffff, r11, 0xffffffffffffffff], &(0x7f0000001140)=[{0x2, 0x1, 0xa, 0x9}, {0x3, 0x5, 0x1, 0x8}], 0x10, 0x3}, 0x90) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0xd212, 0x10}, 0xc) (async) r13 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0xd212, 0x10}, 0xc) r14 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={0xffffffffffffffff, 0x1, 0x8}, 0xc) r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r15, 0x4030582a, &(0x7f0000000040)) (async) ioctl$PERF_EVENT_IOC_PERIOD(r15, 0x4030582a, &(0x7f0000000040)) r16 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1d, 0x8, &(0x7f0000002d00)=ANY=[@ANYBLOB="180000002b00000000000000df59cc2c09757a020800000018370000040000000000000000000000182400008562682d341c07df435a9346409b40a19a13cf12745d9488adf203", @ANYRES32=r0, @ANYBLOB="00000000090000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0xf30, 0x4d, &(0x7f00000002c0)=""/77, 0x40f00, 0x1, '\x00', r3, 0x1a, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000680)={0x4, 0x7, 0x81, 0x3}, 0x10, r5, 0xffffffffffffffff, 0x2, &(0x7f00000007c0)=[r11, r0, r13, r14, r15, r16], &(0x7f0000000800)=[{0x5, 0x4, 0x0, 0x6}, {0x3, 0x2, 0xf, 0x6}], 0x10, 0x3ff}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1d, 0x8, &(0x7f0000002d00)=ANY=[@ANYBLOB="180000002b00000000000000df59cc2c09757a020800000018370000040000000000000000000000182400008562682d341c07df435a9346409b40a19a13cf12745d9488adf203", @ANYRES32=r0, @ANYBLOB="00000000090000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0xf30, 0x4d, &(0x7f00000002c0)=""/77, 0x40f00, 0x1, '\x00', r3, 0x1a, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000680)={0x4, 0x7, 0x81, 0x3}, 0x10, r5, 0xffffffffffffffff, 0x2, &(0x7f00000007c0)=[r11, r0, r13, r14, r15, r16], &(0x7f0000000800)=[{0x5, 0x4, 0x0, 0x6}, {0x3, 0x2, 0xf, 0x6}], 0x10, 0x3ff}, 0x90) r17 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x17, 0x0, 0x1b, 0x2, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r17}, 0x0, &(0x7f0000000040)}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r17, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r18, 0x0, &(0x7f0000001780)=""/4096}, 0x20) 22:26:18 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x5}, 0x8}, 0x90) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x340}, [@alu={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @jmp={0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000001c0)='GPL\x00'}, 0x80) close(r1) 22:26:18 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x5}, 0x8}, 0x90) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x340}, [@alu={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @jmp={0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000001c0)='GPL\x00'}, 0x80) (async) close(r1) 22:26:18 executing program 0: syz_clone(0x44040100, 0x0, 0x20200, 0x0, 0x0, 0x0) 22:26:18 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x5}, 0x8}, 0x90) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) (async) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x340}, [@alu={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @jmp={0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000001c0)='GPL\x00'}, 0x80) (async) close(r1) 22:26:18 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5) 22:26:18 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40086602, &(0x7f0000000040)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000005c0)='memory.events\x00') r2 = gettid() perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x80, 0x6, 0x6, 0x1, 0x0, 0xfff, 0x1060, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xf7, 0x1, @perf_config_ext={0x101, 0x6}, 0x400, 0x5, 0x10001, 0x6, 0xffffffffffffff81, 0x9b76, 0x8001, 0x0, 0x80, 0x0, 0x1ff}, r2, 0x10, 0xffffffffffffffff, 0x39a65cf6ac650a49) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000100)=0x6) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 22:26:18 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 32) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (rerun: 32) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5) 22:26:18 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) [ 315.029873][T19263] FAULT_INJECTION: forcing a failure. [ 315.029873][T19263] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 315.046573][T19263] CPU: 1 PID: 19263 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 315.056728][T19263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 315.066640][T19263] Call Trace: [ 315.069750][T19263] [ 315.072526][T19263] dump_stack_lvl+0x151/0x1b7 [ 315.077038][T19263] ? io_uring_drop_tctx_refs+0x190/0x190 [ 315.082505][T19263] ? __stack_depot_save+0x34/0x470 [ 315.087454][T19263] dump_stack+0x15/0x17 [ 315.091445][T19263] should_fail+0x3c6/0x510 [ 315.095698][T19263] should_fail_alloc_page+0x5a/0x80 [ 315.100732][T19263] prepare_alloc_pages+0x15c/0x700 [ 315.105688][T19263] ? __alloc_pages+0x8f0/0x8f0 [ 315.110279][T19263] ? __alloc_pages_bulk+0xe40/0xe40 [ 315.115316][T19263] __alloc_pages+0x18c/0x8f0 [ 315.119739][T19263] ? prep_new_page+0x110/0x110 [ 315.124340][T19263] ? __kasan_kmalloc+0x9/0x10 [ 315.128856][T19263] ? __kmalloc+0x13a/0x270 [ 315.133107][T19263] ? __vmalloc_node_range+0x2d6/0x8d0 [ 315.138316][T19263] __vmalloc_node_range+0x482/0x8d0 [ 315.143351][T19263] dup_task_struct+0x416/0xc60 [ 315.147950][T19263] ? copy_process+0x5c4/0x3290 [ 315.152546][T19263] ? __kasan_check_write+0x14/0x20 [ 315.157496][T19263] copy_process+0x5c4/0x3290 [ 315.161921][T19263] ? __kasan_check_write+0x14/0x20 [ 315.166867][T19263] ? proc_fail_nth_write+0x20b/0x290 [ 315.171990][T19263] ? selinux_file_permission+0x2c4/0x570 [ 315.177456][T19263] ? fsnotify_perm+0x6a/0x5d0 [ 315.181975][T19263] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 315.186921][T19263] ? vfs_write+0x9ec/0x1110 [ 315.191256][T19263] kernel_clone+0x21e/0x9e0 [ 315.195597][T19263] ? file_end_write+0x1c0/0x1c0 [ 315.200293][T19263] ? create_io_thread+0x1e0/0x1e0 [ 315.205140][T19263] ? mutex_unlock+0xb2/0x260 [ 315.209572][T19263] ? __mutex_lock_slowpath+0x10/0x10 [ 315.214692][T19263] __x64_sys_clone+0x23f/0x290 [ 315.219303][T19263] ? __do_sys_vfork+0x130/0x130 [ 315.224151][T19263] ? ksys_write+0x260/0x2c0 22:26:18 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40086602, &(0x7f0000000040)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000005c0)='memory.events\x00') r2 = gettid() perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x80, 0x6, 0x6, 0x1, 0x0, 0xfff, 0x1060, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xf7, 0x1, @perf_config_ext={0x101, 0x6}, 0x400, 0x5, 0x10001, 0x6, 0xffffffffffffff81, 0x9b76, 0x8001, 0x0, 0x80, 0x0, 0x1ff}, r2, 0x10, 0xffffffffffffffff, 0x39a65cf6ac650a49) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000100)=0x6) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40086602, &(0x7f0000000040)) (async) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000005c0)='memory.events\x00') (async) gettid() (async) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x80, 0x6, 0x6, 0x1, 0x0, 0xfff, 0x1060, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xf7, 0x1, @perf_config_ext={0x101, 0x6}, 0x400, 0x5, 0x10001, 0x6, 0xffffffffffffff81, 0x9b76, 0x8001, 0x0, 0x80, 0x0, 0x1ff}, r2, 0x10, 0xffffffffffffffff, 0x39a65cf6ac650a49) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000100)=0x6) (async) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) (async) [ 315.228498][T19263] ? debug_smp_processor_id+0x17/0x20 [ 315.233698][T19263] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 315.239598][T19263] ? exit_to_user_mode_prepare+0x39/0xa0 [ 315.245067][T19263] do_syscall_64+0x3d/0xb0 [ 315.249321][T19263] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 315.255046][T19263] RIP: 0033:0x7f8118545da9 [ 315.259305][T19263] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000ecffffffffffffff0000000000950000000000000091521734812625e49631d8950538a0252fa4ac21e8e075854aa940fce25df2c78a"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='block_rq_remap\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000100)=r0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r2, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x134, 0x134, 0x7, [@datasec={0x8, 0x2, 0x0, 0xf, 0x2, [{0x3, 0x9, 0x400}, {0x3, 0x7, 0xffffffc1}], "0ade"}, @const={0x5, 0x0, 0x0, 0xa, 0x1}, @var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xb, 0x4}, {0x0, 0x4}, {0x6, 0x2}]}, @struct={0xf, 0x7, 0x0, 0x4, 0x1, 0x4, [{0x8, 0x2, 0x9}, {0x9, 0x5, 0x50c}, {0x7, 0x0, 0x6}, {0x4, 0x1, 0x2}, {0x3, 0x3, 0x8}, {0x5, 0x5, 0x20}, {0x9, 0x1, 0x8000}]}, @datasec={0xe, 0x2, 0x0, 0xf, 0x1, [{0x2, 0x1, 0x6}, {0x4, 0x1, 0x1}], "ac"}, @datasec={0x1, 0x5, 0x0, 0xf, 0x1, [{0x2, 0x8000, 0x6}, {0x2, 0x8}, {0x3, 0x0, 0xfffffffb}, {0x3, 0x6, 0x8}, {0x2, 0x0, 0x3}], "cb"}]}, {0x0, [0x30, 0x30, 0x0, 0x30, 0x61]}}, &(0x7f0000000840)=""/188, 0x153, 0xbc, 0x7}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x2, &(0x7f0000000500)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r2}], &(0x7f0000000540)='GPL\x00', 0xffffff81, 0x46, &(0x7f0000000580)=""/70, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000940)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0x80000000}, 0x90) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000040)='./file0\x00', r2, 0x4000, r0}, 0x18) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000003c0), 0x8) openat$cgroup_ro(r6, &(0x7f0000000400)='memory.numa_stat\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000440)=0x2) 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000ecffffffffffffff0000000000950000000000000091521734812625e49631d8950538a0252fa4ac21e8e075854aa940fce25df2c78a"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='block_rq_remap\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000100)=r0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r2, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x134, 0x134, 0x7, [@datasec={0x8, 0x2, 0x0, 0xf, 0x2, [{0x3, 0x9, 0x400}, {0x3, 0x7, 0xffffffc1}], "0ade"}, @const={0x5, 0x0, 0x0, 0xa, 0x1}, @var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xb, 0x4}, {0x0, 0x4}, {0x6, 0x2}]}, @struct={0xf, 0x7, 0x0, 0x4, 0x1, 0x4, [{0x8, 0x2, 0x9}, {0x9, 0x5, 0x50c}, {0x7, 0x0, 0x6}, {0x4, 0x1, 0x2}, {0x3, 0x3, 0x8}, {0x5, 0x5, 0x20}, {0x9, 0x1, 0x8000}]}, @datasec={0xe, 0x2, 0x0, 0xf, 0x1, [{0x2, 0x1, 0x6}, {0x4, 0x1, 0x1}], "ac"}, @datasec={0x1, 0x5, 0x0, 0xf, 0x1, [{0x2, 0x8000, 0x6}, {0x2, 0x8}, {0x3, 0x0, 0xfffffffb}, {0x3, 0x6, 0x8}, {0x2, 0x0, 0x3}], "cb"}]}, {0x0, [0x30, 0x30, 0x0, 0x30, 0x61]}}, &(0x7f0000000840)=""/188, 0x153, 0xbc, 0x7}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x2, &(0x7f0000000500)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r2}], &(0x7f0000000540)='GPL\x00', 0xffffff81, 0x46, &(0x7f0000000580)=""/70, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000940)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0x80000000}, 0x90) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000040)='./file0\x00', r2, 0x4000, r0}, 0x18) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000003c0), 0x8) openat$cgroup_ro(r6, &(0x7f0000000400)='memory.numa_stat\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000440)=0x2) 22:26:18 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) [ 315.278829][T19263] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 315.287077][T19263] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 315.294888][T19263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 315.302696][T19263] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 315.310505][T19263] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 315.318328][T19263] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 315.326134][T19263] 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000ecffffffffffffff0000000000950000000000000091521734812625e49631d8950538a0252fa4ac21e8e075854aa940fce25df2c78a"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='block_rq_remap\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000100)=r0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r2, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x134, 0x134, 0x7, [@datasec={0x8, 0x2, 0x0, 0xf, 0x2, [{0x3, 0x9, 0x400}, {0x3, 0x7, 0xffffffc1}], "0ade"}, @const={0x5, 0x0, 0x0, 0xa, 0x1}, @var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xb, 0x4}, {0x0, 0x4}, {0x6, 0x2}]}, @struct={0xf, 0x7, 0x0, 0x4, 0x1, 0x4, [{0x8, 0x2, 0x9}, {0x9, 0x5, 0x50c}, {0x7, 0x0, 0x6}, {0x4, 0x1, 0x2}, {0x3, 0x3, 0x8}, {0x5, 0x5, 0x20}, {0x9, 0x1, 0x8000}]}, @datasec={0xe, 0x2, 0x0, 0xf, 0x1, [{0x2, 0x1, 0x6}, {0x4, 0x1, 0x1}], "ac"}, @datasec={0x1, 0x5, 0x0, 0xf, 0x1, [{0x2, 0x8000, 0x6}, {0x2, 0x8}, {0x3, 0x0, 0xfffffffb}, {0x3, 0x6, 0x8}, {0x2, 0x0, 0x3}], "cb"}]}, {0x0, [0x30, 0x30, 0x0, 0x30, 0x61]}}, &(0x7f0000000840)=""/188, 0x153, 0xbc, 0x7}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x2, &(0x7f0000000500)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r2}], &(0x7f0000000540)='GPL\x00', 0xffffff81, 0x46, &(0x7f0000000580)=""/70, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000940)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0x80000000}, 0x90) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000040)='./file0\x00', r2, 0x4000, r0}, 0x18) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000003c0), 0x8) openat$cgroup_ro(r6, &(0x7f0000000400)='memory.numa_stat\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000440)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000ecffffffffffffff0000000000950000000000000091521734812625e49631d8950538a0252fa4ac21e8e075854aa940fce25df2c78a"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='block_rq_remap\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000080), &(0x7f0000000100)=r0}, 0x20) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={r2, 0x58, &(0x7f0000000600)}, 0x10) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x134, 0x134, 0x7, [@datasec={0x8, 0x2, 0x0, 0xf, 0x2, [{0x3, 0x9, 0x400}, {0x3, 0x7, 0xffffffc1}], "0ade"}, @const={0x5, 0x0, 0x0, 0xa, 0x1}, @var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xb, 0x4}, {0x0, 0x4}, {0x6, 0x2}]}, @struct={0xf, 0x7, 0x0, 0x4, 0x1, 0x4, [{0x8, 0x2, 0x9}, {0x9, 0x5, 0x50c}, {0x7, 0x0, 0x6}, {0x4, 0x1, 0x2}, {0x3, 0x3, 0x8}, {0x5, 0x5, 0x20}, {0x9, 0x1, 0x8000}]}, @datasec={0xe, 0x2, 0x0, 0xf, 0x1, [{0x2, 0x1, 0x6}, {0x4, 0x1, 0x1}], "ac"}, @datasec={0x1, 0x5, 0x0, 0xf, 0x1, [{0x2, 0x8000, 0x6}, {0x2, 0x8}, {0x3, 0x0, 0xfffffffb}, {0x3, 0x6, 0x8}, {0x2, 0x0, 0x3}], "cb"}]}, {0x0, [0x30, 0x30, 0x0, 0x30, 0x61]}}, &(0x7f0000000840)=""/188, 0x153, 0xbc, 0x7}, 0x20) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x2, &(0x7f0000000500)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r2}], &(0x7f0000000540)='GPL\x00', 0xffffff81, 0x46, &(0x7f0000000580)=""/70, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000940)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0x80000000}, 0x90) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000040)='./file0\x00', r2, 0x4000, r0}, 0x18) (async) openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r5, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f00000003c0), 0x8) (async) openat$cgroup_ro(r6, &(0x7f0000000400)='memory.numa_stat\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000440)=0x2) (async) 22:26:18 executing program 0: syz_clone(0x44040100, 0x0, 0x80000, 0x0, 0x0, 0x0) [ 315.391085][T19273] FAULT_INJECTION: forcing a failure. [ 315.391085][T19273] name failslab, interval 1, probability 0, space 0, times 0 [ 315.414532][T19273] CPU: 0 PID: 19273 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 315.424749][T19273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 315.434648][T19273] Call Trace: [ 315.437765][T19273] 22:26:18 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (async) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5) 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff5240dc5a0ddf9400000000001b00cf617d326052555ae1f7adfe691195ea92aa098804f5bea8486cd9877f8dcde07cae4324e260af34c95c0b4735ba6193a70d229a6d01d216ddf40d9bad948b80183675961f3df08d04cb7ca0a1a5"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff5240dc5a0ddf9400000000001b00cf617d326052555ae1f7adfe691195ea92aa098804f5bea8486cd9877f8dcde07cae4324e260af34c95c0b4735ba6193a70d229a6d01d216ddf40d9bad948b80183675961f3df08d04cb7ca0a1a5"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 315.440543][T19273] dump_stack_lvl+0x151/0x1b7 [ 315.445055][T19273] ? io_uring_drop_tctx_refs+0x190/0x190 [ 315.450526][T19273] ? avc_denied+0x1b0/0x1b0 [ 315.454866][T19273] dump_stack+0x15/0x17 [ 315.458856][T19273] should_fail+0x3c6/0x510 [ 315.463110][T19273] __should_failslab+0xa4/0xe0 [ 315.467706][T19273] ? vm_area_dup+0x26/0x230 [ 315.472056][T19273] should_failslab+0x9/0x20 [ 315.476407][T19273] slab_pre_alloc_hook+0x37/0xd0 [ 315.481247][T19273] ? vm_area_dup+0x26/0x230 [ 315.485588][T19273] kmem_cache_alloc+0x44/0x200 [ 315.490190][T19273] vm_area_dup+0x26/0x230 [ 315.494355][T19273] copy_mm+0x9a1/0x13e0 [ 315.498371][T19273] ? copy_signal+0x610/0x610 [ 315.502774][T19273] ? __init_rwsem+0xd6/0x1c0 [ 315.507198][T19273] ? copy_signal+0x4e3/0x610 [ 315.511626][T19273] copy_process+0x1149/0x3290 [ 315.516139][T19273] ? proc_fail_nth_write+0x20b/0x290 [ 315.521260][T19273] ? fsnotify_perm+0x6a/0x5d0 [ 315.525773][T19273] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 315.530722][T19273] ? vfs_write+0x9ec/0x1110 [ 315.535063][T19273] kernel_clone+0x21e/0x9e0 [ 315.539399][T19273] ? file_end_write+0x1c0/0x1c0 [ 315.544086][T19273] ? create_io_thread+0x1e0/0x1e0 [ 315.548953][T19273] ? mutex_unlock+0xb2/0x260 [ 315.553385][T19273] ? __mutex_lock_slowpath+0x10/0x10 [ 315.558494][T19273] __x64_sys_clone+0x23f/0x290 [ 315.563094][T19273] ? __do_sys_vfork+0x130/0x130 [ 315.567779][T19273] ? ksys_write+0x260/0x2c0 [ 315.572127][T19273] ? debug_smp_processor_id+0x17/0x20 [ 315.577327][T19273] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 315.583232][T19273] ? exit_to_user_mode_prepare+0x39/0xa0 [ 315.588696][T19273] do_syscall_64+0x3d/0xb0 [ 315.592951][T19273] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 315.598690][T19273] RIP: 0033:0x7f8118545da9 [ 315.602935][T19273] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 315.622725][T19273] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 315.630965][T19273] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:18 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40086602, &(0x7f0000000040)) (async) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000005c0)='memory.events\x00') (async) r2 = gettid() perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x80, 0x6, 0x6, 0x1, 0x0, 0xfff, 0x1060, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xf7, 0x1, @perf_config_ext={0x101, 0x6}, 0x400, 0x5, 0x10001, 0x6, 0xffffffffffffff81, 0x9b76, 0x8001, 0x0, 0x80, 0x0, 0x1ff}, r2, 0x10, 0xffffffffffffffff, 0x39a65cf6ac650a49) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000100)=0x6) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff5240dc5a0ddf9400000000001b00cf617d326052555ae1f7adfe691195ea92aa098804f5bea8486cd9877f8dcde07cae4324e260af34c95c0b4735ba6193a70d229a6d01d216ddf40d9bad948b80183675961f3df08d04cb7ca0a1a5"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff5240dc5a0ddf9400000000001b00cf617d326052555ae1f7adfe691195ea92aa098804f5bea8486cd9877f8dcde07cae4324e260af34c95c0b4735ba6193a70d229a6d01d216ddf40d9bad948b80183675961f3df08d04cb7ca0a1a5"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) 22:26:18 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x3ff, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001d00)={{r0, 0xffffffffffffffff}, &(0x7f0000001c80), &(0x7f0000001cc0)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000001d80)={0xa, 0x12, &(0x7f0000001ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000880)='syzkaller\x00', 0x6, 0x72, &(0x7f0000001b80)=""/114, 0x41100, 0xc, '\x00', 0x0, 0x12, r0, 0x8, &(0x7f0000001c00)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001c40)={0x4, 0x8, 0x400, 0x4}, 0x10, 0x0, r0, 0x0, &(0x7f0000001d40)=[r0, r2, 0x1, r1], 0x0, 0x10, 0x7ff}, 0x90) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x126, 0x126, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3}}, @volatile={0x4, 0x0, 0x0, 0x9, 0x2}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0xc, 0x4}, {0xc, 0x5}, {0x7, 0x5}, {0xd, 0x4}, {0x9, 0x3}, {0x9, 0x3}, {0xe, 0x4}]}, @fwd={0x1}, @datasec={0xa, 0x9, 0x0, 0xf, 0x2, [{0x5, 0xffff, 0x6}, {0x0, 0x5, 0x3ff}, {0x4, 0x5, 0xa330}, {0x3, 0x9, 0x200000}, {0x4, 0x401, 0x6}, {0x1, 0x9, 0x1}, {0x4, 0x0, 0x8000}, {0x2, 0x7fffffff, 0x2}, {0x4, 0x0, 0x401}], "59d1"}, @func={0xc, 0x0, 0x0, 0xc, 0x4}, @volatile={0xc}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x57, 0x0, 0x6c, 0x1}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x19, 0x0, 0x3e}]}, {0x0, [0x5f, 0x30]}}, &(0x7f0000000500)=""/175, 0x144, 0xaf, 0x1, 0x3}, 0x20) recvmsg$unix(r0, &(0x7f0000000840)={&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000940)=""/140, 0x8c}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/164, 0xa4}], 0x3}, 0x40000120) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x7ff, 0x84, &(0x7f0000000240)=""/132, 0x41100, 0x40, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000005c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x0, 0x3, 0xf, 0x7}, {0x5, 0x3, 0x3, 0x9}], 0x10, 0x1000}, 0x90) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000008c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x800}, 0x100020, 0x0, 0x0, 0x2, 0x4, 0x0, 0x401, 0x0, 0x0, 0x0, 0xd4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x660c, 0x0) [ 315.638779][T19273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 315.646590][T19273] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 315.654403][T19273] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 315.662207][T19273] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 315.670024][T19273] 22:26:18 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000071241ce0b730a46e8f90bc7c1935c26a0bcab610ea6345988e89b583f4bbf49dd5292f971c0000000000000001aeeb361e58f29f1703d9fb549ff2cf4101f0bd454f725f6ab842c55225b901e0ed4654c22390608f85b5abab177c01407b651b480e3b00ec444670e3bc8f2e446ceb601f764db6e71f52f3c6d61462d6836c091223751b12e2241104c6aa19c48401da1b9d8b1debc5db45856df4facd6cb82d4a48272c4685f7dfafd7371754b1b5ed8229e5b7864c59c911a4204a98aef81012"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc0000000}, [@generic={0x0, 0x6, 0xb, 0x9, 0x4}, @alu={0x7, 0x1, 0x1, 0xb, 0x3, 0xffffffffffffff40, 0x1}, @ldst={0x1, 0x2, 0x1, 0x4, 0x2, 0xffffffffffffffe0, 0xffffffffffffffe1}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x13, &(0x7f0000000300)=""/19, 0x3833b7389a876d8c, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[r1], &(0x7f0000000400)=[{0x5, 0x1, 0xe, 0x3}, {0x5, 0x1, 0x3, 0x4}, {0x0, 0x2, 0x7, 0x8}], 0x10, 0x6}, 0x90) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$TUNSETLINK(r2, 0x400454cd, 0xe) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000080)=r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r2}, 0x20) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', r2, 0x4000, r2}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0xdb, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xf2, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000640)={0x20, 0x0}, 0x8) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_lsm={0x1d, 0x1, &(0x7f0000000200)=@raw=[@alu={0x4, 0x1, 0x9, 0x2, 0x3, 0x18, 0x1}], &(0x7f0000000240)='syzkaller\x00', 0x4da, 0x28, &(0x7f0000000280)=""/40, 0x41000, 0x20, '\x00', r5, 0x1b, r2, 0x8, &(0x7f00000005c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xa, 0xfffffffa, 0x3}, 0x10, r6, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@ifindex=r5, 0x37, 0x0, 0x7f, &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0], &(0x7f0000000800)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@cgroup, r7, 0x1b, 0x2022, r2, @prog_id=r4, r9}, 0x20) r10 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000008c0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)={@map=r2, r2, 0x7, 0x10, 0x0, @link_fd=r10, r9}, 0x20) perf_event_open$cgroup(&(0x7f0000000940)={0x1, 0x80, 0x32, 0x9, 0x3f, 0x3, 0x0, 0x9, 0x142, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000, 0x1, @perf_config_ext={0x3, 0x1}, 0x4020, 0x7, 0x8, 0x3, 0x4, 0x0, 0x401, 0x0, 0xc6, 0x0, 0x100000000}, r2, 0xd, r2, 0x0) openat$cgroup_pressure(r2, &(0x7f00000009c0)='cpu.pressure\x00', 0x2, 0x0) r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000c40)={0x0, 0x81, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x1c, 0x23, &(0x7f0000000a80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc3, 0x0, 0x0, 0x0, 0x9ffe}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff8}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xb5e9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_fd={0x18, 0x3, 0x1, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x4, 0x0, 0xd, 0x6, 0xa, 0x8, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000bc0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x1c, '\x00', r5, 0x31, r2, 0x8, &(0x7f0000000c00)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, r6, r7, 0x3, &(0x7f0000000c80)=[r2, r11, r2, r3, r2, r3], &(0x7f0000000cc0)=[{0x3, 0x4, 0x5, 0x3}, {0x3, 0x3, 0x5, 0x4}, {0x1, 0x4, 0x7, 0x6}], 0x10, 0x6936}, 0x90) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000dc0)={@ifindex=r5, r2, 0x34, 0x4, r7, @prog_id=0xffffffffffffffff, r9}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001040)={r2, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x11, 0x23, &(0x7f0000000e00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x59cb, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfcc00000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa947df2ba048ee4e}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @exit, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @jmp={0x5, 0x1, 0x5, 0x4, 0x9, 0x10, 0x10}]}, &(0x7f0000000f40)='GPL\x00', 0xffff, 0x34, &(0x7f0000000f80)=""/52, 0x41000, 0x30, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000000fc0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001000)={0x0, 0x7, 0x6, 0xffffff9b}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001080)=[r12, r11, r2, r11, r2], &(0x7f00000010c0)=[{0x0, 0x5, 0x3, 0x8}, {0x4, 0x2, 0xf, 0xc}, {0x5, 0xff, 0xa, 0x1}, {0x5, 0x2, 0xd, 0x4}], 0x10, 0x3f}, 0x90) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={r2, 0x20, &(0x7f00000014c0)={&(0x7f0000001400)=""/49, 0x31, 0x0, &(0x7f0000001440)=""/122, 0x7a}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001540)=@bpf_lsm={0x1d, 0x3, &(0x7f0000001240)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000001280)='GPL\x00', 0x3f, 0xc8, &(0x7f00000012c0)=""/200, 0x41100, 0x0, '\x00', r8, 0x1b, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000013c0)={0x2, 0xa, 0x8, 0x494}, 0x10, r13, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a00)={0x18, 0x13, &(0x7f0000001740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001800)='syzkaller\x00', 0x2, 0xd8, &(0x7f0000001840)=""/216, 0x41000, 0x20, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000001940)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000001980)={0x0, 0xf, 0xffffff3a, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000019c0)=[{0x4, 0x4, 0x6}], 0x10, 0x2}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0xffff, '\x00', r5, 0xffffffffffffffff, 0x0, 0x3}, 0x48) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:19 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000071241ce0b730a46e8f90bc7c1935c26a0bcab610ea6345988e89b583f4bbf49dd5292f971c0000000000000001aeeb361e58f29f1703d9fb549ff2cf4101f0bd454f725f6ab842c55225b901e0ed4654c22390608f85b5abab177c01407b651b480e3b00ec444670e3bc8f2e446ceb601f764db6e71f52f3c6d61462d6836c091223751b12e2241104c6aa19c48401da1b9d8b1debc5db45856df4facd6cb82d4a48272c4685f7dfafd7371754b1b5ed8229e5b7864c59c911a4204a98aef81012"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc0000000}, [@generic={0x0, 0x6, 0xb, 0x9, 0x4}, @alu={0x7, 0x1, 0x1, 0xb, 0x3, 0xffffffffffffff40, 0x1}, @ldst={0x1, 0x2, 0x1, 0x4, 0x2, 0xffffffffffffffe0, 0xffffffffffffffe1}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x13, &(0x7f0000000300)=""/19, 0x3833b7389a876d8c, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[r1], &(0x7f0000000400)=[{0x5, 0x1, 0xe, 0x3}, {0x5, 0x1, 0x3, 0x4}, {0x0, 0x2, 0x7, 0x8}], 0x10, 0x6}, 0x90) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$TUNSETLINK(r2, 0x400454cd, 0xe) (async) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000080)=r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r2}, 0x20) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', r2, 0x4000, r2}, 0x18) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0xdb, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xf2, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000640)={0x20, 0x0}, 0x8) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_lsm={0x1d, 0x1, &(0x7f0000000200)=@raw=[@alu={0x4, 0x1, 0x9, 0x2, 0x3, 0x18, 0x1}], &(0x7f0000000240)='syzkaller\x00', 0x4da, 0x28, &(0x7f0000000280)=""/40, 0x41000, 0x20, '\x00', r5, 0x1b, r2, 0x8, &(0x7f00000005c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xa, 0xfffffffa, 0x3}, 0x10, r6, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x90) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@ifindex=r5, 0x37, 0x0, 0x7f, &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0], &(0x7f0000000800)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@cgroup, r7, 0x1b, 0x2022, r2, @prog_id=r4, r9}, 0x20) r10 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000008c0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)={@map=r2, r2, 0x7, 0x10, 0x0, @link_fd=r10, r9}, 0x20) perf_event_open$cgroup(&(0x7f0000000940)={0x1, 0x80, 0x32, 0x9, 0x3f, 0x3, 0x0, 0x9, 0x142, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000, 0x1, @perf_config_ext={0x3, 0x1}, 0x4020, 0x7, 0x8, 0x3, 0x4, 0x0, 0x401, 0x0, 0xc6, 0x0, 0x100000000}, r2, 0xd, r2, 0x0) (async) openat$cgroup_pressure(r2, &(0x7f00000009c0)='cpu.pressure\x00', 0x2, 0x0) (async) r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000c40)={0x0, 0x81, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x1c, 0x23, &(0x7f0000000a80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc3, 0x0, 0x0, 0x0, 0x9ffe}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff8}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xb5e9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_fd={0x18, 0x3, 0x1, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x4, 0x0, 0xd, 0x6, 0xa, 0x8, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000bc0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x1c, '\x00', r5, 0x31, r2, 0x8, &(0x7f0000000c00)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, r6, r7, 0x3, &(0x7f0000000c80)=[r2, r11, r2, r3, r2, r3], &(0x7f0000000cc0)=[{0x3, 0x4, 0x5, 0x3}, {0x3, 0x3, 0x5, 0x4}, {0x1, 0x4, 0x7, 0x6}], 0x10, 0x6936}, 0x90) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000dc0)={@ifindex=r5, r2, 0x34, 0x4, r7, @prog_id=0xffffffffffffffff, r9}, 0x20) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001040)={r2, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x11, 0x23, &(0x7f0000000e00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x59cb, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfcc00000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa947df2ba048ee4e}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @exit, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @jmp={0x5, 0x1, 0x5, 0x4, 0x9, 0x10, 0x10}]}, &(0x7f0000000f40)='GPL\x00', 0xffff, 0x34, &(0x7f0000000f80)=""/52, 0x41000, 0x30, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000000fc0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001000)={0x0, 0x7, 0x6, 0xffffff9b}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001080)=[r12, r11, r2, r11, r2], &(0x7f00000010c0)=[{0x0, 0x5, 0x3, 0x8}, {0x4, 0x2, 0xf, 0xc}, {0x5, 0xff, 0xa, 0x1}, {0x5, 0x2, 0xd, 0x4}], 0x10, 0x3f}, 0x90) (async) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={r2, 0x20, &(0x7f00000014c0)={&(0x7f0000001400)=""/49, 0x31, 0x0, &(0x7f0000001440)=""/122, 0x7a}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001540)=@bpf_lsm={0x1d, 0x3, &(0x7f0000001240)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000001280)='GPL\x00', 0x3f, 0xc8, &(0x7f00000012c0)=""/200, 0x41100, 0x0, '\x00', r8, 0x1b, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000013c0)={0x2, 0xa, 0x8, 0x494}, 0x10, r13, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a00)={0x18, 0x13, &(0x7f0000001740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001800)='syzkaller\x00', 0x2, 0xd8, &(0x7f0000001840)=""/216, 0x41000, 0x20, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000001940)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000001980)={0x0, 0xf, 0xffffff3a, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000019c0)=[{0x4, 0x4, 0x6}], 0x10, 0x2}, 0x90) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0xffff, '\x00', r5, 0xffffffffffffffff, 0x0, 0x3}, 0x48) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:19 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000071241ce0b730a46e8f90bc7c1935c26a0bcab610ea6345988e89b583f4bbf49dd5292f971c0000000000000001aeeb361e58f29f1703d9fb549ff2cf4101f0bd454f725f6ab842c55225b901e0ed4654c22390608f85b5abab177c01407b651b480e3b00ec444670e3bc8f2e446ceb601f764db6e71f52f3c6d61462d6836c091223751b12e2241104c6aa19c48401da1b9d8b1debc5db45856df4facd6cb82d4a48272c4685f7dfafd7371754b1b5ed8229e5b7864c59c911a4204a98aef81012"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0x1}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc0000000}, [@generic={0x0, 0x6, 0xb, 0x9, 0x4}, @alu={0x7, 0x1, 0x1, 0xb, 0x3, 0xffffffffffffff40, 0x1}, @ldst={0x1, 0x2, 0x1, 0x4, 0x2, 0xffffffffffffffe0, 0xffffffffffffffe1}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x13, &(0x7f0000000300)=""/19, 0x3833b7389a876d8c, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[r1], &(0x7f0000000400)=[{0x5, 0x1, 0xe, 0x3}, {0x5, 0x1, 0x3, 0x4}, {0x0, 0x2, 0x7, 0x8}], 0x10, 0x6}, 0x90) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$TUNSETLINK(r2, 0x400454cd, 0xe) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000080)=r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r2}, 0x20) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', r2, 0x4000, r2}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0xdb, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xf2, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000640)={0x20, 0x0}, 0x8) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_lsm={0x1d, 0x1, &(0x7f0000000200)=@raw=[@alu={0x4, 0x1, 0x9, 0x2, 0x3, 0x18, 0x1}], &(0x7f0000000240)='syzkaller\x00', 0x4da, 0x28, &(0x7f0000000280)=""/40, 0x41000, 0x20, '\x00', r5, 0x1b, r2, 0x8, &(0x7f00000005c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xa, 0xfffffffa, 0x3}, 0x10, r6, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@ifindex=r5, 0x37, 0x0, 0x7f, &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0], &(0x7f0000000800)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@cgroup, r7, 0x1b, 0x2022, r2, @prog_id=r4, r9}, 0x20) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@cgroup, r7, 0x1b, 0x2022, r2, @prog_id=r4, r9}, 0x20) r10 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000008c0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)={@map=r2, r2, 0x7, 0x10, 0x0, @link_fd=r10, r9}, 0x20) perf_event_open$cgroup(&(0x7f0000000940)={0x1, 0x80, 0x32, 0x9, 0x3f, 0x3, 0x0, 0x9, 0x142, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000, 0x1, @perf_config_ext={0x3, 0x1}, 0x4020, 0x7, 0x8, 0x3, 0x4, 0x0, 0x401, 0x0, 0xc6, 0x0, 0x100000000}, r2, 0xd, r2, 0x0) openat$cgroup_pressure(r2, &(0x7f00000009c0)='cpu.pressure\x00', 0x2, 0x0) r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000c40)={0x0, 0x81, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x1c, 0x23, &(0x7f0000000a80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc3, 0x0, 0x0, 0x0, 0x9ffe}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff8}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xb5e9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_fd={0x18, 0x3, 0x1, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x4, 0x0, 0xd, 0x6, 0xa, 0x8, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000bc0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x1c, '\x00', r5, 0x31, r2, 0x8, &(0x7f0000000c00)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, r6, r7, 0x3, &(0x7f0000000c80)=[r2, r11, r2, r3, r2, r3], &(0x7f0000000cc0)=[{0x3, 0x4, 0x5, 0x3}, {0x3, 0x3, 0x5, 0x4}, {0x1, 0x4, 0x7, 0x6}], 0x10, 0x6936}, 0x90) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000dc0)={@ifindex=r5, r2, 0x34, 0x4, r7, @prog_id=0xffffffffffffffff, r9}, 0x20) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000dc0)={@ifindex=r5, r2, 0x34, 0x4, r7, @prog_id=0xffffffffffffffff, r9}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001040)={r2}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001040)={r2, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x11, 0x23, &(0x7f0000000e00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x59cb, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfcc00000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa947df2ba048ee4e}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @exit, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @jmp={0x5, 0x1, 0x5, 0x4, 0x9, 0x10, 0x10}]}, &(0x7f0000000f40)='GPL\x00', 0xffff, 0x34, &(0x7f0000000f80)=""/52, 0x41000, 0x30, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000000fc0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001000)={0x0, 0x7, 0x6, 0xffffff9b}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001080)=[r12, r11, r2, r11, r2], &(0x7f00000010c0)=[{0x0, 0x5, 0x3, 0x8}, {0x4, 0x2, 0xf, 0xc}, {0x5, 0xff, 0xa, 0x1}, {0x5, 0x2, 0xd, 0x4}], 0x10, 0x3f}, 0x90) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={r2, 0x20, &(0x7f00000014c0)={&(0x7f0000001400)=""/49, 0x31, 0x0, &(0x7f0000001440)=""/122, 0x7a}}, 0x10) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={r2, 0x20, &(0x7f00000014c0)={&(0x7f0000001400)=""/49, 0x31, 0x0, &(0x7f0000001440)=""/122, 0x7a}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001540)=@bpf_lsm={0x1d, 0x3, &(0x7f0000001240)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000001280)='GPL\x00', 0x3f, 0xc8, &(0x7f00000012c0)=""/200, 0x41100, 0x0, '\x00', r8, 0x1b, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000013c0)={0x2, 0xa, 0x8, 0x494}, 0x10, r13, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a00)={0x18, 0x13, &(0x7f0000001740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001800)='syzkaller\x00', 0x2, 0xd8, &(0x7f0000001840)=""/216, 0x41000, 0x20, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000001940)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000001980)={0x0, 0xf, 0xffffff3a, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000019c0)=[{0x4, 0x4, 0x6}], 0x10, 0x2}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a00)={0x18, 0x13, &(0x7f0000001740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001800)='syzkaller\x00', 0x2, 0xd8, &(0x7f0000001840)=""/216, 0x41000, 0x20, '\x00', r5, 0x0, r2, 0x8, &(0x7f0000001940)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000001980)={0x0, 0xf, 0xffffff3a, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000019c0)=[{0x4, 0x4, 0x6}], 0x10, 0x2}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0xffff, '\x00', r5, 0xffffffffffffffff, 0x0, 0x3}, 0x48) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0xffff, '\x00', r5, 0xffffffffffffffff, 0x0, 0x3}, 0x48) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:19 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x4010, r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) r4 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000), 0xfdef) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$cgroup_ro(r6, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={r7, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000840)=[0x0], 0x0, 0x8, &(0x7f0000000880)=[{}], 0x8, 0x10, &(0x7f00000008c0), &(0x7f0000000900), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000940)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000500)=ANY=[@ANYRES16=r4], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41100, 0x0, '\x00', r9, 0x2e, r6, 0x8, &(0x7f0000000b00)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000001c40)=[r8, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c80)=[{0xfffffffc, 0x3, 0x8, 0xa}], 0x10, 0x3}, 0x90) openat$cgroup_ro(r6, &(0x7f0000000540)='freezer.state\x00', 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r11 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x6}, 0x0, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r11, 0x40082404, &(0x7f0000000440)=0x83) r12 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x7844, 0x8, 0x3, 0xd00, r12, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) recvmsg$unix(r12, &(0x7f0000000640)={&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000580)=""/80, 0x50}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000028002428000000000001000000000000", @ANYRES32, @ANYRES32, @ANYRES32=r11, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r12, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00010000001880aef9f4ddeadbbf480943e4e6dec03788cc218eb252614c71c0ee68df6d8b92edef6fb59ff13401796971c3f932b57c49ff28cac3f4e4803f80977a4ee331272c08ce3779b88ae87e5848d6f646cee221dce54fb46ec69aa3ecfbf59bb9299df9f33f067fd093fb59de1985a2b751d907c9f26314f94981e06928d0d1c4bf3b32d4004588ea23ab016814ac7f7f0231f67d6b73f6900a8fdb66b20f28d0010ac7e4883969", @ANYRES32, @ANYBLOB="3789464570c5688f3e52d3773700005200"], 0x98}, 0x40010061) write$cgroup_int(r12, &(0x7f0000000240)=0x401, 0x12) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x2c, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@jmp={0x5, 0x0, 0x1, 0x7, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @tail_call, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @map_fd={0x18, 0x8, 0x1, 0x0, r6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x400, 0xb4, &(0x7f0000000380)=""/180, 0x41000, 0x0, '\x00', r10, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x8, &(0x7f0000000780)=[r12, r13], &(0x7f00000007c0)=[{0x3, 0x3, 0xd}, {0x0, 0x1, 0x5}, {0x2, 0x4, 0x9, 0x2}, {0x0, 0x5, 0x0, 0xb}, {0x2, 0x3, 0xc, 0x5}, {0x5, 0x4, 0xb}, {0x5, 0x5, 0x6, 0x4}, {0x5, 0x5, 0xd, 0xb}], 0x10, 0xd1}, 0x90) 22:26:19 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 22:26:19 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) r3 = syz_clone(0x10000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)="bec233e7c7e9f4c8aa26ee26c376af9f616883d2") perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000001000), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x2b94}, r3, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000b40)={0x3, 0x80, 0x1, 0x6, 0xff, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000ac0), 0x1}, 0x800, 0x2, 0x2305, 0x1, 0x2, 0x9, 0x1ff, 0x0, 0x7fffffff, 0x0, 0xa0d}, r3, 0x0, r0, 0xa) socketpair(0x2, 0x3, 0x0, &(0x7f0000000b00)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r4, &(0x7f0000000780)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000002c0)=""/226, 0xe2}, {&(0x7f00000003c0)=""/180, 0xb4}, {&(0x7f0000000800)=""/178, 0xb2}, {&(0x7f0000000540)=""/187, 0xbb}, {&(0x7f0000000600)=""/147, 0x93}], 0x5, &(0x7f00000007c0)=""/28, 0x1c}, 0x40000040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x8) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={r0, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0], 0x0, 0x90, &(0x7f0000000480)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x2c, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) r6 = openat$cgroup_ro(r0, &(0x7f0000000a00)='cpuacct.usage_sys\x00', 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x81, '\x00', r5, r6, 0x0, 0x4, 0x4}, 0x48) ioctl$TUNSETLINK(r0, 0x400454cd, 0xfffe) 22:26:19 executing program 0: syz_clone(0x44040100, 0x0, 0x101000, 0x0, 0x0, 0x0) 22:26:19 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) r3 = syz_clone(0x10000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)="bec233e7c7e9f4c8aa26ee26c376af9f616883d2") perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000001000), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x2b94}, r3, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000b40)={0x3, 0x80, 0x1, 0x6, 0xff, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000ac0), 0x1}, 0x800, 0x2, 0x2305, 0x1, 0x2, 0x9, 0x1ff, 0x0, 0x7fffffff, 0x0, 0xa0d}, r3, 0x0, r0, 0xa) (async) socketpair(0x2, 0x3, 0x0, &(0x7f0000000b00)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r4, &(0x7f0000000780)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000002c0)=""/226, 0xe2}, {&(0x7f00000003c0)=""/180, 0xb4}, {&(0x7f0000000800)=""/178, 0xb2}, {&(0x7f0000000540)=""/187, 0xbb}, {&(0x7f0000000600)=""/147, 0x93}], 0x5, &(0x7f00000007c0)=""/28, 0x1c}, 0x40000040) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) (async) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x8) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={r0, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0], 0x0, 0x90, &(0x7f0000000480)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x2c, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) (async) r6 = openat$cgroup_ro(r0, &(0x7f0000000a00)='cpuacct.usage_sys\x00', 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x81, '\x00', r5, r6, 0x0, 0x4, 0x4}, 0x48) (async) ioctl$TUNSETLINK(r0, 0x400454cd, 0xfffe) [ 316.049116][T19358] FAULT_INJECTION: forcing a failure. [ 316.049116][T19358] name failslab, interval 1, probability 0, space 0, times 0 [ 316.065282][T19358] CPU: 1 PID: 19358 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 316.075436][T19358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 316.085331][T19358] Call Trace: [ 316.088455][T19358] [ 316.091231][T19358] dump_stack_lvl+0x151/0x1b7 [ 316.095746][T19358] ? io_uring_drop_tctx_refs+0x190/0x190 [ 316.101216][T19358] dump_stack+0x15/0x17 [ 316.105206][T19358] should_fail+0x3c6/0x510 [ 316.109458][T19358] __should_failslab+0xa4/0xe0 [ 316.114056][T19358] ? vm_area_dup+0x26/0x230 [ 316.118526][T19358] should_failslab+0x9/0x20 [ 316.122872][T19358] slab_pre_alloc_hook+0x37/0xd0 [ 316.127640][T19358] ? vm_area_dup+0x26/0x230 [ 316.131976][T19358] kmem_cache_alloc+0x44/0x200 [ 316.136578][T19358] vm_area_dup+0x26/0x230 [ 316.140823][T19358] copy_mm+0x9a1/0x13e0 [ 316.144743][T19358] ? copy_signal+0x610/0x610 [ 316.149282][T19358] ? __init_rwsem+0xd6/0x1c0 [ 316.153703][T19358] ? copy_signal+0x4e3/0x610 [ 316.158132][T19358] copy_process+0x1149/0x3290 [ 316.162650][T19358] ? proc_fail_nth_write+0x20b/0x290 [ 316.167769][T19358] ? fsnotify_perm+0x6a/0x5d0 [ 316.172274][T19358] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 316.177225][T19358] ? vfs_write+0x9ec/0x1110 [ 316.181563][T19358] kernel_clone+0x21e/0x9e0 [ 316.185900][T19358] ? file_end_write+0x1c0/0x1c0 [ 316.190589][T19358] ? create_io_thread+0x1e0/0x1e0 [ 316.195532][T19358] ? mutex_unlock+0xb2/0x260 [ 316.199959][T19358] ? __mutex_lock_slowpath+0x10/0x10 [ 316.205081][T19358] __x64_sys_clone+0x23f/0x290 [ 316.209941][T19358] ? __do_sys_vfork+0x130/0x130 [ 316.214625][T19358] ? ksys_write+0x260/0x2c0 [ 316.218972][T19358] ? debug_smp_processor_id+0x17/0x20 [ 316.224174][T19358] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 316.230078][T19358] ? exit_to_user_mode_prepare+0x39/0xa0 [ 316.235546][T19358] do_syscall_64+0x3d/0xb0 [ 316.239798][T19358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 316.245790][T19358] RIP: 0033:0x7f8118545da9 [ 316.250125][T19358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 316.269571][T19358] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 316.277817][T19358] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 316.285626][T19358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 316.293438][T19358] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 316.301250][T19358] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 316.309432][T19358] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 316.317401][T19358] 22:26:19 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) r3 = syz_clone(0x10000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)="bec233e7c7e9f4c8aa26ee26c376af9f616883d2") perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000001000), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x2b94}, r3, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000b40)={0x3, 0x80, 0x1, 0x6, 0xff, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000ac0), 0x1}, 0x800, 0x2, 0x2305, 0x1, 0x2, 0x9, 0x1ff, 0x0, 0x7fffffff, 0x0, 0xa0d}, r3, 0x0, r0, 0xa) (async) socketpair(0x2, 0x3, 0x0, &(0x7f0000000b00)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r4, &(0x7f0000000780)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000002c0)=""/226, 0xe2}, {&(0x7f00000003c0)=""/180, 0xb4}, {&(0x7f0000000800)=""/178, 0xb2}, {&(0x7f0000000540)=""/187, 0xbb}, {&(0x7f0000000600)=""/147, 0x93}], 0x5, &(0x7f00000007c0)=""/28, 0x1c}, 0x40000040) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x8) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={r0, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0], 0x0, 0x90, &(0x7f0000000480)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x2c, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) (async) r6 = openat$cgroup_ro(r0, &(0x7f0000000a00)='cpuacct.usage_sys\x00', 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x81, '\x00', r5, r6, 0x0, 0x4, 0x4}, 0x48) ioctl$TUNSETLINK(r0, 0x400454cd, 0xfffe) 22:26:19 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) [ 316.423384][T19366] FAULT_INJECTION: forcing a failure. [ 316.423384][T19366] name failslab, interval 1, probability 0, space 0, times 0 [ 316.446867][T19366] CPU: 0 PID: 19366 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 316.457041][T19366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 316.466933][T19366] Call Trace: [ 316.470057][T19366] [ 316.472836][T19366] dump_stack_lvl+0x151/0x1b7 [ 316.477350][T19366] ? io_uring_drop_tctx_refs+0x190/0x190 [ 316.482819][T19366] dump_stack+0x15/0x17 [ 316.486810][T19366] should_fail+0x3c6/0x510 [ 316.491069][T19366] __should_failslab+0xa4/0xe0 [ 316.495661][T19366] should_failslab+0x9/0x20 [ 316.500008][T19366] slab_pre_alloc_hook+0x37/0xd0 [ 316.504797][T19366] __kmalloc+0x6d/0x270 [ 316.508767][T19366] ? security_prepare_creds+0x4d/0x140 [ 316.514060][T19366] security_prepare_creds+0x4d/0x140 [ 316.519450][T19366] prepare_creds+0x472/0x6a0 [ 316.523848][T19366] copy_creds+0xf0/0x630 [ 316.527926][T19366] ? dup_task_struct+0x7e6/0xc60 [ 316.532798][T19366] copy_process+0x7c3/0x3290 [ 316.537216][T19366] ? __kasan_check_write+0x14/0x20 [ 316.542300][T19366] ? proc_fail_nth_write+0x20b/0x290 [ 316.547432][T19366] ? selinux_file_permission+0x2c4/0x570 [ 316.552884][T19366] ? fsnotify_perm+0x6a/0x5d0 [ 316.557517][T19366] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 316.562459][T19366] ? vfs_write+0x9ec/0x1110 [ 316.566801][T19366] kernel_clone+0x21e/0x9e0 [ 316.571137][T19366] ? file_end_write+0x1c0/0x1c0 [ 316.575840][T19366] ? create_io_thread+0x1e0/0x1e0 [ 316.580685][T19366] ? mutex_unlock+0xb2/0x260 [ 316.585114][T19366] ? __mutex_lock_slowpath+0x10/0x10 [ 316.590234][T19366] __x64_sys_clone+0x23f/0x290 [ 316.594839][T19366] ? __do_sys_vfork+0x130/0x130 [ 316.599522][T19366] ? ksys_write+0x260/0x2c0 [ 316.603860][T19366] ? debug_smp_processor_id+0x17/0x20 [ 316.609066][T19366] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 316.614977][T19366] ? exit_to_user_mode_prepare+0x39/0xa0 [ 316.620463][T19366] do_syscall_64+0x3d/0xb0 [ 316.624688][T19366] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 316.630418][T19366] RIP: 0033:0x7f8118545da9 [ 316.634671][T19366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 316.654114][T19366] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 316.662355][T19366] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x3ff, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001d00)={{r0, 0xffffffffffffffff}, &(0x7f0000001c80), &(0x7f0000001cc0)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000001d80)={0xa, 0x12, &(0x7f0000001ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000880)='syzkaller\x00', 0x6, 0x72, &(0x7f0000001b80)=""/114, 0x41100, 0xc, '\x00', 0x0, 0x12, r0, 0x8, &(0x7f0000001c00)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001c40)={0x4, 0x8, 0x400, 0x4}, 0x10, 0x0, r0, 0x0, &(0x7f0000001d40)=[r0, r2, 0x1, r1], 0x0, 0x10, 0x7ff}, 0x90) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x126, 0x126, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3}}, @volatile={0x4, 0x0, 0x0, 0x9, 0x2}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0xc, 0x4}, {0xc, 0x5}, {0x7, 0x5}, {0xd, 0x4}, {0x9, 0x3}, {0x9, 0x3}, {0xe, 0x4}]}, @fwd={0x1}, @datasec={0xa, 0x9, 0x0, 0xf, 0x2, [{0x5, 0xffff, 0x6}, {0x0, 0x5, 0x3ff}, {0x4, 0x5, 0xa330}, {0x3, 0x9, 0x200000}, {0x4, 0x401, 0x6}, {0x1, 0x9, 0x1}, {0x4, 0x0, 0x8000}, {0x2, 0x7fffffff, 0x2}, {0x4, 0x0, 0x401}], "59d1"}, @func={0xc, 0x0, 0x0, 0xc, 0x4}, @volatile={0xc}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x57, 0x0, 0x6c, 0x1}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x19, 0x0, 0x3e}]}, {0x0, [0x5f, 0x30]}}, &(0x7f0000000500)=""/175, 0x144, 0xaf, 0x1, 0x3}, 0x20) recvmsg$unix(r0, &(0x7f0000000840)={&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000940)=""/140, 0x8c}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/164, 0xa4}], 0x3}, 0x40000120) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x7ff, 0x84, &(0x7f0000000240)=""/132, 0x41100, 0x40, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000005c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x0, 0x3, 0xf, 0x7}, {0x5, 0x3, 0x3, 0x9}], 0x10, 0x1000}, 0x90) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000008c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x800}, 0x100020, 0x0, 0x0, 0x2, 0x4, 0x0, 0x401, 0x0, 0x0, 0x0, 0xd4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x660c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) (async) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) (async) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x3ff, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001d00)={{r0}, &(0x7f0000001c80), &(0x7f0000001cc0)='%pS \x00'}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001d80)={0xa, 0x12, &(0x7f0000001ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000880)='syzkaller\x00', 0x6, 0x72, &(0x7f0000001b80)=""/114, 0x41100, 0xc, '\x00', 0x0, 0x12, r0, 0x8, &(0x7f0000001c00)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001c40)={0x4, 0x8, 0x400, 0x4}, 0x10, 0x0, r0, 0x0, &(0x7f0000001d40)=[r0, r2, 0x1, r1], 0x0, 0x10, 0x7ff}, 0x90) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x126, 0x126, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3}}, @volatile={0x4, 0x0, 0x0, 0x9, 0x2}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0xc, 0x4}, {0xc, 0x5}, {0x7, 0x5}, {0xd, 0x4}, {0x9, 0x3}, {0x9, 0x3}, {0xe, 0x4}]}, @fwd={0x1}, @datasec={0xa, 0x9, 0x0, 0xf, 0x2, [{0x5, 0xffff, 0x6}, {0x0, 0x5, 0x3ff}, {0x4, 0x5, 0xa330}, {0x3, 0x9, 0x200000}, {0x4, 0x401, 0x6}, {0x1, 0x9, 0x1}, {0x4, 0x0, 0x8000}, {0x2, 0x7fffffff, 0x2}, {0x4, 0x0, 0x401}], "59d1"}, @func={0xc, 0x0, 0x0, 0xc, 0x4}, @volatile={0xc}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x57, 0x0, 0x6c, 0x1}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x19, 0x0, 0x3e}]}, {0x0, [0x5f, 0x30]}}, &(0x7f0000000500)=""/175, 0x144, 0xaf, 0x1, 0x3}, 0x20) (async) recvmsg$unix(r0, &(0x7f0000000840)={&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000940)=""/140, 0x8c}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/164, 0xa4}], 0x3}, 0x40000120) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x7ff, 0x84, &(0x7f0000000240)=""/132, 0x41100, 0x40, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000005c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x0, 0x3, 0xf, 0x7}, {0x5, 0x3, 0x3, 0x9}], 0x10, 0x1000}, 0x90) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f00000008c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x800}, 0x100020, 0x0, 0x0, 0x2, 0x4, 0x0, 0x401, 0x0, 0x0, 0x0, 0xd4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x660c, 0x0) (async) 22:26:19 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x4010, r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) (async) r4 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000), 0xfdef) (async) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$cgroup_ro(r6, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={r7, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000840)=[0x0], 0x0, 0x8, &(0x7f0000000880)=[{}], 0x8, 0x10, &(0x7f00000008c0), &(0x7f0000000900), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000940)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000500)=ANY=[@ANYRES16=r4], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41100, 0x0, '\x00', r9, 0x2e, r6, 0x8, &(0x7f0000000b00)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000001c40)=[r8, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c80)=[{0xfffffffc, 0x3, 0x8, 0xa}], 0x10, 0x3}, 0x90) openat$cgroup_ro(r6, &(0x7f0000000540)='freezer.state\x00', 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r11 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x6}, 0x0, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r11, 0x40082404, &(0x7f0000000440)=0x83) r12 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x7844, 0x8, 0x3, 0xd00, r12, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) (async) recvmsg$unix(r12, &(0x7f0000000640)={&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000580)=""/80, 0x50}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000028002428000000000001000000000000", @ANYRES32, @ANYRES32, @ANYRES32=r11, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r12, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00010000001880aef9f4ddeadbbf480943e4e6dec03788cc218eb252614c71c0ee68df6d8b92edef6fb59ff13401796971c3f932b57c49ff28cac3f4e4803f80977a4ee331272c08ce3779b88ae87e5848d6f646cee221dce54fb46ec69aa3ecfbf59bb9299df9f33f067fd093fb59de1985a2b751d907c9f26314f94981e06928d0d1c4bf3b32d4004588ea23ab016814ac7f7f0231f67d6b73f6900a8fdb66b20f28d0010ac7e4883969", @ANYRES32, @ANYBLOB="3789464570c5688f3e52d3773700005200"], 0x98}, 0x40010061) (async) write$cgroup_int(r12, &(0x7f0000000240)=0x401, 0x12) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x2c, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@jmp={0x5, 0x0, 0x1, 0x7, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @tail_call, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @map_fd={0x18, 0x8, 0x1, 0x0, r6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x400, 0xb4, &(0x7f0000000380)=""/180, 0x41000, 0x0, '\x00', r10, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x8, &(0x7f0000000780)=[r12, r13], &(0x7f00000007c0)=[{0x3, 0x3, 0xd}, {0x0, 0x1, 0x5}, {0x2, 0x4, 0x9, 0x2}, {0x0, 0x5, 0x0, 0xb}, {0x2, 0x3, 0xc, 0x5}, {0x5, 0x4, 0xb}, {0x5, 0x5, 0x6, 0x4}, {0x5, 0x5, 0xd, 0xb}], 0x10, 0xd1}, 0x90) [ 316.670167][T19366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 316.677976][T19366] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 316.685789][T19366] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 316.693600][T19366] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 316.701420][T19366] 22:26:20 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001840)={r1, 0xffffffffffffffff, 0x0, 0x1b, &(0x7f0000000840)='blkio.bfq.io_service_bytes\x00'}, 0x30) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x4, 0x1, 0x9, 0x0, 0x9, 0x17c849ab696a7bd1, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, @perf_config_ext={0x1f, 0x4}, 0x4200, 0x5754, 0x0, 0x5, 0x20, 0x4, 0x400, 0x0, 0x1099, 0x0, 0xfff}, r1, 0x5, r0, 0x8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='fsi_master_gpio_poll_response_busy\x00', r3}, 0x10) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:20 executing program 0: syz_clone(0x44040100, 0x0, 0x700000, 0x0, 0x0, 0x0) 22:26:20 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 22:26:20 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001840)={r1, 0xffffffffffffffff, 0x0, 0x1b, &(0x7f0000000840)='blkio.bfq.io_service_bytes\x00'}, 0x30) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x4, 0x1, 0x9, 0x0, 0x9, 0x17c849ab696a7bd1, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, @perf_config_ext={0x1f, 0x4}, 0x4200, 0x5754, 0x0, 0x5, 0x20, 0x4, 0x400, 0x0, 0x1099, 0x0, 0xfff}, r1, 0x5, r0, 0x8) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='fsi_master_gpio_poll_response_busy\x00', r3}, 0x10) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001840)={r1, 0xffffffffffffffff, 0x0, 0x1b, &(0x7f0000000840)='blkio.bfq.io_service_bytes\x00'}, 0x30) (async) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x4, 0x1, 0x9, 0x0, 0x9, 0x17c849ab696a7bd1, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, @perf_config_ext={0x1f, 0x4}, 0x4200, 0x5754, 0x0, 0x5, 0x20, 0x4, 0x400, 0x0, 0x1099, 0x0, 0xfff}, r1, 0x5, r0, 0x8) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='fsi_master_gpio_poll_response_busy\x00', r3}, 0x10) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) 22:26:20 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x3ff, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48) (async, rerun: 32) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001d00)={{r0, 0xffffffffffffffff}, &(0x7f0000001c80), &(0x7f0000001cc0)='%pS \x00'}, 0x20) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000001d80)={0xa, 0x12, &(0x7f0000001ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000880)='syzkaller\x00', 0x6, 0x72, &(0x7f0000001b80)=""/114, 0x41100, 0xc, '\x00', 0x0, 0x12, r0, 0x8, &(0x7f0000001c00)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001c40)={0x4, 0x8, 0x400, 0x4}, 0x10, 0x0, r0, 0x0, &(0x7f0000001d40)=[r0, r2, 0x1, r1], 0x0, 0x10, 0x7ff}, 0x90) (async) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x126, 0x126, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3}}, @volatile={0x4, 0x0, 0x0, 0x9, 0x2}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0xc, 0x4}, {0xc, 0x5}, {0x7, 0x5}, {0xd, 0x4}, {0x9, 0x3}, {0x9, 0x3}, {0xe, 0x4}]}, @fwd={0x1}, @datasec={0xa, 0x9, 0x0, 0xf, 0x2, [{0x5, 0xffff, 0x6}, {0x0, 0x5, 0x3ff}, {0x4, 0x5, 0xa330}, {0x3, 0x9, 0x200000}, {0x4, 0x401, 0x6}, {0x1, 0x9, 0x1}, {0x4, 0x0, 0x8000}, {0x2, 0x7fffffff, 0x2}, {0x4, 0x0, 0x401}], "59d1"}, @func={0xc, 0x0, 0x0, 0xc, 0x4}, @volatile={0xc}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x57, 0x0, 0x6c, 0x1}, @int={0x9, 0x0, 0x0, 0x1, 0x0, 0x19, 0x0, 0x3e}]}, {0x0, [0x5f, 0x30]}}, &(0x7f0000000500)=""/175, 0x144, 0xaf, 0x1, 0x3}, 0x20) recvmsg$unix(r0, &(0x7f0000000840)={&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000940)=""/140, 0x8c}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/164, 0xa4}], 0x3}, 0x40000120) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x7ff, 0x84, &(0x7f0000000240)=""/132, 0x41100, 0x40, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000005c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x0, 0x3, 0xf, 0x7}, {0x5, 0x3, 0x3, 0x9}], 0x10, 0x1000}, 0x90) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 32) perf_event_open(&(0x7f00000008c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x800}, 0x100020, 0x0, 0x0, 0x2, 0x4, 0x0, 0x401, 0x0, 0x0, 0x0, 0xd4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async, rerun: 32) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x660c, 0x0) [ 317.104806][T19415] FAULT_INJECTION: forcing a failure. [ 317.104806][T19415] name failslab, interval 1, probability 0, space 0, times 0 [ 317.144232][T19415] CPU: 0 PID: 19415 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 317.154494][T19415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 317.164493][T19415] Call Trace: [ 317.167606][T19415] [ 317.170389][T19415] dump_stack_lvl+0x151/0x1b7 [ 317.174910][T19415] ? io_uring_drop_tctx_refs+0x190/0x190 [ 317.180364][T19415] ? avc_denied+0x1b0/0x1b0 [ 317.184704][T19415] dump_stack+0x15/0x17 [ 317.188697][T19415] should_fail+0x3c6/0x510 [ 317.192952][T19415] __should_failslab+0xa4/0xe0 [ 317.197551][T19415] ? vm_area_dup+0x26/0x230 [ 317.201898][T19415] should_failslab+0x9/0x20 [ 317.206227][T19415] slab_pre_alloc_hook+0x37/0xd0 [ 317.211003][T19415] ? vm_area_dup+0x26/0x230 [ 317.215341][T19415] kmem_cache_alloc+0x44/0x200 [ 317.219943][T19415] vm_area_dup+0x26/0x230 [ 317.224111][T19415] copy_mm+0x9a1/0x13e0 [ 317.228104][T19415] ? copy_signal+0x610/0x610 [ 317.232528][T19415] ? __init_rwsem+0xd6/0x1c0 [ 317.236950][T19415] ? copy_signal+0x4e3/0x610 [ 317.241389][T19415] copy_process+0x1149/0x3290 [ 317.245894][T19415] ? proc_fail_nth_write+0x20b/0x290 [ 317.251014][T19415] ? fsnotify_perm+0x6a/0x5d0 [ 317.255529][T19415] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 317.260473][T19415] ? vfs_write+0x9ec/0x1110 [ 317.265296][T19415] kernel_clone+0x21e/0x9e0 [ 317.269632][T19415] ? file_end_write+0x1c0/0x1c0 [ 317.274323][T19415] ? create_io_thread+0x1e0/0x1e0 [ 317.279258][T19415] ? mutex_unlock+0xb2/0x260 [ 317.283692][T19415] ? __mutex_lock_slowpath+0x10/0x10 [ 317.288808][T19415] __x64_sys_clone+0x23f/0x290 [ 317.293407][T19415] ? __do_sys_vfork+0x130/0x130 [ 317.298094][T19415] ? ksys_write+0x260/0x2c0 [ 317.302436][T19415] ? debug_smp_processor_id+0x17/0x20 [ 317.307639][T19415] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 317.313577][T19415] ? exit_to_user_mode_prepare+0x39/0xa0 [ 317.319011][T19415] do_syscall_64+0x3d/0xb0 [ 317.323269][T19415] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 317.328990][T19415] RIP: 0033:0x7f8118545da9 [ 317.333252][T19415] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 317.352688][T19415] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 317.360929][T19415] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 317.368753][T19415] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 317.376643][T19415] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 317.384451][T19415] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 317.392262][T19415] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 317.400081][T19415] 22:26:20 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000d80)=ANY=[], 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair(0x2, 0xa, 0x5, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x20, 0x0, 0x0, 0x10000000000, 0x10000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x4}, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x4, 0xfffd}, 0x0, 0xbffffffffffffffb, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000880)={0x0, 0x80, 0x0, 0xff, 0xfd, 0x0, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000240), 0x1}, 0x4010, 0x7, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x0, 0x8000006, 0xffffffffffffffff, 0xb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x7, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xfffffff8}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x69}, @generic={0x6, 0x2, 0x8, 0x8, 0x5}]}, &(0x7f0000000380)='GPL\x00', 0x400, 0x13, &(0x7f0000000480)=""/19, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x0, 0xfff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x0, 0x2, 0xc, 0xc}, {0x4, 0x1, 0x6, 0x3}], 0x10, 0x2}, 0x90) r0 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8) r1 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000400)={0x0, 0x80, 0x7, 0x80, 0xe0, 0x5, 0x0, 0x0, 0x28080, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xb8, 0x1, @perf_config_ext={0x8}, 0x3a88, 0x80000000003, 0xa0000000, 0x1, 0x3fc, 0x6, 0x0, 0x0, 0x43, 0x0, 0x10000}, r2, 0xa, r1, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2, 0x5, 0x1f, 0xff, 0x0, 0x80000001, 0x20280, 0x9, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000000), 0x7}, 0x4000, 0x7f, 0x0, 0x2, 0x9, 0x6aa, 0x2, 0x0, 0x6, 0x0, 0x7}, r2, 0x2, r0, 0xa) r4 = perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x15a, 0xfffffffffffffffc, 0x101, 0x0, 0x0, 0x1}, r2, 0xb7ffffffffffffff, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f00000000c0)='.!)\x00') ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000280)=0x3) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2') socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8923, &(0x7f0000000680)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) (async, rerun: 32) r4 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000), 0xfdef) (async, rerun: 64) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (rerun: 64) r8 = openat$cgroup_ro(r6, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={r7, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000840)=[0x0], 0x0, 0x8, &(0x7f0000000880)=[{}], 0x8, 0x10, &(0x7f00000008c0), &(0x7f0000000900), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000940)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000500)=ANY=[@ANYRES16=r4], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41100, 0x0, '\x00', r9, 0x2e, r6, 0x8, &(0x7f0000000b00)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000001c40)=[r8, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001c80)=[{0xfffffffc, 0x3, 0x8, 0xa}], 0x10, 0x3}, 0x90) (async, rerun: 64) openat$cgroup_ro(r6, &(0x7f0000000540)='freezer.state\x00', 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r11 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x6}, 0x0, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r11, 0x40082404, &(0x7f0000000440)=0x83) r12 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x7844, 0x8, 0x3, 0xd00, r12, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x2}, 0x48) (async) recvmsg$unix(r12, &(0x7f0000000640)={&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000580)=""/80, 0x50}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000028002428000000000001000000000000", @ANYRES32, @ANYRES32, @ANYRES32=r11, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r12, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00010000001880aef9f4ddeadbbf480943e4e6dec03788cc218eb252614c71c0ee68df6d8b92edef6fb59ff13401796971c3f932b57c49ff28cac3f4e4803f80977a4ee331272c08ce3779b88ae87e5848d6f646cee221dce54fb46ec69aa3ecfbf59bb9299df9f33f067fd093fb59de1985a2b751d907c9f26314f94981e06928d0d1c4bf3b32d4004588ea23ab016814ac7f7f0231f67d6b73f6900a8fdb66b20f28d0010ac7e4883969", @ANYRES32, @ANYBLOB="3789464570c5688f3e52d3773700005200"], 0x98}, 0x40010061) (async) write$cgroup_int(r12, &(0x7f0000000240)=0x401, 0x12) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x2c, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@jmp={0x5, 0x0, 0x1, 0x7, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @tail_call, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @map_fd={0x18, 0x8, 0x1, 0x0, r6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x400, 0xb4, &(0x7f0000000380)=""/180, 0x41000, 0x0, '\x00', r10, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x8, &(0x7f0000000780)=[r12, r13], &(0x7f00000007c0)=[{0x3, 0x3, 0xd}, {0x0, 0x1, 0x5}, {0x2, 0x4, 0x9, 0x2}, {0x0, 0x5, 0x0, 0xb}, {0x2, 0x3, 0xc, 0x5}, {0x5, 0x4, 0xb}, {0x5, 0x5, 0x6, 0x4}, {0x5, 0x5, 0xd, 0xb}], 0x10, 0xd1}, 0x90) [ 317.544676][T19426] Y­4`Ò˜: renamed from lo 22:26:21 executing program 0: syz_clone(0x44040100, 0x0, 0xc002a0, 0x0, 0x0, 0x0) 22:26:21 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) [ 318.015658][T19441] FAULT_INJECTION: forcing a failure. [ 318.015658][T19441] name failslab, interval 1, probability 0, space 0, times 0 [ 318.070168][T19441] CPU: 0 PID: 19441 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 318.080327][T19441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 318.090222][T19441] Call Trace: [ 318.093346][T19441] [ 318.096128][T19441] dump_stack_lvl+0x151/0x1b7 [ 318.100644][T19441] ? io_uring_drop_tctx_refs+0x190/0x190 [ 318.106195][T19441] dump_stack+0x15/0x17 [ 318.110184][T19441] should_fail+0x3c6/0x510 [ 318.114445][T19441] __should_failslab+0xa4/0xe0 [ 318.119036][T19441] should_failslab+0x9/0x20 [ 318.123375][T19441] slab_pre_alloc_hook+0x37/0xd0 [ 318.128149][T19441] kmem_cache_alloc_trace+0x48/0x210 [ 318.133272][T19441] ? alloc_fdtable+0xaf/0x2a0 [ 318.137870][T19441] alloc_fdtable+0xaf/0x2a0 [ 318.142209][T19441] dup_fd+0x759/0xb00 [ 318.146029][T19441] ? avc_has_perm+0x16f/0x260 [ 318.150554][T19441] copy_files+0xe6/0x200 [ 318.154627][T19441] ? perf_event_attrs+0x30/0x30 [ 318.159307][T19441] ? dup_task_struct+0xc60/0xc60 [ 318.164091][T19441] ? security_task_alloc+0xf9/0x130 [ 318.169117][T19441] copy_process+0x1080/0x3290 [ 318.173627][T19441] ? proc_fail_nth_write+0x20b/0x290 [ 318.178749][T19441] ? fsnotify_perm+0x6a/0x5d0 [ 318.183262][T19441] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 318.188209][T19441] ? vfs_write+0x9ec/0x1110 [ 318.192557][T19441] kernel_clone+0x21e/0x9e0 [ 318.196891][T19441] ? file_end_write+0x1c0/0x1c0 [ 318.201583][T19441] ? create_io_thread+0x1e0/0x1e0 [ 318.206436][T19441] ? mutex_unlock+0xb2/0x260 [ 318.210871][T19441] ? __mutex_lock_slowpath+0x10/0x10 [ 318.215986][T19441] __x64_sys_clone+0x23f/0x290 [ 318.220588][T19441] ? __do_sys_vfork+0x130/0x130 [ 318.225285][T19441] ? ksys_write+0x260/0x2c0 [ 318.229616][T19441] ? debug_smp_processor_id+0x17/0x20 [ 318.234818][T19441] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 318.240721][T19441] ? exit_to_user_mode_prepare+0x39/0xa0 [ 318.246194][T19441] do_syscall_64+0x3d/0xb0 [ 318.250441][T19441] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 318.256165][T19441] RIP: 0033:0x7f8118545da9 [ 318.260424][T19441] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 318.279871][T19441] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 318.288199][T19441] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 318.300348][T19441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 318.308153][T19441] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:21 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000d80)=ANY=[], 0xfdef) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair(0x2, 0xa, 0x5, &(0x7f0000000080)) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x20, 0x0, 0x0, 0x10000000000, 0x10000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x4}, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x4, 0xfffd}, 0x0, 0xbffffffffffffffb, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000880)={0x0, 0x80, 0x0, 0xff, 0xfd, 0x0, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000240), 0x1}, 0x4010, 0x7, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x0, 0x8000006, 0xffffffffffffffff, 0xb) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x7, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xfffffff8}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x69}, @generic={0x6, 0x2, 0x8, 0x8, 0x5}]}, &(0x7f0000000380)='GPL\x00', 0x400, 0x13, &(0x7f0000000480)=""/19, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x0, 0xfff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x0, 0x2, 0xc, 0xc}, {0x4, 0x1, 0x6, 0x3}], 0x10, 0x2}, 0x90) r0 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8) (async) r1 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r2 = getpid() perf_event_open(&(0x7f0000000400)={0x0, 0x80, 0x7, 0x80, 0xe0, 0x5, 0x0, 0x0, 0x28080, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xb8, 0x1, @perf_config_ext={0x8}, 0x3a88, 0x80000000003, 0xa0000000, 0x1, 0x3fc, 0x6, 0x0, 0x0, 0x43, 0x0, 0x10000}, r2, 0xa, r1, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2, 0x5, 0x1f, 0xff, 0x0, 0x80000001, 0x20280, 0x9, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000000), 0x7}, 0x4000, 0x7f, 0x0, 0x2, 0x9, 0x6aa, 0x2, 0x0, 0x6, 0x0, 0x7}, r2, 0x2, r0, 0xa) r4 = perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x15a, 0xfffffffffffffffc, 0x101, 0x0, 0x0, 0x1}, r2, 0xb7ffffffffffffff, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f00000000c0)='.!)\x00') (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000280)=0x3) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2') socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8923, &(0x7f0000000680)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5 22:26:21 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x68e7, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000005c0)={0xffffffffffffffff, 0xb4d2}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x13, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x200}, [@cb_func={0x18, 0xb, 0x4, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0xc8}, @exit, @generic={0x1f, 0x1, 0x4, 0x1, 0x9}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x7, 0x1, 0x9, 0x3, 0x0, 0x50, 0xffffffffffffffe8}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x19}]}, &(0x7f0000000300)='syzkaller\x00', 0xffff2358, 0x8c, &(0x7f0000000380)=""/140, 0x41100, 0x38, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000004c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0xc, 0x80000001, 0x3}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000600)=[r3, r4], &(0x7f0000000640)=[{0x4, 0x2, 0x10, 0x1}, {0x4, 0x5, 0xb, 0x2}, {0x0, 0x4, 0xe, 0xb}], 0x10, 0x7fffffff}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0], 0x0, 0xe7, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0xd2, 0x8, 0x8, &(0x7f0000000bc0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x19, 0x1b, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000900)='GPL\x00', 0x9, 0xdc, &(0x7f0000000940)=""/220, 0x40f00, 0x20, '\x00', r6, 0x15, r2, 0x8, &(0x7f0000000d40)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000d80)={0x0, 0xa, 0x341, 0x80}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000dc0)=[r1, r4, r3, r4], &(0x7f0000000e00)=[{0x1, 0x1, 0xd, 0x7}], 0x10, 0xffff}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:21 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) (async) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x68e7, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) (async, rerun: 64) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000005c0)={0xffffffffffffffff, 0xb4d2}, 0xc) (rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x13, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x200}, [@cb_func={0x18, 0xb, 0x4, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0xc8}, @exit, @generic={0x1f, 0x1, 0x4, 0x1, 0x9}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x7, 0x1, 0x9, 0x3, 0x0, 0x50, 0xffffffffffffffe8}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x19}]}, &(0x7f0000000300)='syzkaller\x00', 0xffff2358, 0x8c, &(0x7f0000000380)=""/140, 0x41100, 0x38, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000004c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0xc, 0x80000001, 0x3}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000600)=[r3, r4], &(0x7f0000000640)=[{0x4, 0x2, 0x10, 0x1}, {0x4, 0x5, 0xb, 0x2}, {0x0, 0x4, 0xe, 0xb}], 0x10, 0x7fffffff}, 0x90) (async, rerun: 32) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r0}, 0x20) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0], 0x0, 0xe7, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0xd2, 0x8, 0x8, &(0x7f0000000bc0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x19, 0x1b, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000900)='GPL\x00', 0x9, 0xdc, &(0x7f0000000940)=""/220, 0x40f00, 0x20, '\x00', r6, 0x15, r2, 0x8, &(0x7f0000000d40)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000d80)={0x0, 0xa, 0x341, 0x80}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000dc0)=[r1, r4, r3, r4], &(0x7f0000000e00)=[{0x1, 0x1, 0xd, 0x7}], 0x10, 0xffff}, 0x90) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:21 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x68e7, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) (async) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x68e7, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000005c0)={0xffffffffffffffff, 0xb4d2}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x13, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x200}, [@cb_func={0x18, 0xb, 0x4, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0xc8}, @exit, @generic={0x1f, 0x1, 0x4, 0x1, 0x9}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x7, 0x1, 0x9, 0x3, 0x0, 0x50, 0xffffffffffffffe8}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x19}]}, &(0x7f0000000300)='syzkaller\x00', 0xffff2358, 0x8c, &(0x7f0000000380)=""/140, 0x41100, 0x38, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000004c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0xc, 0x80000001, 0x3}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000600)=[r3, r4], &(0x7f0000000640)=[{0x4, 0x2, 0x10, 0x1}, {0x4, 0x5, 0xb, 0x2}, {0x0, 0x4, 0xe, 0xb}], 0x10, 0x7fffffff}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r0, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0], 0x0, 0xe7, &(0x7f0000000b00)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0xd2, 0x8, 0x8, &(0x7f0000000bc0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x19, 0x1b, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1ff}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000900)='GPL\x00', 0x9, 0xdc, &(0x7f0000000940)=""/220, 0x40f00, 0x20, '\x00', r6, 0x15, r2, 0x8, &(0x7f0000000d40)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000d80)={0x0, 0xa, 0x341, 0x80}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000dc0)=[r1, r4, r3, r4], &(0x7f0000000e00)=[{0x1, 0x1, 0xd, 0x7}], 0x10, 0xffff}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:21 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001840)={r1, 0xffffffffffffffff, 0x0, 0x1b, &(0x7f0000000840)='blkio.bfq.io_service_bytes\x00'}, 0x30) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x4, 0x1, 0x9, 0x0, 0x9, 0x17c849ab696a7bd1, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, @perf_config_ext={0x1f, 0x4}, 0x4200, 0x5754, 0x0, 0x5, 0x20, 0x4, 0x400, 0x0, 0x1099, 0x0, 0xfff}, r1, 0x5, r0, 0x8) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) (async, rerun: 64) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='fsi_master_gpio_poll_response_busy\x00', r3}, 0x10) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:21 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r1) 22:26:21 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r1) 22:26:21 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r1) (async) 22:26:21 executing program 1: r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="a0559ec4f828000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000180)=0x4402) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, 0x0}, 0x8) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, r0, 0x1, 0x2, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x17, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x3f}, [@call={0x85, 0x0, 0x0, 0x80}, @ldst={0x3, 0x1, 0x17895e538daa5db7, 0xa, 0x0, 0x20, 0x10}, @ldst={0x3, 0x1, 0x6, 0x3, 0xb, 0x20, 0x10}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x7, 0x1, 0xc, 0x9, 0x6, 0xfffffffffffffff8, 0x4}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100}}, @alu={0x7, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0xfffffbff}, @exit]}, &(0x7f00000001c0)='GPL\x00', 0x200, 0x0, &(0x7f0000000300), 0x100, 0x9, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x5, 0xe, 0x828, 0x9}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r5], 0x0, 0x10, 0x9}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0xa, 0x6, 0x44cd, &(0x7f0000000080)) 22:26:21 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) [ 318.662962][T19479] FAULT_INJECTION: forcing a failure. [ 318.662962][T19479] name failslab, interval 1, probability 0, space 0, times 0 [ 318.697708][T19479] CPU: 1 PID: 19479 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 22:26:21 executing program 0: syz_clone(0x44040100, 0x0, 0xf0ff1f, 0x0, 0x0, 0x0) [ 318.707869][T19479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 318.717774][T19479] Call Trace: [ 318.720881][T19479] [ 318.723660][T19479] dump_stack_lvl+0x151/0x1b7 [ 318.728527][T19479] ? io_uring_drop_tctx_refs+0x190/0x190 [ 318.733996][T19479] ? __kasan_kmalloc+0x9/0x10 [ 318.738501][T19479] ? alloc_fdtable+0xaf/0x2a0 [ 318.743015][T19479] ? dup_fd+0x759/0xb00 [ 318.747006][T19479] ? copy_files+0xe6/0x200 [ 318.751260][T19479] ? kernel_clone+0x21e/0x9e0 [ 318.755849][T19479] ? __x64_sys_clone+0x23f/0x290 [ 318.760806][T19479] ? do_syscall_64+0x3d/0xb0 [ 318.765578][T19479] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 318.771485][T19479] dump_stack+0x15/0x17 [ 318.775475][T19479] should_fail+0x3c6/0x510 [ 318.779730][T19479] __should_failslab+0xa4/0xe0 [ 318.784331][T19479] should_failslab+0x9/0x20 [ 318.788665][T19479] slab_pre_alloc_hook+0x37/0xd0 [ 318.793441][T19479] __kmalloc+0x6d/0x270 [ 318.797431][T19479] ? kvmalloc_node+0x1f0/0x4d0 [ 318.802032][T19479] kvmalloc_node+0x1f0/0x4d0 [ 318.806458][T19479] ? vm_mmap+0xb0/0xb0 [ 318.810365][T19479] ? __kasan_kmalloc+0x9/0x10 [ 318.814877][T19479] ? kmem_cache_alloc_trace+0x115/0x210 [ 318.820264][T19479] ? alloc_fdtable+0xaf/0x2a0 [ 318.824771][T19479] alloc_fdtable+0xeb/0x2a0 [ 318.829111][T19479] dup_fd+0x759/0xb00 [ 318.832928][T19479] ? avc_has_perm+0x16f/0x260 [ 318.837449][T19479] copy_files+0xe6/0x200 [ 318.841523][T19479] ? perf_event_attrs+0x30/0x30 [ 318.846208][T19479] ? dup_task_struct+0xc60/0xc60 [ 318.850987][T19479] ? security_task_alloc+0xf9/0x130 [ 318.856016][T19479] copy_process+0x1080/0x3290 [ 318.860566][T19479] ? proc_fail_nth_write+0x20b/0x290 [ 318.866084][T19479] ? fsnotify_perm+0x6a/0x5d0 [ 318.870599][T19479] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 318.875551][T19479] ? vfs_write+0x9ec/0x1110 [ 318.879949][T19479] kernel_clone+0x21e/0x9e0 [ 318.884222][T19479] ? file_end_write+0x1c0/0x1c0 [ 318.888909][T19479] ? create_io_thread+0x1e0/0x1e0 [ 318.893769][T19479] ? mutex_unlock+0xb2/0x260 [ 318.898198][T19479] ? __mutex_lock_slowpath+0x10/0x10 [ 318.903319][T19479] __x64_sys_clone+0x23f/0x290 [ 318.907920][T19479] ? __do_sys_vfork+0x130/0x130 [ 318.912606][T19479] ? ksys_write+0x260/0x2c0 [ 318.916944][T19479] ? debug_smp_processor_id+0x17/0x20 [ 318.922151][T19479] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 318.928057][T19479] ? exit_to_user_mode_prepare+0x39/0xa0 [ 318.933534][T19479] do_syscall_64+0x3d/0xb0 [ 318.938826][T19479] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 318.944716][T19479] RIP: 0033:0x7f8118545da9 [ 318.948973][T19479] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 318.968412][T19479] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 318.976660][T19479] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 318.984470][T19479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 318.992286][T19479] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 319.000277][T19479] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 319.008077][T19479] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 319.015891][T19479] 22:26:22 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:22 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 22:26:22 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000d80)=ANY=[], 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) socketpair(0x2, 0xa, 0x5, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x20, 0x0, 0x0, 0x10000000000, 0x10000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x4}, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x4, 0xfffd}, 0x0, 0xbffffffffffffffb, 0xffffffffffffffff, 0x0) (async, rerun: 32) perf_event_open(&(0x7f0000000880)={0x0, 0x80, 0x0, 0xff, 0xfd, 0x0, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000240), 0x1}, 0x4010, 0x7, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x0, 0x8000006, 0xffffffffffffffff, 0xb) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x7, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xfffffff8}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x69}, @generic={0x6, 0x2, 0x8, 0x8, 0x5}]}, &(0x7f0000000380)='GPL\x00', 0x400, 0x13, &(0x7f0000000480)=""/19, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x0, 0xfff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x0, 0x2, 0xc, 0xc}, {0x4, 0x1, 0x6, 0x3}], 0x10, 0x2}, 0x90) r0 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8) r1 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000400)={0x0, 0x80, 0x7, 0x80, 0xe0, 0x5, 0x0, 0x0, 0x28080, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xb8, 0x1, @perf_config_ext={0x8}, 0x3a88, 0x80000000003, 0xa0000000, 0x1, 0x3fc, 0x6, 0x0, 0x0, 0x43, 0x0, 0x10000}, r2, 0xa, r1, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2, 0x5, 0x1f, 0xff, 0x0, 0x80000001, 0x20280, 0x9, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000000), 0x7}, 0x4000, 0x7f, 0x0, 0x2, 0x9, 0x6aa, 0x2, 0x0, 0x6, 0x0, 0x7}, r2, 0x2, r0, 0xa) r4 = perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x15a, 0xfffffffffffffffc, 0x101, 0x0, 0x0, 0x1}, r2, 0xb7ffffffffffffff, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f00000000c0)='.!)\x00') ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000280)=0x3) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2') (async, rerun: 64) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8923, &(0x7f0000000680)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5 [ 319.565445][T19506] dump_stack_lvl+0x151/0x1b7 [ 319.569956][T19506] ? io_uring_drop_tctx_refs+0x190/0x190 [ 319.575425][T19506] dump_stack+0x15/0x17 [ 319.579416][T19506] should_fail+0x3c6/0x510 [ 319.583671][T19506] __should_failslab+0xa4/0xe0 [ 319.588268][T19506] ? anon_vma_clone+0x9a/0x500 [ 319.592868][T19506] should_failslab+0x9/0x20 [ 319.597207][T19506] slab_pre_alloc_hook+0x37/0xd0 [ 319.601980][T19506] ? anon_vma_clone+0x9a/0x500 [ 319.606581][T19506] kmem_cache_alloc+0x44/0x200 [ 319.611531][T19506] anon_vma_clone+0x9a/0x500 [ 319.615955][T19506] anon_vma_fork+0x91/0x4e0 [ 319.620295][T19506] ? anon_vma_name+0x4c/0x70 [ 319.624721][T19506] ? vm_area_dup+0x17a/0x230 [ 319.629148][T19506] copy_mm+0xa3a/0x13e0 [ 319.633142][T19506] ? copy_signal+0x610/0x610 [ 319.637567][T19506] ? __init_rwsem+0xd6/0x1c0 [ 319.641991][T19506] ? copy_signal+0x4e3/0x610 [ 319.646433][T19506] copy_process+0x1149/0x3290 [ 319.650947][T19506] ? proc_fail_nth_write+0x20b/0x290 [ 319.656053][T19506] ? fsnotify_perm+0x6a/0x5d0 [ 319.660566][T19506] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 319.665949][T19506] ? vfs_write+0x9ec/0x1110 [ 319.670287][T19506] kernel_clone+0x21e/0x9e0 [ 319.674625][T19506] ? file_end_write+0x1c0/0x1c0 [ 319.679315][T19506] ? create_io_thread+0x1e0/0x1e0 [ 319.684171][T19506] ? mutex_unlock+0xb2/0x260 [ 319.688599][T19506] ? __mutex_lock_slowpath+0x10/0x10 [ 319.693722][T19506] __x64_sys_clone+0x23f/0x290 [ 319.698324][T19506] ? __do_sys_vfork+0x130/0x130 22:26:22 executing program 0: syz_clone(0x44040100, 0x0, 0x2000000, 0x0, 0x0, 0x0) [ 319.703012][T19506] ? ksys_write+0x260/0x2c0 [ 319.707353][T19506] ? debug_smp_processor_id+0x17/0x20 [ 319.712553][T19506] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 319.718458][T19506] ? exit_to_user_mode_prepare+0x39/0xa0 [ 319.723926][T19506] do_syscall_64+0x3d/0xb0 [ 319.728176][T19506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 319.733905][T19506] RIP: 0033:0x7f8118545da9 [ 319.738157][T19506] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 319.757604][T19506] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 319.765845][T19506] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 319.773658][T19506] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 319.781469][T19506] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 319.789292][T19506] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 319.797089][T19506] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 22:26:23 executing program 1: r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="a0559ec4f828000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x90) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000180)=0x4402) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) (async, rerun: 64) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, 0x0}, 0x8) (async, rerun: 64) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, r0, 0x1, 0x2, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x17, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x3f}, [@call={0x85, 0x0, 0x0, 0x80}, @ldst={0x3, 0x1, 0x17895e538daa5db7, 0xa, 0x0, 0x20, 0x10}, @ldst={0x3, 0x1, 0x6, 0x3, 0xb, 0x20, 0x10}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x7, 0x1, 0xc, 0x9, 0x6, 0xfffffffffffffff8, 0x4}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100}}, @alu={0x7, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0xfffffbff}, @exit]}, &(0x7f00000001c0)='GPL\x00', 0x200, 0x0, &(0x7f0000000300), 0x100, 0x9, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x5, 0xe, 0x828, 0x9}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r5], 0x0, 0x10, 0x9}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0xa, 0x6, 0x44cd, &(0x7f0000000080)) [ 319.804913][T19506] 22:26:23 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000012c0)='ns/cgroup\x00') r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5c6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719a0416b6a5ea47f3cd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219855624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582782105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa41063f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a624e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee31088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a5696cdcdd9d58dc8c8f7127cd047e0c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3615], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xffffffff}, 0x10, 0x0, r0}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x53}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f00000014c0)=ANY=[@ANYBLOB="2d626c6b690010000000000000656d6f"], 0x13) r3 = syz_clone(0x0, &(0x7f0000000580)="c5699f86574f848a556f1215001379bd6855ee564d82cbe61648fc0770e8c06f47f87a9c616f477d534a6882c1a99786bbd1bf9f7b0fd031ed8d618563b366867bb9d1b30c8f0d52b3c16d5b84ddcfd887e08f8384d1", 0x56, &(0x7f0000000440), 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c00)={r2, 0x58, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001000)=@o_path={&(0x7f0000000fc0)='./file0\x00', 0x0, 0x4008, r0}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000010c0)={0x6, 0x29, &(0x7f0000000d40)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x9}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x8}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x4, 0x0, 0xd, 0x7, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffe}], &(0x7f0000000a80)='syzkaller\x00', 0x1, 0xc7, &(0x7f0000000ac0)=""/199, 0x0, 0x69, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000f40)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000f80)={0x5, 0x10, 0x3, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001040)=[r2, r5, r2, r2, r2, r2], &(0x7f0000001080)=[{0x1, 0x5, 0xb, 0x5}, {0x3, 0x1, 0x10, 0xb}], 0x10, 0x5}, 0x90) perf_event_open(0x0, r3, 0xa, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x0, 0x202, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0xfffffffffffffffc) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)=0x3) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x401c5820, &(0x7f0000000000)=0x8000) write$cgroup_int(r8, 0x0, 0x0) close(r8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r7, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={r8, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000880)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8d, &(0x7f0000000900)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xe5, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x1, 0x11, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@map_idx={0x18, 0xb, 0x5, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000300)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xb, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000800)={0x2, 0x10, 0x200, 0x3}, 0x10, r9, r8, 0x2, 0x0, &(0x7f0000000b40)=[{0x2, 0x1, 0xa, 0xc}, {0x1, 0x5, 0x0, 0xa}], 0x10, 0x1}, 0x90) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r10, &(0x7f0000000200), 0x43400) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001200)={r7, 0xe0, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000400)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000c40)=[0x0, 0x0, 0x0], &(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xfb, &(0x7f0000000cc0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000d00), &(0x7f0000001180), 0x8, 0xef, 0x8, 0x8, &(0x7f00000011c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x1b, &(0x7f0000000600)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r6}, @generic={0x8, 0x4, 0x8, 0x1, 0xff6}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd5}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa33}}, @cb_func={0x18, 0x3}, @cb_func={0x18, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @btf_id={0x18, 0xd, 0x3, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}], &(0x7f0000000240)='GPL\x00', 0x80, 0x1, &(0x7f0000000280)=""/1, 0x41000, 0x47, '\x00', r4, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x10, 0x2, 0x2}, 0x10, r9, r1, 0x6, &(0x7f00000003c0)=[r5, r5, r2, r5, r10], &(0x7f0000000480)=[{0x2, 0x4, 0xd, 0x3}, {0x1, 0x4, 0x0, 0xb}, {0x1, 0x2, 0x2, 0x3}, {0x3, 0x5, 0x8, 0x8}, {0x2, 0x5, 0xb, 0xa}, {0x0, 0x4, 0xb, 0x1}], 0x10, 0x8f4}, 0x90) 22:26:23 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x3, 0xff, 0x4, 0xc20, r0, 0xfffffffb, '\x00', 0x0, r1, 0x0, 0x0, 0x3, 0xb}, 0x48) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:23 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 22:26:23 executing program 0: syz_clone(0x44040100, 0x0, 0x7000000, 0x0, 0x0, 0x0) [ 319.977917][T19522] FAULT_INJECTION: forcing a failure. [ 319.977917][T19522] name failslab, interval 1, probability 0, space 0, times 0 [ 320.032491][T19522] CPU: 1 PID: 19522 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 320.042665][T19522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 320.052560][T19522] Call Trace: [ 320.055692][T19522] [ 320.058456][T19522] dump_stack_lvl+0x151/0x1b7 [ 320.062971][T19522] ? io_uring_drop_tctx_refs+0x190/0x190 [ 320.068443][T19522] dump_stack+0x15/0x17 [ 320.072442][T19522] should_fail+0x3c6/0x510 [ 320.076693][T19522] __should_failslab+0xa4/0xe0 [ 320.081284][T19522] ? anon_vma_fork+0xf7/0x4e0 [ 320.085804][T19522] should_failslab+0x9/0x20 [ 320.090137][T19522] slab_pre_alloc_hook+0x37/0xd0 [ 320.094907][T19522] ? anon_vma_fork+0xf7/0x4e0 [ 320.099420][T19522] kmem_cache_alloc+0x44/0x200 [ 320.104025][T19522] anon_vma_fork+0xf7/0x4e0 [ 320.108361][T19522] ? anon_vma_name+0x4c/0x70 [ 320.112787][T19522] ? vm_area_dup+0x17a/0x230 [ 320.117215][T19522] copy_mm+0xa3a/0x13e0 [ 320.121211][T19522] ? copy_signal+0x610/0x610 [ 320.125633][T19522] ? __init_rwsem+0xd6/0x1c0 [ 320.130063][T19522] ? copy_signal+0x4e3/0x610 [ 320.134581][T19522] copy_process+0x1149/0x3290 [ 320.139103][T19522] ? proc_fail_nth_write+0x20b/0x290 [ 320.144221][T19522] ? fsnotify_perm+0x6a/0x5d0 [ 320.148733][T19522] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 320.153679][T19522] ? vfs_write+0x9ec/0x1110 [ 320.158194][T19522] kernel_clone+0x21e/0x9e0 [ 320.162532][T19522] ? file_end_write+0x1c0/0x1c0 [ 320.167216][T19522] ? create_io_thread+0x1e0/0x1e0 [ 320.172075][T19522] ? mutex_unlock+0xb2/0x260 [ 320.176505][T19522] ? __mutex_lock_slowpath+0x10/0x10 [ 320.181756][T19522] __x64_sys_clone+0x23f/0x290 [ 320.186341][T19522] ? __do_sys_vfork+0x130/0x130 [ 320.191023][T19522] ? ksys_write+0x260/0x2c0 [ 320.195364][T19522] ? debug_smp_processor_id+0x17/0x20 [ 320.200574][T19522] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 320.206569][T19522] ? exit_to_user_mode_prepare+0x39/0xa0 [ 320.212045][T19522] do_syscall_64+0x3d/0xb0 [ 320.216281][T19522] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 320.223580][T19522] RIP: 0033:0x7f8118545da9 [ 320.227831][T19522] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 320.247264][T19522] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 320.255510][T19522] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 320.263322][T19522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 320.271392][T19522] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 320.279217][T19522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 320.287015][T19522] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 320.294836][T19522] 22:26:23 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async, rerun: 32) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async, rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x3, 0xff, 0x4, 0xc20, r0, 0xfffffffb, '\x00', 0x0, r1, 0x0, 0x0, 0x3, 0xb}, 0x48) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:23 executing program 0: syz_clone(0x44040100, 0x0, 0x8000000, 0x0, 0x0, 0x0) 22:26:23 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x81, 0x5b, 0xff, 0x0, 0x100, 0x20000, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x0, 0x9}, 0x10000, 0x3, 0x8, 0x7, 0x0, 0x8347, 0x4, 0x0, 0x6, 0x0, 0x6}, 0x0, 0xb, r1, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:23 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 22:26:23 executing program 0: syz_clone(0x44040100, 0x0, 0x9000000, 0x0, 0x0, 0x0) [ 320.625172][T19543] FAULT_INJECTION: forcing a failure. [ 320.625172][T19543] name failslab, interval 1, probability 0, space 0, times 0 [ 320.638048][T19543] CPU: 1 PID: 19543 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 320.648200][T19543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 320.658184][T19543] Call Trace: [ 320.661302][T19543] [ 320.664123][T19543] dump_stack_lvl+0x151/0x1b7 [ 320.668596][T19543] ? io_uring_drop_tctx_refs+0x190/0x190 [ 320.674066][T19543] dump_stack+0x15/0x17 [ 320.678052][T19543] should_fail+0x3c6/0x510 [ 320.682308][T19543] __should_failslab+0xa4/0xe0 [ 320.686904][T19543] ? anon_vma_fork+0x1df/0x4e0 [ 320.691504][T19543] should_failslab+0x9/0x20 [ 320.695850][T19543] slab_pre_alloc_hook+0x37/0xd0 [ 320.700618][T19543] ? anon_vma_fork+0x1df/0x4e0 [ 320.705224][T19543] kmem_cache_alloc+0x44/0x200 [ 320.709821][T19543] anon_vma_fork+0x1df/0x4e0 [ 320.714244][T19543] copy_mm+0xa3a/0x13e0 [ 320.718241][T19543] ? copy_signal+0x610/0x610 [ 320.722662][T19543] ? __init_rwsem+0xd6/0x1c0 [ 320.727091][T19543] ? copy_signal+0x4e3/0x610 [ 320.731516][T19543] copy_process+0x1149/0x3290 [ 320.736030][T19543] ? proc_fail_nth_write+0x20b/0x290 [ 320.741149][T19543] ? fsnotify_perm+0x6a/0x5d0 [ 320.745662][T19543] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 320.750612][T19543] ? vfs_write+0x9ec/0x1110 [ 320.754949][T19543] kernel_clone+0x21e/0x9e0 [ 320.759289][T19543] ? file_end_write+0x1c0/0x1c0 [ 320.763976][T19543] ? create_io_thread+0x1e0/0x1e0 [ 320.769184][T19543] ? mutex_unlock+0xb2/0x260 [ 320.773609][T19543] ? __mutex_lock_slowpath+0x10/0x10 [ 320.778732][T19543] __x64_sys_clone+0x23f/0x290 [ 320.783333][T19543] ? __do_sys_vfork+0x130/0x130 [ 320.788016][T19543] ? ksys_write+0x260/0x2c0 [ 320.792357][T19543] ? debug_smp_processor_id+0x17/0x20 [ 320.797570][T19543] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 320.803468][T19543] ? exit_to_user_mode_prepare+0x39/0xa0 [ 320.808934][T19543] do_syscall_64+0x3d/0xb0 [ 320.813187][T19543] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 320.818916][T19543] RIP: 0033:0x7f8118545da9 [ 320.823167][T19543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 320.842614][T19543] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 320.850854][T19543] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 320.858679][T19543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 320.866489][T19543] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:24 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x81, 0x5b, 0xff, 0x0, 0x100, 0x20000, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x0, 0x9}, 0x10000, 0x3, 0x8, 0x7, 0x0, 0x8347, 0x4, 0x0, 0x6, 0x0, 0x6}, 0x0, 0xb, r1, 0xa) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:24 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000012c0)='ns/cgroup\x00') (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5c6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719a0416b6a5ea47f3cd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219855624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582782105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa41063f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a624e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee31088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a5696cdcdd9d58dc8c8f7127cd047e0c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3615], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xffffffff}, 0x10, 0x0, r0}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x53}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f00000014c0)=ANY=[@ANYBLOB="2d626c6b690010000000000000656d6f"], 0x13) r3 = syz_clone(0x0, &(0x7f0000000580)="c5699f86574f848a556f1215001379bd6855ee564d82cbe61648fc0770e8c06f47f87a9c616f477d534a6882c1a99786bbd1bf9f7b0fd031ed8d618563b366867bb9d1b30c8f0d52b3c16d5b84ddcfd887e08f8384d1", 0x56, &(0x7f0000000440), 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c00)={r2, 0x58, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001000)=@o_path={&(0x7f0000000fc0)='./file0\x00', 0x0, 0x4008, r0}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000010c0)={0x6, 0x29, &(0x7f0000000d40)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x9}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x8}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x4, 0x0, 0xd, 0x7, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffe}], &(0x7f0000000a80)='syzkaller\x00', 0x1, 0xc7, &(0x7f0000000ac0)=""/199, 0x0, 0x69, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000f40)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000f80)={0x5, 0x10, 0x3, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001040)=[r2, r5, r2, r2, r2, r2], &(0x7f0000001080)=[{0x1, 0x5, 0xb, 0x5}, {0x3, 0x1, 0x10, 0xb}], 0x10, 0x5}, 0x90) (async) perf_event_open(0x0, r3, 0xa, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x0, 0x202, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0xfffffffffffffffc) (async) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)=0x3) (async) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x401c5820, &(0x7f0000000000)=0x8000) write$cgroup_int(r8, 0x0, 0x0) close(r8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r7, 0x0, 0x0}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={r8, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000880)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8d, &(0x7f0000000900)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xe5, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x1, 0x11, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@map_idx={0x18, 0xb, 0x5, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000300)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xb, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000800)={0x2, 0x10, 0x200, 0x3}, 0x10, r9, r8, 0x2, 0x0, &(0x7f0000000b40)=[{0x2, 0x1, 0xa, 0xc}, {0x1, 0x5, 0x0, 0xa}], 0x10, 0x1}, 0x90) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r10, &(0x7f0000000200), 0x43400) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001200)={r7, 0xe0, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000400)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000c40)=[0x0, 0x0, 0x0], &(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xfb, &(0x7f0000000cc0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000d00), &(0x7f0000001180), 0x8, 0xef, 0x8, 0x8, &(0x7f00000011c0)}}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x1b, &(0x7f0000000600)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r6}, @generic={0x8, 0x4, 0x8, 0x1, 0xff6}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd5}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa33}}, @cb_func={0x18, 0x3}, @cb_func={0x18, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @btf_id={0x18, 0xd, 0x3, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}], &(0x7f0000000240)='GPL\x00', 0x80, 0x1, &(0x7f0000000280)=""/1, 0x41000, 0x47, '\x00', r4, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x10, 0x2, 0x2}, 0x10, r9, r1, 0x6, &(0x7f00000003c0)=[r5, r5, r2, r5, r10], &(0x7f0000000480)=[{0x2, 0x4, 0xd, 0x3}, {0x1, 0x4, 0x0, 0xb}, {0x1, 0x2, 0x2, 0x3}, {0x3, 0x5, 0x8, 0x8}, {0x2, 0x5, 0xb, 0xa}, {0x0, 0x4, 0xb, 0x1}], 0x10, 0x8f4}, 0x90) [ 320.874288][T19543] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 320.882100][T19543] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 320.889913][T19543] 22:26:24 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 22:26:24 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) (async) syz_open_procfs$namespace(0x0, &(0x7f00000012c0)='ns/cgroup\x00') r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5c6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719a0416b6a5ea47f3cd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219855624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582782105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa41063f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a624e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee31088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a5696cdcdd9d58dc8c8f7127cd047e0c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3615], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xffffffff}, 0x10, 0x0, r0}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x53}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f00000014c0)=ANY=[@ANYBLOB="2d626c6b690010000000000000656d6f"], 0x13) r3 = syz_clone(0x0, &(0x7f0000000580)="c5699f86574f848a556f1215001379bd6855ee564d82cbe61648fc0770e8c06f47f87a9c616f477d534a6882c1a99786bbd1bf9f7b0fd031ed8d618563b366867bb9d1b30c8f0d52b3c16d5b84ddcfd887e08f8384d1", 0x56, &(0x7f0000000440), 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c00)={r2, 0x58, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async, rerun: 32) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001000)=@o_path={&(0x7f0000000fc0)='./file0\x00', 0x0, 0x4008, r0}, 0x18) (rerun: 32) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000010c0)={0x6, 0x29, &(0x7f0000000d40)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x9}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x8}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x4, 0x0, 0xd, 0x7, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffe}], &(0x7f0000000a80)='syzkaller\x00', 0x1, 0xc7, &(0x7f0000000ac0)=""/199, 0x0, 0x69, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000f40)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000f80)={0x5, 0x10, 0x3, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001040)=[r2, r5, r2, r2, r2, r2], &(0x7f0000001080)=[{0x1, 0x5, 0xb, 0x5}, {0x3, 0x1, 0x10, 0xb}], 0x10, 0x5}, 0x90) (async) perf_event_open(0x0, r3, 0xa, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x0, 0x202, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0xfffffffffffffffc) (async, rerun: 64) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)=0x3) (async) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x18) (async, rerun: 32) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async, rerun: 32) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x401c5820, &(0x7f0000000000)=0x8000) write$cgroup_int(r8, 0x0, 0x0) close(r8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r7, 0x0, 0x0}, 0x10) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={r8, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000880)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8d, &(0x7f0000000900)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xe5, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x1, 0x11, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@map_idx={0x18, 0xb, 0x5, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000300)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xb, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000800)={0x2, 0x10, 0x200, 0x3}, 0x10, r9, r8, 0x2, 0x0, &(0x7f0000000b40)=[{0x2, 0x1, 0xa, 0xc}, {0x1, 0x5, 0x0, 0xa}], 0x10, 0x1}, 0x90) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r10, &(0x7f0000000200), 0x43400) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001200)={r7, 0xe0, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000400)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000c40)=[0x0, 0x0, 0x0], &(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xfb, &(0x7f0000000cc0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000d00), &(0x7f0000001180), 0x8, 0xef, 0x8, 0x8, &(0x7f00000011c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x1b, &(0x7f0000000600)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r6}, @generic={0x8, 0x4, 0x8, 0x1, 0xff6}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd5}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa33}}, @cb_func={0x18, 0x3}, @cb_func={0x18, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @btf_id={0x18, 0xd, 0x3, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}], &(0x7f0000000240)='GPL\x00', 0x80, 0x1, &(0x7f0000000280)=""/1, 0x41000, 0x47, '\x00', r4, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x10, 0x2, 0x2}, 0x10, r9, r1, 0x6, &(0x7f00000003c0)=[r5, r5, r2, r5, r10], &(0x7f0000000480)=[{0x2, 0x4, 0xd, 0x3}, {0x1, 0x4, 0x0, 0xb}, {0x1, 0x2, 0x2, 0x3}, {0x3, 0x5, 0x8, 0x8}, {0x2, 0x5, 0xb, 0xa}, {0x0, 0x4, 0xb, 0x1}], 0x10, 0x8f4}, 0x90) 22:26:24 executing program 1: r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="a0559ec4f828000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x90) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000180)=0x4402) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, 0x0}, 0x8) (async) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, r0, 0x1, 0x2, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x17, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x3f}, [@call={0x85, 0x0, 0x0, 0x80}, @ldst={0x3, 0x1, 0x17895e538daa5db7, 0xa, 0x0, 0x20, 0x10}, @ldst={0x3, 0x1, 0x6, 0x3, 0xb, 0x20, 0x10}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @alu={0x7, 0x1, 0xc, 0x9, 0x6, 0xfffffffffffffff8, 0x4}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100}}, @alu={0x7, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0xfffffbff}, @exit]}, &(0x7f00000001c0)='GPL\x00', 0x200, 0x0, &(0x7f0000000300), 0x100, 0x9, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x5, 0xe, 0x828, 0x9}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000580)=[r5], 0x0, 0x10, 0x9}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async, rerun: 32) socketpair(0xa, 0x6, 0x44cd, &(0x7f0000000080)) (rerun: 32) [ 320.965151][T19559] FAULT_INJECTION: forcing a failure. [ 320.965151][T19559] name failslab, interval 1, probability 0, space 0, times 0 [ 321.004605][T19559] CPU: 0 PID: 19559 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 321.014936][T19559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 321.024828][T19559] Call Trace: [ 321.027950][T19559] [ 321.030729][T19559] dump_stack_lvl+0x151/0x1b7 [ 321.035242][T19559] ? io_uring_drop_tctx_refs+0x190/0x190 [ 321.040711][T19559] ? slab_post_alloc_hook+0x53/0x2c0 [ 321.045831][T19559] ? kernel_clone+0x21e/0x9e0 [ 321.050340][T19559] ? do_syscall_64+0x3d/0xb0 [ 321.054767][T19559] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 321.060673][T19559] dump_stack+0x15/0x17 [ 321.065322][T19559] should_fail+0x3c6/0x510 [ 321.069573][T19559] __should_failslab+0xa4/0xe0 [ 321.074175][T19559] ? copy_mm+0x192/0x13e0 [ 321.078338][T19559] should_failslab+0x9/0x20 [ 321.082678][T19559] slab_pre_alloc_hook+0x37/0xd0 [ 321.087462][T19559] ? copy_mm+0x192/0x13e0 [ 321.091622][T19559] kmem_cache_alloc+0x44/0x200 [ 321.096220][T19559] copy_mm+0x192/0x13e0 [ 321.100215][T19559] ? _raw_spin_lock+0xa4/0x1b0 [ 321.104812][T19559] ? copy_signal+0x610/0x610 [ 321.109246][T19559] ? __kasan_check_write+0x14/0x20 [ 321.114190][T19559] ? __init_rwsem+0xd6/0x1c0 [ 321.118615][T19559] ? copy_signal+0x4e3/0x610 [ 321.123040][T19559] copy_process+0x1149/0x3290 [ 321.127557][T19559] ? proc_fail_nth_write+0x20b/0x290 [ 321.132672][T19559] ? fsnotify_perm+0x6a/0x5d0 [ 321.137186][T19559] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 321.142130][T19559] ? vfs_write+0x9ec/0x1110 [ 321.146472][T19559] kernel_clone+0x21e/0x9e0 [ 321.150813][T19559] ? file_end_write+0x1c0/0x1c0 [ 321.155498][T19559] ? create_io_thread+0x1e0/0x1e0 [ 321.160359][T19559] ? mutex_unlock+0xb2/0x260 [ 321.164788][T19559] ? __mutex_lock_slowpath+0x10/0x10 [ 321.169992][T19559] __x64_sys_clone+0x23f/0x290 [ 321.174594][T19559] ? __do_sys_vfork+0x130/0x130 [ 321.179290][T19559] ? ksys_write+0x260/0x2c0 [ 321.183619][T19559] ? debug_smp_processor_id+0x17/0x20 [ 321.188910][T19559] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 321.194814][T19559] ? exit_to_user_mode_prepare+0x39/0xa0 [ 321.200287][T19559] do_syscall_64+0x3d/0xb0 [ 321.204538][T19559] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 321.210265][T19559] RIP: 0033:0x7f8118545da9 [ 321.214517][T19559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 321.233961][T19559] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 321.242202][T19559] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 321.250012][T19559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 22:26:24 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x81, 0x5b, 0xff, 0x0, 0x100, 0x20000, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x0, 0x9}, 0x10000, 0x3, 0x8, 0x7, 0x0, 0x8347, 0x4, 0x0, 0x6, 0x0, 0x6}, 0x0, 0xb, r1, 0xa) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x81, 0x5b, 0xff, 0x0, 0x100, 0x20000, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x0, 0x9}, 0x10000, 0x3, 0x8, 0x7, 0x0, 0x8347, 0x4, 0x0, 0x6, 0x0, 0x6}, 0x0, 0xb, r1, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) [ 321.258869][T19559] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 321.266682][T19559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 321.274498][T19559] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 321.282310][T19559] 22:26:24 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 22:26:24 executing program 3: ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000180)=0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={r1, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000280)=[0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x9e, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x9f, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r4, &(0x7f0000000240)='blkio.bfq.io_queued\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x18, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000200)='GPL\x00', 0x4, 0x1000, &(0x7f0000000400)=""/4096, 0x41000, 0x20, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000015c0)=[r1, 0xffffffffffffffff, r1, r1, r4, r1, r1, r0], &(0x7f0000001600)=[{0x4, 0x1, 0x2, 0x1}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB='\t\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) [ 321.372513][T19575] FAULT_INJECTION: forcing a failure. [ 321.372513][T19575] name failslab, interval 1, probability 0, space 0, times 0 [ 321.395324][T19575] CPU: 1 PID: 19575 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 321.405480][T19575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 321.415376][T19575] Call Trace: [ 321.418499][T19575] [ 321.421281][T19575] dump_stack_lvl+0x151/0x1b7 [ 321.425795][T19575] ? io_uring_drop_tctx_refs+0x190/0x190 [ 321.431255][T19575] dump_stack+0x15/0x17 [ 321.435244][T19575] should_fail+0x3c6/0x510 [ 321.439514][T19575] __should_failslab+0xa4/0xe0 [ 321.444100][T19575] should_failslab+0x9/0x20 [ 321.448438][T19575] slab_pre_alloc_hook+0x37/0xd0 [ 321.453471][T19575] kmem_cache_alloc_trace+0x48/0x210 [ 321.458591][T19575] ? mm_init+0x39a/0x970 [ 321.462671][T19575] mm_init+0x39a/0x970 [ 321.466576][T19575] copy_mm+0x1e3/0x13e0 [ 321.470566][T19575] ? _raw_spin_lock+0xa4/0x1b0 [ 321.475277][T19575] ? copy_signal+0x610/0x610 [ 321.480115][T19575] ? __kasan_check_write+0x14/0x20 [ 321.485061][T19575] ? __init_rwsem+0xd6/0x1c0 [ 321.489489][T19575] ? copy_signal+0x4e3/0x610 [ 321.493913][T19575] copy_process+0x1149/0x3290 [ 321.498428][T19575] ? proc_fail_nth_write+0x20b/0x290 [ 321.503553][T19575] ? fsnotify_perm+0x6a/0x5d0 [ 321.508064][T19575] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 321.513007][T19575] ? vfs_write+0x9ec/0x1110 [ 321.517350][T19575] kernel_clone+0x21e/0x9e0 [ 321.521687][T19575] ? file_end_write+0x1c0/0x1c0 [ 321.526375][T19575] ? create_io_thread+0x1e0/0x1e0 [ 321.531249][T19575] ? mutex_unlock+0xb2/0x260 [ 321.535666][T19575] ? __mutex_lock_slowpath+0x10/0x10 [ 321.540781][T19575] __x64_sys_clone+0x23f/0x290 [ 321.545383][T19575] ? __do_sys_vfork+0x130/0x130 [ 321.550067][T19575] ? ksys_write+0x260/0x2c0 [ 321.554413][T19575] ? debug_smp_processor_id+0x17/0x20 [ 321.559619][T19575] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 321.565517][T19575] ? exit_to_user_mode_prepare+0x39/0xa0 [ 321.571007][T19575] do_syscall_64+0x3d/0xb0 [ 321.575237][T19575] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 321.580967][T19575] RIP: 0033:0x7f8118545da9 [ 321.585220][T19575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 321.604658][T19575] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 321.612909][T19575] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:24 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) [ 321.620718][T19575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 321.628529][T19575] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 321.636338][T19575] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 321.644159][T19575] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 321.651964][T19575] 22:26:24 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ef5cdcc8b774e19c523c8ebae786bfa7c52a4d6cfab802a2c257ddda43028edcace2d6689925eb70377749487c2b9c4b619991ffbdcc19378e1fa8ed6371d3"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0xf, 0x0, 0x655, &(0x7f0000000000)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@fwd={0xa}]}, {0x0, [0x0, 0x0, 0x5f, 0x2e, 0x61]}}, &(0x7f0000000180)=""/244, 0x2b, 0xf4, 0x1, 0x7a97}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xb2}, {}, {}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xecda}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x200, 0xf8, &(0x7f00000004c0)=""/248, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0x9, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x1, 0xc, 0x4}, {0x0, 0x5, 0x8, 0x5}, {0x5, 0x4, 0x5, 0xa}], 0x10, 0x3}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4004662b, &(0x7f00000005c0)=0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r0, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000500)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcd, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xce, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@bloom_filter={0x1e, 0x9, 0x10001, 0x558, 0x80, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0xb}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x12, 0x22, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff8000, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xf}, @tail_call, @map_fd={0x18, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x6, 0x8d, &(0x7f0000000140)=""/141, 0x41000, 0x40, '\x00', r3, 0x0, r5, 0x8, &(0x7f0000000300)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0x10, 0x8, 0x4}, 0x10, r6, r0, 0x2, &(0x7f0000000980)=[r7, r8], &(0x7f00000009c0)=[{0x1, 0x5, 0xd, 0x4}, {0x1, 0x3, 0x6, 0x6}], 0x10, 0x101}, 0x90) 22:26:24 executing program 3: ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000180)=0x1) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={r1, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000280)=[0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x9e, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x9f, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r4, &(0x7f0000000240)='blkio.bfq.io_queued\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x18, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000200)='GPL\x00', 0x4, 0x1000, &(0x7f0000000400)=""/4096, 0x41000, 0x20, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000015c0)=[r1, 0xffffffffffffffff, r1, r1, r4, r1, r1, r0], &(0x7f0000001600)=[{0x4, 0x1, 0x2, 0x1}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB='\t\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) 22:26:25 executing program 0: syz_clone(0x44040100, 0x0, 0x10000200, 0x0, 0x0, 0x0) 22:26:25 executing program 2: syz_clone(0x44040100, 0x0, 0x8000000, 0x0, 0x0, 0x0) 22:26:25 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ef5cdcc8b774e19c523c8ebae786bfa7c52a4d6cfab802a2c257ddda43028edcace2d6689925eb70377749487c2b9c4b619991ffbdcc19378e1fa8ed6371d3"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0xf, 0x0, 0x655, &(0x7f0000000000)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000080)}, 0x10) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@fwd={0xa}]}, {0x0, [0x0, 0x0, 0x5f, 0x2e, 0x61]}}, &(0x7f0000000180)=""/244, 0x2b, 0xf4, 0x1, 0x7a97}, 0x20) (async) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@fwd={0xa}]}, {0x0, [0x0, 0x0, 0x5f, 0x2e, 0x61]}}, &(0x7f0000000180)=""/244, 0x2b, 0xf4, 0x1, 0x7a97}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xb2}, {}, {}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xecda}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x200, 0xf8, &(0x7f00000004c0)=""/248, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0x9, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x1, 0xc, 0x4}, {0x0, 0x5, 0x8, 0x5}, {0x5, 0x4, 0x5, 0xa}], 0x10, 0x3}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4004662b, &(0x7f00000005c0)=0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r0, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000500)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcd, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xce, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@bloom_filter={0x1e, 0x9, 0x10001, 0x558, 0x80, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0xb}, 0x48) (async) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@bloom_filter={0x1e, 0x9, 0x10001, 0x558, 0x80, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0xb}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x12, 0x22, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff8000, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xf}, @tail_call, @map_fd={0x18, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x6, 0x8d, &(0x7f0000000140)=""/141, 0x41000, 0x40, '\x00', r3, 0x0, r5, 0x8, &(0x7f0000000300)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0x10, 0x8, 0x4}, 0x10, r6, r0, 0x2, &(0x7f0000000980)=[r7, r8], &(0x7f00000009c0)=[{0x1, 0x5, 0xd, 0x4}, {0x1, 0x3, 0x6, 0x6}], 0x10, 0x101}, 0x90) 22:26:25 executing program 3: ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000180)=0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={r1, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000280)=[0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x9e, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x9f, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r4, &(0x7f0000000240)='blkio.bfq.io_queued\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x18, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000200)='GPL\x00', 0x4, 0x1000, &(0x7f0000000400)=""/4096, 0x41000, 0x20, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000015c0)=[r1, 0xffffffffffffffff, r1, r1, r4, r1, r1, r0], &(0x7f0000001600)=[{0x4, 0x1, 0x2, 0x1}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB='\t\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) 22:26:25 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ef5cdcc8b774e19c523c8ebae786bfa7c52a4d6cfab802a2c257ddda43028edcace2d6689925eb70377749487c2b9c4b619991ffbdcc19378e1fa8ed6371d3"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ef5cdcc8b774e19c523c8ebae786bfa7c52a4d6cfab802a2c257ddda43028edcace2d6689925eb70377749487c2b9c4b619991ffbdcc19378e1fa8ed6371d3"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0xf, 0x0, 0x655, &(0x7f0000000000)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) (async) write$cgroup_int(r2, &(0x7f0000000000), 0xffe000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@fwd={0xa}]}, {0x0, [0x0, 0x0, 0x5f, 0x2e, 0x61]}}, &(0x7f0000000180)=""/244, 0x2b, 0xf4, 0x1, 0x7a97}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xb2}, {}, {}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xecda}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x200, 0xf8, &(0x7f00000004c0)=""/248, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0x9, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x1, 0xc, 0x4}, {0x0, 0x5, 0x8, 0x5}, {0x5, 0x4, 0x5, 0xa}], 0x10, 0x3}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xb2}, {}, {}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xecda}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x200, 0xf8, &(0x7f00000004c0)=""/248, 0x41100, 0x6, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xb, 0x9, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x1, 0xc, 0x4}, {0x0, 0x5, 0x8, 0x5}, {0x5, 0x4, 0x5, 0xa}], 0x10, 0x3}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4004662b, &(0x7f00000005c0)=0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r0, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000500)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcd, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xce, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@bloom_filter={0x1e, 0x9, 0x10001, 0x558, 0x80, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0xb}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x12, 0x22, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff8000, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xf}, @tail_call, @map_fd={0x18, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x6, 0x8d, &(0x7f0000000140)=""/141, 0x41000, 0x40, '\x00', r3, 0x0, r5, 0x8, &(0x7f0000000300)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0x10, 0x8, 0x4}, 0x10, r6, r0, 0x2, &(0x7f0000000980)=[r7, r8], &(0x7f00000009c0)=[{0x1, 0x5, 0xd, 0x4}, {0x1, 0x3, 0x6, 0x6}], 0x10, 0x101}, 0x90) [ 321.917385][T19594] FAULT_INJECTION: forcing a failure. [ 321.917385][T19594] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 321.995047][T19594] CPU: 1 PID: 19594 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 322.005209][T19594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 322.015103][T19594] Call Trace: [ 322.018221][T19594] [ 322.021000][T19594] dump_stack_lvl+0x151/0x1b7 [ 322.025515][T19594] ? io_uring_drop_tctx_refs+0x190/0x190 [ 322.031247][T19594] dump_stack+0x15/0x17 [ 322.035322][T19594] should_fail+0x3c6/0x510 [ 322.039577][T19594] should_fail_alloc_page+0x5a/0x80 [ 322.044607][T19594] prepare_alloc_pages+0x15c/0x700 [ 322.049558][T19594] ? __alloc_pages_bulk+0xe40/0xe40 [ 322.054601][T19594] __alloc_pages+0x18c/0x8f0 [ 322.059043][T19594] ? prep_new_page+0x110/0x110 [ 322.063617][T19594] ? __alloc_pages+0x27e/0x8f0 [ 322.068223][T19594] ? __kasan_check_write+0x14/0x20 [ 322.073259][T19594] ? _raw_spin_lock+0xa4/0x1b0 [ 322.077847][T19594] pte_alloc_one+0x73/0x1b0 [ 322.082194][T19594] ? pfn_modify_allowed+0x2f0/0x2f0 [ 322.087742][T19594] ? __pmd_alloc+0x48d/0x550 [ 322.092180][T19594] __pte_alloc+0x86/0x350 [ 322.096332][T19594] ? __pud_alloc+0x260/0x260 [ 322.100756][T19594] ? __pud_alloc+0x213/0x260 [ 322.105201][T19594] ? free_pgtables+0x280/0x280 [ 322.109785][T19594] ? do_handle_mm_fault+0x2330/0x2330 [ 322.115002][T19594] ? __stack_depot_save+0x34/0x470 [ 322.119938][T19594] ? anon_vma_clone+0x9a/0x500 [ 322.124548][T19594] copy_page_range+0x28a8/0x2f90 [ 322.129321][T19594] ? __kasan_slab_alloc+0xb1/0xe0 [ 322.134183][T19594] ? slab_post_alloc_hook+0x53/0x2c0 [ 322.139299][T19594] ? kernel_clone+0x21e/0x9e0 [ 322.144032][T19594] ? do_syscall_64+0x3d/0xb0 [ 322.148463][T19594] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 322.154362][T19594] ? pfn_valid+0x1e0/0x1e0 [ 322.158610][T19594] ? rwsem_write_trylock+0x15b/0x290 [ 322.163728][T19594] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 322.169991][T19594] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 322.175536][T19594] ? __rb_insert_augmented+0x5de/0x610 [ 322.180839][T19594] copy_mm+0xc7e/0x13e0 [ 322.184822][T19594] ? copy_signal+0x610/0x610 [ 322.189291][T19594] ? __init_rwsem+0xd6/0x1c0 [ 322.193671][T19594] ? copy_signal+0x4e3/0x610 [ 322.198098][T19594] copy_process+0x1149/0x3290 [ 322.202625][T19594] ? proc_fail_nth_write+0x20b/0x290 [ 322.207734][T19594] ? fsnotify_perm+0x6a/0x5d0 [ 322.212623][T19594] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 322.217768][T19594] ? vfs_write+0x9ec/0x1110 [ 322.222075][T19594] kernel_clone+0x21e/0x9e0 [ 322.226415][T19594] ? file_end_write+0x1c0/0x1c0 [ 322.231101][T19594] ? create_io_thread+0x1e0/0x1e0 [ 322.235958][T19594] ? mutex_unlock+0xb2/0x260 [ 322.240386][T19594] ? __mutex_lock_slowpath+0x10/0x10 [ 322.245510][T19594] __x64_sys_clone+0x23f/0x290 [ 322.250110][T19594] ? __do_sys_vfork+0x130/0x130 [ 322.254791][T19594] ? ksys_write+0x260/0x2c0 [ 322.259135][T19594] ? debug_smp_processor_id+0x17/0x20 [ 322.264339][T19594] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 322.270253][T19594] ? exit_to_user_mode_prepare+0x39/0xa0 [ 322.275717][T19594] do_syscall_64+0x3d/0xb0 [ 322.279963][T19594] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 322.285690][T19594] RIP: 0033:0x7f8118545da9 [ 322.289952][T19594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 322.309505][T19594] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 322.317745][T19594] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 322.325563][T19594] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 322.333370][T19594] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:25 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 22:26:25 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x5, 0x5, 0x3f, 0x0, r1, 0x1, '\x00', 0x0, r0, 0x2, 0x3, 0x4}, 0x48) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 322.341197][T19594] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 322.349088][T19594] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 322.356902][T19594] 22:26:25 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1048, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x88002, 0x0, 0x27e, 0x6, 0x800, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x2, 0x5, &(0x7f00000002c0)=@raw=[@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000300)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x2, 0xa, 0x9, 0xffff}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000e00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0], &(0x7f0000000e80)=[{0x1, 0x5, 0xa, 0x7}, {0x3, 0x3, 0x5, 0x1}], 0x10, 0x6}, 0x90) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) write$cgroup_subtree(r1, 0x0, 0x6) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x7b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x1, 0x17, &(0x7f0000000ac0)=""/23, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000b00)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000c40)=[0x1, 0xffffffffffffffff, 0x1, r2, 0xffffffffffffffff], &(0x7f0000000c80)=[{0x4, 0x2, 0xe, 0xa}, {0x2, 0x3, 0x0, 0x9}, {0x0, 0x2}, {0x3, 0x5, 0xd}, {0x2, 0x5, 0x8}, {0x5, 0x5, 0x0, 0x2}, {0x0, 0x5, 0x2, 0xb}, {0x2, 0x2, 0x8, 0xc}, {0x2, 0x0, 0x4, 0xc}], 0x10, 0x3}, 0x90) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffeff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_service_bytes\x00', 0x100002, 0x0) syz_clone(0x80029180, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r3, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa, &(0x7f0000000040)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x4e, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9f000c0000000c0000000700000002ffe6f6000008000904008000000000000000000000dcf2"], 0x0, 0x2b, 0x0, 0x1, 0x9}, 0x20) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000780)='io.stat\x00', 0x100002, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0x34100) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='cpuset.memory_pressure_enabled\x00', 0x100002, 0x0) recvmsg$unix(r3, &(0x7f0000000080)={&(0x7f0000000240), 0x6e, 0xfffffffffffffffe}, 0x1a2) write$cgroup_type(r5, &(0x7f0000000180), 0x40001) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000e40)='memory.stat\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) 22:26:25 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000006000000000000000a850000000f0000009e0000009500000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x0, 0x8, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001380)={0x4, 0x0, 0xfff, 0x7}, 0x10, r5, r7}, 0x90) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000608500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b2af8ff00000000b50900000000000bdbaaf8fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x4, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f0000000900)='GPL\x00', 0xef7, 0x7b, &(0x7f00000009c0)=""/123, 0x41100, 0x50, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000bc0)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000940)=[r2, r8], &(0x7f0000000a80)=[{0x0, 0x5, 0xc, 0x9}, {0x5, 0x2, 0x10, 0x4}, {0x2, 0x3, 0xd, 0xc}, {0x5, 0x5, 0xa, 0x6}, {0x0, 0x4, 0x2, 0x2}, {0x1, 0x5, 0x6, 0xc}, {0x4, 0x4, 0x8, 0x9}], 0x10, 0x3f}, 0x90) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xf, &(0x7f0000000380)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0x3f, 0xa, 0x2, 0x9, 0x4}, @ldst={0x2, 0x3, 0x2, 0x2, 0x0, 0xffffffffffffffec, 0x10}, @generic={0x5, 0x4, 0x5, 0x3a96, 0x401}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4c9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}], &(0x7f0000000300)='syzkaller\x00', 0x1f3, 0x62, &(0x7f0000000480)=""/98, 0x40f00, 0x20, '\x00', r3, 0x0, r6, 0x8, &(0x7f0000000580)={0x9, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0xc, 0x2, 0x7}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[r8, r10], &(0x7f0000000680)=[{0x0, 0x5, 0x2, 0x3}, {0x2, 0x1, 0xb, 0x6}], 0x10, 0x5}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 322.421761][T19616] FAULT_INJECTION: forcing a failure. [ 322.421761][T19616] name failslab, interval 1, probability 0, space 0, times 0 [ 322.468313][T19616] CPU: 0 PID: 19616 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 322.478570][T19616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 322.488465][T19616] Call Trace: [ 322.491673][T19616] [ 322.494451][T19616] dump_stack_lvl+0x151/0x1b7 [ 322.498964][T19616] ? io_uring_drop_tctx_refs+0x190/0x190 [ 322.504432][T19616] dump_stack+0x15/0x17 [ 322.508425][T19616] should_fail+0x3c6/0x510 [ 322.512680][T19616] __should_failslab+0xa4/0xe0 [ 322.517537][T19616] ? vm_area_dup+0x26/0x230 [ 322.521878][T19616] should_failslab+0x9/0x20 [ 322.526216][T19616] slab_pre_alloc_hook+0x37/0xd0 [ 322.531043][T19616] ? vm_area_dup+0x26/0x230 [ 322.535333][T19616] kmem_cache_alloc+0x44/0x200 [ 322.539932][T19616] vm_area_dup+0x26/0x230 [ 322.544094][T19616] copy_mm+0x9a1/0x13e0 [ 322.548105][T19616] ? copy_signal+0x610/0x610 [ 322.552516][T19616] ? __init_rwsem+0xd6/0x1c0 [ 322.557114][T19616] ? copy_signal+0x4e3/0x610 [ 322.561550][T19616] copy_process+0x1149/0x3290 [ 322.566144][T19616] ? proc_fail_nth_write+0x20b/0x290 [ 322.571262][T19616] ? fsnotify_perm+0x6a/0x5d0 [ 322.575772][T19616] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 322.580725][T19616] ? vfs_write+0x9ec/0x1110 [ 322.585062][T19616] kernel_clone+0x21e/0x9e0 [ 322.589410][T19616] ? file_end_write+0x1c0/0x1c0 [ 322.594090][T19616] ? create_io_thread+0x1e0/0x1e0 [ 322.598950][T19616] ? mutex_unlock+0xb2/0x260 [ 322.603375][T19616] ? __mutex_lock_slowpath+0x10/0x10 [ 322.608669][T19616] __x64_sys_clone+0x23f/0x290 [ 322.613277][T19616] ? __do_sys_vfork+0x130/0x130 [ 322.617954][T19616] ? ksys_write+0x260/0x2c0 [ 322.622297][T19616] ? debug_smp_processor_id+0x17/0x20 [ 322.627522][T19616] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 322.633402][T19616] ? exit_to_user_mode_prepare+0x39/0xa0 [ 322.638870][T19616] do_syscall_64+0x3d/0xb0 [ 322.643123][T19616] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 322.648849][T19616] RIP: 0033:0x7f8118545da9 [ 322.653105][T19616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 322.672544][T19616] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 322.680796][T19616] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 322.688600][T19616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 322.696412][T19616] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 322.704223][T19616] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000500)}, 0x10) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000006000000000000000a850000000f0000009e0000009500000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x0, 0x8, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001380)={0x4, 0x0, 0xfff, 0x7}, 0x10, r5, r7}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000608500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b2af8ff00000000b50900000000000bdbaaf8fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x4, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f0000000900)='GPL\x00', 0xef7, 0x7b, &(0x7f00000009c0)=""/123, 0x41100, 0x50, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000bc0)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000940)=[r2, r8], &(0x7f0000000a80)=[{0x0, 0x5, 0xc, 0x9}, {0x5, 0x2, 0x10, 0x4}, {0x2, 0x3, 0xd, 0xc}, {0x5, 0x5, 0xa, 0x6}, {0x0, 0x4, 0x2, 0x2}, {0x1, 0x5, 0x6, 0xc}, {0x4, 0x4, 0x8, 0x9}], 0x10, 0x3f}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x4, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f0000000900)='GPL\x00', 0xef7, 0x7b, &(0x7f00000009c0)=""/123, 0x41100, 0x50, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000bc0)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000940)=[r2, r8], &(0x7f0000000a80)=[{0x0, 0x5, 0xc, 0x9}, {0x5, 0x2, 0x10, 0x4}, {0x2, 0x3, 0xd, 0xc}, {0x5, 0x5, 0xa, 0x6}, {0x0, 0x4, 0x2, 0x2}, {0x1, 0x5, 0x6, 0xc}, {0x4, 0x4, 0x8, 0x9}], 0x10, 0x3f}, 0x90) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xf, &(0x7f0000000380)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0x3f, 0xa, 0x2, 0x9, 0x4}, @ldst={0x2, 0x3, 0x2, 0x2, 0x0, 0xffffffffffffffec, 0x10}, @generic={0x5, 0x4, 0x5, 0x3a96, 0x401}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4c9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}], &(0x7f0000000300)='syzkaller\x00', 0x1f3, 0x62, &(0x7f0000000480)=""/98, 0x40f00, 0x20, '\x00', r3, 0x0, r6, 0x8, &(0x7f0000000580)={0x9, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0xc, 0x2, 0x7}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[r8, r10], &(0x7f0000000680)=[{0x0, 0x5, 0x2, 0x3}, {0x2, 0x1, 0xb, 0x6}], 0x10, 0x5}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 322.712036][T19616] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 322.719851][T19616] 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x5, 0x5, 0x3f, 0x0, r1, 0x1, '\x00', 0x0, r0, 0x2, 0x3, 0x4}, 0x48) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000006000000000000000a850000000f0000009e0000009500000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x0, 0x8, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001380)={0x4, 0x0, 0xfff, 0x7}, 0x10, r5, r7}, 0x90) (async) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async, rerun: 32) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000608500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b2af8ff00000000b50900000000000bdbaaf8fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x4, &(0x7f0000000780)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f0000000900)='GPL\x00', 0xef7, 0x7b, &(0x7f00000009c0)=""/123, 0x41100, 0x50, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000bc0)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000940)=[r2, r8], &(0x7f0000000a80)=[{0x0, 0x5, 0xc, 0x9}, {0x5, 0x2, 0x10, 0x4}, {0x2, 0x3, 0xd, 0xc}, {0x5, 0x5, 0xa, 0x6}, {0x0, 0x4, 0x2, 0x2}, {0x1, 0x5, 0x6, 0xc}, {0x4, 0x4, 0x8, 0x9}], 0x10, 0x3f}, 0x90) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xf, &(0x7f0000000380)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0x3f, 0xa, 0x2, 0x9, 0x4}, @ldst={0x2, 0x3, 0x2, 0x2, 0x0, 0xffffffffffffffec, 0x10}, @generic={0x5, 0x4, 0x5, 0x3a96, 0x401}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4c9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}], &(0x7f0000000300)='syzkaller\x00', 0x1f3, 0x62, &(0x7f0000000480)=""/98, 0x40f00, 0x20, '\x00', r3, 0x0, r6, 0x8, &(0x7f0000000580)={0x9, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0xc, 0x2, 0x7}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000640)=[r8, r10], &(0x7f0000000680)=[{0x0, 0x5, 0x2, 0x3}, {0x2, 0x1, 0xb, 0x6}], 0x10, 0x5}, 0x90) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}}, &(0x7f00000000c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:26 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1048, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x88002, 0x0, 0x27e, 0x6, 0x800, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x2, 0x5, &(0x7f00000002c0)=@raw=[@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000300)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x2, 0xa, 0x9, 0xffff}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000e00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0], &(0x7f0000000e80)=[{0x1, 0x5, 0xa, 0x7}, {0x3, 0x3, 0x5, 0x1}], 0x10, 0x6}, 0x90) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) write$cgroup_subtree(r1, 0x0, 0x6) (async) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x7b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x1, 0x17, &(0x7f0000000ac0)=""/23, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000b00)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000c40)=[0x1, 0xffffffffffffffff, 0x1, r2, 0xffffffffffffffff], &(0x7f0000000c80)=[{0x4, 0x2, 0xe, 0xa}, {0x2, 0x3, 0x0, 0x9}, {0x0, 0x2}, {0x3, 0x5, 0xd}, {0x2, 0x5, 0x8}, {0x5, 0x5, 0x0, 0x2}, {0x0, 0x5, 0x2, 0xb}, {0x2, 0x2, 0x8, 0xc}, {0x2, 0x0, 0x4, 0xc}], 0x10, 0x3}, 0x90) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffeff) (async, rerun: 64) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_service_bytes\x00', 0x100002, 0x0) syz_clone(0x80029180, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r3, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa, &(0x7f0000000040)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x4e, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9f000c0000000c0000000700000002ffe6f6000008000904008000000000000000000000dcf2"], 0x0, 0x2b, 0x0, 0x1, 0x9}, 0x20) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000780)='io.stat\x00', 0x100002, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0x34100) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='cpuset.memory_pressure_enabled\x00', 0x100002, 0x0) recvmsg$unix(r3, &(0x7f0000000080)={&(0x7f0000000240), 0x6e, 0xfffffffffffffffe}, 0x1a2) (async) write$cgroup_type(r5, &(0x7f0000000180), 0x40001) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000e40)='memory.stat\x00', 0x0, 0x0) (async, rerun: 64) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x5, 0x5, 0x3f, 0x0, r1, 0x1, '\x00', 0x0, r0, 0x2, 0x3, 0x4}, 0x48) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}}, &(0x7f00000000c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:26 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}}, &(0x7f00000000c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}}, &(0x7f00000000c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000002000000009500000000000000eead02b918e1178eaed5c3636345cd68d351ce87f34946f215d5a01ef96549483bfe1d86a5246d1147acf338f523f339b1fd9b5d50bb34cac11fd067510f943932ab647b38a12c5f09cca1caa8cb227536279a56e77204c30600000000000000dcd74085e53b06418eca5ed8d719b407aa2798520880dc006fb859284b87250fae37fbcb201ab46fc9529d5e83719ca24d16164ece2f19192ab945fbe67d2c68fa4a9b709d4a42cc6738a77132de1ceea2ac6edfb1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) close(r0) 22:26:26 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1048, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x88002, 0x0, 0x27e, 0x6, 0x800, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x2, 0x5, &(0x7f00000002c0)=@raw=[@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0xf}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000300)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x2, 0xa, 0x9, 0xffff}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000e00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0], &(0x7f0000000e80)=[{0x1, 0x5, 0xa, 0x7}, {0x3, 0x3, 0x5, 0x1}], 0x10, 0x6}, 0x90) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x1ff) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) (async) write$cgroup_subtree(r1, 0x0, 0x6) (async) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x7b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x1, 0x17, &(0x7f0000000ac0)=""/23, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000b00)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000c40)=[0x1, 0xffffffffffffffff, 0x1, r2, 0xffffffffffffffff], &(0x7f0000000c80)=[{0x4, 0x2, 0xe, 0xa}, {0x2, 0x3, 0x0, 0x9}, {0x0, 0x2}, {0x3, 0x5, 0xd}, {0x2, 0x5, 0x8}, {0x5, 0x5, 0x0, 0x2}, {0x0, 0x5, 0x2, 0xb}, {0x2, 0x2, 0x8, 0xc}, {0x2, 0x0, 0x4, 0xc}], 0x10, 0x3}, 0x90) (async) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) (async, rerun: 64) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffeff) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_service_bytes\x00', 0x100002, 0x0) (async) syz_clone(0x80029180, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r3, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000580), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa, &(0x7f0000000040)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x4e, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9f000c0000000c0000000700000002ffe6f6000008000904008000000000000000000000dcf2"], 0x0, 0x2b, 0x0, 0x1, 0x9}, 0x20) (async) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000780)='io.stat\x00', 0x100002, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0x34100) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='cpuset.memory_pressure_enabled\x00', 0x100002, 0x0) recvmsg$unix(r3, &(0x7f0000000080)={&(0x7f0000000240), 0x6e, 0xfffffffffffffffe}, 0x1a2) (async, rerun: 64) write$cgroup_type(r5, &(0x7f0000000180), 0x40001) (rerun: 64) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000e40)='memory.stat\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000002000000009500000000000000eead02b918e1178eaed5c3636345cd68d351ce87f34946f215d5a01ef96549483bfe1d86a5246d1147acf338f523f339b1fd9b5d50bb34cac11fd067510f943932ab647b38a12c5f09cca1caa8cb227536279a56e77204c30600000000000000dcd74085e53b06418eca5ed8d719b407aa2798520880dc006fb859284b87250fae37fbcb201ab46fc9529d5e83719ca24d16164ece2f19192ab945fbe67d2c68fa4a9b709d4a42cc6738a77132de1ceea2ac6edfb1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) close(r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000002000000009500000000000000eead02b918e1178eaed5c3636345cd68d351ce87f34946f215d5a01ef96549483bfe1d86a5246d1147acf338f523f339b1fd9b5d50bb34cac11fd067510f943932ab647b38a12c5f09cca1caa8cb227536279a56e77204c30600000000000000dcd74085e53b06418eca5ed8d719b407aa2798520880dc006fb859284b87250fae37fbcb201ab46fc9529d5e83719ca24d16164ece2f19192ab945fbe67d2c68fa4a9b709d4a42cc6738a77132de1ceea2ac6edfb1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) close(r0) (async) 22:26:26 executing program 0: syz_clone(0x44040100, 0x0, 0x11000000, 0x0, 0x0, 0x0) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000002000000009500000000000000eead02b918e1178eaed5c3636345cd68d351ce87f34946f215d5a01ef96549483bfe1d86a5246d1147acf338f523f339b1fd9b5d50bb34cac11fd067510f943932ab647b38a12c5f09cca1caa8cb227536279a56e77204c30600000000000000dcd74085e53b06418eca5ed8d719b407aa2798520880dc006fb859284b87250fae37fbcb201ab46fc9529d5e83719ca24d16164ece2f19192ab945fbe67d2c68fa4a9b709d4a42cc6738a77132de1ceea2ac6edfb1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) close(r0) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='snd_soc_dapm_path\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="70b1b574dfa0b224381f9c14ee2a89f83273dd78d4e548b1e319851de231e247c857a48219a766fe2c2c793f03e646de2ae6e849593b9e3d33f549b2b1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x1}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1, 0xffffffffffffffff}, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_type(r4, &(0x7f0000000000), 0x165243) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, 0x0, 0x4ea00) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000380)={0x800, 0x0}, 0x8) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x90) r9 = syz_open_procfs$namespace(0x0, 0x0) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000ac0)=ANY=[@ANYRES64=r8], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x3, 0x3ff, 0xfffffffd, 0xb7, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x4, &(0x7f0000001700)={r11, 0x0, 0x0}, 0x20) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1a, 0x4, 0x3, 0x1f, 0xc, r11, 0x1800, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(r13, 0x8914, &(0x7f0000000080)) r15 = bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x4, 0x1e, &(0x7f0000000e40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10001}, {{0x18, 0x1, 0x1, 0x0, r15}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r11}}, @call={0x85, 0x0, 0x0, 0x9c}, @call={0x85, 0x0, 0x0, 0xc2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x3, 0xf1, &(0x7f0000000f40)=""/241, 0x41100, 0x71, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x1, 0x6, 0x3f, 0x2426}, 0x10, 0x0, r10, 0x5, &(0x7f0000000a00)=[r11, r14, r14, r15, r12, r14, r15, r15], &(0x7f0000000a40)=[{0x3, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x1, 0xa}, {0x5, 0x3, 0x7, 0x5}, {0x3, 0x3, 0x4, 0xa}, {0x5, 0x1, 0xa, 0xe}], 0x10, 0x1}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0x6, &(0x7f0000000380)=@raw=[@ldst={0x3, 0x1, 0x1, 0x7, 0xb, 0x4, 0x10}, @tail_call={{0x18, 0x2, 0x1, 0x0, r14}}], &(0x7f00000003c0)='syzkaller\x00', 0x2, 0x7e, &(0x7f0000000400)=""/126, 0x41100, 0x26, '\x00', 0x0, 0xa, r13, 0x8, &(0x7f0000000980)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000b00)={0x2, 0x6, 0x7, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000001180)=[r15, r9, 0xffffffffffffffff, r11, r14], &(0x7f00000011c0)=[{0x3, 0x5, 0x6}, {0x4, 0x2, 0x5, 0x3}, {0x1, 0x1, 0x2, 0x8}, {0x4, 0x4, 0x7, 0xc}, {0x4, 0x5, 0xf, 0x7}, {0x2, 0x1, 0x0, 0x9}], 0x10, 0x8e7}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0x2d, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x1, 0x2, 0x0, 0x3, 0x7, 0x80, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x462}, @map_fd={0x18, 0x1, 0x1, 0x0, r5}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffd}, @jmp={0x5, 0x1, 0x4, 0x1, 0x9, 0x1, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x76, r6, 0x8, &(0x7f00000001c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x0, 0xd, 0x4, 0x7fad}, 0x10, r7, r15, 0x4, 0x0, &(0x7f00000003c0)=[{0x3, 0x4, 0xc, 0x2}, {0x2, 0x1, 0x7, 0xc}, {0x5, 0x5, 0xa, 0xb}, {0x0, 0x1, 0x7, 0x3}], 0x10, 0x9}, 0x90) 22:26:26 executing program 2: bpf$ENABLE_STATS(0x20, &(0x7f0000000600), 0x4) r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000200)='./file0\x00'}, 0x18) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000000), &(0x7f00000000c0)=""/5, &(0x7f0000000100)="c22036c4188251d46f86ad726ec60edcff67348eb776ed02db5752f9485f53f8f673476f07829677e59aed2880d77ce8b7f6b7c22332c244d329dded8ed6a5855f807aa9d383f44855bc1b145d12cef988fbfba94b80c5f0df0d4111fc96e426dca3c8e9d51431185351567a860bdabd962e9b04d33fe5c4f3", &(0x7f0000000180)="d901e5319edf5ce6ba7b5f3b710d901e1099b7b9e908dbbeac4e0e3dc06dad6dabee0d71c8ac99a796405920d5e67bcf185083a3f555115375fa50ebb6b9b20d9a6c6d3315bbab44b1b40457de5dc1afa1f786f6232d60b538f3a63eb939bf2850e2dc6158b870ce39ffdb", 0x1, r0, 0x4}, 0x38) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) syz_clone(0xc7a04680, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800), &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x19, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x40f00, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x90) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000640)='GPL\x00') bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000440)={r0, 0xffffffffffffffff}, 0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="06280600c06b00001843000001000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="000000000000ff07b70e000000000000850000000c000000b700000000000000"], &(0x7f00000002c0)='GPL\x00', 0x2, 0xe, &(0x7f0000000300)=""/14, 0x41100, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x4, 0xb, 0x7fffffff, 0x2}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000480)=[0xffffffffffffffff, r0, r4], &(0x7f00000004c0)=[{0x0, 0x4, 0xb, 0x5}, {0x4, 0x1, 0xa, 0x1}, {0x2, 0x1, 0x8, 0x4}, {0x4, 0x3, 0x7, 0x4}, {0x1, 0x3, 0x9, 0xb}, {0x4, 0x2, 0x6, 0x4}, {0x5, 0x4, 0xe, 0xa}], 0x10, 0x1}, 0x90) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x0, 0x28, &(0x7f0000001e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@call={0x85, 0x0, 0x0, 0xa4}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x9, 0x2, 0x6, 0xfffffffffffffff8, 0x10}, @ldst={0x3, 0x2, 0x0, 0xa, 0x9, 0x50, 0xffffffffffffffff}, @map_fd={0x18, 0x7}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x2, 0xdd, &(0x7f0000002000)=""/221, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x9, 0x3ff, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r8, &(0x7f0000000000), 0xfdef) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r6, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) r12 = openat$cgroup_ro(r8, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186500000a0000000000008500ffff9500"/52], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x7, '\x00', r11, 0x2e, r8, 0x8, &(0x7f0000000b00)={0x9, 0x2}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r9, 0x6, &(0x7f0000001c40)=[r12, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0xfffffffe, 0x3, 0xb, 0xa}, {0x2, 0x5, 0x2, 0xd}, {0x5, 0x5, 0x5, 0x4}, {0x4, 0x1, 0x10}, {0x3, 0x3, 0x6, 0xb}, {0x2, 0x3, 0x0, 0xc}], 0x10, 0x6}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002240)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18feab00414820000000000000e10000dc3b00000300000006004e0f88f19e070000009500000000000002979c"], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', r11, 0x25, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0xf, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000021c0)=[r10], &(0x7f0000002300)=[{0x4, 0xffff, 0x3, 0x9}, {0x5, 0x4, 0xb, 0x4}, {0x1, 0x4, 0xe, 0xc}, {0x4, 0x1, 0x8, 0x4}, {0x1, 0x2, 0x1, 0x9}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x20, &(0x7f0000000680)=@raw=[@call={0x85, 0x0, 0x0, 0xa}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @exit, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1f}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x9}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x40, '\x00', r11, 0x0, r3, 0x8, &(0x7f00000007c0)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x5, 0x1f, 0x6}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000840)=[r0, r4, r0, r5], &(0x7f0000000880)=[{0x3, 0x3, 0x8, 0xa}, {0x3, 0x4, 0x9, 0x1}, {0x1, 0x3, 0x2, 0x1}, {0x3, 0x5, 0x3, 0x5}, {0x3, 0x1, 0x5, 0x7}, {0x8000, 0x4, 0x5, 0x8}, {0x0, 0x1, 0xb, 0x5}, {0x0, 0x3, 0x10}]}, 0x90) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='snd_soc_dapm_path\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="70b1b574dfa0b224381f9c14ee2a89f83273dd78d4e548b1e319851de231e247c857a48219a766fe2c2c793f03e646de2ae6e849593b9e3d33f549b2b1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='snd_soc_dapm_path\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="70b1b574dfa0b224381f9c14ee2a89f83273dd78d4e548b1e319851de231e247c857a48219a766fe2c2c793f03e646de2ae6e849593b9e3d33f549b2b1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async, rerun: 64) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x1}, 0x48) (rerun: 64) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1, 0xffffffffffffffff}, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_type(r4, &(0x7f0000000000), 0x165243) (async, rerun: 32) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) (rerun: 32) write$cgroup_subtree(r5, 0x0, 0x4ea00) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000380)={0x800, 0x0}, 0x8) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x90) r9 = syz_open_procfs$namespace(0x0, 0x0) (async, rerun: 64) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000ac0)=ANY=[@ANYRES64=r8], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) (async, rerun: 64) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x3, 0x3ff, 0xfffffffd, 0xb7, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x4, &(0x7f0000001700)={r11, 0x0, 0x0}, 0x20) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1a, 0x4, 0x3, 0x1f, 0xc, r11, 0x1800, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(r13, 0x8914, &(0x7f0000000080)) (async) r15 = bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x4, 0x1e, &(0x7f0000000e40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10001}, {{0x18, 0x1, 0x1, 0x0, r15}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r11}}, @call={0x85, 0x0, 0x0, 0x9c}, @call={0x85, 0x0, 0x0, 0xc2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x3, 0xf1, &(0x7f0000000f40)=""/241, 0x41100, 0x71, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x1, 0x6, 0x3f, 0x2426}, 0x10, 0x0, r10, 0x5, &(0x7f0000000a00)=[r11, r14, r14, r15, r12, r14, r15, r15], &(0x7f0000000a40)=[{0x3, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x1, 0xa}, {0x5, 0x3, 0x7, 0x5}, {0x3, 0x3, 0x4, 0xa}, {0x5, 0x1, 0xa, 0xe}], 0x10, 0x1}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0x6, &(0x7f0000000380)=@raw=[@ldst={0x3, 0x1, 0x1, 0x7, 0xb, 0x4, 0x10}, @tail_call={{0x18, 0x2, 0x1, 0x0, r14}}], &(0x7f00000003c0)='syzkaller\x00', 0x2, 0x7e, &(0x7f0000000400)=""/126, 0x41100, 0x26, '\x00', 0x0, 0xa, r13, 0x8, &(0x7f0000000980)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000b00)={0x2, 0x6, 0x7, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000001180)=[r15, r9, 0xffffffffffffffff, r11, r14], &(0x7f00000011c0)=[{0x3, 0x5, 0x6}, {0x4, 0x2, 0x5, 0x3}, {0x1, 0x1, 0x2, 0x8}, {0x4, 0x4, 0x7, 0xc}, {0x4, 0x5, 0xf, 0x7}, {0x2, 0x1, 0x0, 0x9}], 0x10, 0x8e7}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0x2d, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x1, 0x2, 0x0, 0x3, 0x7, 0x80, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x462}, @map_fd={0x18, 0x1, 0x1, 0x0, r5}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffd}, @jmp={0x5, 0x1, 0x4, 0x1, 0x9, 0x1, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x76, r6, 0x8, &(0x7f00000001c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x0, 0xd, 0x4, 0x7fad}, 0x10, r7, r15, 0x4, 0x0, &(0x7f00000003c0)=[{0x3, 0x4, 0xc, 0x2}, {0x2, 0x1, 0x7, 0xc}, {0x5, 0x5, 0xa, 0xb}, {0x0, 0x1, 0x7, 0x3}], 0x10, 0x9}, 0x90) 22:26:26 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) [ 323.178561][T19695] FAULT_INJECTION: forcing a failure. [ 323.178561][T19695] name failslab, interval 1, probability 0, space 0, times 0 [ 323.218271][T19695] CPU: 0 PID: 19695 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 323.228431][T19695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 323.238325][T19695] Call Trace: [ 323.241445][T19695] [ 323.244226][T19695] dump_stack_lvl+0x151/0x1b7 [ 323.248738][T19695] ? io_uring_drop_tctx_refs+0x190/0x190 [ 323.254207][T19695] ? avc_denied+0x1b0/0x1b0 [ 323.258550][T19695] dump_stack+0x15/0x17 [ 323.262543][T19695] should_fail+0x3c6/0x510 [ 323.266793][T19695] __should_failslab+0xa4/0xe0 [ 323.271393][T19695] ? vm_area_dup+0x26/0x230 [ 323.275729][T19695] should_failslab+0x9/0x20 [ 323.280072][T19695] slab_pre_alloc_hook+0x37/0xd0 [ 323.284850][T19695] ? vm_area_dup+0x26/0x230 [ 323.289190][T19695] kmem_cache_alloc+0x44/0x200 [ 323.293784][T19695] vm_area_dup+0x26/0x230 [ 323.297956][T19695] copy_mm+0x9a1/0x13e0 [ 323.301945][T19695] ? copy_signal+0x610/0x610 [ 323.306372][T19695] ? __init_rwsem+0xd6/0x1c0 [ 323.310793][T19695] ? copy_signal+0x4e3/0x610 [ 323.315225][T19695] copy_process+0x1149/0x3290 [ 323.319738][T19695] ? proc_fail_nth_write+0x20b/0x290 [ 323.324857][T19695] ? fsnotify_perm+0x6a/0x5d0 [ 323.329372][T19695] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 323.334316][T19695] ? vfs_write+0x9ec/0x1110 [ 323.338660][T19695] kernel_clone+0x21e/0x9e0 [ 323.342994][T19695] ? file_end_write+0x1c0/0x1c0 [ 323.347683][T19695] ? create_io_thread+0x1e0/0x1e0 [ 323.352540][T19695] ? mutex_unlock+0xb2/0x260 [ 323.357056][T19695] ? __mutex_lock_slowpath+0x10/0x10 [ 323.362179][T19695] __x64_sys_clone+0x23f/0x290 [ 323.366782][T19695] ? __do_sys_vfork+0x130/0x130 [ 323.371462][T19695] ? ksys_write+0x260/0x2c0 [ 323.375802][T19695] ? debug_smp_processor_id+0x17/0x20 [ 323.381008][T19695] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 323.386906][T19695] ? exit_to_user_mode_prepare+0x39/0xa0 [ 323.392377][T19695] do_syscall_64+0x3d/0xb0 [ 323.396630][T19695] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 323.402357][T19695] RIP: 0033:0x7f8118545da9 [ 323.406610][T19695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 323.426138][T19695] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 323.434382][T19695] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 323.442192][T19695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 323.450004][T19695] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 323.457815][T19695] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 323.465625][T19695] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 323.473440][T19695] 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="7ac03b5fa1cf3b99ed5e0478d603d90c6a5e14e9138bac1563fa632c07593e46fc6076881a711680a2dda56182fa09d4314b66a74c375346f2ccfa862d37656a81a98f9487c4197c571bdabb1c19196b24ece6db2c5900"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 0: syz_clone(0x44040100, 0x0, 0x1f000000, 0x0, 0x0, 0x0) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="7ac03b5fa1cf3b99ed5e0478d603d90c6a5e14e9138bac1563fa632c07593e46fc6076881a711680a2dda56182fa09d4314b66a74c375346f2ccfa862d37656a81a98f9487c4197c571bdabb1c19196b24ece6db2c5900"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:26 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="7ac03b5fa1cf3b99ed5e0478d603d90c6a5e14e9138bac1563fa632c07593e46fc6076881a711680a2dda56182fa09d4314b66a74c375346f2ccfa862d37656a81a98f9487c4197c571bdabb1c19196b24ece6db2c5900"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r3, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x8, &(0x7f0000000c00)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @exit, @ldst={0x2, 0x3, 0x3, 0x9, 0x0, 0x80, 0xfffffffffffffffc}, @ldst={0x2, 0x2, 0x1, 0x1, 0xd1d96ebfd5aa5ade, 0x80, 0x10}], &(0x7f0000000c40)='GPL\x00', 0x2, 0xb1, &(0x7f0000000c80)=""/177, 0x41100, 0x18, '\x00', r5, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000d40)=[{0x0, 0x1, 0x2, 0x7}], 0x10, 0xfff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1a04", @ANYBLOB="969835fb903369022c0cb8a80a0ac6a9e344c37648115bec71a81ce86f330a091fd90b1b8074a3e66846fdb317650435d9b6ca6a9d31c77f6a0f8aa0d3be4a05be76e74b4882dbd64f0b2ce43b870027d5b3d140003e2a4016e6e0fa289d21775b7351fc", @ANYRES32=r0, @ANYRESDEC=r4], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:27 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) [ 323.828110][T19718] FAULT_INJECTION: forcing a failure. [ 323.828110][T19718] name failslab, interval 1, probability 0, space 0, times 0 [ 323.852183][T19718] CPU: 0 PID: 19718 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 323.862345][T19718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 323.872235][T19718] Call Trace: [ 323.875360][T19718] [ 323.878142][T19718] dump_stack_lvl+0x151/0x1b7 [ 323.882656][T19718] ? io_uring_drop_tctx_refs+0x190/0x190 [ 323.888126][T19718] dump_stack+0x15/0x17 [ 323.892112][T19718] should_fail+0x3c6/0x510 [ 323.896367][T19718] __should_failslab+0xa4/0xe0 [ 323.900966][T19718] ? vm_area_dup+0x26/0x230 [ 323.905303][T19718] should_failslab+0x9/0x20 [ 323.909655][T19718] slab_pre_alloc_hook+0x37/0xd0 [ 323.914419][T19718] ? vm_area_dup+0x26/0x230 [ 323.918757][T19718] kmem_cache_alloc+0x44/0x200 [ 323.923360][T19718] vm_area_dup+0x26/0x230 [ 323.927523][T19718] copy_mm+0x9a1/0x13e0 [ 323.931519][T19718] ? copy_signal+0x610/0x610 [ 323.935942][T19718] ? __init_rwsem+0xd6/0x1c0 [ 323.940371][T19718] ? copy_signal+0x4e3/0x610 [ 323.944795][T19718] copy_process+0x1149/0x3290 [ 323.949316][T19718] ? proc_fail_nth_write+0x20b/0x290 [ 323.954427][T19718] ? fsnotify_perm+0x6a/0x5d0 [ 323.958943][T19718] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 323.963891][T19718] ? vfs_write+0x9ec/0x1110 [ 323.968317][T19718] kernel_clone+0x21e/0x9e0 [ 323.972659][T19718] ? file_end_write+0x1c0/0x1c0 [ 323.977344][T19718] ? create_io_thread+0x1e0/0x1e0 [ 323.982292][T19718] ? mutex_unlock+0xb2/0x260 [ 323.986717][T19718] ? __mutex_lock_slowpath+0x10/0x10 [ 323.991842][T19718] __x64_sys_clone+0x23f/0x290 [ 323.999998][T19718] ? __do_sys_vfork+0x130/0x130 [ 324.004680][T19718] ? ksys_write+0x260/0x2c0 [ 324.009019][T19718] ? debug_smp_processor_id+0x17/0x20 [ 324.014224][T19718] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 324.020216][T19718] ? exit_to_user_mode_prepare+0x39/0xa0 [ 324.025769][T19718] do_syscall_64+0x3d/0xb0 [ 324.030018][T19718] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 324.035835][T19718] RIP: 0033:0x7f8118545da9 [ 324.040092][T19718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 324.059707][T19718] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 324.068555][T19718] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:27 executing program 0: syz_clone(0x44040100, 0x0, 0x1ffff000, 0x0, 0x0, 0x0) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async, rerun: 32) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r3, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x8, &(0x7f0000000c00)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @exit, @ldst={0x2, 0x3, 0x3, 0x9, 0x0, 0x80, 0xfffffffffffffffc}, @ldst={0x2, 0x2, 0x1, 0x1, 0xd1d96ebfd5aa5ade, 0x80, 0x10}], &(0x7f0000000c40)='GPL\x00', 0x2, 0xb1, &(0x7f0000000c80)=""/177, 0x41100, 0x18, '\x00', r5, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000d40)=[{0x0, 0x1, 0x2, 0x7}], 0x10, 0xfff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1a04", @ANYBLOB="969835fb903369022c0cb8a80a0ac6a9e344c37648115bec71a81ce86f330a091fd90b1b8074a3e66846fdb317650435d9b6ca6a9d31c77f6a0f8aa0d3be4a05be76e74b4882dbd64f0b2ce43b870027d5b3d140003e2a4016e6e0fa289d21775b7351fc", @ANYRES32=r0, @ANYRESDEC=r4], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 324.076367][T19718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 324.084178][T19718] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 324.091986][T19718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 324.099799][T19718] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 324.107616][T19718] 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r3, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x8, &(0x7f0000000c00)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @exit, @ldst={0x2, 0x3, 0x3, 0x9, 0x0, 0x80, 0xfffffffffffffffc}, @ldst={0x2, 0x2, 0x1, 0x1, 0xd1d96ebfd5aa5ade, 0x80, 0x10}], &(0x7f0000000c40)='GPL\x00', 0x2, 0xb1, &(0x7f0000000c80)=""/177, 0x41100, 0x18, '\x00', r5, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000d40)=[{0x0, 0x1, 0x2, 0x7}], 0x10, 0xfff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1a04", @ANYBLOB="969835fb903369022c0cb8a80a0ac6a9e344c37648115bec71a81ce86f330a091fd90b1b8074a3e66846fdb317650435d9b6ca6a9d31c77f6a0f8aa0d3be4a05be76e74b4882dbd64f0b2ce43b870027d5b3d140003e2a4016e6e0fa289d21775b7351fc", @ANYRES32=r0, @ANYRESDEC=r4], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x10, 0x4}, 0x90) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0xa, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00'}, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r0, 0x4010744d, 0x20000000) 22:26:27 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 22:26:27 executing program 2: bpf$ENABLE_STATS(0x20, &(0x7f0000000600), 0x4) r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000200)='./file0\x00'}, 0x18) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000000), &(0x7f00000000c0)=""/5, &(0x7f0000000100)="c22036c4188251d46f86ad726ec60edcff67348eb776ed02db5752f9485f53f8f673476f07829677e59aed2880d77ce8b7f6b7c22332c244d329dded8ed6a5855f807aa9d383f44855bc1b145d12cef988fbfba94b80c5f0df0d4111fc96e426dca3c8e9d51431185351567a860bdabd962e9b04d33fe5c4f3", &(0x7f0000000180)="d901e5319edf5ce6ba7b5f3b710d901e1099b7b9e908dbbeac4e0e3dc06dad6dabee0d71c8ac99a796405920d5e67bcf185083a3f555115375fa50ebb6b9b20d9a6c6d3315bbab44b1b40457de5dc1afa1f786f6232d60b538f3a63eb939bf2850e2dc6158b870ce39ffdb", 0x1, r0, 0x4}, 0x38) (async) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) (async, rerun: 64) syz_clone(0xc7a04680, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800), &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x19, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x40f00, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8}, 0x90) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x90) (async, rerun: 32) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000640)='GPL\x00') bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000440)={r0, 0xffffffffffffffff}, 0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="06280600c06b00001843000001000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="000000000000ff07b70e000000000000850000000c000000b700000000000000"], &(0x7f00000002c0)='GPL\x00', 0x2, 0xe, &(0x7f0000000300)=""/14, 0x41100, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x4, 0xb, 0x7fffffff, 0x2}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000480)=[0xffffffffffffffff, r0, r4], &(0x7f00000004c0)=[{0x0, 0x4, 0xb, 0x5}, {0x4, 0x1, 0xa, 0x1}, {0x2, 0x1, 0x8, 0x4}, {0x4, 0x3, 0x7, 0x4}, {0x1, 0x3, 0x9, 0xb}, {0x4, 0x2, 0x6, 0x4}, {0x5, 0x4, 0xe, 0xa}], 0x10, 0x1}, 0x90) (async, rerun: 64) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x0, 0x28, &(0x7f0000001e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@call={0x85, 0x0, 0x0, 0xa4}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x9, 0x2, 0x6, 0xfffffffffffffff8, 0x10}, @ldst={0x3, 0x2, 0x0, 0xa, 0x9, 0x50, 0xffffffffffffffff}, @map_fd={0x18, 0x7}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x2, 0xdd, &(0x7f0000002000)=""/221, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x9, 0x3ff, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x90) (async, rerun: 64) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r8, &(0x7f0000000000), 0xfdef) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) (async) r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r6, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) (async, rerun: 64) r12 = openat$cgroup_ro(r8, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186500000a0000000000008500ffff9500"/52], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x7, '\x00', r11, 0x2e, r8, 0x8, &(0x7f0000000b00)={0x9, 0x2}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r9, 0x6, &(0x7f0000001c40)=[r12, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0xfffffffe, 0x3, 0xb, 0xa}, {0x2, 0x5, 0x2, 0xd}, {0x5, 0x5, 0x5, 0x4}, {0x4, 0x1, 0x10}, {0x3, 0x3, 0x6, 0xb}, {0x2, 0x3, 0x0, 0xc}], 0x10, 0x6}, 0x90) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002240)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18feab00414820000000000000e10000dc3b00000300000006004e0f88f19e070000009500000000000002979c"], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', r11, 0x25, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0xf, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000021c0)=[r10], &(0x7f0000002300)=[{0x4, 0xffff, 0x3, 0x9}, {0x5, 0x4, 0xb, 0x4}, {0x1, 0x4, 0xe, 0xc}, {0x4, 0x1, 0x8, 0x4}, {0x1, 0x2, 0x1, 0x9}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x20, &(0x7f0000000680)=@raw=[@call={0x85, 0x0, 0x0, 0xa}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @exit, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1f}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x9}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x40, '\x00', r11, 0x0, r3, 0x8, &(0x7f00000007c0)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x5, 0x1f, 0x6}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000840)=[r0, r4, r0, r5], &(0x7f0000000880)=[{0x3, 0x3, 0x8, 0xa}, {0x3, 0x4, 0x9, 0x1}, {0x1, 0x3, 0x2, 0x1}, {0x3, 0x5, 0x3, 0x5}, {0x3, 0x1, 0x5, 0x7}, {0x8000, 0x4, 0x5, 0x8}, {0x0, 0x1, 0xb, 0x5}, {0x0, 0x3, 0x10}]}, 0x90) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0xa, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00'}, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r0, 0x4010744d, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0xa, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0x1}, 0x48) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00'}, 0x10) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r0, 0x4010744d, 0x20000000) (async) 22:26:27 executing program 0: syz_clone(0x44040100, 0x0, 0x20000000, 0x0, 0x0, 0x0) 22:26:27 executing program 2: bpf$ENABLE_STATS(0x20, &(0x7f0000000600), 0x4) r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000200)='./file0\x00'}, 0x18) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000000), &(0x7f00000000c0)=""/5, &(0x7f0000000100)="c22036c4188251d46f86ad726ec60edcff67348eb776ed02db5752f9485f53f8f673476f07829677e59aed2880d77ce8b7f6b7c22332c244d329dded8ed6a5855f807aa9d383f44855bc1b145d12cef988fbfba94b80c5f0df0d4111fc96e426dca3c8e9d51431185351567a860bdabd962e9b04d33fe5c4f3", &(0x7f0000000180)="d901e5319edf5ce6ba7b5f3b710d901e1099b7b9e908dbbeac4e0e3dc06dad6dabee0d71c8ac99a796405920d5e67bcf185083a3f555115375fa50ebb6b9b20d9a6c6d3315bbab44b1b40457de5dc1afa1f786f6232d60b538f3a63eb939bf2850e2dc6158b870ce39ffdb", 0x1, r0, 0x4}, 0x38) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) syz_clone(0xc7a04680, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0xc7a04680, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800), &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x19, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x40f00, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x90) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000640)='GPL\x00') (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000640)='GPL\x00') bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000440)={r0}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000440)={r0, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="06280600c06b00001843000001000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="000000000000ff07b70e000000000000850000000c000000b700000000000000"], &(0x7f00000002c0)='GPL\x00', 0x2, 0xe, &(0x7f0000000300)=""/14, 0x41100, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x4, 0xb, 0x7fffffff, 0x2}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000480)=[0xffffffffffffffff, r0, r4], &(0x7f00000004c0)=[{0x0, 0x4, 0xb, 0x5}, {0x4, 0x1, 0xa, 0x1}, {0x2, 0x1, 0x8, 0x4}, {0x4, 0x3, 0x7, 0x4}, {0x1, 0x3, 0x9, 0xb}, {0x4, 0x2, 0x6, 0x4}, {0x5, 0x4, 0xe, 0xa}], 0x10, 0x1}, 0x90) (async) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="06280600c06b00001843000001000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="000000000000ff07b70e000000000000850000000c000000b700000000000000"], &(0x7f00000002c0)='GPL\x00', 0x2, 0xe, &(0x7f0000000300)=""/14, 0x41100, 0x0, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x4, 0xb, 0x7fffffff, 0x2}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000480)=[0xffffffffffffffff, r0, r4], &(0x7f00000004c0)=[{0x0, 0x4, 0xb, 0x5}, {0x4, 0x1, 0xa, 0x1}, {0x2, 0x1, 0x8, 0x4}, {0x4, 0x3, 0x7, 0x4}, {0x1, 0x3, 0x9, 0xb}, {0x4, 0x2, 0x6, 0x4}, {0x5, 0x4, 0xe, 0xa}], 0x10, 0x1}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x0, 0x28, &(0x7f0000001e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@call={0x85, 0x0, 0x0, 0xa4}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x9, 0x2, 0x6, 0xfffffffffffffff8, 0x10}, @ldst={0x3, 0x2, 0x0, 0xa, 0x9, 0x50, 0xffffffffffffffff}, @map_fd={0x18, 0x7}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x2, 0xdd, &(0x7f0000002000)=""/221, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x9, 0x3ff, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x90) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x0, 0x28, &(0x7f0000001e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@call={0x85, 0x0, 0x0, 0xa4}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x9, 0x2, 0x6, 0xfffffffffffffff8, 0x10}, @ldst={0x3, 0x2, 0x0, 0xa, 0x9, 0x50, 0xffffffffffffffff}, @map_fd={0x18, 0x7}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x2, 0xdd, &(0x7f0000002000)=""/221, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000ac0)={0x3, 0x9, 0x3ff, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r8, &(0x7f0000000000), 0xfdef) (async) write$cgroup_subtree(r8, &(0x7f0000000000), 0xfdef) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r6, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000800)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300), 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) r12 = openat$cgroup_ro(r8, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x16, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186500000a0000000000008500ffff9500"/52], &(0x7f0000000280)='GPL\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x7, '\x00', r11, 0x2e, r8, 0x8, &(0x7f0000000b00)={0x9, 0x2}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r9, 0x6, &(0x7f0000001c40)=[r12, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0xfffffffe, 0x3, 0xb, 0xa}, {0x2, 0x5, 0x2, 0xd}, {0x5, 0x5, 0x5, 0x4}, {0x4, 0x1, 0x10}, {0x3, 0x3, 0x6, 0xb}, {0x2, 0x3, 0x0, 0xc}], 0x10, 0x6}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002240)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18feab00414820000000000000e10000dc3b00000300000006004e0f88f19e070000009500000000000002979c"], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', r11, 0x25, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0xf, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000021c0)=[r10], &(0x7f0000002300)=[{0x4, 0xffff, 0x3, 0x9}, {0x5, 0x4, 0xb, 0x4}, {0x1, 0x4, 0xe, 0xc}, {0x4, 0x1, 0x8, 0x4}, {0x1, 0x2, 0x1, 0x9}], 0x10, 0x3ff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x20, &(0x7f0000000680)=@raw=[@call={0x85, 0x0, 0x0, 0xa}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @exit, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1f}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x9}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x40, '\x00', r11, 0x0, r3, 0x8, &(0x7f00000007c0)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000800)={0x0, 0x5, 0x1f, 0x6}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000840)=[r0, r4, r0, r5], &(0x7f0000000880)=[{0x3, 0x3, 0x8, 0xa}, {0x3, 0x4, 0x9, 0x1}, {0x1, 0x3, 0x2, 0x1}, {0x3, 0x5, 0x3, 0x5}, {0x3, 0x1, 0x5, 0x7}, {0x8000, 0x4, 0x5, 0x8}, {0x0, 0x1, 0xb, 0x5}, {0x0, 0x3, 0x10}]}, 0x90) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0xa, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00'}, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r0, 0x4010744d, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0xa, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0x1}, 0x48) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00'}, 0x10) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r0, 0x4010744d, 0x20000000) (async) 22:26:27 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x1}, 0x48) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1, 0xffffffffffffffff}, 0x4) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_type(r4, &(0x7f0000000000), 0x165243) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, 0x0, 0x4ea00) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000380)={0x800, 0x0}, 0x8) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x90) r9 = syz_open_procfs$namespace(0x0, 0x0) (async) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000ac0)=ANY=[@ANYRES64=r8], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x3, 0x3ff, 0xfffffffd, 0xb7, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x4, &(0x7f0000001700)={r11, 0x0, 0x0}, 0x20) (async) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1a, 0x4, 0x3, 0x1f, 0xc, r11, 0x1800, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x48) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r13, 0x8914, &(0x7f0000000080)) (async) r15 = bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x4, 0x1e, &(0x7f0000000e40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10001}, {{0x18, 0x1, 0x1, 0x0, r15}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r11}}, @call={0x85, 0x0, 0x0, 0x9c}, @call={0x85, 0x0, 0x0, 0xc2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x3, 0xf1, &(0x7f0000000f40)=""/241, 0x41100, 0x71, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x1, 0x6, 0x3f, 0x2426}, 0x10, 0x0, r10, 0x5, &(0x7f0000000a00)=[r11, r14, r14, r15, r12, r14, r15, r15], &(0x7f0000000a40)=[{0x3, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x1, 0xa}, {0x5, 0x3, 0x7, 0x5}, {0x3, 0x3, 0x4, 0xa}, {0x5, 0x1, 0xa, 0xe}], 0x10, 0x1}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0x6, &(0x7f0000000380)=@raw=[@ldst={0x3, 0x1, 0x1, 0x7, 0xb, 0x4, 0x10}, @tail_call={{0x18, 0x2, 0x1, 0x0, r14}}], &(0x7f00000003c0)='syzkaller\x00', 0x2, 0x7e, &(0x7f0000000400)=""/126, 0x41100, 0x26, '\x00', 0x0, 0xa, r13, 0x8, &(0x7f0000000980)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000b00)={0x2, 0x6, 0x7, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000001180)=[r15, r9, 0xffffffffffffffff, r11, r14], &(0x7f00000011c0)=[{0x3, 0x5, 0x6}, {0x4, 0x2, 0x5, 0x3}, {0x1, 0x1, 0x2, 0x8}, {0x4, 0x4, 0x7, 0xc}, {0x4, 0x5, 0xf, 0x7}, {0x2, 0x1, 0x0, 0x9}], 0x10, 0x8e7}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0x2d, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x1, 0x2, 0x0, 0x3, 0x7, 0x80, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x462}, @map_fd={0x18, 0x1, 0x1, 0x0, r5}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffd}, @jmp={0x5, 0x1, 0x4, 0x1, 0x9, 0x1, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x76, r6, 0x8, &(0x7f00000001c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x0, 0xd, 0x4, 0x7fad}, 0x10, r7, r15, 0x4, 0x0, &(0x7f00000003c0)=[{0x3, 0x4, 0xc, 0x2}, {0x2, 0x1, 0x7, 0xc}, {0x5, 0x5, 0xa, 0xb}, {0x0, 0x1, 0x7, 0x3}], 0x10, 0x9}, 0x90) 22:26:27 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 324.461572][T19762] FAULT_INJECTION: forcing a failure. [ 324.461572][T19762] name failslab, interval 1, probability 0, space 0, times 0 [ 324.507187][T19762] CPU: 0 PID: 19762 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 324.517351][T19762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 324.527245][T19762] Call Trace: [ 324.530367][T19762] [ 324.533144][T19762] dump_stack_lvl+0x151/0x1b7 [ 324.537657][T19762] ? io_uring_drop_tctx_refs+0x190/0x190 [ 324.543126][T19762] dump_stack+0x15/0x17 [ 324.547118][T19762] should_fail+0x3c6/0x510 [ 324.551371][T19762] __should_failslab+0xa4/0xe0 [ 324.555973][T19762] ? anon_vma_fork+0xf7/0x4e0 [ 324.560485][T19762] should_failslab+0x9/0x20 [ 324.564821][T19762] slab_pre_alloc_hook+0x37/0xd0 [ 324.569595][T19762] ? anon_vma_fork+0xf7/0x4e0 [ 324.574108][T19762] kmem_cache_alloc+0x44/0x200 [ 324.578713][T19762] anon_vma_fork+0xf7/0x4e0 [ 324.583049][T19762] ? anon_vma_name+0x4c/0x70 [ 324.587474][T19762] ? vm_area_dup+0x17a/0x230 [ 324.591903][T19762] copy_mm+0xa3a/0x13e0 [ 324.595899][T19762] ? copy_signal+0x610/0x610 [ 324.600323][T19762] ? __init_rwsem+0xd6/0x1c0 22:26:27 executing program 0: syz_clone(0x44040100, 0x0, 0xa002c000, 0x0, 0x0, 0x0) [ 324.604759][T19762] ? copy_signal+0x4e3/0x610 [ 324.609174][T19762] copy_process+0x1149/0x3290 [ 324.613691][T19762] ? proc_fail_nth_write+0x20b/0x290 [ 324.618817][T19762] ? fsnotify_perm+0x6a/0x5d0 [ 324.623321][T19762] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 324.628266][T19762] ? vfs_write+0x9ec/0x1110 [ 324.632624][T19762] kernel_clone+0x21e/0x9e0 [ 324.636947][T19762] ? file_end_write+0x1c0/0x1c0 [ 324.641635][T19762] ? create_io_thread+0x1e0/0x1e0 [ 324.646495][T19762] ? mutex_unlock+0xb2/0x260 [ 324.650921][T19762] ? __mutex_lock_slowpath+0x10/0x10 [ 324.656049][T19762] __x64_sys_clone+0x23f/0x290 [ 324.660642][T19762] ? __do_sys_vfork+0x130/0x130 [ 324.666007][T19762] ? ksys_write+0x260/0x2c0 [ 324.670350][T19762] ? debug_smp_processor_id+0x17/0x20 [ 324.675556][T19762] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 324.681544][T19762] ? exit_to_user_mode_prepare+0x39/0xa0 [ 324.687157][T19762] do_syscall_64+0x3d/0xb0 [ 324.691407][T19762] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 324.697132][T19762] RIP: 0033:0x7f8118545da9 [ 324.701388][T19762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 324.720833][T19762] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 324.729073][T19762] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 324.736888][T19762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 324.744693][T19762] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:28 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) [ 324.752509][T19762] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 324.760318][T19762] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 324.768228][T19762] [ 324.789513][T19772] FAULT_INJECTION: forcing a failure. [ 324.789513][T19772] name failslab, interval 1, probability 0, space 0, times 0 [ 324.808871][T19772] CPU: 0 PID: 19772 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 324.819126][T19772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 324.829027][T19772] Call Trace: [ 324.832139][T19772] [ 324.834918][T19772] dump_stack_lvl+0x151/0x1b7 [ 324.839431][T19772] ? io_uring_drop_tctx_refs+0x190/0x190 [ 324.844900][T19772] dump_stack+0x15/0x17 [ 324.848889][T19772] should_fail+0x3c6/0x510 [ 324.853234][T19772] __should_failslab+0xa4/0xe0 [ 324.857840][T19772] ? anon_vma_fork+0x1df/0x4e0 [ 324.862431][T19772] should_failslab+0x9/0x20 [ 324.867292][T19772] slab_pre_alloc_hook+0x37/0xd0 [ 324.872065][T19772] ? anon_vma_fork+0x1df/0x4e0 [ 324.876662][T19772] kmem_cache_alloc+0x44/0x200 [ 324.881264][T19772] anon_vma_fork+0x1df/0x4e0 [ 324.889513][T19772] copy_mm+0xa3a/0x13e0 [ 324.893508][T19772] ? copy_signal+0x610/0x610 [ 324.897932][T19772] ? __init_rwsem+0xd6/0x1c0 [ 324.902356][T19772] ? copy_signal+0x4e3/0x610 [ 324.906794][T19772] copy_process+0x1149/0x3290 [ 324.911295][T19772] ? proc_fail_nth_write+0x20b/0x290 [ 324.916416][T19772] ? fsnotify_perm+0x6a/0x5d0 [ 324.920928][T19772] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 324.925878][T19772] ? vfs_write+0x9ec/0x1110 [ 324.930221][T19772] kernel_clone+0x21e/0x9e0 [ 324.934555][T19772] ? file_end_write+0x1c0/0x1c0 [ 324.939244][T19772] ? create_io_thread+0x1e0/0x1e0 [ 324.944102][T19772] ? mutex_unlock+0xb2/0x260 [ 324.948529][T19772] ? __mutex_lock_slowpath+0x10/0x10 [ 324.953650][T19772] __x64_sys_clone+0x23f/0x290 22:26:28 executing program 0: syz_clone(0x44040100, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0) [ 324.958337][T19772] ? __do_sys_vfork+0x130/0x130 [ 324.963021][T19772] ? ksys_write+0x260/0x2c0 [ 324.967365][T19772] ? debug_smp_processor_id+0x17/0x20 [ 324.972569][T19772] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 324.978471][T19772] ? exit_to_user_mode_prepare+0x39/0xa0 [ 324.983945][T19772] do_syscall_64+0x3d/0xb0 [ 324.988197][T19772] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 324.993926][T19772] RIP: 0033:0x7f8118545da9 [ 324.998174][T19772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 325.017723][T19772] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 325.025971][T19772] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 325.033864][T19772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 325.041673][T19772] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 325.049486][T19772] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 22:26:28 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) 22:26:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 325.057301][T19772] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 325.065109][T19772] 22:26:28 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000007b57ee876ae019a4e18a2482b3caca529219cb82f408f08bb7d59641302f77a64e9461a2e163a75cb7aaa5696753eb3107451a4464c43c6d625d00fa144d704bd0f722294928be0801e3cb471127b603ded433bb02e5301f2743f868a2cf50d29859ffe36f587d2970580fe5d28dc0c628bb635aa234982d7c51c4bbdd1fe2fb0b4d4a6ea7fe4e0f000000005794050100a4a3d0a2b6e86f9c77681ec1cc419e5fea1daca63d75bdf74448d3722c183b82114f4c619920174386e6d9d8c9716dafc80022226b3993b9f134d175ffbbcd321ee731db5a4407a143fcc632cb98a8cfe263bcd2c2f4d9ca0925d5609eae35a83bb01738c857aa777116e3398b0a77004b8830f3ce5c950fd0ae2fdd6e116a7a1baf66902b70468accea9f902177092ca170f5824055f05c3512de270d9513a83d6f5e73a2584f7d81836720de31330e51c4844f8e1f27b9585f7577d98c9ab5d812cbd70fe0af92327542f787f446585b1eb2471ec5bf8872c64127e2d6"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x6, 0x1, 0x7ff, &(0x7f0000000000)) socketpair(0x11, 0x3, 0x8, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080), 0x4) [ 325.109965][T19784] FAULT_INJECTION: forcing a failure. [ 325.109965][T19784] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 325.136699][T19784] CPU: 0 PID: 19784 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 325.146862][T19784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 325.156753][T19784] Call Trace: [ 325.159876][T19784] [ 325.162654][T19784] dump_stack_lvl+0x151/0x1b7 [ 325.167170][T19784] ? io_uring_drop_tctx_refs+0x190/0x190 [ 325.172638][T19784] dump_stack+0x15/0x17 [ 325.176625][T19784] should_fail+0x3c6/0x510 [ 325.180882][T19784] should_fail_alloc_page+0x5a/0x80 [ 325.185913][T19784] prepare_alloc_pages+0x15c/0x700 [ 325.190864][T19784] ? __alloc_pages_bulk+0xe40/0xe40 [ 325.195902][T19784] __alloc_pages+0x18c/0x8f0 [ 325.200322][T19784] ? prep_new_page+0x110/0x110 [ 325.204929][T19784] get_zeroed_page+0x1b/0x40 [ 325.209372][T19784] __pud_alloc+0x8b/0x260 [ 325.213511][T19784] ? stack_trace_snprint+0xf0/0xf0 [ 325.218458][T19784] ? do_handle_mm_fault+0x2330/0x2330 [ 325.223682][T19784] ? __stack_depot_save+0x34/0x470 [ 325.228611][T19784] ? anon_vma_clone+0x9a/0x500 [ 325.233209][T19784] copy_page_range+0x2bcf/0x2f90 [ 325.238006][T19784] ? __kasan_slab_alloc+0xb1/0xe0 [ 325.242847][T19784] ? slab_post_alloc_hook+0x53/0x2c0 [ 325.247966][T19784] ? copy_mm+0xa3a/0x13e0 [ 325.252131][T19784] ? copy_process+0x1149/0x3290 [ 325.256818][T19784] ? kernel_clone+0x21e/0x9e0 [ 325.261330][T19784] ? __x64_sys_clone+0x23f/0x290 [ 325.266112][T19784] ? do_syscall_64+0x3d/0xb0 [ 325.270540][T19784] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 325.276440][T19784] ? pfn_valid+0x1e0/0x1e0 [ 325.280688][T19784] ? rwsem_write_trylock+0x15b/0x290 [ 325.285807][T19784] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 325.292057][T19784] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 325.297611][T19784] ? __rb_insert_augmented+0x5de/0x610 [ 325.302906][T19784] copy_mm+0xc7e/0x13e0 [ 325.306902][T19784] ? copy_signal+0x610/0x610 [ 325.311582][T19784] ? __init_rwsem+0xd6/0x1c0 [ 325.316011][T19784] ? copy_signal+0x4e3/0x610 [ 325.320437][T19784] copy_process+0x1149/0x3290 [ 325.324949][T19784] ? proc_fail_nth_write+0x20b/0x290 [ 325.330070][T19784] ? fsnotify_perm+0x6a/0x5d0 [ 325.334582][T19784] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 325.339530][T19784] ? vfs_write+0x9ec/0x1110 [ 325.343871][T19784] kernel_clone+0x21e/0x9e0 [ 325.348208][T19784] ? file_end_write+0x1c0/0x1c0 [ 325.352894][T19784] ? create_io_thread+0x1e0/0x1e0 [ 325.357754][T19784] ? mutex_unlock+0xb2/0x260 [ 325.362182][T19784] ? __mutex_lock_slowpath+0x10/0x10 [ 325.367311][T19784] __x64_sys_clone+0x23f/0x290 [ 325.371905][T19784] ? __do_sys_vfork+0x130/0x130 [ 325.376591][T19784] ? ksys_write+0x260/0x2c0 [ 325.380933][T19784] ? debug_smp_processor_id+0x17/0x20 [ 325.386136][T19784] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 325.392038][T19784] ? exit_to_user_mode_prepare+0x39/0xa0 [ 325.397605][T19784] do_syscall_64+0x3d/0xb0 [ 325.401848][T19784] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 325.407575][T19784] RIP: 0033:0x7f8118545da9 [ 325.411829][T19784] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 325.431271][T19784] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 325.439514][T19784] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 325.447334][T19784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 22:26:28 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000007b57ee876ae019a4e18a2482b3caca529219cb82f408f08bb7d59641302f77a64e9461a2e163a75cb7aaa5696753eb3107451a4464c43c6d625d00fa144d704bd0f722294928be0801e3cb471127b603ded433bb02e5301f2743f868a2cf50d29859ffe36f587d2970580fe5d28dc0c628bb635aa234982d7c51c4bbdd1fe2fb0b4d4a6ea7fe4e0f000000005794050100a4a3d0a2b6e86f9c77681ec1cc419e5fea1daca63d75bdf74448d3722c183b82114f4c619920174386e6d9d8c9716dafc80022226b3993b9f134d175ffbbcd321ee731db5a4407a143fcc632cb98a8cfe263bcd2c2f4d9ca0925d5609eae35a83bb01738c857aa777116e3398b0a77004b8830f3ce5c950fd0ae2fdd6e116a7a1baf66902b70468accea9f902177092ca170f5824055f05c3512de270d9513a83d6f5e73a2584f7d81836720de31330e51c4844f8e1f27b9585f7577d98c9ab5d812cbd70fe0af92327542f787f446585b1eb2471ec5bf8872c64127e2d6"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x6, 0x1, 0x7ff, &(0x7f0000000000)) (async) socketpair(0x11, 0x3, 0x8, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080), 0x4) 22:26:28 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 22:26:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async, rerun: 32) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (rerun: 32) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 32) openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:28 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000007b57ee876ae019a4e18a2482b3caca529219cb82f408f08bb7d59641302f77a64e9461a2e163a75cb7aaa5696753eb3107451a4464c43c6d625d00fa144d704bd0f722294928be0801e3cb471127b603ded433bb02e5301f2743f868a2cf50d29859ffe36f587d2970580fe5d28dc0c628bb635aa234982d7c51c4bbdd1fe2fb0b4d4a6ea7fe4e0f000000005794050100a4a3d0a2b6e86f9c77681ec1cc419e5fea1daca63d75bdf74448d3722c183b82114f4c619920174386e6d9d8c9716dafc80022226b3993b9f134d175ffbbcd321ee731db5a4407a143fcc632cb98a8cfe263bcd2c2f4d9ca0925d5609eae35a83bb01738c857aa777116e3398b0a77004b8830f3ce5c950fd0ae2fdd6e116a7a1baf66902b70468accea9f902177092ca170f5824055f05c3512de270d9513a83d6f5e73a2584f7d81836720de31330e51c4844f8e1f27b9585f7577d98c9ab5d812cbd70fe0af92327542f787f446585b1eb2471ec5bf8872c64127e2d6"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async, rerun: 32) socketpair(0x6, 0x1, 0x7ff, &(0x7f0000000000)) (async, rerun: 32) socketpair(0x11, 0x3, 0x8, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080), 0x4) [ 325.455136][T19784] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 325.462946][T19784] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 325.470760][T19784] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 325.478574][T19784] [ 325.529502][T19804] FAULT_INJECTION: forcing a failure. [ 325.529502][T19804] name failslab, interval 1, probability 0, space 0, times 0 [ 325.556609][T19804] CPU: 1 PID: 19804 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 325.566773][T19804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 325.576663][T19804] Call Trace: [ 325.579790][T19804] [ 325.582564][T19804] dump_stack_lvl+0x151/0x1b7 [ 325.587169][T19804] ? io_uring_drop_tctx_refs+0x190/0x190 [ 325.592639][T19804] dump_stack+0x15/0x17 [ 325.596624][T19804] should_fail+0x3c6/0x510 [ 325.600879][T19804] __should_failslab+0xa4/0xe0 [ 325.605478][T19804] ? anon_vma_clone+0x9a/0x500 [ 325.610080][T19804] should_failslab+0x9/0x20 [ 325.614425][T19804] slab_pre_alloc_hook+0x37/0xd0 [ 325.619192][T19804] ? anon_vma_clone+0x9a/0x500 [ 325.623791][T19804] kmem_cache_alloc+0x44/0x200 [ 325.628389][T19804] anon_vma_clone+0x9a/0x500 [ 325.632820][T19804] anon_vma_fork+0x91/0x4e0 [ 325.637157][T19804] ? anon_vma_name+0x4c/0x70 [ 325.641583][T19804] ? vm_area_dup+0x17a/0x230 [ 325.646010][T19804] copy_mm+0xa3a/0x13e0 [ 325.650005][T19804] ? copy_signal+0x610/0x610 [ 325.654427][T19804] ? __init_rwsem+0xd6/0x1c0 [ 325.658857][T19804] ? copy_signal+0x4e3/0x610 [ 325.663282][T19804] copy_process+0x1149/0x3290 [ 325.667797][T19804] ? proc_fail_nth_write+0x20b/0x290 [ 325.672916][T19804] ? fsnotify_perm+0x6a/0x5d0 22:26:28 executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x0, 0x40}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) r4 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r5 = getpid() r6 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000200)={0x5, 0x80, 0xc0, 0x1f, 0x3f, 0x7, 0x0, 0x3, 0xc1052, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x2, 0x7fffffffffffffff}, 0x400, 0x8, 0x2, 0x6, 0x6, 0xe23, 0x8, 0x0, 0xfffffffb, 0x0, 0x1}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18330000186900000700000000000000ce9f3d5700000000000000"], &(0x7f0000000900)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002b00)=""/4096, 0x41100, 0x0, '\x00', r8, 0x0, r10, 0x8, &(0x7f0000000880)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000008c0)={0x1, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[r9, 0xffffffffffffffff, 0xffffffffffffffff, r10, r9, r9, 0xffffffffffffffff, r10], &(0x7f0000000a40)=[{0x4, 0x1, 0x3, 0xc}, {0x0, 0x5, 0x8}, {0x5, 0x2, 0x0, 0x6}], 0x10, 0x798e}, 0x90) sendmsg$inet(r10, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000002880)="52fd288bb02312f731bdf1a1f7d9d5f348ae32cc", 0x14}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba", 0x75}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000000000000001000000ffffffff000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="ac1414130000000000000000110000000000000000000000010000000700000000000000340000000000000000000000070000000144045b618307bc7f00000144143383ac1414bb00000001e00000020000000101000000000000001100000000000000000000000100000007000000000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="e0000001ac14141610000000"], 0xc0}, 0x40000) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r11}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x53}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4010, r6}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x1c, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1ff}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, @exit, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}}, @ldst={0x2, 0x1, 0x6, 0x9, 0xa, 0xfffffffffffffff0, 0x8}, @jmp={0x5, 0x1, 0xc, 0x5, 0x6, 0x6, 0xfffffffffffffffc}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @exit, @btf_id={0x18, 0xd}]}, &(0x7f0000000140)='GPL\x00', 0x7, 0xdf, &(0x7f0000000740)=""/223, 0x0, 0x8, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000580)=[r11, r3, r12, r7, r3], &(0x7f0000000840)=[{0x1, 0x4, 0xc, 0x4}, {0x3, 0x3, 0x9, 0x9}, {0x3, 0x2, 0xa, 0x3}, {0x2, 0x5, 0x7, 0x2}, {0x0, 0x4, 0x10}], 0x10, 0x8}, 0x90) write$cgroup_type(r7, &(0x7f0000000000), 0x165243) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xe1, 0x80, 0x0, 0x9, 0x0, 0x1, 0x220, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x20, 0x97}, 0x14102, 0x7, 0x1ff, 0x1, 0xffff, 0x7, 0x7f, 0x0, 0x8001, 0x0, 0x1}, r5, 0x0, r7, 0x1) [ 325.677428][T19804] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 325.682376][T19804] ? vfs_write+0x9ec/0x1110 [ 325.686716][T19804] kernel_clone+0x21e/0x9e0 [ 325.691058][T19804] ? file_end_write+0x1c0/0x1c0 [ 325.695747][T19804] ? create_io_thread+0x1e0/0x1e0 [ 325.700599][T19804] ? mutex_unlock+0xb2/0x260 [ 325.705028][T19804] ? __mutex_lock_slowpath+0x10/0x10 [ 325.710151][T19804] __x64_sys_clone+0x23f/0x290 [ 325.714749][T19804] ? __do_sys_vfork+0x130/0x130 [ 325.719434][T19804] ? ksys_write+0x260/0x2c0 [ 325.723779][T19804] ? debug_smp_processor_id+0x17/0x20 [ 325.728982][T19804] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 325.734885][T19804] ? exit_to_user_mode_prepare+0x39/0xa0 [ 325.740351][T19804] do_syscall_64+0x3d/0xb0 [ 325.744606][T19804] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 325.750332][T19804] RIP: 0033:0x7f8118545da9 [ 325.754588][T19804] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000e9ffffff000000009500da000000001dce110bc1dea5effb83ee0dd845f5887deb80bd427e02e840ba56edce13a7ed9ec42b571ac7de85dd15af91c34f3c7c06530a4335c49143fa03f26ed9"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000e9ffffff000000009500da000000001dce110bc1dea5effb83ee0dd845f5887deb80bd427e02e840ba56edce13a7ed9ec42b571ac7de85dd15af91c34f3c7c06530a4335c49143fa03f26ed9"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 325.774030][T19804] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 325.782273][T19804] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 325.790083][T19804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 325.797898][T19804] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 325.805714][T19804] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 325.813519][T19804] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 325.821332][T19804] 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000e9ffffff000000009500da000000001dce110bc1dea5effb83ee0dd845f5887deb80bd427e02e840ba56edce13a7ed9ec42b571ac7de85dd15af91c34f3c7c06530a4335c49143fa03f26ed9"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={0x1, 0x58, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001740)={&(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f00000016c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000c40)="5cf382b0a362024c1b1bbc0ca0edab4dc2506d982891ef57eb3d76591ecca8dda5f877623efa4be31c5dbd4925563c57b4c66f2da86f9a13f4c5b18141457d78ebc05fef736efe33280847c4eda84f72502aa57ae1b2d2245e8747cbc194e6b97130f659e567dc60bed8f683edc1d0b0e789a6f24a2d8625dbded8fb3e230feafdc5b8478823861d9dd905d1e2c7e9d23f94bc95c3af0244276e2bc5d2fc3e25653f1ea36c4cb8d0e4a482ae4abd9c963777e2bfb1fe24600b19c784eaaadd1687380c2a1076cafd18bc3b2e53c5b662adae3cb2fc145e244d3c741186", 0xdd}, {&(0x7f00000014c0)="da71bd51fb209e85b300a16814df35088d59a9423291698d6955f68871d9d2efd7112beadd78a24441c3e72a170d8157990e1272f9372743bed7f3cc750a1044b567639a0d818e9ff38dd80eef16cc9b07e732c4b7f992b6711692339b32ba71b46f2896af94f13a75d29bd08811d0f361a8593e48087888c70741af76bdcc5b27614fd1687aa9694e4038dce00c55e7f0c4d67e58aba8eac4e43f89c636fea4e72233010a644868f232ddee506bcfc2bd1b411426ebafdcb91b3de22f92e946c05a22c4288897be", 0xc8}, {&(0x7f0000000440)="aebd107f617db07d16f6bdd52f3539ca3a2c4e1c32a5c12fc7976fa91860d2669bebf531cce6a9579cd243adb20206ccfbfe10d505aae783dc370b043ac12e48475fd1dd0490755559686a", 0x4b}, {&(0x7f0000000e40)="fcbae8303db724e262ff6aa45b398732e5882f50164b3ef4a53fdaee42231a608e4200e6e3ba00f770c019763512a360fba87e54d5dd7afe345a10635c0d36f8bf23c92436060bde2382762950", 0x4d}, {&(0x7f0000001780)="286b91ef27ae20c526bb0fb89ad45ec1ad56760cb3ef2de7e359fda14b5493a38414e19d220b8eac94f9776257d194a6c49957a888eafbdf67261478a38fc548822e65df038eb26a574fdc71a5773c2ea3b31e33cde3bb831c0bb482251fd7e400e02b8a7f04397065d50376faadf545f4280c42a3c9f091740a637dd21e93082bbdb7fbfcfe03bc4cb37af51d9585f639cda5bffae02f919ef1e0bf59614b8c07d8aec3e7e2149a667c478c39502ba9ecf41a449ef64243af18c1a6203a3339d0aa05a6ccd4ee9cc421b169c9bb44a1f96972da2d2dd27601cf4f51b93f3cd69cbd95c69c4667af3423bd2dd5", 0xed}, {&(0x7f00000015c0)="d40d2e6e1a9db8ecbc86553001e2c1369a2837a9593e94648866b40892de431ee4b1dc6bc1168631f11198875bde1622a8d76d848e0a883bf9565234c98f126a975089ecad67c0f6102f07f9f1f7c5217ed2886e7523f1e3112bde0e0a5a01dbdbb6c9979975432293edff7062dfed0fc9743b3004c14563dc5b53bdfaade6df25b057e957db2b9bc0373d7d1f63fb367dd00819988bb9b467f2620f26bde27847b584eef9a1e625ef4ebddf3d8688b7d4271e108ebc9d4bd3b318cb6f351a67c9ea0741ad2da26fbc2aa5cf23f7fd88f59bb12ac3ff74f3c1c50e7f7b506f6d", 0xe0}], 0x7, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @rand_addr=0x64010100, @private=0xa010102}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2c}}], 0x38}, 0x4040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1a, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x0, 0x3, 0x5, 0xa, 0xc, 0x9}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', r3, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x81, 0xf34b}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000002c0)=[r1, r0, r1, r1], &(0x7f0000000300)=[{0x3, 0x2, 0x2, 0x2}, {0x2, 0x5, 0x2}, {0x4, 0x3, 0xd}, {0x5, 0x1, 0x10, 0xc}, {0x4, 0x2, 0xc, 0x2}, {0x2, 0x4, 0x5, 0x9}, {0x0, 0x4, 0x3, 0x3}], 0x10, 0x40}, 0x90) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:29 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x1e, 0xa, 0x1, &(0x7f0000000040)) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x1e, 0xa, 0x1, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x1e, 0xa, 0x1, &(0x7f0000000040)) (async) [ 325.973261][T19820] FAULT_INJECTION: forcing a failure. [ 325.973261][T19820] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 325.997382][T19820] CPU: 1 PID: 19820 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 326.007543][T19820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 326.017439][T19820] Call Trace: [ 326.020561][T19820] [ 326.023338][T19820] dump_stack_lvl+0x151/0x1b7 [ 326.027850][T19820] ? io_uring_drop_tctx_refs+0x190/0x190 [ 326.033319][T19820] dump_stack+0x15/0x17 [ 326.037400][T19820] should_fail+0x3c6/0x510 [ 326.041655][T19820] should_fail_alloc_page+0x5a/0x80 [ 326.046685][T19820] prepare_alloc_pages+0x15c/0x700 [ 326.051721][T19820] ? __alloc_pages_bulk+0xe40/0xe40 [ 326.056755][T19820] __alloc_pages+0x18c/0x8f0 [ 326.061178][T19820] ? prep_new_page+0x110/0x110 [ 326.065777][T19820] ? __alloc_pages+0x27e/0x8f0 [ 326.070378][T19820] ? __kasan_check_write+0x14/0x20 [ 326.075327][T19820] ? _raw_spin_lock+0xa4/0x1b0 [ 326.079928][T19820] pte_alloc_one+0x73/0x1b0 [ 326.084264][T19820] ? pfn_modify_allowed+0x2f0/0x2f0 [ 326.089300][T19820] ? __pmd_alloc+0x48d/0x550 [ 326.093727][T19820] __pte_alloc+0x86/0x350 [ 326.097892][T19820] ? __pud_alloc+0x260/0x260 [ 326.102320][T19820] ? __pud_alloc+0x213/0x260 [ 326.106750][T19820] ? free_pgtables+0x280/0x280 [ 326.111344][T19820] ? do_handle_mm_fault+0x2330/0x2330 [ 326.116551][T19820] ? __stack_depot_save+0x34/0x470 [ 326.121497][T19820] ? anon_vma_clone+0x9a/0x500 [ 326.126101][T19820] copy_page_range+0x28a8/0x2f90 [ 326.130872][T19820] ? __kasan_slab_alloc+0xb1/0xe0 [ 326.135735][T19820] ? slab_post_alloc_hook+0x53/0x2c0 [ 326.140853][T19820] ? kernel_clone+0x21e/0x9e0 [ 326.145368][T19820] ? do_syscall_64+0x3d/0xb0 [ 326.149795][T19820] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 326.155703][T19820] ? pfn_valid+0x1e0/0x1e0 [ 326.159948][T19820] ? rwsem_write_trylock+0x15b/0x290 [ 326.165504][T19820] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 326.171758][T19820] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 326.177309][T19820] ? __rb_insert_augmented+0x5de/0x610 [ 326.182605][T19820] copy_mm+0xc7e/0x13e0 [ 326.186596][T19820] ? copy_signal+0x610/0x610 [ 326.191028][T19820] ? __init_rwsem+0xd6/0x1c0 [ 326.195446][T19820] ? copy_signal+0x4e3/0x610 [ 326.199871][T19820] copy_process+0x1149/0x3290 [ 326.204386][T19820] ? proc_fail_nth_write+0x20b/0x290 [ 326.209506][T19820] ? fsnotify_perm+0x6a/0x5d0 [ 326.214019][T19820] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 326.218969][T19820] ? vfs_write+0x9ec/0x1110 [ 326.223308][T19820] kernel_clone+0x21e/0x9e0 [ 326.227643][T19820] ? file_end_write+0x1c0/0x1c0 [ 326.232330][T19820] ? create_io_thread+0x1e0/0x1e0 [ 326.237192][T19820] ? mutex_unlock+0xb2/0x260 [ 326.241615][T19820] ? __mutex_lock_slowpath+0x10/0x10 [ 326.246738][T19820] __x64_sys_clone+0x23f/0x290 [ 326.251350][T19820] ? __do_sys_vfork+0x130/0x130 [ 326.256069][T19820] ? ksys_write+0x260/0x2c0 [ 326.260363][T19820] ? debug_smp_processor_id+0x17/0x20 [ 326.265997][T19820] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 326.271913][T19820] ? exit_to_user_mode_prepare+0x39/0xa0 [ 326.277365][T19820] do_syscall_64+0x3d/0xb0 [ 326.281628][T19820] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 326.287348][T19820] RIP: 0033:0x7f8118545da9 [ 326.291804][T19820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 326.311221][T19820] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 22:26:29 executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x0, 0x40}, 0x48) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) r4 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) (async) r5 = getpid() (async) r6 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000200)={0x5, 0x80, 0xc0, 0x1f, 0x3f, 0x7, 0x0, 0x3, 0xc1052, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x2, 0x7fffffffffffffff}, 0x400, 0x8, 0x2, 0x6, 0x6, 0xe23, 0x8, 0x0, 0xfffffffb, 0x0, 0x1}) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) (async) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18330000186900000700000000000000ce9f3d5700000000000000"], &(0x7f0000000900)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002b00)=""/4096, 0x41100, 0x0, '\x00', r8, 0x0, r10, 0x8, &(0x7f0000000880)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000008c0)={0x1, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[r9, 0xffffffffffffffff, 0xffffffffffffffff, r10, r9, r9, 0xffffffffffffffff, r10], &(0x7f0000000a40)=[{0x4, 0x1, 0x3, 0xc}, {0x0, 0x5, 0x8}, {0x5, 0x2, 0x0, 0x6}], 0x10, 0x798e}, 0x90) (async) sendmsg$inet(r10, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000002880)="52fd288bb02312f731bdf1a1f7d9d5f348ae32cc", 0x14}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba", 0x75}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000000000000001000000ffffffff000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="ac1414130000000000000000110000000000000000000000010000000700000000000000340000000000000000000000070000000144045b618307bc7f00000144143383ac1414bb00000001e00000020000000101000000000000001100000000000000000000000100000007000000000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="e0000001ac14141610000000"], 0xc0}, 0x40000) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r11}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x53}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4010, r6}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x1c, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1ff}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, @exit, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}}, @ldst={0x2, 0x1, 0x6, 0x9, 0xa, 0xfffffffffffffff0, 0x8}, @jmp={0x5, 0x1, 0xc, 0x5, 0x6, 0x6, 0xfffffffffffffffc}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @exit, @btf_id={0x18, 0xd}]}, &(0x7f0000000140)='GPL\x00', 0x7, 0xdf, &(0x7f0000000740)=""/223, 0x0, 0x8, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000580)=[r11, r3, r12, r7, r3], &(0x7f0000000840)=[{0x1, 0x4, 0xc, 0x4}, {0x3, 0x3, 0x9, 0x9}, {0x3, 0x2, 0xa, 0x3}, {0x2, 0x5, 0x7, 0x2}, {0x0, 0x4, 0x10}], 0x10, 0x8}, 0x90) (async) write$cgroup_type(r7, &(0x7f0000000000), 0x165243) (async) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xe1, 0x80, 0x0, 0x9, 0x0, 0x1, 0x220, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x20, 0x97}, 0x14102, 0x7, 0x1ff, 0x1, 0xffff, 0x7, 0x7f, 0x0, 0x8001, 0x0, 0x1}, r5, 0x0, r7, 0x1) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x1e, 0xa, 0x1, &(0x7f0000000040)) [ 326.319461][T19820] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 326.327272][T19820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 326.335081][T19820] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 326.342896][T19820] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 326.350806][T19820] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 326.358633][T19820] 22:26:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={0x1, 0x58, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async, rerun: 32) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001740)={&(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f00000016c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000c40)="5cf382b0a362024c1b1bbc0ca0edab4dc2506d982891ef57eb3d76591ecca8dda5f877623efa4be31c5dbd4925563c57b4c66f2da86f9a13f4c5b18141457d78ebc05fef736efe33280847c4eda84f72502aa57ae1b2d2245e8747cbc194e6b97130f659e567dc60bed8f683edc1d0b0e789a6f24a2d8625dbded8fb3e230feafdc5b8478823861d9dd905d1e2c7e9d23f94bc95c3af0244276e2bc5d2fc3e25653f1ea36c4cb8d0e4a482ae4abd9c963777e2bfb1fe24600b19c784eaaadd1687380c2a1076cafd18bc3b2e53c5b662adae3cb2fc145e244d3c741186", 0xdd}, {&(0x7f00000014c0)="da71bd51fb209e85b300a16814df35088d59a9423291698d6955f68871d9d2efd7112beadd78a24441c3e72a170d8157990e1272f9372743bed7f3cc750a1044b567639a0d818e9ff38dd80eef16cc9b07e732c4b7f992b6711692339b32ba71b46f2896af94f13a75d29bd08811d0f361a8593e48087888c70741af76bdcc5b27614fd1687aa9694e4038dce00c55e7f0c4d67e58aba8eac4e43f89c636fea4e72233010a644868f232ddee506bcfc2bd1b411426ebafdcb91b3de22f92e946c05a22c4288897be", 0xc8}, {&(0x7f0000000440)="aebd107f617db07d16f6bdd52f3539ca3a2c4e1c32a5c12fc7976fa91860d2669bebf531cce6a9579cd243adb20206ccfbfe10d505aae783dc370b043ac12e48475fd1dd0490755559686a", 0x4b}, {&(0x7f0000000e40)="fcbae8303db724e262ff6aa45b398732e5882f50164b3ef4a53fdaee42231a608e4200e6e3ba00f770c019763512a360fba87e54d5dd7afe345a10635c0d36f8bf23c92436060bde2382762950", 0x4d}, {&(0x7f0000001780)="286b91ef27ae20c526bb0fb89ad45ec1ad56760cb3ef2de7e359fda14b5493a38414e19d220b8eac94f9776257d194a6c49957a888eafbdf67261478a38fc548822e65df038eb26a574fdc71a5773c2ea3b31e33cde3bb831c0bb482251fd7e400e02b8a7f04397065d50376faadf545f4280c42a3c9f091740a637dd21e93082bbdb7fbfcfe03bc4cb37af51d9585f639cda5bffae02f919ef1e0bf59614b8c07d8aec3e7e2149a667c478c39502ba9ecf41a449ef64243af18c1a6203a3339d0aa05a6ccd4ee9cc421b169c9bb44a1f96972da2d2dd27601cf4f51b93f3cd69cbd95c69c4667af3423bd2dd5", 0xed}, {&(0x7f00000015c0)="d40d2e6e1a9db8ecbc86553001e2c1369a2837a9593e94648866b40892de431ee4b1dc6bc1168631f11198875bde1622a8d76d848e0a883bf9565234c98f126a975089ecad67c0f6102f07f9f1f7c5217ed2886e7523f1e3112bde0e0a5a01dbdbb6c9979975432293edff7062dfed0fc9743b3004c14563dc5b53bdfaade6df25b057e957db2b9bc0373d7d1f63fb367dd00819988bb9b467f2620f26bde27847b584eef9a1e625ef4ebddf3d8688b7d4271e108ebc9d4bd3b318cb6f351a67c9ea0741ad2da26fbc2aa5cf23f7fd88f59bb12ac3ff74f3c1c50e7f7b506f6d", 0xe0}], 0x7, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @rand_addr=0x64010100, @private=0xa010102}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2c}}], 0x38}, 0x4040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1a, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x0, 0x3, 0x5, 0xa, 0xc, 0x9}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', r3, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x81, 0xf34b}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000002c0)=[r1, r0, r1, r1], &(0x7f0000000300)=[{0x3, 0x2, 0x2, 0x2}, {0x2, 0x5, 0x2}, {0x4, 0x3, 0xd}, {0x5, 0x1, 0x10, 0xc}, {0x4, 0x2, 0xc, 0x2}, {0x2, 0x4, 0x5, 0x9}, {0x0, 0x4, 0x3, 0x3}], 0x10, 0x40}, 0x90) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:29 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0x3ff, 0x7ff, 0x7, 0xa, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f}, 0x80) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r4, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440), &(0x7f0000001480), 0x0, 0x8, &(0x7f0000001600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000001680), &(0x7f00000016c0), 0x8, 0x74, 0x8, 0x8, &(0x7f0000001700)}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xf, 0x8, &(0x7f00000018c0)=ANY=[@ANYBLOB="18000000ff7f0080000000000600000018640000050000000000010001010000006400000200000000000000f1d30000b5511800080000009500000000000000afea54386328c5a432a2a269f95c3507866d3c648ffc9aa6c172223823bd89ba70e3df77a12480cffc8c6ac838862725b870000000000000cd384b64fe4a2123020563d1f7843f28294ffb0e068b9123ee499316272d07ab9bd5fbcd2eff5b5851f5f2f9d3ddd55be30073557ca42d789f6e05ad9d6efb414375d0fa14c305e8f9fa4f2a5012f3d0367b125bdbf9d15887425be0763126cf24e1165dcff1da0f9007d8ad9f71a5536b2db796ca6d65c9844be4dcc75b84a895aa967a8cfcbcfc9b3f220920b77ed8708118b4316a7acd0574e76f0ed257642b83edbe803fbc3d17d431719af0e23c5d90a1151e1243528b8e10c1d2182e61d9b6108fb4c03702289c8abb4b697be737299485ccd22b041af53803f790369fb70bf02e6dde08a3f7ae4c61f86a40d93fc4529b8732a099eaf628f18630372daea157f960128e245473efb709c4c8b5bde399a317f2567412274adfd3730d8eb6decadc000000000000000000000000000000000048bed70bb237e34c289f6926a6ebc894c6a73b97f0b4f99c271862f2c57d5a533ddbf7f3a267c2702eb3ea62bfbc8479192e5ad7369c8657f5cb30def9a31dba7f01226b6aa2103581adb08cbc9fcc88f3a52f351f588b546fa0a33bac5f7342d9405dfa10cff78ee62b7e52d282de9556be32b98fdaf3f0ff09a1982aa313d2444d99b35b9723f9f20727fbe1d339291f0e8463b8922b6824e7d921439d31ef6d8727fdc21e1d2ba001b6fb0b8fc6acf11f9fb122340574d21417fea1b862b6dd301b0e967ae9df5c6f1f24b238e444cae072e235e4f101d74b8b17a930f979c11c47faea469373170a39b26ddcc47735981e08"], &(0x7f0000000900)='GPL\x00', 0x9, 0xee, &(0x7f0000000f00)=""/238, 0x0, 0x8, '\x00', r6, 0x2b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000e40)={0x1, 0x7, 0xd, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001040)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x90) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000001880)=ANY=[@ANYRESDEC=r5], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r9}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x1, &(0x7f0000000980)=ANY=[@ANYBLOB="85209c11c2c000009f897bfc16674d084ddbe2e5dbdd330ebf6059d6a214c62d8c86e13ae4efdaf5bdaaca5566b2c16db58dcda46191819c23e3e31cc3a86f0bd008dba57225715858ac65911ea8a5cac5597a23472afa243c4013a34d7a274d5008165b47d3e7d8563bc81d5eb7610d5208f0861e046ad447c4215303c98a"], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0x0, 0x0, 0x40f00, 0x8, '\x00', r6, 0x20, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x67f7, 0x8}, 0x63, 0xffffffffffffffff, r9}, 0x90) openat$cgroup_ro(r8, &(0x7f0000000500)='blkio.bfq.io_serviced\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000014c0)={0x6, 0xe, &(0x7f0000001280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffd}, @generic={0x80, 0x3, 0x5, 0x7, 0x5}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x0, 0x8, 0x4, 0x9, 0x18, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, r8}}]}, &(0x7f00000008c0)='GPL\x00', 0x1, 0x1f, &(0x7f0000000e80)=""/31, 0x40f00, 0x73, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001000)={0x1, 0xb, 0x8, 0x7}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x1, 0x3, 0xc, 0x8}, {0x4, 0x2, 0x1}, {0x4, 0x3, 0xb, 0x6}, {0x5, 0x2, 0xd, 0x5}, {0x0, 0x4, 0x8, 0x7}], 0x10, 0x7fff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x0, 0x0, &(0x7f0000000580)='GPL\x00', 0x401, 0xda, &(0x7f00000005c0)=""/218, 0x40f00, 0x0, '\x00', r6, 0x2e, r8, 0x8, &(0x7f00000006c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000780)={0x4, 0x4, 0x22, 0xffff}, 0x10, r7, r3, 0x0, &(0x7f00000007c0)=[r8]}, 0x90) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x18}, 0x18) r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48) r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={0x1, 0xffffffffffffffff}, 0x4) r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_freezer_state(r14, &(0x7f0000000540), 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20) r16 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f00000002c0)=""/235, 0xeb}, {&(0x7f0000000000)=""/42, 0x2a}, {&(0x7f00000003c0)=""/254, 0xfe}, {&(0x7f0000001900)=""/154, 0x9a}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000000180)=""/114, 0xfffffffffffffff0}, {&(0x7f0000000580)=""/70, 0x46}, {&(0x7f0000000600)=""/206, 0xce}, {&(0x7f0000000700)=""/134, 0x86}, {&(0x7f0000001800)=""/206, 0xce}], 0xa, &(0x7f00000004c0)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}, 0x101) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001cc0)={0x6, 0xa, &(0x7f0000001b00)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x3f}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r20}}, @alu={0x4, 0x0, 0xd, 0x9, 0x2, 0x30, 0x1}], &(0x7f0000001a00)='syzkaller\x00', 0x0, 0x8a, &(0x7f0000001b80)=""/138, 0x40f00, 0x7d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001c40)={0x4, 0x3, 0x7, 0xfffffff7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001c80)=[r18, r17, r17, r19, r16], 0x0, 0x10, 0x9}, 0x90) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1c, 0x19, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@ldst={0x0, 0x3, 0x2, 0x3, 0x1, 0xfffffffffffffff0}, @tail_call, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xe5, &(0x7f0000000580)=""/229, 0x41100, 0x4, '\x00', r1, 0x35, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x4, 0x9, 0x9, 0x20}, 0x10, r7, r10, 0x5, &(0x7f0000000940)=[r11, r12, r13, r14, r15, r17, 0x1, r21], &(0x7f0000000980)=[{0x1, 0x1, 0x10, 0x1}, {0x0, 0x1, 0xa}, {0x2, 0x4, 0xc, 0xb}, {0x1, 0x4, 0x1, 0xa}, {0x3, 0x1, 0x7, 0x4}], 0x10, 0x5}, 0x90) r22 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r22}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0x3ff, 0x7ff, 0x7, 0xa, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f}, 0x80) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r4, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440), &(0x7f0000001480), 0x0, 0x8, &(0x7f0000001600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000001680), &(0x7f00000016c0), 0x8, 0x74, 0x8, 0x8, &(0x7f0000001700)}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xf, 0x8, &(0x7f00000018c0)=ANY=[@ANYBLOB="18000000ff7f0080000000000600000018640000050000000000010001010000006400000200000000000000f1d30000b5511800080000009500000000000000afea54386328c5a432a2a269f95c3507866d3c648ffc9aa6c172223823bd89ba70e3df77a12480cffc8c6ac838862725b870000000000000cd384b64fe4a2123020563d1f7843f28294ffb0e068b9123ee499316272d07ab9bd5fbcd2eff5b5851f5f2f9d3ddd55be30073557ca42d789f6e05ad9d6efb414375d0fa14c305e8f9fa4f2a5012f3d0367b125bdbf9d15887425be0763126cf24e1165dcff1da0f9007d8ad9f71a5536b2db796ca6d65c9844be4dcc75b84a895aa967a8cfcbcfc9b3f220920b77ed8708118b4316a7acd0574e76f0ed257642b83edbe803fbc3d17d431719af0e23c5d90a1151e1243528b8e10c1d2182e61d9b6108fb4c03702289c8abb4b697be737299485ccd22b041af53803f790369fb70bf02e6dde08a3f7ae4c61f86a40d93fc4529b8732a099eaf628f18630372daea157f960128e245473efb709c4c8b5bde399a317f2567412274adfd3730d8eb6decadc000000000000000000000000000000000048bed70bb237e34c289f6926a6ebc894c6a73b97f0b4f99c271862f2c57d5a533ddbf7f3a267c2702eb3ea62bfbc8479192e5ad7369c8657f5cb30def9a31dba7f01226b6aa2103581adb08cbc9fcc88f3a52f351f588b546fa0a33bac5f7342d9405dfa10cff78ee62b7e52d282de9556be32b98fdaf3f0ff09a1982aa313d2444d99b35b9723f9f20727fbe1d339291f0e8463b8922b6824e7d921439d31ef6d8727fdc21e1d2ba001b6fb0b8fc6acf11f9fb122340574d21417fea1b862b6dd301b0e967ae9df5c6f1f24b238e444cae072e235e4f101d74b8b17a930f979c11c47faea469373170a39b26ddcc47735981e08"], &(0x7f0000000900)='GPL\x00', 0x9, 0xee, &(0x7f0000000f00)=""/238, 0x0, 0x8, '\x00', r6, 0x2b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000e40)={0x1, 0x7, 0xd, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001040)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x90) (async) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000001880)=ANY=[@ANYRESDEC=r5], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r9}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x1, &(0x7f0000000980)=ANY=[@ANYBLOB="85209c11c2c000009f897bfc16674d084ddbe2e5dbdd330ebf6059d6a214c62d8c86e13ae4efdaf5bdaaca5566b2c16db58dcda46191819c23e3e31cc3a86f0bd008dba57225715858ac65911ea8a5cac5597a23472afa243c4013a34d7a274d5008165b47d3e7d8563bc81d5eb7610d5208f0861e046ad447c4215303c98a"], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0x0, 0x0, 0x40f00, 0x8, '\x00', r6, 0x20, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x67f7, 0x8}, 0x63, 0xffffffffffffffff, r9}, 0x90) (async) openat$cgroup_ro(r8, &(0x7f0000000500)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000014c0)={0x6, 0xe, &(0x7f0000001280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffd}, @generic={0x80, 0x3, 0x5, 0x7, 0x5}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x0, 0x8, 0x4, 0x9, 0x18, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, r8}}]}, &(0x7f00000008c0)='GPL\x00', 0x1, 0x1f, &(0x7f0000000e80)=""/31, 0x40f00, 0x73, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001000)={0x1, 0xb, 0x8, 0x7}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x1, 0x3, 0xc, 0x8}, {0x4, 0x2, 0x1}, {0x4, 0x3, 0xb, 0x6}, {0x5, 0x2, 0xd, 0x5}, {0x0, 0x4, 0x8, 0x7}], 0x10, 0x7fff}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x0, 0x0, &(0x7f0000000580)='GPL\x00', 0x401, 0xda, &(0x7f00000005c0)=""/218, 0x40f00, 0x0, '\x00', r6, 0x2e, r8, 0x8, &(0x7f00000006c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000780)={0x4, 0x4, 0x22, 0xffff}, 0x10, r7, r3, 0x0, &(0x7f00000007c0)=[r8]}, 0x90) (async) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x18}, 0x18) (async) r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48) (async) r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={0x1, 0xffffffffffffffff}, 0x4) r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_freezer_state(r14, &(0x7f0000000540), 0x2, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20) (async) r16 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f00000002c0)=""/235, 0xeb}, {&(0x7f0000000000)=""/42, 0x2a}, {&(0x7f00000003c0)=""/254, 0xfe}, {&(0x7f0000001900)=""/154, 0x9a}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000000180)=""/114, 0xfffffffffffffff0}, {&(0x7f0000000580)=""/70, 0x46}, {&(0x7f0000000600)=""/206, 0xce}, {&(0x7f0000000700)=""/134, 0x86}, {&(0x7f0000001800)=""/206, 0xce}], 0xa, &(0x7f00000004c0)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}, 0x101) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001cc0)={0x6, 0xa, &(0x7f0000001b00)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x3f}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r20}}, @alu={0x4, 0x0, 0xd, 0x9, 0x2, 0x30, 0x1}], &(0x7f0000001a00)='syzkaller\x00', 0x0, 0x8a, &(0x7f0000001b80)=""/138, 0x40f00, 0x7d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001c40)={0x4, 0x3, 0x7, 0xfffffff7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001c80)=[r18, r17, r17, r19, r16], 0x0, 0x10, 0x9}, 0x90) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1c, 0x19, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@ldst={0x0, 0x3, 0x2, 0x3, 0x1, 0xfffffffffffffff0}, @tail_call, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xe5, &(0x7f0000000580)=""/229, 0x41100, 0x4, '\x00', r1, 0x35, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x4, 0x9, 0x9, 0x20}, 0x10, r7, r10, 0x5, &(0x7f0000000940)=[r11, r12, r13, r14, r15, r17, 0x1, r21], &(0x7f0000000980)=[{0x1, 0x1, 0x10, 0x1}, {0x0, 0x1, 0xa}, {0x2, 0x4, 0xc, 0xb}, {0x1, 0x4, 0x1, 0xa}, {0x3, 0x1, 0x7, 0x4}], 0x10, 0x5}, 0x90) (async) r22 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r22}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) (async) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x0, 0x40}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) r4 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r5 = getpid() perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r6 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000200)={0x5, 0x80, 0xc0, 0x1f, 0x3f, 0x7, 0x0, 0x3, 0xc1052, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x2, 0x7fffffffffffffff}, 0x400, 0x8, 0x2, 0x6, 0x6, 0xe23, 0x8, 0x0, 0xfffffffb, 0x0, 0x1}) (async) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000200)={0x5, 0x80, 0xc0, 0x1f, 0x3f, 0x7, 0x0, 0x3, 0xc1052, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x2, 0x7fffffffffffffff}, 0x400, 0x8, 0x2, 0x6, 0x6, 0xe23, 0x8, 0x0, 0xfffffffb, 0x0, 0x1}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18330000186900000700000000000000ce9f3d5700000000000000"], &(0x7f0000000900)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002b00)=""/4096, 0x41100, 0x0, '\x00', r8, 0x0, r10, 0x8, &(0x7f0000000880)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000008c0)={0x1, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[r9, 0xffffffffffffffff, 0xffffffffffffffff, r10, r9, r9, 0xffffffffffffffff, r10], &(0x7f0000000a40)=[{0x4, 0x1, 0x3, 0xc}, {0x0, 0x5, 0x8}, {0x5, 0x2, 0x0, 0x6}], 0x10, 0x798e}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18330000186900000700000000000000ce9f3d5700000000000000"], &(0x7f0000000900)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002b00)=""/4096, 0x41100, 0x0, '\x00', r8, 0x0, r10, 0x8, &(0x7f0000000880)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000008c0)={0x1, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[r9, 0xffffffffffffffff, 0xffffffffffffffff, r10, r9, r9, 0xffffffffffffffff, r10], &(0x7f0000000a40)=[{0x4, 0x1, 0x3, 0xc}, {0x0, 0x5, 0x8}, {0x5, 0x2, 0x0, 0x6}], 0x10, 0x798e}, 0x90) sendmsg$inet(r10, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000002880)="52fd288bb02312f731bdf1a1f7d9d5f348ae32cc", 0x14}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba", 0x75}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000000000000001000000ffffffff000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="ac1414130000000000000000110000000000000000000000010000000700000000000000340000000000000000000000070000000144045b618307bc7f00000144143383ac1414bb00000001e00000020000000101000000000000001100000000000000000000000100000007000000000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="e0000001ac14141610000000"], 0xc0}, 0x40000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r11}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x53}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4010, r6}, 0x18) (async) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4010, r6}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x1c, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1ff}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, @exit, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}}, @ldst={0x2, 0x1, 0x6, 0x9, 0xa, 0xfffffffffffffff0, 0x8}, @jmp={0x5, 0x1, 0xc, 0x5, 0x6, 0x6, 0xfffffffffffffffc}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @exit, @btf_id={0x18, 0xd}]}, &(0x7f0000000140)='GPL\x00', 0x7, 0xdf, &(0x7f0000000740)=""/223, 0x0, 0x8, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000580)=[r11, r3, r12, r7, r3], &(0x7f0000000840)=[{0x1, 0x4, 0xc, 0x4}, {0x3, 0x3, 0x9, 0x9}, {0x3, 0x2, 0xa, 0x3}, {0x2, 0x5, 0x7, 0x2}, {0x0, 0x4, 0x10}], 0x10, 0x8}, 0x90) write$cgroup_type(r7, &(0x7f0000000000), 0x165243) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xe1, 0x80, 0x0, 0x9, 0x0, 0x1, 0x220, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x20, 0x97}, 0x14102, 0x7, 0x1ff, 0x1, 0xffff, 0x7, 0x7f, 0x0, 0x8001, 0x0, 0x1}, r5, 0x0, r7, 0x1) 22:26:29 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0x3ff, 0x7ff, 0x7, 0xa, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1f}, 0x80) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r4, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440), &(0x7f0000001480), 0x0, 0x8, &(0x7f0000001600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000001680), &(0x7f00000016c0), 0x8, 0x74, 0x8, 0x8, &(0x7f0000001700)}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xf, 0x8, &(0x7f00000018c0)=ANY=[@ANYBLOB="18000000ff7f0080000000000600000018640000050000000000010001010000006400000200000000000000f1d30000b5511800080000009500000000000000afea54386328c5a432a2a269f95c3507866d3c648ffc9aa6c172223823bd89ba70e3df77a12480cffc8c6ac838862725b870000000000000cd384b64fe4a2123020563d1f7843f28294ffb0e068b9123ee499316272d07ab9bd5fbcd2eff5b5851f5f2f9d3ddd55be30073557ca42d789f6e05ad9d6efb414375d0fa14c305e8f9fa4f2a5012f3d0367b125bdbf9d15887425be0763126cf24e1165dcff1da0f9007d8ad9f71a5536b2db796ca6d65c9844be4dcc75b84a895aa967a8cfcbcfc9b3f220920b77ed8708118b4316a7acd0574e76f0ed257642b83edbe803fbc3d17d431719af0e23c5d90a1151e1243528b8e10c1d2182e61d9b6108fb4c03702289c8abb4b697be737299485ccd22b041af53803f790369fb70bf02e6dde08a3f7ae4c61f86a40d93fc4529b8732a099eaf628f18630372daea157f960128e245473efb709c4c8b5bde399a317f2567412274adfd3730d8eb6decadc000000000000000000000000000000000048bed70bb237e34c289f6926a6ebc894c6a73b97f0b4f99c271862f2c57d5a533ddbf7f3a267c2702eb3ea62bfbc8479192e5ad7369c8657f5cb30def9a31dba7f01226b6aa2103581adb08cbc9fcc88f3a52f351f588b546fa0a33bac5f7342d9405dfa10cff78ee62b7e52d282de9556be32b98fdaf3f0ff09a1982aa313d2444d99b35b9723f9f20727fbe1d339291f0e8463b8922b6824e7d921439d31ef6d8727fdc21e1d2ba001b6fb0b8fc6acf11f9fb122340574d21417fea1b862b6dd301b0e967ae9df5c6f1f24b238e444cae072e235e4f101d74b8b17a930f979c11c47faea469373170a39b26ddcc47735981e08"], &(0x7f0000000900)='GPL\x00', 0x9, 0xee, &(0x7f0000000f00)=""/238, 0x0, 0x8, '\x00', r6, 0x2b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000e40)={0x1, 0x7, 0xd, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001040)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x90) (async) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000001880)=ANY=[@ANYRESDEC=r5], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r9}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x1, &(0x7f0000000980)=ANY=[@ANYBLOB="85209c11c2c000009f897bfc16674d084ddbe2e5dbdd330ebf6059d6a214c62d8c86e13ae4efdaf5bdaaca5566b2c16db58dcda46191819c23e3e31cc3a86f0bd008dba57225715858ac65911ea8a5cac5597a23472afa243c4013a34d7a274d5008165b47d3e7d8563bc81d5eb7610d5208f0861e046ad447c4215303c98a"], &(0x7f0000000200)='syzkaller\x00', 0xb0dd, 0x0, 0x0, 0x40f00, 0x8, '\x00', r6, 0x20, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x67f7, 0x8}, 0x63, 0xffffffffffffffff, r9}, 0x90) openat$cgroup_ro(r8, &(0x7f0000000500)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000014c0)={0x6, 0xe, &(0x7f0000001280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffd}, @generic={0x80, 0x3, 0x5, 0x7, 0x5}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x0, 0x8, 0x4, 0x9, 0x18, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, r8}}]}, &(0x7f00000008c0)='GPL\x00', 0x1, 0x1f, &(0x7f0000000e80)=""/31, 0x40f00, 0x73, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001000)={0x1, 0xb, 0x8, 0x7}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x1, 0x3, 0xc, 0x8}, {0x4, 0x2, 0x1}, {0x4, 0x3, 0xb, 0x6}, {0x5, 0x2, 0xd, 0x5}, {0x0, 0x4, 0x8, 0x7}], 0x10, 0x7fff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x15, 0x0, 0x0, &(0x7f0000000580)='GPL\x00', 0x401, 0xda, &(0x7f00000005c0)=""/218, 0x40f00, 0x0, '\x00', r6, 0x2e, r8, 0x8, &(0x7f00000006c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000780)={0x4, 0x4, 0x22, 0xffff}, 0x10, r7, r3, 0x0, &(0x7f00000007c0)=[r8]}, 0x90) (async) r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x18}, 0x18) r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48) (async) r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3}, 0x48) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={0x1, 0xffffffffffffffff}, 0x4) (async) r14 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_freezer_state(r14, &(0x7f0000000540), 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20) (async) r16 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f00000002c0)=""/235, 0xeb}, {&(0x7f0000000000)=""/42, 0x2a}, {&(0x7f00000003c0)=""/254, 0xfe}, {&(0x7f0000001900)=""/154, 0x9a}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000000180)=""/114, 0xfffffffffffffff0}, {&(0x7f0000000580)=""/70, 0x46}, {&(0x7f0000000600)=""/206, 0xce}, {&(0x7f0000000700)=""/134, 0x86}, {&(0x7f0000001800)=""/206, 0xce}], 0xa, &(0x7f00000004c0)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}, 0x101) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001cc0)={0x6, 0xa, &(0x7f0000001b00)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x3f}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r20}}, @alu={0x4, 0x0, 0xd, 0x9, 0x2, 0x30, 0x1}], &(0x7f0000001a00)='syzkaller\x00', 0x0, 0x8a, &(0x7f0000001b80)=""/138, 0x40f00, 0x7d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001c40)={0x4, 0x3, 0x7, 0xfffffff7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001c80)=[r18, r17, r17, r19, r16], 0x0, 0x10, 0x9}, 0x90) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1c, 0x19, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@ldst={0x0, 0x3, 0x2, 0x3, 0x1, 0xfffffffffffffff0}, @tail_call, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xe5, &(0x7f0000000580)=""/229, 0x41100, 0x4, '\x00', r1, 0x35, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x4, 0x9, 0x9, 0x20}, 0x10, r7, r10, 0x5, &(0x7f0000000940)=[r11, r12, r13, r14, r15, r17, 0x1, r21], &(0x7f0000000980)=[{0x1, 0x1, 0x10, 0x1}, {0x0, 0x1, 0xa}, {0x2, 0x4, 0xc, 0xb}, {0x1, 0x4, 0x1, 0xa}, {0x3, 0x1, 0x7, 0x4}], 0x10, 0x5}, 0x90) (async) r22 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r22}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1, &(0x7f0000000440)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x18000000, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x23) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000001c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x0, 0x6d, &(0x7f00000003c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000400), &(0x7f00000005c0), 0x8, 0x48, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd4, 0xd4, 0x6, [@int={0xd, 0x0, 0x0, 0x1, 0x0, 0x31, 0x0, 0x50}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0xc, 0x1}, {0xc, 0x1}]}, @func_proto={0x0, 0x8, 0x0, 0xd, 0x0, [{0x9}, {0x10}, {0x10, 0x4}, {0xe, 0x1}, {0x7, 0x2}, {0x4, 0x2}, {0xf, 0x5}, {0x6, 0x4}]}, @enum={0x2, 0x7, 0x0, 0x6, 0x4, [{0xf, 0x43}, {0xa, 0x800}, {0x1, 0x7}, {0x0, 0xf2a}, {0x8}, {0x3, 0x9}, {0x0, 0x800}]}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x0, 0x5f, 0x2e, 0x30]}}, &(0x7f0000000880)=""/87, 0xf2, 0x57, 0x1, 0x6}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000ac0)={0xffffffffffffffff, 0x20, &(0x7f0000000a80)={&(0x7f0000000980)=""/12, 0xc, 0x0, &(0x7f00000009c0)=""/178, 0xb2}}, 0x10) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000b00)={0xffffffffffffffff, 0x3, 0x10}, 0xc) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) openat$cgroup_ro(r8, &(0x7f0000000400)='cpuset.effective_mems\x00', 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000c00), 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESHEX=r8, @ANYRES32], 0x150}, 0x40002042) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000d80)=0xffffffffffffffff, 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000dc0)={r9}, 0x8) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x2, 0x200, 0x101, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r10, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x15, &(0x7f0000000780)={{r11}, &(0x7f00000002c0), &(0x7f0000000740)}, 0x20) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b80)=@generic={&(0x7f0000000b40)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1c, 0x22, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000009000000000000002704000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000060000001830000001000000000000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018200000", @ANYRES32=r2, @ANYBLOB="00000000e4000000001100000000bf916d5cddff0000b70200000100000085000000857c2000b7000000003733000000000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x35, &(0x7f0000000180)=""/53, 0x41000, 0x60, '\x00', r3, 0x19, r4, 0x8, &(0x7f0000000940)={0x9, 0x3}, 0x8, 0x10, 0x0, 0x0, r5, r0, 0x9, &(0x7f0000000bc0)=[0x1, 0x1, r6, r7, r8, r11, r12], &(0x7f0000000c00)=[{0x3, 0x3, 0xf, 0x9}, {0x5, 0x4, 0x0, 0xe87d722a92d9c4a3}, {0x3, 0x5, 0x2, 0x1}, {0x1, 0x5, 0xc}, {0x5, 0x2, 0x6, 0xb}, {0x2, 0x3, 0xe, 0xc}, {0x1, 0x5, 0x0, 0xa}, {0x1, 0x1, 0x9, 0x1}, {0x5, 0x2, 0x7, 0x2}], 0x10, 0x9}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x6, 0x1, 0x9, &(0x7f0000000040)) 22:26:29 executing program 0: syz_clone(0x44040100, 0x0, 0xfbffffff, 0x0, 0x0, 0x0) 22:26:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={0x1, 0x58, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async, rerun: 32) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001740)={&(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f00000016c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000c40)="5cf382b0a362024c1b1bbc0ca0edab4dc2506d982891ef57eb3d76591ecca8dda5f877623efa4be31c5dbd4925563c57b4c66f2da86f9a13f4c5b18141457d78ebc05fef736efe33280847c4eda84f72502aa57ae1b2d2245e8747cbc194e6b97130f659e567dc60bed8f683edc1d0b0e789a6f24a2d8625dbded8fb3e230feafdc5b8478823861d9dd905d1e2c7e9d23f94bc95c3af0244276e2bc5d2fc3e25653f1ea36c4cb8d0e4a482ae4abd9c963777e2bfb1fe24600b19c784eaaadd1687380c2a1076cafd18bc3b2e53c5b662adae3cb2fc145e244d3c741186", 0xdd}, {&(0x7f00000014c0)="da71bd51fb209e85b300a16814df35088d59a9423291698d6955f68871d9d2efd7112beadd78a24441c3e72a170d8157990e1272f9372743bed7f3cc750a1044b567639a0d818e9ff38dd80eef16cc9b07e732c4b7f992b6711692339b32ba71b46f2896af94f13a75d29bd08811d0f361a8593e48087888c70741af76bdcc5b27614fd1687aa9694e4038dce00c55e7f0c4d67e58aba8eac4e43f89c636fea4e72233010a644868f232ddee506bcfc2bd1b411426ebafdcb91b3de22f92e946c05a22c4288897be", 0xc8}, {&(0x7f0000000440)="aebd107f617db07d16f6bdd52f3539ca3a2c4e1c32a5c12fc7976fa91860d2669bebf531cce6a9579cd243adb20206ccfbfe10d505aae783dc370b043ac12e48475fd1dd0490755559686a", 0x4b}, {&(0x7f0000000e40)="fcbae8303db724e262ff6aa45b398732e5882f50164b3ef4a53fdaee42231a608e4200e6e3ba00f770c019763512a360fba87e54d5dd7afe345a10635c0d36f8bf23c92436060bde2382762950", 0x4d}, {&(0x7f0000001780)="286b91ef27ae20c526bb0fb89ad45ec1ad56760cb3ef2de7e359fda14b5493a38414e19d220b8eac94f9776257d194a6c49957a888eafbdf67261478a38fc548822e65df038eb26a574fdc71a5773c2ea3b31e33cde3bb831c0bb482251fd7e400e02b8a7f04397065d50376faadf545f4280c42a3c9f091740a637dd21e93082bbdb7fbfcfe03bc4cb37af51d9585f639cda5bffae02f919ef1e0bf59614b8c07d8aec3e7e2149a667c478c39502ba9ecf41a449ef64243af18c1a6203a3339d0aa05a6ccd4ee9cc421b169c9bb44a1f96972da2d2dd27601cf4f51b93f3cd69cbd95c69c4667af3423bd2dd5", 0xed}, {&(0x7f00000015c0)="d40d2e6e1a9db8ecbc86553001e2c1369a2837a9593e94648866b40892de431ee4b1dc6bc1168631f11198875bde1622a8d76d848e0a883bf9565234c98f126a975089ecad67c0f6102f07f9f1f7c5217ed2886e7523f1e3112bde0e0a5a01dbdbb6c9979975432293edff7062dfed0fc9743b3004c14563dc5b53bdfaade6df25b057e957db2b9bc0373d7d1f63fb367dd00819988bb9b467f2620f26bde27847b584eef9a1e625ef4ebddf3d8688b7d4271e108ebc9d4bd3b318cb6f351a67c9ea0741ad2da26fbc2aa5cf23f7fd88f59bb12ac3ff74f3c1c50e7f7b506f6d", 0xe0}], 0x7, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @rand_addr=0x64010100, @private=0xa010102}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2c}}], 0x38}, 0x4040) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1a, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x0, 0x3, 0x5, 0xa, 0xc, 0x9}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', r3, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x81, 0xf34b}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000002c0)=[r1, r0, r1, r1], &(0x7f0000000300)=[{0x3, 0x2, 0x2, 0x2}, {0x2, 0x5, 0x2}, {0x4, 0x3, 0xd}, {0x5, 0x1, 0x10, 0xc}, {0x4, 0x2, 0xc, 0x2}, {0x2, 0x4, 0x5, 0x9}, {0x0, 0x4, 0x3, 0x3}], 0x10, 0x40}, 0x90) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1, &(0x7f0000000440)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x18000000, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48) (async) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x23) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000001c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x0, 0x6d, &(0x7f00000003c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000400), &(0x7f00000005c0), 0x8, 0x48, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd4, 0xd4, 0x6, [@int={0xd, 0x0, 0x0, 0x1, 0x0, 0x31, 0x0, 0x50}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0xc, 0x1}, {0xc, 0x1}]}, @func_proto={0x0, 0x8, 0x0, 0xd, 0x0, [{0x9}, {0x10}, {0x10, 0x4}, {0xe, 0x1}, {0x7, 0x2}, {0x4, 0x2}, {0xf, 0x5}, {0x6, 0x4}]}, @enum={0x2, 0x7, 0x0, 0x6, 0x4, [{0xf, 0x43}, {0xa, 0x800}, {0x1, 0x7}, {0x0, 0xf2a}, {0x8}, {0x3, 0x9}, {0x0, 0x800}]}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x0, 0x5f, 0x2e, 0x30]}}, &(0x7f0000000880)=""/87, 0xf2, 0x57, 0x1, 0x6}, 0x20) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000ac0)={0xffffffffffffffff, 0x20, &(0x7f0000000a80)={&(0x7f0000000980)=""/12, 0xc, 0x0, &(0x7f00000009c0)=""/178, 0xb2}}, 0x10) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000b00)={0xffffffffffffffff, 0x3, 0x10}, 0xc) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) openat$cgroup_ro(r8, &(0x7f0000000400)='cpuset.effective_mems\x00', 0x0, 0x0) (async) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000c00), 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESHEX=r8, @ANYRES32], 0x150}, 0x40002042) (async) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000d80)=0xffffffffffffffff, 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000dc0)={r9}, 0x8) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x2, 0x200, 0x101, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r10, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x15, &(0x7f0000000780)={{r11}, &(0x7f00000002c0), &(0x7f0000000740)}, 0x20) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b80)=@generic={&(0x7f0000000b40)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1c, 0x22, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000009000000000000002704000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000060000001830000001000000000000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018200000", @ANYRES32=r2, @ANYBLOB="00000000e4000000001100000000bf916d5cddff0000b70200000100000085000000857c2000b7000000003733000000000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x35, &(0x7f0000000180)=""/53, 0x41000, 0x60, '\x00', r3, 0x19, r4, 0x8, &(0x7f0000000940)={0x9, 0x3}, 0x8, 0x10, 0x0, 0x0, r5, r0, 0x9, &(0x7f0000000bc0)=[0x1, 0x1, r6, r7, r8, r11, r12], &(0x7f0000000c00)=[{0x3, 0x3, 0xf, 0x9}, {0x5, 0x4, 0x0, 0xe87d722a92d9c4a3}, {0x3, 0x5, 0x2, 0x1}, {0x1, 0x5, 0xc}, {0x5, 0x2, 0x6, 0xb}, {0x2, 0x3, 0xe, 0xc}, {0x1, 0x5, 0x0, 0xa}, {0x1, 0x1, 0x9, 0x1}, {0x5, 0x2, 0x7, 0x2}], 0x10, 0x9}, 0x90) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x6, 0x1, 0x9, &(0x7f0000000040)) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1, &(0x7f0000000440)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x18000000, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48) (async) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xa, 0xa}, @printk={@x={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x23) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000001c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x0, 0x6d, &(0x7f00000003c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000400), &(0x7f00000005c0), 0x8, 0x48, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) (async) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd4, 0xd4, 0x6, [@int={0xd, 0x0, 0x0, 0x1, 0x0, 0x31, 0x0, 0x50}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0xc, 0x1}, {0xc, 0x1}]}, @func_proto={0x0, 0x8, 0x0, 0xd, 0x0, [{0x9}, {0x10}, {0x10, 0x4}, {0xe, 0x1}, {0x7, 0x2}, {0x4, 0x2}, {0xf, 0x5}, {0x6, 0x4}]}, @enum={0x2, 0x7, 0x0, 0x6, 0x4, [{0xf, 0x43}, {0xa, 0x800}, {0x1, 0x7}, {0x0, 0xf2a}, {0x8}, {0x3, 0x9}, {0x0, 0x800}]}, @restrict={0xc, 0x0, 0x0, 0xb, 0x2}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x0, 0x5f, 0x2e, 0x30]}}, &(0x7f0000000880)=""/87, 0xf2, 0x57, 0x1, 0x6}, 0x20) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000ac0)={0xffffffffffffffff, 0x20, &(0x7f0000000a80)={&(0x7f0000000980)=""/12, 0xc, 0x0, &(0x7f00000009c0)=""/178, 0xb2}}, 0x10) (async) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000b00)={0xffffffffffffffff, 0x3, 0x10}, 0xc) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) openat$cgroup_ro(r8, &(0x7f0000000400)='cpuset.effective_mems\x00', 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000c00), 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESHEX=r8, @ANYRES32], 0x150}, 0x40002042) (async) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000d80)=0xffffffffffffffff, 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000dc0)={r9}, 0x8) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x2, 0x200, 0x101, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r10, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x15, &(0x7f0000000780)={{r11}, &(0x7f00000002c0), &(0x7f0000000740)}, 0x20) (async) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b80)=@generic={&(0x7f0000000b40)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1c, 0x22, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000009000000000000002704000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000060000001830000001000000000000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018200000", @ANYRES32=r2, @ANYBLOB="00000000e4000000001100000000bf916d5cddff0000b70200000100000085000000857c2000b7000000003733000000000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x35, &(0x7f0000000180)=""/53, 0x41000, 0x60, '\x00', r3, 0x19, r4, 0x8, &(0x7f0000000940)={0x9, 0x3}, 0x8, 0x10, 0x0, 0x0, r5, r0, 0x9, &(0x7f0000000bc0)=[0x1, 0x1, r6, r7, r8, r11, r12], &(0x7f0000000c00)=[{0x3, 0x3, 0xf, 0x9}, {0x5, 0x4, 0x0, 0xe87d722a92d9c4a3}, {0x3, 0x5, 0x2, 0x1}, {0x1, 0x5, 0xc}, {0x5, 0x2, 0x6, 0xb}, {0x2, 0x3, 0xe, 0xc}, {0x1, 0x5, 0x0, 0xa}, {0x1, 0x1, 0x9, 0x1}, {0x5, 0x2, 0x7, 0x2}], 0x10, 0x9}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x6, 0x1, 0x9, &(0x7f0000000040)) 22:26:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1, 0x2088}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1a04a07d9eb5662f956edd8c00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:29 executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x0, 0x40}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) r4 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x4}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r5 = getpid() r6 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000200)={0x5, 0x80, 0xc0, 0x1f, 0x3f, 0x7, 0x0, 0x3, 0xc1052, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x2, 0x7fffffffffffffff}, 0x400, 0x8, 0x2, 0x6, 0x6, 0xe23, 0x8, 0x0, 0xfffffffb, 0x0, 0x1}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x6, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x10}, 0xc) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18330000186900000700000000000000ce9f3d5700000000000000"], &(0x7f0000000900)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002b00)=""/4096, 0x41100, 0x0, '\x00', r8, 0x0, r10, 0x8, &(0x7f0000000880)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000008c0)={0x1, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[r9, 0xffffffffffffffff, 0xffffffffffffffff, r10, r9, r9, 0xffffffffffffffff, r10], &(0x7f0000000a40)=[{0x4, 0x1, 0x3, 0xc}, {0x0, 0x5, 0x8}, {0x5, 0x2, 0x0, 0x6}], 0x10, 0x798e}, 0x90) sendmsg$inet(r10, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000002880)="52fd288bb02312f731bdf1a1f7d9d5f348ae32cc", 0x14}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba", 0x75}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000000000000001000000ffffffff000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="ac1414130000000000000000110000000000000000000000010000000700000000000000340000000000000000000000070000000144045b618307bc7f00000144143383ac1414bb00000001e00000020000000101000000000000001100000000000000000000000100000007000000000000001c000000000000000000000008000000", @ANYRES32=r8, @ANYBLOB="e0000001ac14141610000000"], 0xc0}, 0x40000) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r11}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x53}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4010, r6}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x1c, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1ff}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, @exit, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffa}}, @ldst={0x2, 0x1, 0x6, 0x9, 0xa, 0xfffffffffffffff0, 0x8}, @jmp={0x5, 0x1, 0xc, 0x5, 0x6, 0x6, 0xfffffffffffffffc}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @exit, @btf_id={0x18, 0xd}]}, &(0x7f0000000140)='GPL\x00', 0x7, 0xdf, &(0x7f0000000740)=""/223, 0x0, 0x8, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000580)=[r11, r3, r12, r7, r3], &(0x7f0000000840)=[{0x1, 0x4, 0xc, 0x4}, {0x3, 0x3, 0x9, 0x9}, {0x3, 0x2, 0xa, 0x3}, {0x2, 0x5, 0x7, 0x2}, {0x0, 0x4, 0x10}], 0x10, 0x8}, 0x90) write$cgroup_type(r7, &(0x7f0000000000), 0x165243) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xe1, 0x80, 0x0, 0x9, 0x0, 0x1, 0x220, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x20, 0x97}, 0x14102, 0x7, 0x1ff, 0x1, 0xffff, 0x7, 0x7f, 0x0, 0x8001, 0x0, 0x1}, r5, 0x0, r7, 0x1) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x4}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)=r0}, 0x20) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={0x1, 0x58, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={r2, 0x20, &(0x7f0000000c40)={&(0x7f0000000a80)=""/246, 0xf6, 0x0, &(0x7f0000000b80)=""/183, 0xb7}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x6, 0x6, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xc7}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}]}, &(0x7f0000000740)='syzkaller\x00', 0x3, 0x2e, &(0x7f0000000780)=""/46, 0x40f00, 0x55, '\x00', r7, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x1, 0xd, 0x800, 0x57f5}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r5], 0x0, 0x10, 0xfff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x1, 0x4, 0xa, 0x3, 0xfffffffffffffffc, 0x8}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xa6, 0x2, 0xd, 0xfff, 0x6}]}, &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xe8, &(0x7f0000000480)=""/232, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3, r4, r5, r6, r10], &(0x7f0000000600)=[{0x1, 0x5, 0xe, 0x1}], 0x10, 0xffffff15}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1, 0x2088}, 0x48) (async, rerun: 64) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1a04a07d9eb5662f956edd8c00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) (async) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x4}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)=r0}, 0x20) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={0x1, 0x58, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={r2, 0x20, &(0x7f0000000c40)={&(0x7f0000000a80)=""/246, 0xf6, 0x0, &(0x7f0000000b80)=""/183, 0xb7}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x6, 0x6, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xc7}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}]}, &(0x7f0000000740)='syzkaller\x00', 0x3, 0x2e, &(0x7f0000000780)=""/46, 0x40f00, 0x55, '\x00', r7, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x1, 0xd, 0x800, 0x57f5}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r5], 0x0, 0x10, 0xfff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x1, 0x4, 0xa, 0x3, 0xfffffffffffffffc, 0x8}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xa6, 0x2, 0xd, 0xfff, 0x6}]}, &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xe8, &(0x7f0000000480)=""/232, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3, r4, r5, r6, r10], &(0x7f0000000600)=[{0x1, 0x5, 0xe, 0x1}], 0x10, 0xffffff15}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:30 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 22:26:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x4}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)=r0}, 0x20) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={0x1, 0x58, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={r2, 0x20, &(0x7f0000000c40)={&(0x7f0000000a80)=""/246, 0xf6, 0x0, &(0x7f0000000b80)=""/183, 0xb7}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x6, 0x6, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xc7}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}]}, &(0x7f0000000740)='syzkaller\x00', 0x3, 0x2e, &(0x7f0000000780)=""/46, 0x40f00, 0x55, '\x00', r7, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x1, 0xd, 0x800, 0x57f5}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r5], 0x0, 0x10, 0xfff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x1, 0x4, 0xa, 0x3, 0xfffffffffffffffc, 0x8}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xa6, 0x2, 0xd, 0xfff, 0x6}]}, &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xe8, &(0x7f0000000480)=""/232, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3, r4, r5, r6, r10], &(0x7f0000000600)=[{0x1, 0x5, 0xe, 0x1}], 0x10, 0xffffff15}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x4}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1}, &(0x7f00000003c0), &(0x7f0000000400)=r0}, 0x20) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={0x1, 0x58, &(0x7f0000000900)}, 0x10) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={r2, 0x20, &(0x7f0000000c40)={&(0x7f0000000a80)=""/246, 0xf6, 0x0, &(0x7f0000000b80)=""/183, 0xb7}}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x6, 0x6, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xc7}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}]}, &(0x7f0000000740)='syzkaller\x00', 0x3, 0x2e, &(0x7f0000000780)=""/46, 0x40f00, 0x55, '\x00', r7, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x1, 0xd, 0x800, 0x57f5}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r5], 0x0, 0x10, 0xfff}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x1, 0x4, 0xa, 0x3, 0xfffffffffffffffc, 0x8}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xa6, 0x2, 0xd, 0xfff, 0x6}]}, &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xe8, &(0x7f0000000480)=""/232, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3, r4, r5, r6, r10], &(0x7f0000000600)=[{0x1, 0x5, 0xe, 0x1}], 0x10, 0xffffff15}, 0x90) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) [ 326.751046][T19894] FAULT_INJECTION: forcing a failure. [ 326.751046][T19894] name failslab, interval 1, probability 0, space 0, times 0 [ 326.783970][T19894] CPU: 0 PID: 19894 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 326.794132][T19894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 326.804023][T19894] Call Trace: [ 326.807144][T19894] [ 326.809922][T19894] dump_stack_lvl+0x151/0x1b7 [ 326.814432][T19894] ? io_uring_drop_tctx_refs+0x190/0x190 [ 326.819904][T19894] dump_stack+0x15/0x17 [ 326.823894][T19894] should_fail+0x3c6/0x510 [ 326.828149][T19894] __should_failslab+0xa4/0xe0 [ 326.832746][T19894] ? anon_vma_fork+0xf7/0x4e0 [ 326.837260][T19894] should_failslab+0x9/0x20 [ 326.841600][T19894] slab_pre_alloc_hook+0x37/0xd0 [ 326.846373][T19894] ? anon_vma_fork+0xf7/0x4e0 [ 326.850886][T19894] kmem_cache_alloc+0x44/0x200 [ 326.855488][T19894] anon_vma_fork+0xf7/0x4e0 [ 326.859824][T19894] ? anon_vma_name+0x4c/0x70 [ 326.864250][T19894] ? vm_area_dup+0x17a/0x230 [ 326.868679][T19894] copy_mm+0xa3a/0x13e0 [ 326.872674][T19894] ? copy_signal+0x610/0x610 [ 326.877100][T19894] ? __init_rwsem+0xd6/0x1c0 [ 326.881525][T19894] ? copy_signal+0x4e3/0x610 [ 326.885950][T19894] copy_process+0x1149/0x3290 [ 326.890466][T19894] ? proc_fail_nth_write+0x20b/0x290 [ 326.895587][T19894] ? fsnotify_perm+0x6a/0x5d0 [ 326.900097][T19894] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 326.905046][T19894] ? vfs_write+0x9ec/0x1110 [ 326.909386][T19894] kernel_clone+0x21e/0x9e0 [ 326.913810][T19894] ? file_end_write+0x1c0/0x1c0 [ 326.918497][T19894] ? create_io_thread+0x1e0/0x1e0 [ 326.923360][T19894] ? mutex_unlock+0xb2/0x260 [ 326.927784][T19894] ? __mutex_lock_slowpath+0x10/0x10 [ 326.932905][T19894] __x64_sys_clone+0x23f/0x290 [ 326.937506][T19894] ? __do_sys_vfork+0x130/0x130 [ 326.942221][T19894] ? ksys_write+0x260/0x2c0 [ 326.946541][T19894] ? debug_smp_processor_id+0x17/0x20 [ 326.951739][T19894] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 326.957688][T19894] ? exit_to_user_mode_prepare+0x39/0xa0 [ 326.963115][T19894] do_syscall_64+0x3d/0xb0 [ 326.967375][T19894] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 326.973088][T19894] RIP: 0033:0x7f8118545da9 [ 326.977341][T19894] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 326.996784][T19894] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 327.005027][T19894] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 327.012839][T19894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 327.020652][T19894] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 327.028464][T19894] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 327.036271][T19894] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 327.044089][T19894] 22:26:30 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 22:26:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x8000, 0xb8, &(0x7f0000000380)=""/184, 0x41100, 0x10, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x3, 0x3, 0x8}, 0x10, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) 22:26:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x8000, 0xb8, &(0x7f0000000380)=""/184, 0x41100, 0x10, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x3, 0x3, 0x8}, 0x10, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x8000, 0xb8, &(0x7f0000000380)=""/184, 0x41100, 0x10, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x3, 0x3, 0x8}, 0x10, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) (async) 22:26:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1, 0x2088}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1a04a07d9eb5662f956edd8c00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 327.197281][T19920] FAULT_INJECTION: forcing a failure. [ 327.197281][T19920] name failslab, interval 1, probability 0, space 0, times 0 [ 327.241485][T19920] CPU: 0 PID: 19920 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 327.251666][T19920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 327.261544][T19920] Call Trace: [ 327.264664][T19920] [ 327.267441][T19920] dump_stack_lvl+0x151/0x1b7 [ 327.271959][T19920] ? io_uring_drop_tctx_refs+0x190/0x190 [ 327.277425][T19920] dump_stack+0x15/0x17 [ 327.281415][T19920] should_fail+0x3c6/0x510 [ 327.285671][T19920] __should_failslab+0xa4/0xe0 [ 327.290275][T19920] ? anon_vma_fork+0xf7/0x4e0 [ 327.294780][T19920] should_failslab+0x9/0x20 [ 327.299120][T19920] slab_pre_alloc_hook+0x37/0xd0 [ 327.303895][T19920] ? anon_vma_fork+0xf7/0x4e0 [ 327.308410][T19920] kmem_cache_alloc+0x44/0x200 [ 327.313007][T19920] anon_vma_fork+0xf7/0x4e0 [ 327.317352][T19920] ? anon_vma_name+0x4c/0x70 [ 327.321786][T19920] ? vm_area_dup+0x17a/0x230 [ 327.326213][T19920] copy_mm+0xa3a/0x13e0 [ 327.330199][T19920] ? copy_signal+0x610/0x610 [ 327.334623][T19920] ? __init_rwsem+0xd6/0x1c0 [ 327.339042][T19920] ? copy_signal+0x4e3/0x610 [ 327.343487][T19920] copy_process+0x1149/0x3290 [ 327.347986][T19920] ? proc_fail_nth_write+0x20b/0x290 [ 327.353117][T19920] ? fsnotify_perm+0x6a/0x5d0 [ 327.357616][T19920] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 327.362562][T19920] ? vfs_write+0x9ec/0x1110 [ 327.366904][T19920] kernel_clone+0x21e/0x9e0 [ 327.371242][T19920] ? file_end_write+0x1c0/0x1c0 [ 327.375928][T19920] ? create_io_thread+0x1e0/0x1e0 [ 327.380786][T19920] ? mutex_unlock+0xb2/0x260 [ 327.385213][T19920] ? __mutex_lock_slowpath+0x10/0x10 [ 327.390337][T19920] __x64_sys_clone+0x23f/0x290 [ 327.394938][T19920] ? __do_sys_vfork+0x130/0x130 [ 327.399622][T19920] ? ksys_write+0x260/0x2c0 [ 327.403961][T19920] ? debug_smp_processor_id+0x17/0x20 [ 327.409170][T19920] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 327.415069][T19920] ? exit_to_user_mode_prepare+0x39/0xa0 [ 327.420540][T19920] do_syscall_64+0x3d/0xb0 [ 327.424791][T19920] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 327.430519][T19920] RIP: 0033:0x7f8118545da9 [ 327.434773][T19920] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 327.454305][T19920] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 327.462546][T19920] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 327.470357][T19920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 327.478167][T19920] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:30 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 22:26:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x4}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0x1, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)=r0}, 0x20) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={0x1, 0x58, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={r2, 0x20, &(0x7f0000000c40)={&(0x7f0000000a80)=""/246, 0xf6, 0x0, &(0x7f0000000b80)=""/183, 0xb7}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x6, 0x6, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xc7}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}]}, &(0x7f0000000740)='syzkaller\x00', 0x3, 0x2e, &(0x7f0000000780)=""/46, 0x40f00, 0x55, '\x00', r7, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x1, 0xd, 0x800, 0x57f5}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[r5], 0x0, 0x10, 0xfff}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, [@alu={0x7, 0x1, 0x4, 0xa, 0x3, 0xfffffffffffffffc, 0x8}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xa6, 0x2, 0xd, 0xfff, 0x6}]}, &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xe8, &(0x7f0000000480)=""/232, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3, r4, r5, r6, r10], &(0x7f0000000600)=[{0x1, 0x5, 0xe, 0x1}], 0x10, 0xffffff15}, 0x90) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 327.485980][T19920] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 327.493792][T19920] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 327.501606][T19920] 22:26:30 executing program 0: syz_clone(0x44040100, 0x0, 0xff0f0100, 0x0, 0x0, 0x0) [ 327.563427][T19933] FAULT_INJECTION: forcing a failure. [ 327.563427][T19933] name failslab, interval 1, probability 0, space 0, times 0 [ 327.586686][T19933] CPU: 1 PID: 19933 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 327.597000][T19933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 327.606889][T19933] Call Trace: [ 327.610012][T19933] [ 327.612792][T19933] dump_stack_lvl+0x151/0x1b7 [ 327.617301][T19933] ? io_uring_drop_tctx_refs+0x190/0x190 [ 327.622767][T19933] dump_stack+0x15/0x17 [ 327.626761][T19933] should_fail+0x3c6/0x510 [ 327.631013][T19933] __should_failslab+0xa4/0xe0 [ 327.635624][T19933] ? anon_vma_fork+0x1df/0x4e0 [ 327.640214][T19933] should_failslab+0x9/0x20 [ 327.644556][T19933] slab_pre_alloc_hook+0x37/0xd0 [ 327.649328][T19933] ? anon_vma_fork+0x1df/0x4e0 [ 327.653927][T19933] kmem_cache_alloc+0x44/0x200 [ 327.658529][T19933] anon_vma_fork+0x1df/0x4e0 [ 327.662954][T19933] copy_mm+0xa3a/0x13e0 [ 327.666949][T19933] ? copy_signal+0x610/0x610 [ 327.671370][T19933] ? __init_rwsem+0xd6/0x1c0 [ 327.675796][T19933] ? copy_signal+0x4e3/0x610 [ 327.680225][T19933] copy_process+0x1149/0x3290 [ 327.684739][T19933] ? proc_fail_nth_write+0x20b/0x290 [ 327.689856][T19933] ? fsnotify_perm+0x6a/0x5d0 [ 327.694374][T19933] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 327.699318][T19933] ? vfs_write+0x9ec/0x1110 [ 327.703659][T19933] kernel_clone+0x21e/0x9e0 [ 327.707996][T19933] ? file_end_write+0x1c0/0x1c0 [ 327.712683][T19933] ? create_io_thread+0x1e0/0x1e0 [ 327.717544][T19933] ? mutex_unlock+0xb2/0x260 [ 327.722053][T19933] ? __mutex_lock_slowpath+0x10/0x10 [ 327.727185][T19933] __x64_sys_clone+0x23f/0x290 [ 327.731783][T19933] ? __do_sys_vfork+0x130/0x130 [ 327.736478][T19933] ? ksys_write+0x260/0x2c0 [ 327.740812][T19933] ? debug_smp_processor_id+0x17/0x20 [ 327.746025][T19933] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 327.751926][T19933] ? exit_to_user_mode_prepare+0x39/0xa0 [ 327.757426][T19933] do_syscall_64+0x3d/0xb0 [ 327.761642][T19933] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 327.767554][T19933] RIP: 0033:0x7f8118545da9 [ 327.771814][T19933] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 327.791246][T19933] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 327.799490][T19933] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:31 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) perf_event_open$cgroup(0x0, r0, 0xffffffffffffffff, r0, 0x6) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) [ 327.807304][T19933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 327.815111][T19933] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 327.822936][T19933] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 327.830738][T19933] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 327.838551][T19933] 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async, rerun: 32) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (rerun: 32) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x8000, 0xb8, &(0x7f0000000380)=""/184, 0x41100, 0x10, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x3, 0x3, 0x8}, 0x10, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000000003683f61c75c4df039d5f37994a46f0c63cae2f461c03d5b6bffd3f2acb41a2dd9e95ebf60433ea7fa79de5d761b1ea10c7e13938709d0458d0b5a3844ab06340012948c8e0ba5c3eb46fa046e93dd3aa84835c99999ec8c42c6680a5d1586e10e6ef75c01d4257df864515414d48e3468f38b555095f9493eed64500d3c378b6f33b11b21a8f1f49593902"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:31 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xc0001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='\x00') bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={@cgroup, r0}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000540)={0x0, 0x80, 0x8, 0x2, 0xff, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000500), 0xe}, 0x1, 0x5, 0x1, 0x0, 0x8, 0xc84, 0x7, 0x0, 0x24c6, 0x0, 0x93}, 0x0, 0xc, r1, 0x9) perf_event_open$cgroup(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x81252, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) sendmsg$inet(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="408815198e11c2c0159fa0a4e84d48a24e6fb46895508a0f4b196461209adc8469936832fb39536540103dcd5a0d5b39dd36f3c7ff2f42b0e4738ac548c9ef38cd08c948f07919b3605ca636731eb5a72498d8b57c72a5c8f5c6e44326aff057d12edbc221175f95a87b1d2d7b5347aaf2765dfc7f374f192190a52ef5a8e1334e2ccfeea420e8e0d659c854ccf24a63e8135b5f5bc33b054a949354ef215d6b889884cef1d4815d65b6117dd5cde26551b3bb42ef286005111347f32bc3fb1ea1", 0xc1}, {&(0x7f0000000240)="dedb5a317d91b3b2478c8744727980527220c3c2da7a4a8a09ed5e5967d9f46552b4778e81e668ddbb7b5474d0c65bccf1184be5ee805ef88dba19f035a6e0", 0x3f}], 0x2, &(0x7f0000000480)=[@ip_retopts={{0x44, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0x97, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @broadcast, @broadcast, @remote]}, @rr={0x7, 0x13, 0x5b, [@multicast2, @loopback, @multicast1, @private=0xa010102]}, @generic={0x88, 0x9, "e14fe6848338d8"}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0x60}, 0x4) 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000000003683f61c75c4df039d5f37994a46f0c63cae2f461c03d5b6bffd3f2acb41a2dd9e95ebf60433ea7fa79de5d761b1ea10c7e13938709d0458d0b5a3844ab06340012948c8e0ba5c3eb46fa046e93dd3aa84835c99999ec8c42c6680a5d1586e10e6ef75c01d4257df864515414d48e3468f38b555095f9493eed64500d3c378b6f33b11b21a8f1f49593902"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000000003683f61c75c4df039d5f37994a46f0c63cae2f461c03d5b6bffd3f2acb41a2dd9e95ebf60433ea7fa79de5d761b1ea10c7e13938709d0458d0b5a3844ab06340012948c8e0ba5c3eb46fa046e93dd3aa84835c99999ec8c42c6680a5d1586e10e6ef75c01d4257df864515414d48e3468f38b555095f9493eed64500d3c378b6f33b11b21a8f1f49593902"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) 22:26:31 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) perf_event_open$cgroup(0x0, r0, 0xffffffffffffffff, r0, 0x6) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:31 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 22:26:31 executing program 1: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=@raw=[@ldst={0x1, 0x2, 0x2, 0xf3c3c0a628647f95, 0x1}, @generic={0x3f, 0x3, 0x3, 0x3, 0x2ed}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x5}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @alu={0x64328688dbd1342b, 0x0, 0x0, 0xa, 0x7, 0xfffffffffffffff0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0xfffffffffffffde7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='xprtrdma_err_vers\x00', r3}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x2b, 0x3e57abf62315427, 0x401, &(0x7f0000000040)) 22:26:31 executing program 1: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=@raw=[@ldst={0x1, 0x2, 0x2, 0xf3c3c0a628647f95, 0x1}, @generic={0x3f, 0x3, 0x3, 0x3, 0x2ed}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x5}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @alu={0x64328688dbd1342b, 0x0, 0x0, 0xa, 0x7, 0xfffffffffffffff0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0xfffffffffffffde7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='xprtrdma_err_vers\x00', r3}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x2b, 0x3e57abf62315427, 0x401, &(0x7f0000000040)) 22:26:31 executing program 1: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000480)=@raw=[@ldst={0x1, 0x2, 0x2, 0xf3c3c0a628647f95, 0x1}, @generic={0x3f, 0x3, 0x3, 0x3, 0x2ed}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x5}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @alu={0x64328688dbd1342b, 0x0, 0x0, 0xa, 0x7, 0xfffffffffffffff0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0xfffffffffffffde7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='xprtrdma_err_vers\x00', r3}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x2b, 0x3e57abf62315427, 0x401, &(0x7f0000000040)) 22:26:31 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) perf_event_open$cgroup(0x0, r0, 0xffffffffffffffff, r0, 0x6) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0xff, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000006c0)=r0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000980)=[0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0], 0x0, 0xb0, &(0x7f0000000a00)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a40), &(0x7f0000000a80), 0x8, 0x43, 0x8, 0x8, &(0x7f0000000ac0)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x19, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8bd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xa}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @generic={0x0, 0x8, 0x1, 0x749, 0x7}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000840)='syzkaller\x00', 0x6168618a, 0x91, &(0x7f0000000880)=""/145, 0x41000, 0x4, '\x00', r4, 0x0, r1, 0x8, &(0x7f0000000c40)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000c80)={0x5, 0x10, 0x2, 0x60}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000cc0)=[{0x4, 0x5, 0x0, 0x7}, {0x2, 0x2, 0x9, 0xc}, {0x4, 0x3, 0x1, 0x7}, {0x1, 0x3, 0xb, 0xa}, {0x1, 0x3, 0xd, 0x8}], 0x10, 0x3}, 0x90) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000001c0)='./file0\x00', 0x0, 0x4038, r0}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x1bcf, 0x8, 0x8, 0x0, r5, 0x100, '\x00', r6, r1, 0x1, 0x4}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf86, 0x0, 0x0, 0x0, 0x7}, [@exit, @btf_id={0x18, 0x8594a0bb06a416a5, 0x3, 0x0, 0x5}, @ldst={0x2, 0x0, 0x4, 0xa, 0x1, 0xc, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x10, 0x80, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r5], 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f00000003c0)) 22:26:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x5, &(0x7f0000000200)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000240)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000000280)=""/195, 0x40f00, 0x2f, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000380)={0x7, 0xfffffffd}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x8, 0x3, 0x1}, 0x10, 0x0, r1, 0x1, 0x0, &(0x7f0000000400)=[{0x5, 0x5, 0x2, 0x8}], 0x10, 0x9}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) [ 328.190997][T19973] FAULT_INJECTION: forcing a failure. [ 328.190997][T19973] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 328.224309][T19973] CPU: 0 PID: 19973 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 328.234473][T19973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 328.244368][T19973] Call Trace: [ 328.247489][T19973] [ 328.250270][T19973] dump_stack_lvl+0x151/0x1b7 [ 328.254783][T19973] ? io_uring_drop_tctx_refs+0x190/0x190 [ 328.260248][T19973] dump_stack+0x15/0x17 [ 328.264239][T19973] should_fail+0x3c6/0x510 [ 328.268492][T19973] should_fail_alloc_page+0x5a/0x80 [ 328.273522][T19973] prepare_alloc_pages+0x15c/0x700 [ 328.278479][T19973] ? __alloc_pages_bulk+0xe40/0xe40 [ 328.283513][T19973] __alloc_pages+0x18c/0x8f0 22:26:31 executing program 0: syz_clone(0x44040100, 0x0, 0xfffffff5, 0x0, 0x0, 0x0) [ 328.287934][T19973] ? prep_new_page+0x110/0x110 [ 328.292539][T19973] ? __alloc_pages+0x27e/0x8f0 [ 328.297136][T19973] ? __kasan_check_write+0x14/0x20 [ 328.302077][T19973] ? _raw_spin_lock+0xa4/0x1b0 [ 328.306684][T19973] __pmd_alloc+0xb1/0x550 [ 328.310846][T19973] ? __pud_alloc+0x260/0x260 [ 328.315271][T19973] ? __pud_alloc+0x213/0x260 [ 328.319697][T19973] ? do_handle_mm_fault+0x2330/0x2330 [ 328.324904][T19973] ? __stack_depot_save+0x34/0x470 [ 328.329850][T19973] ? anon_vma_clone+0x9a/0x500 [ 328.334454][T19973] copy_page_range+0x2b3d/0x2f90 [ 328.339232][T19973] ? __kasan_slab_alloc+0xb1/0xe0 [ 328.344095][T19973] ? slab_post_alloc_hook+0x53/0x2c0 [ 328.349205][T19973] ? copy_mm+0xa3a/0x13e0 [ 328.353370][T19973] ? copy_process+0x1149/0x3290 [ 328.358060][T19973] ? kernel_clone+0x21e/0x9e0 [ 328.362572][T19973] ? do_syscall_64+0x3d/0xb0 [ 328.366999][T19973] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 328.372910][T19973] ? pfn_valid+0x1e0/0x1e0 [ 328.377153][T19973] ? rwsem_write_trylock+0x15b/0x290 [ 328.382277][T19973] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 328.388524][T19973] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 328.394086][T19973] ? __rb_insert_augmented+0x5de/0x610 [ 328.399377][T19973] copy_mm+0xc7e/0x13e0 [ 328.403398][T19973] ? copy_signal+0x610/0x610 [ 328.407793][T19973] ? __init_rwsem+0xd6/0x1c0 [ 328.412222][T19973] ? copy_signal+0x4e3/0x610 [ 328.416646][T19973] copy_process+0x1149/0x3290 [ 328.421161][T19973] ? proc_fail_nth_write+0x20b/0x290 [ 328.426278][T19973] ? fsnotify_perm+0x6a/0x5d0 [ 328.430791][T19973] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 328.435737][T19973] ? vfs_write+0x9ec/0x1110 22:26:31 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xc0001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x9) (async) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='\x00') (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={@cgroup, r0}, 0x10) (async) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) (async) perf_event_open(&(0x7f0000000540)={0x0, 0x80, 0x8, 0x2, 0xff, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000500), 0xe}, 0x1, 0x5, 0x1, 0x0, 0x8, 0xc84, 0x7, 0x0, 0x24c6, 0x0, 0x93}, 0x0, 0xc, r1, 0x9) perf_event_open$cgroup(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x81252, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0xc) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) sendmsg$inet(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="408815198e11c2c0159fa0a4e84d48a24e6fb46895508a0f4b196461209adc8469936832fb39536540103dcd5a0d5b39dd36f3c7ff2f42b0e4738ac548c9ef38cd08c948f07919b3605ca636731eb5a72498d8b57c72a5c8f5c6e44326aff057d12edbc221175f95a87b1d2d7b5347aaf2765dfc7f374f192190a52ef5a8e1334e2ccfeea420e8e0d659c854ccf24a63e8135b5f5bc33b054a949354ef215d6b889884cef1d4815d65b6117dd5cde26551b3bb42ef286005111347f32bc3fb1ea1", 0xc1}, {&(0x7f0000000240)="dedb5a317d91b3b2478c8744727980527220c3c2da7a4a8a09ed5e5967d9f46552b4778e81e668ddbb7b5474d0c65bccf1184be5ee805ef88dba19f035a6e0", 0x3f}], 0x2, &(0x7f0000000480)=[@ip_retopts={{0x44, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0x97, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @broadcast, @broadcast, @remote]}, @rr={0x7, 0x13, 0x5b, [@multicast2, @loopback, @multicast1, @private=0xa010102]}, @generic={0x88, 0x9, "e14fe6848338d8"}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0x60}, 0x4) [ 328.440085][T19973] kernel_clone+0x21e/0x9e0 [ 328.444415][T19973] ? file_end_write+0x1c0/0x1c0 [ 328.449110][T19973] ? create_io_thread+0x1e0/0x1e0 [ 328.453966][T19973] ? mutex_unlock+0xb2/0x260 [ 328.458390][T19973] ? __mutex_lock_slowpath+0x10/0x10 [ 328.463514][T19973] __x64_sys_clone+0x23f/0x290 [ 328.468116][T19973] ? __do_sys_vfork+0x130/0x130 [ 328.472796][T19973] ? ksys_write+0x260/0x2c0 [ 328.477141][T19973] ? debug_smp_processor_id+0x17/0x20 [ 328.482344][T19973] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 328.488251][T19973] ? exit_to_user_mode_prepare+0x39/0xa0 [ 328.493719][T19973] do_syscall_64+0x3d/0xb0 [ 328.497968][T19973] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 328.503698][T19973] RIP: 0033:0x7f8118545da9 [ 328.507950][T19973] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 328.527394][T19973] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 328.535638][T19973] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 328.543448][T19973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 328.551263][T19973] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 328.559073][T19973] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 328.566880][T19973] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 328.574698][T19973] 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0xff, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x48) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000006c0)=r0}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000980)=[0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0], 0x0, 0xb0, &(0x7f0000000a00)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a40), &(0x7f0000000a80), 0x8, 0x43, 0x8, 0x8, &(0x7f0000000ac0)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x19, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8bd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xa}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @generic={0x0, 0x8, 0x1, 0x749, 0x7}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000840)='syzkaller\x00', 0x6168618a, 0x91, &(0x7f0000000880)=""/145, 0x41000, 0x4, '\x00', r4, 0x0, r1, 0x8, &(0x7f0000000c40)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000c80)={0x5, 0x10, 0x2, 0x60}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000cc0)=[{0x4, 0x5, 0x0, 0x7}, {0x2, 0x2, 0x9, 0xc}, {0x4, 0x3, 0x1, 0x7}, {0x1, 0x3, 0xb, 0xa}, {0x1, 0x3, 0xd, 0x8}], 0x10, 0x3}, 0x90) (async) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000001c0)='./file0\x00', 0x0, 0x4038, r0}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x1bcf, 0x8, 0x8, 0x0, r5, 0x100, '\x00', r6, r1, 0x1, 0x4}, 0x48) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf86, 0x0, 0x0, 0x0, 0x7}, [@exit, @btf_id={0x18, 0x8594a0bb06a416a5, 0x3, 0x0, 0x5}, @ldst={0x2, 0x0, 0x4, 0xa, 0x1, 0xc, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x10, 0x80, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r5], 0x0, 0x10, 0x3}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f00000003c0)) 22:26:31 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) [ 328.582755][ T30] audit: type=1400 audit(1709504791.832:164): avc: denied { write } for pid=19980 comm="syz-executor.3" name="ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 22:26:31 executing program 0: syz_clone(0x44040100, 0x0, 0xfffffffb, 0x0, 0x0, 0x0) 22:26:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0xff, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000006c0)=r0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000980)=[0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0], 0x0, 0xb0, &(0x7f0000000a00)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a40), &(0x7f0000000a80), 0x8, 0x43, 0x8, 0x8, &(0x7f0000000ac0)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x19, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8bd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xa}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @generic={0x0, 0x8, 0x1, 0x749, 0x7}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000840)='syzkaller\x00', 0x6168618a, 0x91, &(0x7f0000000880)=""/145, 0x41000, 0x4, '\x00', r4, 0x0, r1, 0x8, &(0x7f0000000c40)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000c80)={0x5, 0x10, 0x2, 0x60}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000cc0)=[{0x4, 0x5, 0x0, 0x7}, {0x2, 0x2, 0x9, 0xc}, {0x4, 0x3, 0x1, 0x7}, {0x1, 0x3, 0xb, 0xa}, {0x1, 0x3, 0xd, 0x8}], 0x10, 0x3}, 0x90) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000001c0)='./file0\x00', 0x0, 0x4038, r0}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x1bcf, 0x8, 0x8, 0x0, r5, 0x100, '\x00', r6, r1, 0x1, 0x4}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf86, 0x0, 0x0, 0x0, 0x7}, [@exit, @btf_id={0x18, 0x8594a0bb06a416a5, 0x3, 0x0, 0x5}, @ldst={0x2, 0x0, 0x4, 0xa, 0x1, 0xc, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x10, 0x80, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r5], 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair(0x2, 0x1, 0x0, &(0x7f00000003c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0xff, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x48) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1}, &(0x7f0000000400), &(0x7f00000006c0)=r0}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000980)=[0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0], 0x0, 0xb0, &(0x7f0000000a00)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a40), &(0x7f0000000a80), 0x8, 0x43, 0x8, 0x8, &(0x7f0000000ac0)}}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x18, 0x19, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8bd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xa}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @generic={0x0, 0x8, 0x1, 0x749, 0x7}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000840)='syzkaller\x00', 0x6168618a, 0x91, &(0x7f0000000880)=""/145, 0x41000, 0x4, '\x00', r4, 0x0, r1, 0x8, &(0x7f0000000c40)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000c80)={0x5, 0x10, 0x2, 0x60}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000cc0)=[{0x4, 0x5, 0x0, 0x7}, {0x2, 0x2, 0x9, 0xc}, {0x4, 0x3, 0x1, 0x7}, {0x1, 0x3, 0xb, 0xa}, {0x1, 0x3, 0xd, 0x8}], 0x10, 0x3}, 0x90) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000001c0)='./file0\x00', 0x0, 0x4038, r0}, 0x18) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0x58, &(0x7f0000000540)}, 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x1bcf, 0x8, 0x8, 0x0, r5, 0x100, '\x00', r6, r1, 0x1, 0x4}, 0x48) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf86, 0x0, 0x0, 0x0, 0x7}, [@exit, @btf_id={0x18, 0x8594a0bb06a416a5, 0x3, 0x0, 0x5}, @ldst={0x2, 0x0, 0x4, 0xa, 0x1, 0xc, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x10, 0x80, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r5], 0x0, 0x10, 0x3}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) socketpair(0x2, 0x1, 0x0, &(0x7f00000003c0)) (async) 22:26:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', r1}, 0x18) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x5, &(0x7f0000000200)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000240)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000000280)=""/195, 0x40f00, 0x2f, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000380)={0x7, 0xfffffffd}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x8, 0x3, 0x1}, 0x10, 0x0, r1, 0x1, 0x0, &(0x7f0000000400)=[{0x5, 0x5, 0x2, 0x8}], 0x10, 0x9}, 0x90) (async, rerun: 32) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) (rerun: 32) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 64) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async, rerun: 64) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) 22:26:32 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xc0001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='\x00') (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={@cgroup, r0}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000540)={0x0, 0x80, 0x8, 0x2, 0xff, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000500), 0xe}, 0x1, 0x5, 0x1, 0x0, 0x8, 0xc84, 0x7, 0x0, 0x24c6, 0x0, 0x93}, 0x0, 0xc, r1, 0x9) perf_event_open$cgroup(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x81252, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0xc) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) sendmsg$inet(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="408815198e11c2c0159fa0a4e84d48a24e6fb46895508a0f4b196461209adc8469936832fb39536540103dcd5a0d5b39dd36f3c7ff2f42b0e4738ac548c9ef38cd08c948f07919b3605ca636731eb5a72498d8b57c72a5c8f5c6e44326aff057d12edbc221175f95a87b1d2d7b5347aaf2765dfc7f374f192190a52ef5a8e1334e2ccfeea420e8e0d659c854ccf24a63e8135b5f5bc33b054a949354ef215d6b889884cef1d4815d65b6117dd5cde26551b3bb42ef286005111347f32bc3fb1ea1", 0xc1}, {&(0x7f0000000240)="dedb5a317d91b3b2478c8744727980527220c3c2da7a4a8a09ed5e5967d9f46552b4778e81e668ddbb7b5474d0c65bccf1184be5ee805ef88dba19f035a6e0", 0x3f}], 0x2, &(0x7f0000000480)=[@ip_retopts={{0x44, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0x97, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @broadcast, @broadcast, @remote]}, @rr={0x7, 0x13, 0x5b, [@multicast2, @loopback, @multicast1, @private=0xa010102]}, @generic={0x88, 0x9, "e14fe6848338d8"}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0x60}, 0x4) [ 328.731264][T19998] FAULT_INJECTION: forcing a failure. [ 328.731264][T19998] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 328.777017][T19998] CPU: 1 PID: 19998 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 328.787175][T19998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 328.797065][T19998] Call Trace: [ 328.800188][T19998] [ 328.802968][T19998] dump_stack_lvl+0x151/0x1b7 [ 328.807480][T19998] ? io_uring_drop_tctx_refs+0x190/0x190 [ 328.812948][T19998] dump_stack+0x15/0x17 [ 328.816946][T19998] should_fail+0x3c6/0x510 [ 328.821191][T19998] should_fail_alloc_page+0x5a/0x80 [ 328.826229][T19998] prepare_alloc_pages+0x15c/0x700 [ 328.831175][T19998] ? __alloc_pages_bulk+0xe40/0xe40 [ 328.836297][T19998] __alloc_pages+0x18c/0x8f0 [ 328.840731][T19998] ? prep_new_page+0x110/0x110 [ 328.845320][T19998] ? __alloc_pages+0x27e/0x8f0 [ 328.849929][T19998] ? __kasan_check_write+0x14/0x20 [ 328.854866][T19998] ? _raw_spin_lock+0xa4/0x1b0 [ 328.859466][T19998] pte_alloc_one+0x73/0x1b0 [ 328.863806][T19998] ? pfn_modify_allowed+0x2f0/0x2f0 [ 328.868840][T19998] ? __pmd_alloc+0x48d/0x550 [ 328.873266][T19998] __pte_alloc+0x86/0x350 [ 328.877430][T19998] ? __pud_alloc+0x260/0x260 [ 328.881854][T19998] ? __pud_alloc+0x213/0x260 [ 328.886286][T19998] ? free_pgtables+0x280/0x280 [ 328.890881][T19998] ? do_handle_mm_fault+0x2330/0x2330 [ 328.896089][T19998] ? __stack_depot_save+0x34/0x470 [ 328.901038][T19998] ? anon_vma_clone+0x9a/0x500 [ 328.905640][T19998] copy_page_range+0x28a8/0x2f90 [ 328.910412][T19998] ? __kasan_slab_alloc+0xb1/0xe0 [ 328.915272][T19998] ? slab_post_alloc_hook+0x53/0x2c0 [ 328.920394][T19998] ? kernel_clone+0x21e/0x9e0 [ 328.924909][T19998] ? do_syscall_64+0x3d/0xb0 [ 328.929338][T19998] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 328.935241][T19998] ? pfn_valid+0x1e0/0x1e0 [ 328.939661][T19998] ? rwsem_write_trylock+0x15b/0x290 [ 328.944781][T19998] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 328.951031][T19998] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 328.956585][T19998] ? __rb_insert_augmented+0x5de/0x610 [ 328.961884][T19998] copy_mm+0xc7e/0x13e0 [ 328.965877][T19998] ? copy_signal+0x610/0x610 [ 328.970308][T19998] ? __init_rwsem+0xd6/0x1c0 [ 328.974724][T19998] ? copy_signal+0x4e3/0x610 [ 328.979160][T19998] copy_process+0x1149/0x3290 [ 328.983667][T19998] ? proc_fail_nth_write+0x20b/0x290 [ 328.988786][T19998] ? fsnotify_perm+0x6a/0x5d0 [ 328.993297][T19998] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 328.998249][T19998] ? vfs_write+0x9ec/0x1110 [ 329.002590][T19998] kernel_clone+0x21e/0x9e0 [ 329.006923][T19998] ? file_end_write+0x1c0/0x1c0 [ 329.011613][T19998] ? create_io_thread+0x1e0/0x1e0 [ 329.016472][T19998] ? mutex_unlock+0xb2/0x260 [ 329.020897][T19998] ? __mutex_lock_slowpath+0x10/0x10 [ 329.026019][T19998] __x64_sys_clone+0x23f/0x290 [ 329.030619][T19998] ? __do_sys_vfork+0x130/0x130 [ 329.035306][T19998] ? ksys_write+0x260/0x2c0 [ 329.039646][T19998] ? debug_smp_processor_id+0x17/0x20 [ 329.044947][T19998] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 329.050843][T19998] ? exit_to_user_mode_prepare+0x39/0xa0 [ 329.056582][T19998] do_syscall_64+0x3d/0xb0 [ 329.060837][T19998] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 329.066561][T19998] RIP: 0033:0x7f8118545da9 [ 329.070817][T19998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 329.090261][T19998] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 329.098501][T19998] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 329.106316][T19998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 329.114135][T19998] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:32 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0) socketpair(0xf, 0x5, 0x0, &(0x7f0000000000)) 22:26:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', r1}, 0x18) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x5, &(0x7f0000000200)=@raw=[@map_idx={0x18, 0x8, 0x5, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000240)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000000280)=""/195, 0x40f00, 0x2f, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000380)={0x7, 0xfffffffd}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x8, 0x3, 0x1}, 0x10, 0x0, r1, 0x1, 0x0, &(0x7f0000000400)=[{0x5, 0x5, 0x2, 0x8}], 0x10, 0x9}, 0x90) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) 22:26:32 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) [ 329.121934][T19998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 329.129752][T19998] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 329.137562][T19998] 22:26:32 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0) socketpair(0xf, 0x5, 0x0, &(0x7f0000000000)) [ 329.201693][T20027] FAULT_INJECTION: forcing a failure. [ 329.201693][T20027] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 329.220873][T20027] CPU: 0 PID: 20027 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 329.231217][T20027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 329.241097][T20027] Call Trace: [ 329.244213][T20027] [ 329.246991][T20027] dump_stack_lvl+0x151/0x1b7 [ 329.251508][T20027] ? io_uring_drop_tctx_refs+0x190/0x190 [ 329.257077][T20027] dump_stack+0x15/0x17 [ 329.261058][T20027] should_fail+0x3c6/0x510 [ 329.265311][T20027] should_fail_alloc_page+0x5a/0x80 [ 329.270351][T20027] prepare_alloc_pages+0x15c/0x700 [ 329.275296][T20027] ? __alloc_pages_bulk+0xe40/0xe40 [ 329.280329][T20027] __alloc_pages+0x18c/0x8f0 [ 329.284754][T20027] ? prep_new_page+0x110/0x110 [ 329.289529][T20027] ? __alloc_pages+0x27e/0x8f0 [ 329.294128][T20027] ? __kasan_check_write+0x14/0x20 [ 329.299074][T20027] ? _raw_spin_lock+0xa4/0x1b0 [ 329.303673][T20027] pte_alloc_one+0x73/0x1b0 [ 329.308013][T20027] ? pfn_modify_allowed+0x2f0/0x2f0 [ 329.313048][T20027] ? __pmd_alloc+0x48d/0x550 [ 329.317474][T20027] __pte_alloc+0x86/0x350 [ 329.321640][T20027] ? __pud_alloc+0x260/0x260 [ 329.326064][T20027] ? __pud_alloc+0x213/0x260 [ 329.330493][T20027] ? free_pgtables+0x280/0x280 [ 329.335092][T20027] ? do_handle_mm_fault+0x2330/0x2330 [ 329.340302][T20027] ? __stack_depot_save+0x34/0x470 [ 329.345249][T20027] ? anon_vma_clone+0x9a/0x500 [ 329.349847][T20027] copy_page_range+0x28a8/0x2f90 [ 329.354622][T20027] ? __kasan_slab_alloc+0xb1/0xe0 [ 329.359483][T20027] ? slab_post_alloc_hook+0x53/0x2c0 [ 329.364601][T20027] ? kernel_clone+0x21e/0x9e0 [ 329.369113][T20027] ? do_syscall_64+0x3d/0xb0 [ 329.373539][T20027] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 329.379449][T20027] ? pfn_valid+0x1e0/0x1e0 [ 329.383696][T20027] ? rwsem_write_trylock+0x15b/0x290 [ 329.388817][T20027] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 329.395241][T20027] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 329.400797][T20027] ? __rb_insert_augmented+0x5de/0x610 [ 329.406089][T20027] copy_mm+0xc7e/0x13e0 [ 329.410082][T20027] ? copy_signal+0x610/0x610 [ 329.414521][T20027] ? __init_rwsem+0xd6/0x1c0 [ 329.418935][T20027] ? copy_signal+0x4e3/0x610 [ 329.423361][T20027] copy_process+0x1149/0x3290 [ 329.427873][T20027] ? proc_fail_nth_write+0x20b/0x290 [ 329.432995][T20027] ? fsnotify_perm+0x6a/0x5d0 [ 329.437507][T20027] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 329.442454][T20027] ? vfs_write+0x9ec/0x1110 [ 329.446795][T20027] kernel_clone+0x21e/0x9e0 [ 329.451134][T20027] ? file_end_write+0x1c0/0x1c0 [ 329.455819][T20027] ? create_io_thread+0x1e0/0x1e0 [ 329.460681][T20027] ? mutex_unlock+0xb2/0x260 [ 329.465105][T20027] ? __mutex_lock_slowpath+0x10/0x10 [ 329.470228][T20027] __x64_sys_clone+0x23f/0x290 [ 329.474829][T20027] ? __do_sys_vfork+0x130/0x130 [ 329.479511][T20027] ? ksys_write+0x260/0x2c0 [ 329.483854][T20027] ? debug_smp_processor_id+0x17/0x20 [ 329.489061][T20027] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 329.495011][T20027] ? exit_to_user_mode_prepare+0x39/0xa0 [ 329.500433][T20027] do_syscall_64+0x3d/0xb0 [ 329.504683][T20027] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 329.510412][T20027] RIP: 0033:0x7f8118545da9 [ 329.514668][T20027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 329.534107][T20027] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 329.542439][T20027] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:32 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000006c0), 0x5}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40010040) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000240)=0xff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0x101, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4009, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) close(0xffffffffffffffff) r4 = syz_clone(0x8080, &(0x7f0000000cc0), 0x0, 0x0, &(0x7f0000000e00), 0x0) r5 = perf_event_open$cgroup(&(0x7f0000000580)={0x4, 0x80, 0x0, 0xa4, 0x41, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x4}, 0x8440, 0x0, 0x7fffffff, 0x3, 0x1, 0x80000001, 0x6, 0x0, 0x2}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x0, 0x7f, 0x38, 0x20, 0x0, 0x4, 0x440, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x73ed, 0x0, @perf_config_ext={0x2, 0x7}, 0x4000, 0x85ce, 0xffff, 0x5, 0x0, 0x3, 0x7, 0x0, 0x8, 0x0, 0x4}, r4, 0x0, r5, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x14900}, r4, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000001440)={0x4, 0x80, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x9, 0x80, 0x0, 0x0, 0x8, 0x253}, r4, 0xd, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0xe0, 0x3f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3ff, 0x20}, 0x10000, 0x18e, 0x0, 0x6, 0x8000000000000000, 0xb0, 0x5, 0x0, 0x10001, 0x0, 0x9f3}, 0x0, 0x89, r6, 0x0) perf_event_open(&(0x7f0000000740)={0x3, 0x80, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10688, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40, 0x0, 0x6, 0x5, 0x3, 0x0, 0x7, 0x0, 0xfffffff7, 0x0, 0xfff}, r4, 0xd, r6, 0x8) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x9, 0xc6, 0x0, 0x0, 0x3, 0x2ce, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x4000, 0xfffffffffffffffb, 0x9534, 0x1, 0x10001, 0x0, 0x8001, 0x0, 0xfffffff9, 0x0, 0x3}, r4, 0xa, r0, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='rose0\x00') close(r2) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20005, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0xfffffffffffffffc}, 0x2040, 0x7, 0x800, 0x8, 0x687, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r3, 0x3) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000b00)={'wlan1\x00', 0x8000}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x20}) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a2, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4004662b, &(0x7f00000005c0)=0x1) 22:26:32 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0) (async) socketpair(0xf, 0x5, 0x0, &(0x7f0000000000)) 22:26:32 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) [ 329.550432][T20027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 329.558233][T20027] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 329.566217][T20027] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 329.574032][T20027] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 329.581847][T20027] 22:26:32 executing program 1: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f00000000c0)='./file0\x00', 0x0, 0x18}, 0x18) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xfc, 0x81, 0x21, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x6b4}, 0x8080, 0x0, 0xffffff7e, 0x0, 0x2, 0x0, 0x1000, 0x0, 0xfde1, 0x0, 0x800000000000}, 0x0, 0x3, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0406618, &(0x7f0000000040)) recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x2, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}, {0x0, 0x3}]}, @ptr, @volatile={0x1}]}}, 0x0, 0x56}, 0x20) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'macvtap0\x00', 0x1}) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x2, 0x7fffffff, 0x9, 0x3, 0x104, r1, 0x80, '\x00', 0x0, r2, 0x7, 0x4, 0x1}, 0x48) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000004100)={0x0, 0x30, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r3], 0x18}, 0x0) r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x90093, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$cgroup_ro(r1, &(0x7f0000000440)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) ioctl$TUNSETNOCSUM(r6, 0x8923, 0x20000000) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000180)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='GPL\x00') syz_clone(0x670c8680, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000)=0x21) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000002b00)=ANY=[@ANYRES16=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000340)=r8) [ 329.640565][T20037] FAULT_INJECTION: forcing a failure. [ 329.640565][T20037] name failslab, interval 1, probability 0, space 0, times 0 [ 329.653728][T20037] CPU: 1 PID: 20037 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 329.663882][T20037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 329.673773][T20037] Call Trace: [ 329.676898][T20037] [ 329.679677][T20037] dump_stack_lvl+0x151/0x1b7 [ 329.684189][T20037] ? io_uring_drop_tctx_refs+0x190/0x190 [ 329.689655][T20037] dump_stack+0x15/0x17 [ 329.693649][T20037] should_fail+0x3c6/0x510 [ 329.697905][T20037] __should_failslab+0xa4/0xe0 [ 329.702503][T20037] ? vm_area_dup+0x26/0x230 [ 329.706840][T20037] should_failslab+0x9/0x20 [ 329.711180][T20037] slab_pre_alloc_hook+0x37/0xd0 [ 329.715955][T20037] ? vm_area_dup+0x26/0x230 [ 329.720293][T20037] kmem_cache_alloc+0x44/0x200 [ 329.724897][T20037] vm_area_dup+0x26/0x230 [ 329.729066][T20037] copy_mm+0x9a1/0x13e0 [ 329.733075][T20037] ? copy_signal+0x610/0x610 [ 329.737479][T20037] ? __init_rwsem+0xd6/0x1c0 [ 329.741906][T20037] ? copy_signal+0x4e3/0x610 [ 329.746329][T20037] copy_process+0x1149/0x3290 [ 329.750847][T20037] ? proc_fail_nth_write+0x20b/0x290 [ 329.755966][T20037] ? fsnotify_perm+0x6a/0x5d0 [ 329.760480][T20037] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 329.765429][T20037] ? vfs_write+0x9ec/0x1110 [ 329.769768][T20037] kernel_clone+0x21e/0x9e0 [ 329.774104][T20037] ? file_end_write+0x1c0/0x1c0 [ 329.778797][T20037] ? create_io_thread+0x1e0/0x1e0 [ 329.783653][T20037] ? mutex_unlock+0xb2/0x260 [ 329.788078][T20037] ? __mutex_lock_slowpath+0x10/0x10 [ 329.793200][T20037] __x64_sys_clone+0x23f/0x290 [ 329.797802][T20037] ? __do_sys_vfork+0x130/0x130 [ 329.802485][T20037] ? ksys_write+0x260/0x2c0 [ 329.806825][T20037] ? debug_smp_processor_id+0x17/0x20 [ 329.812030][T20037] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 329.817937][T20037] ? exit_to_user_mode_prepare+0x39/0xa0 [ 329.823402][T20037] do_syscall_64+0x3d/0xb0 [ 329.827656][T20037] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 329.833383][T20037] RIP: 0033:0x7f8118545da9 [ 329.837637][T20037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 329.857078][T20037] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 329.865325][T20037] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 329.873133][T20037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 329.880946][T20037] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:33 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x200}, 0x8}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280), &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000900), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r1, 0xe0, &(0x7f0000001e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xad, &(0x7f0000000640)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f00000008c0), 0x8, 0x6e, 0x8, 0x8, &(0x7f0000000980)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @btf_id={0x18, 0xcc70ea26e33e0fd2, 0x3, 0x0, 0x3}]}, &(0x7f0000000240)='syzkaller\x00', 0x6, 0xea, &(0x7f0000000740)=""/234, 0x40f00, 0x64, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x5, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) r6 = openat$cgroup_ro(r3, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000bc0)={0x0, 0x3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0xd, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186a00000a0000000000007322000085000000d200000018420f00fb0600000000008500ffff950000000000000000e6007f0000000000002000"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x0, '\x00', r5, 0x2e, r3, 0x8, &(0x7f0000000b00)={0x9, 0x80000002}, 0x8, 0x10, &(0x7f0000000b40)={0x4, 0xa, 0x5, 0x7ff}, 0x10, 0xffffffffffffffff, r4, 0x1, &(0x7f0000001c40)=[r6, 0xffffffffffffffff, r7], &(0x7f0000001c80)=[{0xfffffffe, 0x3, 0xb, 0xa}], 0x10, 0x6}, 0x90) perf_event_open$cgroup(&(0x7f0000000180)={0x0, 0x80, 0x4, 0x1, 0x0, 0xff, 0x0, 0x5, 0xbc2ddb4dc746daf4, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080), 0x6}, 0x8840, 0x1, 0x7, 0x5, 0x3b6, 0x7ff, 0x8, 0x0, 0x2, 0x0, 0x83}, r6, 0x10, 0xffffffffffffffff, 0xa) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) [ 329.888845][T20037] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 329.896741][T20037] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 329.904560][T20037] 22:26:33 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) [ 329.938532][T20041] : renamed from macvtap0 [ 329.965744][T20045] FAULT_INJECTION: forcing a failure. [ 329.965744][T20045] name failslab, interval 1, probability 0, space 0, times 0 [ 329.990201][T20045] CPU: 1 PID: 20045 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 330.000365][T20045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 330.010263][T20045] Call Trace: [ 330.013383][T20045] [ 330.016160][T20045] dump_stack_lvl+0x151/0x1b7 [ 330.020677][T20045] ? io_uring_drop_tctx_refs+0x190/0x190 [ 330.026247][T20045] dump_stack+0x15/0x17 [ 330.030233][T20045] should_fail+0x3c6/0x510 [ 330.034482][T20045] __should_failslab+0xa4/0xe0 [ 330.039219][T20045] ? anon_vma_clone+0x9a/0x500 [ 330.043873][T20045] should_failslab+0x9/0x20 [ 330.048213][T20045] slab_pre_alloc_hook+0x37/0xd0 [ 330.052985][T20045] ? anon_vma_clone+0x9a/0x500 [ 330.057622][T20045] kmem_cache_alloc+0x44/0x200 [ 330.062183][T20045] anon_vma_clone+0x9a/0x500 [ 330.066613][T20045] anon_vma_fork+0x91/0x4e0 [ 330.070956][T20045] ? anon_vma_name+0x4c/0x70 [ 330.076420][T20045] ? vm_area_dup+0x17a/0x230 [ 330.080849][T20045] copy_mm+0xa3a/0x13e0 [ 330.084842][T20045] ? copy_signal+0x610/0x610 [ 330.089291][T20045] ? __init_rwsem+0xd6/0x1c0 [ 330.093702][T20045] ? copy_signal+0x4e3/0x610 [ 330.098119][T20045] copy_process+0x1149/0x3290 [ 330.102634][T20045] ? proc_fail_nth_write+0x20b/0x290 [ 330.107752][T20045] ? fsnotify_perm+0x6a/0x5d0 [ 330.112269][T20045] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 330.117232][T20045] ? vfs_write+0x9ec/0x1110 [ 330.121557][T20045] kernel_clone+0x21e/0x9e0 [ 330.125893][T20045] ? file_end_write+0x1c0/0x1c0 [ 330.130583][T20045] ? create_io_thread+0x1e0/0x1e0 [ 330.135442][T20045] ? mutex_unlock+0xb2/0x260 [ 330.139960][T20045] ? __mutex_lock_slowpath+0x10/0x10 [ 330.145075][T20045] __x64_sys_clone+0x23f/0x290 [ 330.149670][T20045] ? __do_sys_vfork+0x130/0x130 [ 330.154455][T20045] ? ksys_write+0x260/0x2c0 [ 330.158790][T20045] ? debug_smp_processor_id+0x17/0x20 [ 330.163998][T20045] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 330.170247][T20045] ? exit_to_user_mode_prepare+0x39/0xa0 [ 330.175717][T20045] do_syscall_64+0x3d/0xb0 [ 330.179967][T20045] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 330.185694][T20045] RIP: 0033:0x7f8118545da9 [ 330.189950][T20045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 330.209393][T20045] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 330.217640][T20045] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 330.225450][T20045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 330.233261][T20045] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 330.241069][T20045] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 330.248878][T20045] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 330.256694][T20045] 22:26:33 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) 22:26:33 executing program 0: syz_clone(0x44040100, 0x0, 0x1b0f71f000, 0x0, 0x0, 0x0) 22:26:33 executing program 1: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f00000000c0)='./file0\x00', 0x0, 0x18}, 0x18) (async) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xfc, 0x81, 0x21, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x6b4}, 0x8080, 0x0, 0xffffff7e, 0x0, 0x2, 0x0, 0x1000, 0x0, 0xfde1, 0x0, 0x800000000000}, 0x0, 0x3, r0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0406618, &(0x7f0000000040)) recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x2, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}, {0x0, 0x3}]}, @ptr, @volatile={0x1}]}}, 0x0, 0x56}, 0x20) (async) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) (async) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) (async) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) (rerun: 64) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'macvtap0\x00', 0x1}) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) (async, rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x2, 0x7fffffff, 0x9, 0x3, 0x104, r1, 0x80, '\x00', 0x0, r2, 0x7, 0x4, 0x1}, 0x48) (async, rerun: 32) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) (async) recvmsg$unix(r3, &(0x7f0000004100)={0x0, 0x30, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r3], 0x18}, 0x0) (async) r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x90093, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$cgroup_ro(r1, &(0x7f0000000440)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) (async) ioctl$TUNSETNOCSUM(r6, 0x8923, 0x20000000) (async, rerun: 32) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000180)) (rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='GPL\x00') syz_clone(0x670c8680, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000)=0x21) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000002b00)=ANY=[@ANYRES16=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) (async) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000340)=r8) 22:26:33 executing program 0: syz_clone(0x44040100, 0x0, 0x2a9b13844000, 0x0, 0x0, 0x0) 22:26:33 executing program 1: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f00000000c0)='./file0\x00', 0x0, 0x18}, 0x18) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xfc, 0x81, 0x21, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x6b4}, 0x8080, 0x0, 0xffffff7e, 0x0, 0x2, 0x0, 0x1000, 0x0, 0xfde1, 0x0, 0x800000000000}, 0x0, 0x3, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0406618, &(0x7f0000000040)) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0406618, &(0x7f0000000040)) recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x2, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}, {0x0, 0x3}]}, @ptr, @volatile={0x1}]}}, 0x0, 0x56}, 0x20) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) (async) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'macvtap0\x00', 0x1}) (async) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'macvtap0\x00', 0x1}) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x2, 0x7fffffff, 0x9, 0x3, 0x104, r1, 0x80, '\x00', 0x0, r2, 0x7, 0x4, 0x1}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x2, 0x7fffffff, 0x9, 0x3, 0x104, r1, 0x80, '\x00', 0x0, r2, 0x7, 0x4, 0x1}, 0x48) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) (async) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000004100)={0x0, 0x30, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r3], 0x18}, 0x0) (async) recvmsg$unix(r3, &(0x7f0000004100)={0x0, 0x30, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r3], 0x18}, 0x0) r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x90093, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$cgroup_ro(r1, &(0x7f0000000440)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) ioctl$TUNSETNOCSUM(r6, 0x8923, 0x20000000) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000180)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) (async) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='GPL\x00') syz_clone(0x670c8680, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000)=0x21) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000002b00)=ANY=[@ANYRES16=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000340)=r8) (async) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000340)=r8) 22:26:33 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x0, 0x0) (async, rerun: 32) r1 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000006c0), 0x5}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) (async, rerun: 32) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40010040) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000240)=0xff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0x101, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4009, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async) close(0xffffffffffffffff) r4 = syz_clone(0x8080, &(0x7f0000000cc0), 0x0, 0x0, &(0x7f0000000e00), 0x0) r5 = perf_event_open$cgroup(&(0x7f0000000580)={0x4, 0x80, 0x0, 0xa4, 0x41, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x4}, 0x8440, 0x0, 0x7fffffff, 0x3, 0x1, 0x80000001, 0x6, 0x0, 0x2}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x0, 0x7f, 0x38, 0x20, 0x0, 0x4, 0x440, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x73ed, 0x0, @perf_config_ext={0x2, 0x7}, 0x4000, 0x85ce, 0xffff, 0x5, 0x0, 0x3, 0x7, 0x0, 0x8, 0x0, 0x4}, r4, 0x0, r5, 0x1) (async, rerun: 64) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x14900}, r4, 0x0, 0xffffffffffffffff, 0x0) (rerun: 64) r6 = perf_event_open(&(0x7f0000001440)={0x4, 0x80, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x9, 0x80, 0x0, 0x0, 0x8, 0x253}, r4, 0xd, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0xe0, 0x3f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3ff, 0x20}, 0x10000, 0x18e, 0x0, 0x6, 0x8000000000000000, 0xb0, 0x5, 0x0, 0x10001, 0x0, 0x9f3}, 0x0, 0x89, r6, 0x0) (async) perf_event_open(&(0x7f0000000740)={0x3, 0x80, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10688, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40, 0x0, 0x6, 0x5, 0x3, 0x0, 0x7, 0x0, 0xfffffff7, 0x0, 0xfff}, r4, 0xd, r6, 0x8) (async) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x9, 0xc6, 0x0, 0x0, 0x3, 0x2ce, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x4000, 0xfffffffffffffffb, 0x9534, 0x1, 0x10001, 0x0, 0x8001, 0x0, 0xfffffff9, 0x0, 0x3}, r4, 0xa, r0, 0x8) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='rose0\x00') (async) close(r2) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20005, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0xfffffffffffffffc}, 0x2040, 0x7, 0x800, 0x8, 0x687, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r3, 0x3) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000b00)={'wlan1\x00', 0x8000}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x20}) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a2, &(0x7f0000000080)) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4004662b, &(0x7f00000005c0)=0x1) [ 330.427357][T20060] FAULT_INJECTION: forcing a failure. [ 330.427357][T20060] name failslab, interval 1, probability 0, space 0, times 0 [ 330.461239][T20060] CPU: 1 PID: 20060 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 330.471406][T20060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 330.481311][T20060] Call Trace: [ 330.484427][T20060] [ 330.487197][T20060] dump_stack_lvl+0x151/0x1b7 [ 330.491795][T20060] ? io_uring_drop_tctx_refs+0x190/0x190 [ 330.497261][T20060] dump_stack+0x15/0x17 [ 330.501252][T20060] should_fail+0x3c6/0x510 [ 330.505505][T20060] __should_failslab+0xa4/0xe0 [ 330.510109][T20060] ? vm_area_dup+0x26/0x230 [ 330.514445][T20060] should_failslab+0x9/0x20 [ 330.518785][T20060] slab_pre_alloc_hook+0x37/0xd0 [ 330.523560][T20060] ? vm_area_dup+0x26/0x230 [ 330.527898][T20060] kmem_cache_alloc+0x44/0x200 [ 330.532499][T20060] vm_area_dup+0x26/0x230 [ 330.536665][T20060] copy_mm+0x9a1/0x13e0 [ 330.540658][T20060] ? copy_signal+0x610/0x610 [ 330.545086][T20060] ? __init_rwsem+0xd6/0x1c0 [ 330.549509][T20060] ? copy_signal+0x4e3/0x610 [ 330.553936][T20060] copy_process+0x1149/0x3290 [ 330.558450][T20060] ? proc_fail_nth_write+0x20b/0x290 [ 330.563570][T20060] ? fsnotify_perm+0x6a/0x5d0 [ 330.568082][T20060] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 330.573028][T20060] ? vfs_write+0x9ec/0x1110 [ 330.577371][T20060] kernel_clone+0x21e/0x9e0 [ 330.581713][T20060] ? file_end_write+0x1c0/0x1c0 [ 330.586397][T20060] ? create_io_thread+0x1e0/0x1e0 [ 330.591257][T20060] ? mutex_unlock+0xb2/0x260 [ 330.595682][T20060] ? __mutex_lock_slowpath+0x10/0x10 [ 330.600804][T20060] __x64_sys_clone+0x23f/0x290 [ 330.605405][T20060] ? __do_sys_vfork+0x130/0x130 [ 330.610089][T20060] ? ksys_write+0x260/0x2c0 [ 330.614432][T20060] ? debug_smp_processor_id+0x17/0x20 [ 330.619637][T20060] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 330.625538][T20060] ? exit_to_user_mode_prepare+0x39/0xa0 [ 330.631009][T20060] do_syscall_64+0x3d/0xb0 [ 330.635262][T20060] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 330.640987][T20060] RIP: 0033:0x7f8118545da9 [ 330.645264][T20060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 330.664691][T20060] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 330.672933][T20060] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 330.680740][T20060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 330.688549][T20060] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 330.696359][T20060] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 330.704204][T20060] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 330.711987][T20060] [ 330.748828][T20086] : renamed from macvtap0 22:26:34 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 22:26:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000006c0), 0x5}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) (async) r1 = perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000006c0), 0x5}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0) (async) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40010040) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) (async) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000240)=0xff) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000240)=0xff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0x101, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4009, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0x101, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4009, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) close(0xffffffffffffffff) r4 = syz_clone(0x8080, &(0x7f0000000cc0), 0x0, 0x0, &(0x7f0000000e00), 0x0) r5 = perf_event_open$cgroup(&(0x7f0000000580)={0x4, 0x80, 0x0, 0xa4, 0x41, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x4}, 0x8440, 0x0, 0x7fffffff, 0x3, 0x1, 0x80000001, 0x6, 0x0, 0x2}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000500)={0x0, 0x80, 0x0, 0x7f, 0x38, 0x20, 0x0, 0x4, 0x440, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x73ed, 0x0, @perf_config_ext={0x2, 0x7}, 0x4000, 0x85ce, 0xffff, 0x5, 0x0, 0x3, 0x7, 0x0, 0x8, 0x0, 0x4}, r4, 0x0, r5, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x14900}, r4, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000001440)={0x4, 0x80, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x9, 0x80, 0x0, 0x0, 0x8, 0x253}, r4, 0xd, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0xe0, 0x3f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3ff, 0x20}, 0x10000, 0x18e, 0x0, 0x6, 0x8000000000000000, 0xb0, 0x5, 0x0, 0x10001, 0x0, 0x9f3}, 0x0, 0x89, r6, 0x0) perf_event_open(&(0x7f0000000740)={0x3, 0x80, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10688, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40, 0x0, 0x6, 0x5, 0x3, 0x0, 0x7, 0x0, 0xfffffff7, 0x0, 0xfff}, r4, 0xd, r6, 0x8) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x9, 0xc6, 0x0, 0x0, 0x3, 0x2ce, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x4000, 0xfffffffffffffffb, 0x9534, 0x1, 0x10001, 0x0, 0x8001, 0x0, 0xfffffff9, 0x0, 0x3}, r4, 0xa, r0, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='rose0\x00') close(r2) (async) close(r2) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20005, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0xfffffffffffffffc}, 0x2040, 0x7, 0x800, 0x8, 0x687, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r3, 0x3) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000b00)={'wlan1\x00', 0x8000}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x20}) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a2, &(0x7f0000000080)) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a2, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4004662b, &(0x7f00000005c0)=0x1) (async) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4004662b, &(0x7f00000005c0)=0x1) 22:26:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) (async) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x200}, 0x8}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280), &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000900), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r1, 0xe0, &(0x7f0000001e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xad, &(0x7f0000000640)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f00000008c0), 0x8, 0x6e, 0x8, 0x8, &(0x7f0000000980)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r1, 0xe0, &(0x7f0000001e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xad, &(0x7f0000000640)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f00000008c0), 0x8, 0x6e, 0x8, 0x8, &(0x7f0000000980)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @btf_id={0x18, 0xcc70ea26e33e0fd2, 0x3, 0x0, 0x3}]}, &(0x7f0000000240)='syzkaller\x00', 0x6, 0xea, &(0x7f0000000740)=""/234, 0x40f00, 0x64, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x5, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @btf_id={0x18, 0xcc70ea26e33e0fd2, 0x3, 0x0, 0x3}]}, &(0x7f0000000240)='syzkaller\x00', 0x6, 0xea, &(0x7f0000000740)=""/234, 0x40f00, 0x64, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x5, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) openat$cgroup_ro(r3, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) (async) r6 = openat$cgroup_ro(r3, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000bc0)={0x0, 0x3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0xd, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186a00000a0000000000007322000085000000d200000018420f00fb0600000000008500ffff950000000000000000e6007f0000000000002000"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x0, '\x00', r5, 0x2e, r3, 0x8, &(0x7f0000000b00)={0x9, 0x80000002}, 0x8, 0x10, &(0x7f0000000b40)={0x4, 0xa, 0x5, 0x7ff}, 0x10, 0xffffffffffffffff, r4, 0x1, &(0x7f0000001c40)=[r6, 0xffffffffffffffff, r7], &(0x7f0000001c80)=[{0xfffffffe, 0x3, 0xb, 0xa}], 0x10, 0x6}, 0x90) perf_event_open$cgroup(&(0x7f0000000180)={0x0, 0x80, 0x4, 0x1, 0x0, 0xff, 0x0, 0x5, 0xbc2ddb4dc746daf4, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080), 0x6}, 0x8840, 0x1, 0x7, 0x5, 0x3b6, 0x7ff, 0x8, 0x0, 0x2, 0x0, 0x83}, r6, 0x10, 0xffffffffffffffff, 0xa) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) [ 330.822737][T20096] FAULT_INJECTION: forcing a failure. [ 330.822737][T20096] name failslab, interval 1, probability 0, space 0, times 0 [ 330.872686][T20096] CPU: 1 PID: 20096 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 330.882847][T20096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 330.893266][T20096] Call Trace: [ 330.896383][T20096] [ 330.899165][T20096] dump_stack_lvl+0x151/0x1b7 [ 330.903675][T20096] ? io_uring_drop_tctx_refs+0x190/0x190 [ 330.909150][T20096] dump_stack+0x15/0x17 [ 330.913133][T20096] should_fail+0x3c6/0x510 [ 330.917388][T20096] __should_failslab+0xa4/0xe0 [ 330.922075][T20096] ? anon_vma_fork+0xf7/0x4e0 [ 330.926589][T20096] should_failslab+0x9/0x20 [ 330.930928][T20096] slab_pre_alloc_hook+0x37/0xd0 [ 330.935699][T20096] ? anon_vma_fork+0xf7/0x4e0 [ 330.940218][T20096] kmem_cache_alloc+0x44/0x200 [ 330.944814][T20096] anon_vma_fork+0xf7/0x4e0 [ 330.949153][T20096] ? anon_vma_name+0x4c/0x70 [ 330.953579][T20096] ? vm_area_dup+0x17a/0x230 [ 330.958010][T20096] copy_mm+0xa3a/0x13e0 [ 330.962001][T20096] ? copy_signal+0x610/0x610 [ 330.966427][T20096] ? __init_rwsem+0xd6/0x1c0 [ 330.970854][T20096] ? copy_signal+0x4e3/0x610 [ 330.975281][T20096] copy_process+0x1149/0x3290 [ 330.979795][T20096] ? proc_fail_nth_write+0x20b/0x290 [ 330.984910][T20096] ? fsnotify_perm+0x6a/0x5d0 [ 330.989425][T20096] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 330.994375][T20096] ? vfs_write+0x9ec/0x1110 [ 330.998716][T20096] kernel_clone+0x21e/0x9e0 [ 331.003052][T20096] ? file_end_write+0x1c0/0x1c0 [ 331.007740][T20096] ? create_io_thread+0x1e0/0x1e0 [ 331.012600][T20096] ? mutex_unlock+0xb2/0x260 [ 331.017026][T20096] ? __mutex_lock_slowpath+0x10/0x10 [ 331.022146][T20096] __x64_sys_clone+0x23f/0x290 [ 331.026754][T20096] ? __do_sys_vfork+0x130/0x130 [ 331.031604][T20096] ? ksys_write+0x260/0x2c0 [ 331.035947][T20096] ? debug_smp_processor_id+0x17/0x20 [ 331.041201][T20096] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 331.047052][T20096] ? exit_to_user_mode_prepare+0x39/0xa0 [ 331.052623][T20096] do_syscall_64+0x3d/0xb0 [ 331.056875][T20096] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.062600][T20096] RIP: 0033:0x7f8118545da9 [ 331.066853][T20096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 331.086295][T20096] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 331.094538][T20096] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 331.102350][T20096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 331.110162][T20096] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:34 executing program 0: syz_clone(0x44040100, 0x0, 0x553a256be000, 0x0, 0x0, 0x0) 22:26:34 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 22:26:34 executing program 1: syz_clone(0x51800080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x80, 0x0, 0xd4, 0x0, 0x2, 0x8400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4600, 0xfff, 0x7, 0x5, 0x79, 0x3, 0xad, 0x0, 0x6, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1) [ 331.117973][T20096] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 331.125787][T20096] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 331.133601][T20096] 22:26:34 executing program 2: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000006c0)={0x0, 0x80, 0x20, 0x0, 0x8, 0x64, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1fc000, 0x1, @perf_bp={&(0x7f0000000540), 0xa}, 0x1c80b, 0x0, 0x9123, 0x0, 0x6, 0x6, 0x0, 0x0, 0x83}, r1, 0x7, 0xffffffffffffffff, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00'}, 0x30) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x5452, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(r2, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0xc0920400, 0x0, 0x1000000, 0x0, 0x0, 0x0) [ 331.203203][T20108] FAULT_INJECTION: forcing a failure. [ 331.203203][T20108] name failslab, interval 1, probability 0, space 0, times 0 [ 331.236460][T20108] CPU: 0 PID: 20108 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 331.246631][T20108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 331.256529][T20108] Call Trace: [ 331.259646][T20108] [ 331.262424][T20108] dump_stack_lvl+0x151/0x1b7 [ 331.266939][T20108] ? io_uring_drop_tctx_refs+0x190/0x190 [ 331.272408][T20108] dump_stack+0x15/0x17 [ 331.276399][T20108] should_fail+0x3c6/0x510 [ 331.280655][T20108] __should_failslab+0xa4/0xe0 [ 331.285379][T20108] ? anon_vma_fork+0x1df/0x4e0 [ 331.289972][T20108] should_failslab+0x9/0x20 [ 331.294309][T20108] slab_pre_alloc_hook+0x37/0xd0 [ 331.299086][T20108] ? anon_vma_fork+0x1df/0x4e0 [ 331.303683][T20108] kmem_cache_alloc+0x44/0x200 [ 331.308284][T20108] anon_vma_fork+0x1df/0x4e0 [ 331.312710][T20108] copy_mm+0xa3a/0x13e0 [ 331.316705][T20108] ? copy_signal+0x610/0x610 [ 331.321127][T20108] ? __init_rwsem+0xd6/0x1c0 [ 331.325553][T20108] ? copy_signal+0x4e3/0x610 [ 331.329982][T20108] copy_process+0x1149/0x3290 [ 331.334494][T20108] ? proc_fail_nth_write+0x20b/0x290 [ 331.339615][T20108] ? fsnotify_perm+0x6a/0x5d0 [ 331.344126][T20108] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 331.349075][T20108] ? vfs_write+0x9ec/0x1110 [ 331.353413][T20108] kernel_clone+0x21e/0x9e0 [ 331.357753][T20108] ? file_end_write+0x1c0/0x1c0 [ 331.362448][T20108] ? create_io_thread+0x1e0/0x1e0 [ 331.367299][T20108] ? mutex_unlock+0xb2/0x260 [ 331.371727][T20108] ? __mutex_lock_slowpath+0x10/0x10 [ 331.376848][T20108] __x64_sys_clone+0x23f/0x290 [ 331.381447][T20108] ? __do_sys_vfork+0x130/0x130 [ 331.386137][T20108] ? ksys_write+0x260/0x2c0 [ 331.390475][T20108] ? debug_smp_processor_id+0x17/0x20 [ 331.395681][T20108] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 331.401581][T20108] ? exit_to_user_mode_prepare+0x39/0xa0 [ 331.407052][T20108] do_syscall_64+0x3d/0xb0 [ 331.411304][T20108] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.417032][T20108] RIP: 0033:0x7f8118545da9 [ 331.421288][T20108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 331.440724][T20108] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 331.449057][T20108] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 331.456877][T20108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 331.464679][T20108] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 331.472492][T20108] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 331.480304][T20108] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 331.488122][T20108] 22:26:34 executing program 1: syz_clone(0x51800080, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x51800080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x80, 0x0, 0xd4, 0x0, 0x2, 0x8400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4600, 0xfff, 0x7, 0x5, 0x79, 0x3, 0xad, 0x0, 0x6, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1) 22:26:34 executing program 0: syz_clone(0x44040100, 0x0, 0x2001000000000, 0x0, 0x0, 0x0) 22:26:35 executing program 2: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) (async) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000006c0)={0x0, 0x80, 0x20, 0x0, 0x8, 0x64, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1fc000, 0x1, @perf_bp={&(0x7f0000000540), 0xa}, 0x1c80b, 0x0, 0x9123, 0x0, 0x6, 0x6, 0x0, 0x0, 0x83}, r1, 0x7, 0xffffffffffffffff, 0x8) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00'}, 0x30) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x5452, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_ro(r2, 0x0, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) syz_clone(0xc0920400, 0x0, 0x1000000, 0x0, 0x0, 0x0) 22:26:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0xfffffe81, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x0, 0x1000, &(0x7f0000000c40)=""/4096, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x200}, 0x8}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280), &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000002300)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000900), &(0x7f0000000940), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r1, 0xe0, &(0x7f0000001e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xad, &(0x7f0000000640)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f00000008c0), 0x8, 0x6e, 0x8, 0x8, &(0x7f0000000980)}}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}, @btf_id={0x18, 0xcc70ea26e33e0fd2, 0x3, 0x0, 0x3}]}, &(0x7f0000000240)='syzkaller\x00', 0x6, 0xea, &(0x7f0000000740)=""/234, 0x40f00, 0x64, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x5, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) (async) r6 = openat$cgroup_ro(r3, &(0x7f0000000b80)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000bc0)={0x0, 0x3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0xd, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="851000f2466d9a00186a00000a0000000000007322000085000000d200000018420f00fb0600000000008500ffff950000000000000000e6007f0000000000002000"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000680)=""/153, 0x41000, 0x0, '\x00', r5, 0x2e, r3, 0x8, &(0x7f0000000b00)={0x9, 0x80000002}, 0x8, 0x10, &(0x7f0000000b40)={0x4, 0xa, 0x5, 0x7ff}, 0x10, 0xffffffffffffffff, r4, 0x1, &(0x7f0000001c40)=[r6, 0xffffffffffffffff, r7], &(0x7f0000001c80)=[{0xfffffffe, 0x3, 0xb, 0xa}], 0x10, 0x6}, 0x90) (async) perf_event_open$cgroup(&(0x7f0000000180)={0x0, 0x80, 0x4, 0x1, 0x0, 0xff, 0x0, 0x5, 0xbc2ddb4dc746daf4, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080), 0x6}, 0x8840, 0x1, 0x7, 0x5, 0x3b6, 0x7ff, 0x8, 0x0, 0x2, 0x0, 0x83}, r6, 0x10, 0xffffffffffffffff, 0xa) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) 22:26:35 executing program 1: syz_clone(0x51800080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x80, 0x0, 0xd4, 0x0, 0x2, 0x8400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4600, 0xfff, 0x7, 0x5, 0x79, 0x3, 0xad, 0x0, 0x6, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1) syz_clone(0x51800080, 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) (async) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) (async) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x80, 0x0, 0xd4, 0x0, 0x2, 0x8400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x4600, 0xfff, 0x7, 0x5, 0x79, 0x3, 0xad, 0x0, 0x6, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1) (async) 22:26:35 executing program 2: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000006c0)={0x0, 0x80, 0x20, 0x0, 0x8, 0x64, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1fc000, 0x1, @perf_bp={&(0x7f0000000540), 0xa}, 0x1c80b, 0x0, 0x9123, 0x0, 0x6, 0x6, 0x0, 0x0, 0x83}, r1, 0x7, 0xffffffffffffffff, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00'}, 0x30) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x5452, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(r2, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0xc0920400, 0x0, 0x1000000, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f00000006c0)={0x0, 0x80, 0x20, 0x0, 0x8, 0x64, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1fc000, 0x1, @perf_bp={&(0x7f0000000540), 0xa}, 0x1c80b, 0x0, 0x9123, 0x0, 0x6, 0x6, 0x0, 0x0, 0x83}, r1, 0x7, 0xffffffffffffffff, 0x8) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00'}, 0x30) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x5452, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_ro(r2, 0x0, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) syz_clone(0xc0920400, 0x0, 0x1000000, 0x0, 0x0, 0x0) (async) 22:26:35 executing program 0: syz_clone(0x44040100, 0x0, 0x2020000000000, 0x0, 0x0, 0x0) 22:26:35 executing program 1: syz_clone(0x42084000, &(0x7f0000000100), 0x0, &(0x7f0000000180), 0x0, 0x0) 22:26:35 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) [ 332.159529][T20178] FAULT_INJECTION: forcing a failure. [ 332.159529][T20178] name failslab, interval 1, probability 0, space 0, times 0 [ 332.196832][T20178] CPU: 0 PID: 20178 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 332.206992][T20178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 332.216887][T20178] Call Trace: [ 332.220013][T20178] [ 332.222791][T20178] dump_stack_lvl+0x151/0x1b7 [ 332.227312][T20178] ? io_uring_drop_tctx_refs+0x190/0x190 [ 332.232770][T20178] dump_stack+0x15/0x17 [ 332.236762][T20178] should_fail+0x3c6/0x510 [ 332.241017][T20178] __should_failslab+0xa4/0xe0 [ 332.245616][T20178] ? vm_area_dup+0x26/0x230 [ 332.249957][T20178] should_failslab+0x9/0x20 [ 332.254291][T20178] slab_pre_alloc_hook+0x37/0xd0 [ 332.259067][T20178] ? vm_area_dup+0x26/0x230 [ 332.263407][T20178] kmem_cache_alloc+0x44/0x200 [ 332.268009][T20178] vm_area_dup+0x26/0x230 [ 332.272173][T20178] copy_mm+0x9a1/0x13e0 [ 332.276166][T20178] ? copy_signal+0x610/0x610 [ 332.280588][T20178] ? __init_rwsem+0xd6/0x1c0 [ 332.285025][T20178] ? copy_signal+0x4e3/0x610 [ 332.289444][T20178] copy_process+0x1149/0x3290 [ 332.293959][T20178] ? proc_fail_nth_write+0x20b/0x290 [ 332.299174][T20178] ? fsnotify_perm+0x6a/0x5d0 [ 332.303687][T20178] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 332.308726][T20178] ? vfs_write+0x9ec/0x1110 [ 332.313066][T20178] kernel_clone+0x21e/0x9e0 [ 332.317403][T20178] ? file_end_write+0x1c0/0x1c0 [ 332.322104][T20178] ? create_io_thread+0x1e0/0x1e0 [ 332.326949][T20178] ? mutex_unlock+0xb2/0x260 [ 332.331374][T20178] ? __mutex_lock_slowpath+0x10/0x10 [ 332.336496][T20178] __x64_sys_clone+0x23f/0x290 [ 332.341098][T20178] ? __do_sys_vfork+0x130/0x130 [ 332.345781][T20178] ? ksys_write+0x260/0x2c0 [ 332.350123][T20178] ? debug_smp_processor_id+0x17/0x20 [ 332.355326][T20178] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 332.361231][T20178] ? exit_to_user_mode_prepare+0x39/0xa0 [ 332.366700][T20178] do_syscall_64+0x3d/0xb0 [ 332.370952][T20178] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 332.376679][T20178] RIP: 0033:0x7f8118545da9 [ 332.380932][T20178] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 332.400462][T20178] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 332.408706][T20178] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 332.416522][T20178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 332.424327][T20178] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 332.432140][T20178] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 332.439959][T20178] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 332.447764][T20178] 22:26:35 executing program 0: syz_clone(0x44040100, 0x0, 0x8000000000000, 0x0, 0x0, 0x0) 22:26:35 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) r2 = gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x1, 0x9, 0x2, 0x4, 0x0, 0x2, 0x80000, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000080), 0xc}, 0x10400, 0x100000000, 0xa76, 0x7, 0x1, 0x6, 0x1ff, 0x0, 0x401, 0x0, 0x9}, r2, 0x7, r0, 0x3) 22:26:35 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) [ 332.713967][T20186] FAULT_INJECTION: forcing a failure. [ 332.713967][T20186] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 332.730745][T20186] CPU: 1 PID: 20186 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 332.740896][T20186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 332.750806][T20186] Call Trace: [ 332.754005][T20186] [ 332.756779][T20186] dump_stack_lvl+0x151/0x1b7 [ 332.761296][T20186] ? io_uring_drop_tctx_refs+0x190/0x190 [ 332.766764][T20186] dump_stack+0x15/0x17 [ 332.770753][T20186] should_fail+0x3c6/0x510 [ 332.775009][T20186] should_fail_alloc_page+0x5a/0x80 [ 332.780069][T20186] prepare_alloc_pages+0x15c/0x700 [ 332.784996][T20186] ? __alloc_pages_bulk+0xe40/0xe40 [ 332.790024][T20186] __alloc_pages+0x18c/0x8f0 [ 332.794451][T20186] ? prep_new_page+0x110/0x110 [ 332.799049][T20186] ? __alloc_pages+0x27e/0x8f0 [ 332.803654][T20186] ? __kasan_check_write+0x14/0x20 [ 332.808595][T20186] ? _raw_spin_lock+0xa4/0x1b0 [ 332.813194][T20186] __pmd_alloc+0xb1/0x550 [ 332.817364][T20186] ? __pud_alloc+0x260/0x260 [ 332.821790][T20186] ? __pud_alloc+0x213/0x260 [ 332.826215][T20186] ? do_handle_mm_fault+0x2330/0x2330 [ 332.831768][T20186] ? __stack_depot_save+0x34/0x470 [ 332.836714][T20186] ? anon_vma_clone+0x9a/0x500 [ 332.841666][T20186] copy_page_range+0x2b3d/0x2f90 [ 332.846435][T20186] ? __kasan_slab_alloc+0xb1/0xe0 [ 332.851297][T20186] ? slab_post_alloc_hook+0x53/0x2c0 [ 332.856416][T20186] ? copy_mm+0xa3a/0x13e0 [ 332.860587][T20186] ? copy_process+0x1149/0x3290 [ 332.865269][T20186] ? kernel_clone+0x21e/0x9e0 [ 332.869784][T20186] ? do_syscall_64+0x3d/0xb0 [ 332.874211][T20186] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 332.880121][T20186] ? pfn_valid+0x1e0/0x1e0 [ 332.884365][T20186] ? rwsem_write_trylock+0x15b/0x290 [ 332.889486][T20186] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 332.895736][T20186] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 332.901290][T20186] ? __rb_insert_augmented+0x5de/0x610 [ 332.906587][T20186] copy_mm+0xc7e/0x13e0 [ 332.910581][T20186] ? copy_signal+0x610/0x610 [ 332.915004][T20186] ? __init_rwsem+0xd6/0x1c0 [ 332.919438][T20186] ? copy_signal+0x4e3/0x610 [ 332.923953][T20186] copy_process+0x1149/0x3290 [ 332.928556][T20186] ? proc_fail_nth_write+0x20b/0x290 [ 332.933675][T20186] ? fsnotify_perm+0x6a/0x5d0 [ 332.938192][T20186] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 332.943314][T20186] ? vfs_write+0x9ec/0x1110 [ 332.947649][T20186] kernel_clone+0x21e/0x9e0 [ 332.951986][T20186] ? file_end_write+0x1c0/0x1c0 [ 332.956955][T20186] ? create_io_thread+0x1e0/0x1e0 [ 332.961879][T20186] ? mutex_unlock+0xb2/0x260 [ 332.966306][T20186] ? __mutex_lock_slowpath+0x10/0x10 [ 332.971430][T20186] __x64_sys_clone+0x23f/0x290 [ 332.976035][T20186] ? __do_sys_vfork+0x130/0x130 [ 332.980721][T20186] ? ksys_write+0x260/0x2c0 [ 332.985070][T20186] ? debug_smp_processor_id+0x17/0x20 [ 332.990270][T20186] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 332.996165][T20186] ? exit_to_user_mode_prepare+0x39/0xa0 [ 333.001631][T20186] do_syscall_64+0x3d/0xb0 [ 333.005882][T20186] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 333.011613][T20186] RIP: 0033:0x7f8118545da9 [ 333.015873][T20186] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 333.035492][T20186] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 333.043737][T20186] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 333.051638][T20186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 22:26:36 executing program 0: syz_clone(0x44040100, 0x0, 0x10100000000000, 0x0, 0x0, 0x0) 22:26:36 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) [ 333.059456][T20186] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 333.067259][T20186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 333.075069][T20186] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 333.082886][T20186] 22:26:36 executing program 1: syz_clone(0x42084000, &(0x7f0000000100), 0x0, &(0x7f0000000180), 0x0, 0x0) [ 333.112710][T20191] FAULT_INJECTION: forcing a failure. [ 333.112710][T20191] name failslab, interval 1, probability 0, space 0, times 0 [ 333.133139][T20191] CPU: 1 PID: 20191 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 333.143406][T20191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 333.153299][T20191] Call Trace: [ 333.156422][T20191] [ 333.159201][T20191] dump_stack_lvl+0x151/0x1b7 [ 333.163715][T20191] ? io_uring_drop_tctx_refs+0x190/0x190 [ 333.169181][T20191] dump_stack+0x15/0x17 [ 333.173215][T20191] should_fail+0x3c6/0x510 [ 333.177511][T20191] __should_failslab+0xa4/0xe0 [ 333.182110][T20191] ? vm_area_dup+0x26/0x230 [ 333.186450][T20191] should_failslab+0x9/0x20 [ 333.190795][T20191] slab_pre_alloc_hook+0x37/0xd0 [ 333.195565][T20191] ? vm_area_dup+0x26/0x230 [ 333.199901][T20191] kmem_cache_alloc+0x44/0x200 [ 333.204502][T20191] vm_area_dup+0x26/0x230 [ 333.208755][T20191] copy_mm+0x9a1/0x13e0 [ 333.212751][T20191] ? copy_signal+0x610/0x610 [ 333.217174][T20191] ? __init_rwsem+0xd6/0x1c0 [ 333.221598][T20191] ? copy_signal+0x4e3/0x610 [ 333.226026][T20191] copy_process+0x1149/0x3290 [ 333.230537][T20191] ? proc_fail_nth_write+0x20b/0x290 [ 333.235658][T20191] ? fsnotify_perm+0x6a/0x5d0 [ 333.240172][T20191] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 333.245127][T20191] ? vfs_write+0x9ec/0x1110 [ 333.249459][T20191] kernel_clone+0x21e/0x9e0 [ 333.253799][T20191] ? file_end_write+0x1c0/0x1c0 [ 333.258484][T20191] ? create_io_thread+0x1e0/0x1e0 [ 333.263353][T20191] ? mutex_unlock+0xb2/0x260 [ 333.267865][T20191] ? __mutex_lock_slowpath+0x10/0x10 [ 333.273155][T20191] __x64_sys_clone+0x23f/0x290 [ 333.277763][T20191] ? __do_sys_vfork+0x130/0x130 [ 333.282441][T20191] ? ksys_write+0x260/0x2c0 [ 333.286781][T20191] ? debug_smp_processor_id+0x17/0x20 [ 333.291987][T20191] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 333.297887][T20191] ? exit_to_user_mode_prepare+0x39/0xa0 [ 333.303356][T20191] do_syscall_64+0x3d/0xb0 [ 333.307610][T20191] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 333.313335][T20191] RIP: 0033:0x7f8118545da9 [ 333.317591][T20191] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 333.337030][T20191] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 333.345285][T20191] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 333.353094][T20191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 22:26:36 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) r2 = gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x1, 0x9, 0x2, 0x4, 0x0, 0x2, 0x80000, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000080), 0xc}, 0x10400, 0x100000000, 0xa76, 0x7, 0x1, 0x6, 0x1ff, 0x0, 0x401, 0x0, 0x9}, r2, 0x7, r0, 0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (async) gettid() (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x1, 0x9, 0x2, 0x4, 0x0, 0x2, 0x80000, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000080), 0xc}, 0x10400, 0x100000000, 0xa76, 0x7, 0x1, 0x6, 0x1ff, 0x0, 0x401, 0x0, 0x9}, r2, 0x7, r0, 0x3) (async) [ 333.360900][T20191] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 333.368708][T20191] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 333.376520][T20191] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 333.384337][T20191] 22:26:36 executing program 0: syz_clone(0x44040100, 0x0, 0x4084139b2a0000, 0x0, 0x0, 0x0) 22:26:36 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async, rerun: 32) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) r2 = gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x1, 0x9, 0x2, 0x4, 0x0, 0x2, 0x80000, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000080), 0xc}, 0x10400, 0x100000000, 0xa76, 0x7, 0x1, 0x6, 0x1ff, 0x0, 0x401, 0x0, 0x9}, r2, 0x7, r0, 0x3) 22:26:36 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x62c8}, 0x7e) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:36 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) 22:26:36 executing program 0: syz_clone(0x44040100, 0x0, 0x70000000000000, 0x0, 0x0, 0x0) [ 333.658511][T20215] FAULT_INJECTION: forcing a failure. [ 333.658511][T20215] name failslab, interval 1, probability 0, space 0, times 0 [ 333.686124][T20215] CPU: 1 PID: 20215 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 333.696284][T20215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 333.706180][T20215] Call Trace: [ 333.709306][T20215] [ 333.712080][T20215] dump_stack_lvl+0x151/0x1b7 [ 333.716593][T20215] ? io_uring_drop_tctx_refs+0x190/0x190 [ 333.722065][T20215] dump_stack+0x15/0x17 [ 333.726053][T20215] should_fail+0x3c6/0x510 [ 333.730309][T20215] __should_failslab+0xa4/0xe0 [ 333.734906][T20215] ? vm_area_dup+0x26/0x230 [ 333.739256][T20215] should_failslab+0x9/0x20 [ 333.743587][T20215] slab_pre_alloc_hook+0x37/0xd0 [ 333.748359][T20215] ? vm_area_dup+0x26/0x230 [ 333.752700][T20215] kmem_cache_alloc+0x44/0x200 [ 333.757300][T20215] vm_area_dup+0x26/0x230 [ 333.761466][T20215] copy_mm+0x9a1/0x13e0 [ 333.765461][T20215] ? copy_signal+0x610/0x610 [ 333.769884][T20215] ? __init_rwsem+0xd6/0x1c0 [ 333.774311][T20215] ? copy_signal+0x4e3/0x610 [ 333.778736][T20215] copy_process+0x1149/0x3290 [ 333.783251][T20215] ? proc_fail_nth_write+0x20b/0x290 [ 333.788372][T20215] ? fsnotify_perm+0x6a/0x5d0 [ 333.792883][T20215] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 333.797831][T20215] ? vfs_write+0x9ec/0x1110 [ 333.802171][T20215] kernel_clone+0x21e/0x9e0 [ 333.806509][T20215] ? file_end_write+0x1c0/0x1c0 [ 333.811199][T20215] ? create_io_thread+0x1e0/0x1e0 [ 333.816055][T20215] ? mutex_unlock+0xb2/0x260 [ 333.820484][T20215] ? __mutex_lock_slowpath+0x10/0x10 [ 333.825604][T20215] __x64_sys_clone+0x23f/0x290 [ 333.830204][T20215] ? __do_sys_vfork+0x130/0x130 [ 333.834894][T20215] ? ksys_write+0x260/0x2c0 [ 333.839232][T20215] ? debug_smp_processor_id+0x17/0x20 [ 333.844438][T20215] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 333.850343][T20215] ? exit_to_user_mode_prepare+0x39/0xa0 [ 333.855808][T20215] do_syscall_64+0x3d/0xb0 [ 333.860063][T20215] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 333.865789][T20215] RIP: 0033:0x7f8118545da9 [ 333.870047][T20215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 333.889484][T20215] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 333.897731][T20215] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:37 executing program 1: syz_clone(0x42084000, &(0x7f0000000100), 0x0, &(0x7f0000000180), 0x0, 0x0) [ 333.905563][T20215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 333.913351][T20215] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 333.921162][T20215] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 333.928979][T20215] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 333.936789][T20215] 22:26:37 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x62c8}, 0x7e) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:37 executing program 0: syz_clone(0x44040100, 0x0, 0xc002a0ffffffff, 0x0, 0x0, 0x0) 22:26:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000001) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x8006}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000009c0)={0x3, 0x80, 0x0, 0x2, 0x20, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x47b, 0x1, @perf_bp={0x0, 0x7}, 0x80402, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0x9, 0x0, 0x0, 0xfffffff9, 0x0, 0x6}, 0x0, 0xd, r5, 0x1) perf_event_open(&(0x7f0000000780)={0x6, 0x80, 0xab, 0x0, 0x5, 0x6, 0x0, 0x2, 0x400, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x88000, 0x0, 0x200, 0x2, 0x1f, 0x0, 0xff, 0x0, 0x3ff, 0x0, 0x480b}, 0x0, 0x7, r4, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r2, 0x0, 0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r6 = gettid() perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x3, 0x3, 0x7f, 0x1, 0x0, 0x401, 0x24000, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp, 0x4b6d8230e9122e91, 0x2, 0x800, 0x6, 0x1a8820e0, 0x10001, 0xfff8, 0x0, 0x16, 0x0, 0x400}, r6, 0x10, r1, 0x1) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) 22:26:37 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x62c8}, 0x7e) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:37 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) 22:26:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='udp_fail_queue_rcv_skb\x00', r1}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='afs_cm_no_server\x00', r1}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x6, 0x7fe1, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001640)={{r4}, &(0x7f00000015c0), &(0x7f0000001600)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r4, &(0x7f0000000000), 0x0}, 0x20) openat$cgroup_ro(r1, &(0x7f0000000500)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="8520000000f000008367d2478ed42937825b69"], &(0x7f0000000180)='GPL\x00', 0x7, 0x85, &(0x7f00000001c0)=""/133, 0x41100, 0x48, '\x00', r3, 0x25, r1, 0x8, &(0x7f0000000340)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x2, 0x4, 0x80000000, 0x2}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000400)=[r1, r1, r4, r1, 0x1, r0, r0], &(0x7f0000000440)=[{0x4, 0x2, 0x7, 0x7}, {0x5, 0x3, 0x5, 0xa}, {0x4, 0x1, 0x4, 0x3}], 0x10, 0x10000}, 0x90) [ 334.214041][T20234] FAULT_INJECTION: forcing a failure. [ 334.214041][T20234] name failslab, interval 1, probability 0, space 0, times 0 [ 334.265936][T20234] CPU: 1 PID: 20234 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 334.276113][T20234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 334.286000][T20234] Call Trace: [ 334.289553][T20234] [ 334.292332][T20234] dump_stack_lvl+0x151/0x1b7 [ 334.296848][T20234] ? io_uring_drop_tctx_refs+0x190/0x190 [ 334.302319][T20234] dump_stack+0x15/0x17 [ 334.306303][T20234] should_fail+0x3c6/0x510 [ 334.310558][T20234] __should_failslab+0xa4/0xe0 22:26:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000001) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x8006}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000009c0)={0x3, 0x80, 0x0, 0x2, 0x20, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x47b, 0x1, @perf_bp={0x0, 0x7}, 0x80402, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0x9, 0x0, 0x0, 0xfffffff9, 0x0, 0x6}, 0x0, 0xd, r5, 0x1) (async) perf_event_open(&(0x7f0000000780)={0x6, 0x80, 0xab, 0x0, 0x5, 0x6, 0x0, 0x2, 0x400, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x88000, 0x0, 0x200, 0x2, 0x1f, 0x0, 0xff, 0x0, 0x3ff, 0x0, 0x480b}, 0x0, 0x7, r4, 0x2) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r2, 0x0, 0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r6 = gettid() perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x3, 0x3, 0x7f, 0x1, 0x0, 0x401, 0x24000, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp, 0x4b6d8230e9122e91, 0x2, 0x800, 0x6, 0x1a8820e0, 0x10001, 0xfff8, 0x0, 0x16, 0x0, 0x400}, r6, 0x10, r1, 0x1) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) [ 334.315158][T20234] ? vm_area_dup+0x26/0x230 [ 334.319494][T20234] should_failslab+0x9/0x20 [ 334.323840][T20234] slab_pre_alloc_hook+0x37/0xd0 [ 334.328609][T20234] ? vm_area_dup+0x26/0x230 [ 334.332950][T20234] kmem_cache_alloc+0x44/0x200 [ 334.337549][T20234] vm_area_dup+0x26/0x230 [ 334.341727][T20234] copy_mm+0x9a1/0x13e0 [ 334.345712][T20234] ? copy_signal+0x610/0x610 [ 334.350150][T20234] ? __init_rwsem+0xd6/0x1c0 [ 334.354565][T20234] ? copy_signal+0x4e3/0x610 [ 334.358991][T20234] copy_process+0x1149/0x3290 [ 334.363503][T20234] ? proc_fail_nth_write+0x20b/0x290 [ 334.368622][T20234] ? fsnotify_perm+0x6a/0x5d0 [ 334.373136][T20234] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 334.378091][T20234] ? vfs_write+0x9ec/0x1110 [ 334.382424][T20234] kernel_clone+0x21e/0x9e0 [ 334.386760][T20234] ? file_end_write+0x1c0/0x1c0 [ 334.391455][T20234] ? create_io_thread+0x1e0/0x1e0 [ 334.397002][T20234] ? mutex_unlock+0xb2/0x260 [ 334.401429][T20234] ? __mutex_lock_slowpath+0x10/0x10 [ 334.406550][T20234] __x64_sys_clone+0x23f/0x290 [ 334.411166][T20234] ? __do_sys_vfork+0x130/0x130 [ 334.415836][T20234] ? ksys_write+0x260/0x2c0 [ 334.420172][T20234] ? debug_smp_processor_id+0x17/0x20 [ 334.425385][T20234] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 334.431280][T20234] ? exit_to_user_mode_prepare+0x39/0xa0 [ 334.436753][T20234] do_syscall_64+0x3d/0xb0 [ 334.441001][T20234] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 334.446728][T20234] RIP: 0033:0x7f8118545da9 [ 334.450982][T20234] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 334.470683][T20234] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 334.478928][T20234] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 334.486824][T20234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 334.494635][T20234] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 334.502447][T20234] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 22:26:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x32600) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000001) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1007}, 0x8006}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000009c0)={0x3, 0x80, 0x0, 0x2, 0x20, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x47b, 0x1, @perf_bp={0x0, 0x7}, 0x80402, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0x9, 0x0, 0x0, 0xfffffff9, 0x0, 0x6}, 0x0, 0xd, r5, 0x1) (async) perf_event_open(&(0x7f0000000780)={0x6, 0x80, 0xab, 0x0, 0x5, 0x6, 0x0, 0x2, 0x400, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x88000, 0x0, 0x200, 0x2, 0x1f, 0x0, 0xff, 0x0, 0x3ff, 0x0, 0x480b}, 0x0, 0x7, r4, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r2, 0x0, 0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r6 = gettid() perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x3, 0x3, 0x7f, 0x1, 0x0, 0x401, 0x24000, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp, 0x4b6d8230e9122e91, 0x2, 0x800, 0x6, 0x1a8820e0, 0x10001, 0xfff8, 0x0, 0x16, 0x0, 0x400}, r6, 0x10, r1, 0x1) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) 22:26:37 executing program 0: syz_clone(0x44040100, 0x0, 0xe06b253a550000, 0x0, 0x0, 0x0) [ 334.510609][T20234] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 334.518430][T20234] 22:26:37 executing program 2: bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='svcsock_marker\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)) close(r0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00) r5 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r5) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, &(0x7f0000000200), 0x43405) 22:26:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='udp_fail_queue_rcv_skb\x00', r1}, 0x10) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='afs_cm_no_server\x00', r1}, 0x10) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x6, 0x7fe1, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001640)={{r4}, &(0x7f00000015c0), &(0x7f0000001600)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r4, &(0x7f0000000000), 0x0}, 0x20) (async) openat$cgroup_ro(r1, &(0x7f0000000500)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="8520000000f000008367d2478ed42937825b69"], &(0x7f0000000180)='GPL\x00', 0x7, 0x85, &(0x7f00000001c0)=""/133, 0x41100, 0x48, '\x00', r3, 0x25, r1, 0x8, &(0x7f0000000340)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x2, 0x4, 0x80000000, 0x2}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000400)=[r1, r1, r4, r1, 0x1, r0, r0], &(0x7f0000000440)=[{0x4, 0x2, 0x7, 0x7}, {0x5, 0x3, 0x5, 0xa}, {0x4, 0x1, 0x4, 0x3}], 0x10, 0x10000}, 0x90) 22:26:37 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) 22:26:37 executing program 2: bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='svcsock_marker\x00', r1}, 0x10) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)) (async) close(r0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_subtree(r3, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00) (async) r5 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r5) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000200), 0x43405) 22:26:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async, rerun: 32) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='udp_fail_queue_rcv_skb\x00', r1}, 0x10) (rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='afs_cm_no_server\x00', r1}, 0x10) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x6, 0x7fe1, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001640)={{r4}, &(0x7f00000015c0), &(0x7f0000001600)}, 0x20) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r4, &(0x7f0000000000), 0x0}, 0x20) (async, rerun: 64) openat$cgroup_ro(r1, &(0x7f0000000500)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0) (async, rerun: 64) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="8520000000f000008367d2478ed42937825b69"], &(0x7f0000000180)='GPL\x00', 0x7, 0x85, &(0x7f00000001c0)=""/133, 0x41100, 0x48, '\x00', r3, 0x25, r1, 0x8, &(0x7f0000000340)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x2, 0x4, 0x80000000, 0x2}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000400)=[r1, r1, r4, r1, 0x1, r0, r0], &(0x7f0000000440)=[{0x4, 0x2, 0x7, 0x7}, {0x5, 0x3, 0x5, 0xa}, {0x4, 0x1, 0x4, 0x3}], 0x10, 0x10000}, 0x90) [ 334.708659][T20262] FAULT_INJECTION: forcing a failure. [ 334.708659][T20262] name failslab, interval 1, probability 0, space 0, times 0 [ 334.737277][T20262] CPU: 1 PID: 20262 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 334.747450][T20262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 334.757338][T20262] Call Trace: [ 334.760460][T20262] [ 334.763235][T20262] dump_stack_lvl+0x151/0x1b7 [ 334.767748][T20262] ? io_uring_drop_tctx_refs+0x190/0x190 [ 334.773218][T20262] dump_stack+0x15/0x17 [ 334.777211][T20262] should_fail+0x3c6/0x510 [ 334.781465][T20262] __should_failslab+0xa4/0xe0 [ 334.786062][T20262] ? vm_area_dup+0x26/0x230 [ 334.790399][T20262] should_failslab+0x9/0x20 [ 334.794739][T20262] slab_pre_alloc_hook+0x37/0xd0 [ 334.799515][T20262] ? vm_area_dup+0x26/0x230 [ 334.803854][T20262] kmem_cache_alloc+0x44/0x200 22:26:38 executing program 0: syz_clone(0x44040100, 0x0, 0xf0710f1b000000, 0x0, 0x0, 0x0) [ 334.808455][T20262] vm_area_dup+0x26/0x230 [ 334.812621][T20262] copy_mm+0x9a1/0x13e0 [ 334.816640][T20262] ? copy_signal+0x610/0x610 [ 334.821038][T20262] ? __init_rwsem+0xd6/0x1c0 [ 334.825466][T20262] ? copy_signal+0x4e3/0x610 [ 334.829894][T20262] copy_process+0x1149/0x3290 [ 334.834408][T20262] ? proc_fail_nth_write+0x20b/0x290 [ 334.839532][T20262] ? fsnotify_perm+0x6a/0x5d0 [ 334.844040][T20262] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 334.848986][T20262] ? vfs_write+0x9ec/0x1110 [ 334.853325][T20262] kernel_clone+0x21e/0x9e0 [ 334.857664][T20262] ? file_end_write+0x1c0/0x1c0 [ 334.862357][T20262] ? create_io_thread+0x1e0/0x1e0 [ 334.867210][T20262] ? mutex_unlock+0xb2/0x260 [ 334.871640][T20262] ? __mutex_lock_slowpath+0x10/0x10 [ 334.876757][T20262] __x64_sys_clone+0x23f/0x290 [ 334.881354][T20262] ? __do_sys_vfork+0x130/0x130 [ 334.886039][T20262] ? ksys_write+0x260/0x2c0 [ 334.890385][T20262] ? debug_smp_processor_id+0x17/0x20 [ 334.895598][T20262] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 334.901490][T20262] ? exit_to_user_mode_prepare+0x39/0xa0 [ 334.906962][T20262] do_syscall_64+0x3d/0xb0 [ 334.911212][T20262] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 334.916961][T20262] RIP: 0033:0x7f8118545da9 [ 334.921192][T20262] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 334.940636][T20262] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 334.948877][T20262] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:38 executing program 1: perf_event_open(&(0x7f0000000bc0)={0x1, 0x80, 0x0, 0x0, 0x81, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x5}, 0x1884, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x12, 0xe, &(0x7f0000002100)=ANY=[@ANYBLOB="b700000060000000bca3000000000000240300001afeffff720af0fff8ffffff71a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe0000001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a68b3cc8e93be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb460ea36bac0063e5291569b33d21dae356e1c51f03a801be7a89679a16da18ec0ae564162a27030062d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1dee1d02d0f5ad94b081fcd507acb4b9c6738285ae49cee383dc5049076b98fb6853ab39a215a467efdae1dff95d83d6b879b58d14da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a4891f3d7d0c7904794cb0275d1c6982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead3e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9de7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a6b50f0937f778af083e055f6138a750ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a033a2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c1799880902000232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e0700000000000000ee077515d0a881192292ffff5392ab3d1311b82432662806add87047f66604ea4000000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f003b37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe54591a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c940000002b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab4639fa6a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a009945a22bd1f8c522c427160140b9f800000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8cce01952627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fd0000000000000000d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade5564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b2584e6c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598472ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88aecd0a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f386c4dd317e11c1e89fac1fa9bceb50fad686ffbb5f7d79565271add99821c3601653bf6d4091ce8e0af3ab3a82a2735abb21d675d21f0a65caeb3213db39c9d55a35c1d588a732ee0b3d3a09c7786bc50b014802027d1da4a2a0fde4672d8dccd9fa0c0000000000fa8ba125d87df66eb9b3be097fd0cc444d0fe8688cf6e6e8ea669e988b46e7be6029f37b46e8c57ebf8df20cf0f28da4b9d6a5d11f49fa0000000000000000000000000000000000000000000000000000000000000000000000000000000000718ee0fef9c52058d8d2"], &(0x7f00000001c0)='GPL\x00', 0xcd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000b80), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x406}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x47, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x4}, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x6}, 0x8}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x7fffff, 0x3, 0x0, 0x0, 0x0, 0x20000000000}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000380)='memory.numa_st\x13\xd2D\xff\xcaTW\x8f\xee@A\xcb.\xf3o\'\xfd\x85/1G\x93L\xf7\xf7\t7\xa9F\x04\xee(C8\x1f\x05\x9a\x95$<\x0f\xea\xb3m\xd8\xfa\x86]&6\xac~Qv\x93\xcd\"\x00\x00\x00\x00Q\xec\xc0Z3\x13L\x13\t\x96\xf3\xa7Ea\xfdK\xca\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H&\xe20\xc3\xcd^\xfdFq\xb2\x9f\xd5m\x9e\xcf=\x83+\x05\xe58\x7f0x0}, 0x52) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x19, 0x0, &(0x7f0000000540), &(0x7f00000009c0)='syzkaller\x00', 0x0, 0xfff, &(0x7f0000000d40)=""/4095, 0x40f00, 0x32, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x5, 0x2, 0x8, 0x3}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r4, 0xffffffffffffffff, r4]}, 0x90) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) r6 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_lsm={0x1d, 0x8, &(0x7f00000020c0)=ANY=[@ANYRES8=r2], &(0x7f0000000300)='GPL\x00', 0x3, 0x44, &(0x7f0000000480)=""/68, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0xd, 0x9}, 0x10, r3, 0x0, 0x0, &(0x7f0000000680)=[0x1, r5, r6]}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000340)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x14}, 0x90) openat$cgroup_devices(r2, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00), 0x4) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0x5, 0x7, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000008018521300a1e9a9c76688153af45320f43967d410000000000000000000000095000000000000009500000000000000"], &(0x7f0000000980)='syzkaller\x00', 0xfff, 0x0, &(0x7f0000000980), 0x41000, 0x4, '\x00', r0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x6, 0x6, 0x6}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[r4, r5, r4, 0xffffffffffffffff, r6, r5, r4], &(0x7f0000000c40), 0x10, 0x4}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f0000000080)) bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r9, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a1, &(0x7f0000000080)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) syz_clone(0x528c0400, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:38 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) 22:26:38 executing program 2: bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='svcsock_marker\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)) close(r0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_subtree(r3, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0xda00) r5 = perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r5) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000200), 0x43405) [ 334.956689][T20262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 334.964502][T20262] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 334.972311][T20262] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 334.980123][T20262] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 334.987946][T20262] [ 335.045734][T20278] FAULT_INJECTION: forcing a failure. [ 335.045734][T20278] name failslab, interval 1, probability 0, space 0, times 0 [ 335.072428][T20278] CPU: 0 PID: 20278 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 335.082593][T20278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 335.092832][T20278] Call Trace: [ 335.095975][T20278] [ 335.098733][T20278] dump_stack_lvl+0x151/0x1b7 [ 335.103244][T20278] ? io_uring_drop_tctx_refs+0x190/0x190 [ 335.108715][T20278] dump_stack+0x15/0x17 [ 335.112705][T20278] should_fail+0x3c6/0x510 [ 335.117075][T20278] __should_failslab+0xa4/0xe0 [ 335.121645][T20278] ? vm_area_dup+0x26/0x230 [ 335.125997][T20278] should_failslab+0x9/0x20 [ 335.130329][T20278] slab_pre_alloc_hook+0x37/0xd0 [ 335.135105][T20278] ? vm_area_dup+0x26/0x230 [ 335.139448][T20278] kmem_cache_alloc+0x44/0x200 [ 335.144040][T20278] vm_area_dup+0x26/0x230 [ 335.148202][T20278] copy_mm+0x9a1/0x13e0 [ 335.152198][T20278] ? copy_signal+0x610/0x610 [ 335.156625][T20278] ? __init_rwsem+0xd6/0x1c0 [ 335.161049][T20278] ? copy_signal+0x4e3/0x610 [ 335.165472][T20278] copy_process+0x1149/0x3290 [ 335.169989][T20278] ? proc_fail_nth_write+0x20b/0x290 [ 335.175106][T20278] ? fsnotify_perm+0x6a/0x5d0 [ 335.179625][T20278] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 335.184568][T20278] ? vfs_write+0x9ec/0x1110 [ 335.188913][T20278] kernel_clone+0x21e/0x9e0 [ 335.193246][T20278] ? file_end_write+0x1c0/0x1c0 [ 335.197935][T20278] ? create_io_thread+0x1e0/0x1e0 [ 335.202811][T20278] ? mutex_unlock+0xb2/0x260 [ 335.207219][T20278] ? __mutex_lock_slowpath+0x10/0x10 [ 335.212344][T20278] __x64_sys_clone+0x23f/0x290 [ 335.216943][T20278] ? __do_sys_vfork+0x130/0x130 [ 335.221627][T20278] ? ksys_write+0x260/0x2c0 [ 335.225966][T20278] ? debug_smp_processor_id+0x17/0x20 [ 335.231176][T20278] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 335.237208][T20278] ? exit_to_user_mode_prepare+0x39/0xa0 22:26:38 executing program 1: perf_event_open(&(0x7f0000000bc0)={0x1, 0x80, 0x0, 0x0, 0x81, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x5}, 0x1884, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x12, 0xe, &(0x7f0000002100)=ANY=[@ANYBLOB="b700000060000000bca3000000000000240300001afeffff720af0fff8ffffff71a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe0000001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a68b3cc8e93be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb460ea36bac0063e5291569b33d21dae356e1c51f03a801be7a89679a16da18ec0ae564162a27030062d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1dee1d02d0f5ad94b081fcd507acb4b9c6738285ae49cee383dc5049076b98fb6853ab39a215a467efdae1dff95d83d6b879b58d14da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a4891f3d7d0c7904794cb0275d1c6982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead3e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9de7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a6b50f0937f778af083e055f6138a750ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a033a2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c1799880902000232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e0700000000000000ee077515d0a881192292ffff5392ab3d1311b82432662806add87047f66604ea4000000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f003b37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe54591a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c940000002b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab4639fa6a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a009945a22bd1f8c522c427160140b9f800000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8cce01952627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fd0000000000000000d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade5564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b2584e6c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598472ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88aecd0a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f386c4dd317e11c1e89fac1fa9bceb50fad686ffbb5f7d79565271add99821c3601653bf6d4091ce8e0af3ab3a82a2735abb21d675d21f0a65caeb3213db39c9d55a35c1d588a732ee0b3d3a09c7786bc50b014802027d1da4a2a0fde4672d8dccd9fa0c0000000000fa8ba125d87df66eb9b3be097fd0cc444d0fe8688cf6e6e8ea669e988b46e7be6029f37b46e8c57ebf8df20cf0f28da4b9d6a5d11f49fa0000000000000000000000000000000000000000000000000000000000000000000000000000000000718ee0fef9c52058d8d2"], &(0x7f00000001c0)='GPL\x00', 0xcd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000b80), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x406}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x47, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x4}, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x6}, 0x8}, 0x90) (async) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async) syz_open_procfs$namespace(0x0, 0x0) (async) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x7fffff, 0x3, 0x0, 0x0, 0x0, 0x20000000000}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000380)='memory.numa_st\x13\xd2D\xff\xcaTW\x8f\xee@A\xcb.\xf3o\'\xfd\x85/1G\x93L\xf7\xf7\t7\xa9F\x04\xee(C8\x1f\x05\x9a\x95$<\x0f\xea\xb3m\xd8\xfa\x86]&6\xac~Qv\x93\xcd\"\x00\x00\x00\x00Q\xec\xc0Z3\x13L\x13\t\x96\xf3\xa7Ea\xfdK\xca\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H&\xe20\xc3\xcd^\xfdFq\xb2\x9f\xd5m\x9e\xcf=\x83+\x05\xe58\x7f0x0}, 0x52) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x19, 0x0, &(0x7f0000000540), &(0x7f00000009c0)='syzkaller\x00', 0x0, 0xfff, &(0x7f0000000d40)=""/4095, 0x40f00, 0x32, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x5, 0x2, 0x8, 0x3}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r4, 0xffffffffffffffff, r4]}, 0x90) (async) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) (async) r6 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_lsm={0x1d, 0x8, &(0x7f00000020c0)=ANY=[@ANYRES8=r2], &(0x7f0000000300)='GPL\x00', 0x3, 0x44, &(0x7f0000000480)=""/68, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0xd, 0x9}, 0x10, r3, 0x0, 0x0, &(0x7f0000000680)=[0x1, r5, r6]}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000340)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x14}, 0x90) (async) openat$cgroup_devices(r2, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00), 0x4) (async) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0x5, 0x7, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000008018521300a1e9a9c76688153af45320f43967d410000000000000000000000095000000000000009500000000000000"], &(0x7f0000000980)='syzkaller\x00', 0xfff, 0x0, &(0x7f0000000980), 0x41000, 0x4, '\x00', r0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x6, 0x6, 0x6}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[r4, r5, r4, 0xffffffffffffffff, r6, r5, r4], &(0x7f0000000c40), 0x10, 0x4}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f0000000080)) bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r9, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a1, &(0x7f0000000080)) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) syz_clone(0x528c0400, 0x0, 0x0, 0x0, 0x0, 0x0) [ 335.242654][T20278] do_syscall_64+0x3d/0xb0 [ 335.246908][T20278] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 335.252634][T20278] RIP: 0033:0x7f8118545da9 [ 335.256885][T20278] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 335.276764][T20278] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 335.285006][T20278] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:38 executing program 2: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000}, 0x100901, 0x0, 0x0, 0x0, 0x0, 0x102}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b09303960e2f80af"], 0xfdef) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x6, &(0x7f0000000300)=[{0x712d, 0x0, 0x9, 0xffff8000}, {0x6, 0x1f, 0x80, 0x5}, {0x401, 0xf, 0x2}, {0x81, 0x7f, 0x1f}, {0x0, 0x76, 0x8, 0x6}, {0x9}]}) close(0xffffffffffffffff) write$cgroup_subtree(r3, &(0x7f0000000180)={[{0x2b, 'cpuset'}, {0x0, 'net_prio'}]}, 0x12) perf_event_open$cgroup(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x2, 0x81, 0x0, 0x0, 0x22000, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x9100, 0x0, 0x100ce, 0x4, 0x0, 0x0, 0xaf00, 0x0, 0x0, 0x0, 0x3ff}, r4, 0xc, r3, 0x9) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000440), 0x8) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='freezer.parent_freezing\x00', 0x0, 0x0) r8 = perf_event_open(&(0x7f00000017c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x3) r9 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_subtree(r7, &(0x7f0000000100)={[{0x2d, 'hugetlb'}, {0x0, 'io'}, {0x2b, 'rlimit'}, {0x0, 'rdma'}]}, 0x1b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r9, r8, 0x0, 0x0, 0x0}, 0x30) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000500)={r5, 0x58, &(0x7f0000000480)}, 0x10) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000200)='\x1fF#\f\xf9e\x88\xd7>\x12@&h\x82\\bi\xaa(r\xd6(\xa9\xb0R\x10u\x82\x1f\x11%\xd2\xd4\xeay\xe3kZ\x93Dv\rP|\x04\x92\x84\x8d\xa1y\xac\xe9\xff\x87\xd7\b\x00\x00\x00\x00\x00\x00\x00\x97\x83\xc9f\xf9C_m\x1b\x1c\xdc\xa5\xd6\xb8\xd1\xc5\x93-\xf9yxR\xa4\xab\xf0\xc5l\xe4\xef0xffffffffffffffff}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r1}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={r1, 0x58, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = openat$cgroup_ro(r1, &(0x7f0000000a00)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x8, &(0x7f0000000800)=@raw=[@map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @btf_id={0x18, 0xf, 0x3, 0x0, 0x1}], &(0x7f0000000840)='syzkaller\x00', 0x8, 0x8b, &(0x7f0000000880)=""/139, 0x40f00, 0x0, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000a40)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x0, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[r1, r0, r1, r0], 0x0, 0x10, 0x4}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(r6, &(0x7f0000000080), 0x11ffffce1) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x660c, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x7, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x8000}, [@generic={0xff, 0xb, 0x1, 0xfff7}, @exit, @map_val={0x18, 0x8, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x101}]}, &(0x7f0000000540)='syzkaller\x00', 0xfea5, 0x0, 0x0, 0x40f00, 0x6f, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x6, 0x6098, 0x1f}, 0x10, 0x0, r6, 0x5, 0x0, &(0x7f0000000600)=[{0x3, 0x1, 0x10, 0xb}, {0x4, 0x5, 0xa, 0xb}, {0x0, 0x2, 0xb}, {0x0, 0x5, 0x7, 0x3}, {0x0, 0x1, 0xe, 0xc}], 0x10, 0x9}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1e, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1f}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x1, 0x3, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, r6], 0x0, 0x10, 0x7ff}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a5a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) [ 335.292816][T20278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 335.300628][T20278] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 335.308446][T20278] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 335.316349][T20278] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 335.324163][T20278] 22:26:38 executing program 0: syz_clone(0x44040100, 0x0, 0xf0ff1f00000000, 0x0, 0x0, 0x0) 22:26:38 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) [ 335.489955][T20302] FAULT_INJECTION: forcing a failure. [ 335.489955][T20302] name failslab, interval 1, probability 0, space 0, times 0 [ 335.516711][T20302] CPU: 0 PID: 20302 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 335.526868][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 335.536769][T20302] Call Trace: [ 335.539886][T20302] [ 335.542664][T20302] dump_stack_lvl+0x151/0x1b7 [ 335.547185][T20302] ? io_uring_drop_tctx_refs+0x190/0x190 [ 335.552650][T20302] dump_stack+0x15/0x17 [ 335.556637][T20302] should_fail+0x3c6/0x510 [ 335.560894][T20302] __should_failslab+0xa4/0xe0 [ 335.565492][T20302] ? vm_area_dup+0x26/0x230 [ 335.569831][T20302] should_failslab+0x9/0x20 [ 335.574171][T20302] slab_pre_alloc_hook+0x37/0xd0 [ 335.578942][T20302] ? vm_area_dup+0x26/0x230 [ 335.583288][T20302] kmem_cache_alloc+0x44/0x200 [ 335.587886][T20302] vm_area_dup+0x26/0x230 [ 335.592050][T20302] copy_mm+0x9a1/0x13e0 [ 335.596044][T20302] ? copy_signal+0x610/0x610 [ 335.600465][T20302] ? __init_rwsem+0xd6/0x1c0 [ 335.604893][T20302] ? copy_signal+0x4e3/0x610 [ 335.609320][T20302] copy_process+0x1149/0x3290 [ 335.613834][T20302] ? proc_fail_nth_write+0x20b/0x290 [ 335.618953][T20302] ? fsnotify_perm+0x6a/0x5d0 [ 335.623468][T20302] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 335.628413][T20302] ? vfs_write+0x9ec/0x1110 [ 335.632756][T20302] kernel_clone+0x21e/0x9e0 [ 335.637099][T20302] ? file_end_write+0x1c0/0x1c0 [ 335.641783][T20302] ? create_io_thread+0x1e0/0x1e0 [ 335.646641][T20302] ? mutex_unlock+0xb2/0x260 [ 335.651068][T20302] ? __mutex_lock_slowpath+0x10/0x10 [ 335.656190][T20302] __x64_sys_clone+0x23f/0x290 [ 335.660811][T20302] ? __do_sys_vfork+0x130/0x130 [ 335.665475][T20302] ? ksys_write+0x260/0x2c0 [ 335.669823][T20302] ? debug_smp_processor_id+0x17/0x20 [ 335.675020][T20302] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 335.680923][T20302] ? exit_to_user_mode_prepare+0x39/0xa0 [ 335.686410][T20302] do_syscall_64+0x3d/0xb0 [ 335.690643][T20302] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 335.696376][T20302] RIP: 0033:0x7f8118545da9 [ 335.700626][T20302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 335.720070][T20302] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 335.728315][T20302] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 22:26:39 executing program 1: perf_event_open(&(0x7f0000000bc0)={0x1, 0x80, 0x0, 0x0, 0x81, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x5}, 0x1884, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x12, 0xe, &(0x7f0000002100)=ANY=[@ANYBLOB="b700000060000000bca3000000000000240300001afeffff720af0fff8ffffff71a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe0000001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a68b3cc8e93be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb460ea36bac0063e5291569b33d21dae356e1c51f03a801be7a89679a16da18ec0ae564162a27030062d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1dee1d02d0f5ad94b081fcd507acb4b9c6738285ae49cee383dc5049076b98fb6853ab39a215a467efdae1dff95d83d6b879b58d14da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a4891f3d7d0c7904794cb0275d1c6982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead3e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9de7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a6b50f0937f778af083e055f6138a750ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a033a2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c1799880902000232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e0700000000000000ee077515d0a881192292ffff5392ab3d1311b82432662806add87047f66604ea4000000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f003b37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe54591a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c940000002b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab4639fa6a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a009945a22bd1f8c522c427160140b9f800000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8cce01952627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fd0000000000000000d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade5564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b2584e6c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598472ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88aecd0a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f386c4dd317e11c1e89fac1fa9bceb50fad686ffbb5f7d79565271add99821c3601653bf6d4091ce8e0af3ab3a82a2735abb21d675d21f0a65caeb3213db39c9d55a35c1d588a732ee0b3d3a09c7786bc50b014802027d1da4a2a0fde4672d8dccd9fa0c0000000000fa8ba125d87df66eb9b3be097fd0cc444d0fe8688cf6e6e8ea669e988b46e7be6029f37b46e8c57ebf8df20cf0f28da4b9d6a5d11f49fa0000000000000000000000000000000000000000000000000000000000000000000000000000000000718ee0fef9c52058d8d2"], &(0x7f00000001c0)='GPL\x00', 0xcd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000b80), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x406}, 0x90) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x47, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x4}, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x6}, 0x8}, 0x90) (async) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) (async) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x7fffff, 0x3, 0x0, 0x0, 0x0, 0x20000000000}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000380)='memory.numa_st\x13\xd2D\xff\xcaTW\x8f\xee@A\xcb.\xf3o\'\xfd\x85/1G\x93L\xf7\xf7\t7\xa9F\x04\xee(C8\x1f\x05\x9a\x95$<\x0f\xea\xb3m\xd8\xfa\x86]&6\xac~Qv\x93\xcd\"\x00\x00\x00\x00Q\xec\xc0Z3\x13L\x13\t\x96\xf3\xa7Ea\xfdK\xca\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H&\xe20\xc3\xcd^\xfdFq\xb2\x9f\xd5m\x9e\xcf=\x83+\x05\xe58\x7f0x0}, 0x52) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x19, 0x0, &(0x7f0000000540), &(0x7f00000009c0)='syzkaller\x00', 0x0, 0xfff, &(0x7f0000000d40)=""/4095, 0x40f00, 0x32, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x5, 0x2, 0x8, 0x3}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r4, 0xffffffffffffffff, r4]}, 0x90) (async) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) (async) r6 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_lsm={0x1d, 0x8, &(0x7f00000020c0)=ANY=[@ANYRES8=r2], &(0x7f0000000300)='GPL\x00', 0x3, 0x44, &(0x7f0000000480)=""/68, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0xd, 0x9}, 0x10, r3, 0x0, 0x0, &(0x7f0000000680)=[0x1, r5, r6]}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000340)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x14}, 0x90) (async) openat$cgroup_devices(r2, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00), 0x4) (async) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0x5, 0x7, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000008018521300a1e9a9c76688153af45320f43967d410000000000000000000000095000000000000009500000000000000"], &(0x7f0000000980)='syzkaller\x00', 0xfff, 0x0, &(0x7f0000000980), 0x41000, 0x4, '\x00', r0, 0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x6, 0x6, 0x6}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[r4, r5, r4, 0xffffffffffffffff, r6, r5, r4], &(0x7f0000000c40), 0x10, 0x4}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f0000000080)) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000780), 0x8) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r9, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89a1, &(0x7f0000000080)) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) syz_clone(0x528c0400, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:39 executing program 2: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000}, 0x100901, 0x0, 0x0, 0x0, 0x0, 0x102}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b09303960e2f80af"], 0xfdef) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) (async) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) (async) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)) (async) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x0) (async) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x6, &(0x7f0000000300)=[{0x712d, 0x0, 0x9, 0xffff8000}, {0x6, 0x1f, 0x80, 0x5}, {0x401, 0xf, 0x2}, {0x81, 0x7f, 0x1f}, {0x0, 0x76, 0x8, 0x6}, {0x9}]}) (async) close(0xffffffffffffffff) write$cgroup_subtree(r3, &(0x7f0000000180)={[{0x2b, 'cpuset'}, {0x0, 'net_prio'}]}, 0x12) (async) perf_event_open$cgroup(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x2, 0x81, 0x0, 0x0, 0x22000, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x9100, 0x0, 0x100ce, 0x4, 0x0, 0x0, 0xaf00, 0x0, 0x0, 0x0, 0x3ff}, r4, 0xc, r3, 0x9) (async) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000440), 0x8) (async) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='freezer.parent_freezing\x00', 0x0, 0x0) (async) r8 = perf_event_open(&(0x7f00000017c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x3) r9 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_subtree(r7, &(0x7f0000000100)={[{0x2d, 'hugetlb'}, {0x0, 'io'}, {0x2b, 'rlimit'}, {0x0, 'rdma'}]}, 0x1b) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r9, r8, 0x0, 0x0, 0x0}, 0x30) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000500)={r5, 0x58, &(0x7f0000000480)}, 0x10) (async) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000200)='\x1fF#\f\xf9e\x88\xd7>\x12@&h\x82\\bi\xaa(r\xd6(\xa9\xb0R\x10u\x82\x1f\x11%\xd2\xd4\xeay\xe3kZ\x93Dv\rP|\x04\x92\x84\x8d\xa1y\xac\xe9\xff\x87\xd7\b\x00\x00\x00\x00\x00\x00\x00\x97\x83\xc9f\xf9C_m\x1b\x1c\xdc\xa5\xd6\xb8\xd1\xc5\x93-\xf9yxR\xa4\xab\xf0\xc5l\xe4\xef 22:26:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'macvtap0\x00', 0x2}) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)=0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2000}) close(r0) 22:26:39 executing program 2: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000}, 0x100901, 0x0, 0x0, 0x0, 0x0, 0x102}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000}, 0x100901, 0x0, 0x0, 0x0, 0x0, 0x102}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b09303960e2f80af"], 0xfdef) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000), 0xfdef) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x0) (async) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) (async) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x6, &(0x7f0000000300)=[{0x712d, 0x0, 0x9, 0xffff8000}, {0x6, 0x1f, 0x80, 0x5}, {0x401, 0xf, 0x2}, {0x81, 0x7f, 0x1f}, {0x0, 0x76, 0x8, 0x6}, {0x9}]}) (async) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x6, &(0x7f0000000300)=[{0x712d, 0x0, 0x9, 0xffff8000}, {0x6, 0x1f, 0x80, 0x5}, {0x401, 0xf, 0x2}, {0x81, 0x7f, 0x1f}, {0x0, 0x76, 0x8, 0x6}, {0x9}]}) close(0xffffffffffffffff) write$cgroup_subtree(r3, &(0x7f0000000180)={[{0x2b, 'cpuset'}, {0x0, 'net_prio'}]}, 0x12) perf_event_open$cgroup(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x2, 0x81, 0x0, 0x0, 0x22000, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x9100, 0x0, 0x100ce, 0x4, 0x0, 0x0, 0xaf00, 0x0, 0x0, 0x0, 0x3ff}, r4, 0xc, r3, 0x9) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000440), 0x8) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='freezer.parent_freezing\x00', 0x0, 0x0) perf_event_open(&(0x7f00000017c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x3) (async) r8 = perf_event_open(&(0x7f00000017c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x3) r9 = syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_subtree(r7, &(0x7f0000000100)={[{0x2d, 'hugetlb'}, {0x0, 'io'}, {0x2b, 'rlimit'}, {0x0, 'rdma'}]}, 0x1b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r9, r8, 0x0, 0x0, 0x0}, 0x30) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r9, r8, 0x0, 0x0, 0x0}, 0x30) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000500)={r5, 0x58, &(0x7f0000000480)}, 0x10) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000200)='\x1fF#\f\xf9e\x88\xd7>\x12@&h\x82\\bi\xaa(r\xd6(\xa9\xb0R\x10u\x82\x1f\x11%\xd2\xd4\xeay\xe3kZ\x93Dv\rP|\x04\x92\x84\x8d\xa1y\xac\xe9\xff\x87\xd7\b\x00\x00\x00\x00\x00\x00\x00\x97\x83\xc9f\xf9C_m\x1b\x1c\xdc\xa5\xd6\xb8\xd1\xc5\x93-\xf9yxR\xa4\xab\xf0\xc5l\xe4\xef0xffffffffffffffff}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r1}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={r1, 0x58, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = openat$cgroup_ro(r1, &(0x7f0000000a00)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x8, &(0x7f0000000800)=@raw=[@map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @btf_id={0x18, 0xf, 0x3, 0x0, 0x1}], &(0x7f0000000840)='syzkaller\x00', 0x8, 0x8b, &(0x7f0000000880)=""/139, 0x40f00, 0x0, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000a40)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x0, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[r1, r0, r1, r0], 0x0, 0x10, 0x4}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(r6, &(0x7f0000000080), 0x11ffffce1) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x660c, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x660c, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x7, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x8000}, [@generic={0xff, 0xb, 0x1, 0xfff7}, @exit, @map_val={0x18, 0x8, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x101}]}, &(0x7f0000000540)='syzkaller\x00', 0xfea5, 0x0, 0x0, 0x40f00, 0x6f, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x6, 0x6098, 0x1f}, 0x10, 0x0, r6, 0x5, 0x0, &(0x7f0000000600)=[{0x3, 0x1, 0x10, 0xb}, {0x4, 0x5, 0xa, 0xb}, {0x0, 0x2, 0xb}, {0x0, 0x5, 0x7, 0x3}, {0x0, 0x1, 0xe, 0xc}], 0x10, 0x9}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1e, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1f}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x1, 0x3, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, r6], 0x0, 0x10, 0x7ff}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1e, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1f}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x1, 0x3, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, r6], 0x0, 0x10, 0x7ff}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a5a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a5a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) 22:26:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'macvtap0\x00', 0x2}) (async) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)=0x1) (async, rerun: 32) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2000}) (async, rerun: 32) close(r0) 22:26:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'macvtap0\x00', 0x2}) (async) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)=0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2000}) (async) close(r0) 22:26:39 executing program 2: r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x18}, 0xc) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b80), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r1, &(0x7f00000018c0)='cgroup.controllers\x00', 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="9f54f61e411f9f0b9401849bc5cf1c659ac964e38c08940682989d8bdb7f004a675fc3ca1da05c725e725b7c8c3510093256e2bd8bb8f80753748902f0bb7177da09000000000000002cdf87605eb8289e527b3dad55c3d5eab0f0a66448ccfec344b9a0f58d86b154ae209f3e6cae9b4c6c1770630a5f23c06a895e4602ce7183d1c8c279f3f0e26942fd9436812a5bc03b5e6c9fbfb3d848806ab9d0d74c5b3652015234fdf44eefb225e3108733d50669d3e7589f41de3a29890d9d164237829849ae6c66ca5cdcde834ff54ccae7e35a23523bd7ee7d7d098b63267de74ca927ed93e1942dba35551dfa71f3edf08ace4d185050eb52d3b9d7d45e0bf4ed36b3dbc88eddb581bc1e57a3e83a1b73a44b1334ec03212ab824c8d7fc23593137eb9ecc00eb1b2fd88f3a3b2a10b0092b22da2315dff81336c36be12312412d318ead5da3d0c24d44", @ANYRES32=r0, @ANYBLOB="0000000004000000a50a1800010000401800000003ff01ffffffffff7f040000da845f782dca272a34ad4274185cc4794e6fe3b5bbfa230b03f994f18f51404a65a4ed2572a59b7f6dd1b17e1122edf8b42fbb677b9d50f005372079f47333cd9670b3a169f61b7a35b9b9ce6e20897da37c318f8a492983ab8e97468c752c295184ebb319c6c1ac0f2b0df054bbedb27baa5b73d01f448183d0f2549059dee41f9b239191e28cc8e6ea43520f13ded325c929302e16a389247fcdd3064865a2a47123a804f8fd4b42ed9e5854ef1b9c22bff2465245b57576f7c930cd4b0fdfc3f9a728b625ecaec357bd19395605fa382737f04154f13a335122", @ANYRES16=r3], &(0x7f0000000a40)='GPL\x00', 0x91, 0x4d, &(0x7f0000000a80)=""/77, 0x41100, 0x52, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000b00)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000b40)={0x2, 0x4, 0x261}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000bc0)=[0xffffffffffffffff, 0x1, 0x1, r3, r4, 0xffffffffffffffff, 0x1], &(0x7f0000000c00)=[{0x3, 0x3, 0x6, 0x1}, {0x3, 0x2, 0xd, 0x6}, {0x4, 0x2, 0x5, 0xc}, {0x0, 0x1, 0xe, 0x7}]}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0xa0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000380)}, 0x4840}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) syz_clone(0x40045000, &(0x7f0000000800)="fdfaaa0bc343f4223e77d903967e105cfa9ad3b5cb2284ecfdff6d34e75203c9108910169700d5e62ca368d3eda875e5054b150a61a0f017c27831db1ed076dd92f1cfacb8a8d5db81f5550a2b0bb06edf484e867ead06059dd79a8501cedb1b90c256846bc849de4a246c6c12c45a78a979675a0a8e34f3cb5d7d7d0fcb18e5486c74bd48c317c281bf49856d90d2582b42ec3e65db4e92826d8b2011475273dba0e52121f4da89f6b6be144cf825df93cea3c0486249cd8cc4cf40e2c640b1299ac6216fea9154ca69468391a389674d90acbee07a68aeaaad05cf44ef4bd8e6881b4c5c8d6320f4cf99", 0xeb, &(0x7f0000000080), &(0x7f0000000480), &(0x7f00000004c0)="9bc657d9718c40ab1decd113e0a918a3092d4c1c9775c7f8be16132830614b3fd1ffc73eb77547c7cc90745edf42aef194a3c89314c39180") bpf$ITER_CREATE(0x21, &(0x7f0000000200)={r4}, 0x8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r5}, &(0x7f0000000540), &(0x7f0000000640)='%-010d \x00'}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0xffffffffffffffff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x9b, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x5, 0x1, 0xfff, 0x2502, r5, 0x6, '\x00', 0x0, r2, 0x3, 0x0, 0x5}, 0x48) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001a00)={0x0, 0x8, 0x8}, 0xc) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, r6, 0x9) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40086607, &(0x7f0000000040)=0xc400000000000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r7, 0x1, 0x42, &(0x7f0000000040), 0x3b) 22:26:39 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) 22:26:39 executing program 0: syz_clone(0x44040100, 0x0, 0x200000000000000, 0x0, 0x0, 0x0) [ 336.221908][T20349] FAULT_INJECTION: forcing a failure. [ 336.221908][T20349] name failslab, interval 1, probability 0, space 0, times 0 [ 336.274406][T20349] CPU: 0 PID: 20349 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 336.284570][T20349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 336.294464][T20349] Call Trace: [ 336.297586][T20349] [ 336.300363][T20349] dump_stack_lvl+0x151/0x1b7 [ 336.304872][T20349] ? io_uring_drop_tctx_refs+0x190/0x190 [ 336.310356][T20349] dump_stack+0x15/0x17 [ 336.314333][T20349] should_fail+0x3c6/0x510 [ 336.318586][T20349] __should_failslab+0xa4/0xe0 [ 336.323185][T20349] ? vm_area_dup+0x26/0x230 [ 336.327527][T20349] should_failslab+0x9/0x20 [ 336.331875][T20349] slab_pre_alloc_hook+0x37/0xd0 [ 336.336643][T20349] ? vm_area_dup+0x26/0x230 [ 336.340977][T20349] kmem_cache_alloc+0x44/0x200 [ 336.345581][T20349] vm_area_dup+0x26/0x230 [ 336.349757][T20349] copy_mm+0x9a1/0x13e0 [ 336.353745][T20349] ? copy_signal+0x610/0x610 [ 336.358255][T20349] ? __init_rwsem+0xd6/0x1c0 [ 336.362676][T20349] ? copy_signal+0x4e3/0x610 [ 336.367103][T20349] copy_process+0x1149/0x3290 [ 336.371620][T20349] ? proc_fail_nth_write+0x20b/0x290 [ 336.376737][T20349] ? fsnotify_perm+0x6a/0x5d0 [ 336.381253][T20349] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 336.386202][T20349] ? vfs_write+0x9ec/0x1110 [ 336.390538][T20349] kernel_clone+0x21e/0x9e0 [ 336.394883][T20349] ? file_end_write+0x1c0/0x1c0 [ 336.399565][T20349] ? create_io_thread+0x1e0/0x1e0 [ 336.404427][T20349] ? mutex_unlock+0xb2/0x260 [ 336.408850][T20349] ? __mutex_lock_slowpath+0x10/0x10 [ 336.413971][T20349] __x64_sys_clone+0x23f/0x290 [ 336.418570][T20349] ? __do_sys_vfork+0x130/0x130 [ 336.423259][T20349] ? ksys_write+0x260/0x2c0 [ 336.427051][T20350] sock: sock_set_timeout: `syz-executor.2' (pid 20350) tries to set negative timeout [ 336.427594][T20349] ? debug_smp_processor_id+0x17/0x20 [ 336.442092][T20349] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 336.447993][T20349] ? exit_to_user_mode_prepare+0x39/0xa0 [ 336.453463][T20349] do_syscall_64+0x3d/0xb0 [ 336.457715][T20349] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 336.463440][T20349] RIP: 0033:0x7f8118545da9 [ 336.467696][T20349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 336.487487][T20349] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 336.495729][T20349] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 336.503542][T20349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 336.511349][T20349] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:39 executing program 2: r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x18}, 0xc) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b80), 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) openat$cgroup_ro(r3, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f00000018c0)='cgroup.controllers\x00', 0x0, 0x0) (async) r4 = openat$cgroup_ro(r1, &(0x7f00000018c0)='cgroup.controllers\x00', 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="9f54f61e411f9f0b9401849bc5cf1c659ac964e38c08940682989d8bdb7f004a675fc3ca1da05c725e725b7c8c3510093256e2bd8bb8f80753748902f0bb7177da09000000000000002cdf87605eb8289e527b3dad55c3d5eab0f0a66448ccfec344b9a0f58d86b154ae209f3e6cae9b4c6c1770630a5f23c06a895e4602ce7183d1c8c279f3f0e26942fd9436812a5bc03b5e6c9fbfb3d848806ab9d0d74c5b3652015234fdf44eefb225e3108733d50669d3e7589f41de3a29890d9d164237829849ae6c66ca5cdcde834ff54ccae7e35a23523bd7ee7d7d098b63267de74ca927ed93e1942dba35551dfa71f3edf08ace4d185050eb52d3b9d7d45e0bf4ed36b3dbc88eddb581bc1e57a3e83a1b73a44b1334ec03212ab824c8d7fc23593137eb9ecc00eb1b2fd88f3a3b2a10b0092b22da2315dff81336c36be12312412d318ead5da3d0c24d44", @ANYRES32=r0, @ANYBLOB="0000000004000000a50a1800010000401800000003ff01ffffffffff7f040000da845f782dca272a34ad4274185cc4794e6fe3b5bbfa230b03f994f18f51404a65a4ed2572a59b7f6dd1b17e1122edf8b42fbb677b9d50f005372079f47333cd9670b3a169f61b7a35b9b9ce6e20897da37c318f8a492983ab8e97468c752c295184ebb319c6c1ac0f2b0df054bbedb27baa5b73d01f448183d0f2549059dee41f9b239191e28cc8e6ea43520f13ded325c929302e16a389247fcdd3064865a2a47123a804f8fd4b42ed9e5854ef1b9c22bff2465245b57576f7c930cd4b0fdfc3f9a728b625ecaec357bd19395605fa382737f04154f13a335122", @ANYRES16=r3], &(0x7f0000000a40)='GPL\x00', 0x91, 0x4d, &(0x7f0000000a80)=""/77, 0x41100, 0x52, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000b00)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000b40)={0x2, 0x4, 0x261}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000bc0)=[0xffffffffffffffff, 0x1, 0x1, r3, r4, 0xffffffffffffffff, 0x1], &(0x7f0000000c00)=[{0x3, 0x3, 0x6, 0x1}, {0x3, 0x2, 0xd, 0x6}, {0x4, 0x2, 0x5, 0xc}, {0x0, 0x1, 0xe, 0x7}]}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="9f54f61e411f9f0b9401849bc5cf1c659ac964e38c08940682989d8bdb7f004a675fc3ca1da05c725e725b7c8c3510093256e2bd8bb8f80753748902f0bb7177da09000000000000002cdf87605eb8289e527b3dad55c3d5eab0f0a66448ccfec344b9a0f58d86b154ae209f3e6cae9b4c6c1770630a5f23c06a895e4602ce7183d1c8c279f3f0e26942fd9436812a5bc03b5e6c9fbfb3d848806ab9d0d74c5b3652015234fdf44eefb225e3108733d50669d3e7589f41de3a29890d9d164237829849ae6c66ca5cdcde834ff54ccae7e35a23523bd7ee7d7d098b63267de74ca927ed93e1942dba35551dfa71f3edf08ace4d185050eb52d3b9d7d45e0bf4ed36b3dbc88eddb581bc1e57a3e83a1b73a44b1334ec03212ab824c8d7fc23593137eb9ecc00eb1b2fd88f3a3b2a10b0092b22da2315dff81336c36be12312412d318ead5da3d0c24d44", @ANYRES32=r0, @ANYBLOB="0000000004000000a50a1800010000401800000003ff01ffffffffff7f040000da845f782dca272a34ad4274185cc4794e6fe3b5bbfa230b03f994f18f51404a65a4ed2572a59b7f6dd1b17e1122edf8b42fbb677b9d50f005372079f47333cd9670b3a169f61b7a35b9b9ce6e20897da37c318f8a492983ab8e97468c752c295184ebb319c6c1ac0f2b0df054bbedb27baa5b73d01f448183d0f2549059dee41f9b239191e28cc8e6ea43520f13ded325c929302e16a389247fcdd3064865a2a47123a804f8fd4b42ed9e5854ef1b9c22bff2465245b57576f7c930cd4b0fdfc3f9a728b625ecaec357bd19395605fa382737f04154f13a335122", @ANYRES16=r3], &(0x7f0000000a40)='GPL\x00', 0x91, 0x4d, &(0x7f0000000a80)=""/77, 0x41100, 0x52, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000b00)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000b40)={0x2, 0x4, 0x261}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000bc0)=[0xffffffffffffffff, 0x1, 0x1, r3, r4, 0xffffffffffffffff, 0x1], &(0x7f0000000c00)=[{0x3, 0x3, 0x6, 0x1}, {0x3, 0x2, 0xd, 0x6}, {0x4, 0x2, 0x5, 0xc}, {0x0, 0x1, 0xe, 0x7}]}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0xa0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000380)}, 0x4840}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) syz_clone(0x40045000, &(0x7f0000000800)="fdfaaa0bc343f4223e77d903967e105cfa9ad3b5cb2284ecfdff6d34e75203c9108910169700d5e62ca368d3eda875e5054b150a61a0f017c27831db1ed076dd92f1cfacb8a8d5db81f5550a2b0bb06edf484e867ead06059dd79a8501cedb1b90c256846bc849de4a246c6c12c45a78a979675a0a8e34f3cb5d7d7d0fcb18e5486c74bd48c317c281bf49856d90d2582b42ec3e65db4e92826d8b2011475273dba0e52121f4da89f6b6be144cf825df93cea3c0486249cd8cc4cf40e2c640b1299ac6216fea9154ca69468391a389674d90acbee07a68aeaaad05cf44ef4bd8e6881b4c5c8d6320f4cf99", 0xeb, &(0x7f0000000080), &(0x7f0000000480), &(0x7f00000004c0)="9bc657d9718c40ab1decd113e0a918a3092d4c1c9775c7f8be16132830614b3fd1ffc73eb77547c7cc90745edf42aef194a3c89314c39180") bpf$ITER_CREATE(0x21, &(0x7f0000000200)={r4}, 0x8) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000200)={r4}, 0x8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r5}, &(0x7f0000000540), &(0x7f0000000640)='%-010d \x00'}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0xffffffffffffffff) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0xffffffffffffffff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x9b, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x5, 0x1, 0xfff, 0x2502, r5, 0x6, '\x00', 0x0, r2, 0x3, 0x0, 0x5}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x5, 0x1, 0xfff, 0x2502, r5, 0x6, '\x00', 0x0, r2, 0x3, 0x0, 0x5}, 0x48) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001a00)={0x0, 0x8, 0x8}, 0xc) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, r6, 0x9) (async) perf_event_open(0x0, 0x0, 0x0, r6, 0x9) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40086607, &(0x7f0000000040)=0xc400000000000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r7, 0x1, 0x42, &(0x7f0000000040), 0x3b) 22:26:39 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x10284, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x0, 0x7}, 0x4002, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0x0, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0x1d, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x20000a}, 0x10}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000006c0600ec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000fc0)=[0x0, 0x0], 0x0, 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x17, 0xf, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, [@map_idx={0x18, 0x5, 0x5, 0x0, 0x7}, @alu={0x7, 0x0, 0x7, 0x8, 0x9, 0xffffffffffffffe0}, @tail_call, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000980)='GPL\x00', 0x1, 0x35, &(0x7f00000009c0)=""/53, 0x40f00, 0x12, '\x00', r1, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000dc0)={0x2, 0x5, 0x3, 0x8000}, 0x10, r2, r0, 0x2, &(0x7f0000001000)=[0xffffffffffffffff], &(0x7f0000001040)=[{0x5, 0x5, 0x6, 0x2}, {0x2, 0x4, 0x1, 0xb}], 0x10, 0x8acd}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000004c0)='\\^&%*})\x00') r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) socketpair(0x1, 0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, 0x0) socketpair(0xf, 0x3, 0x200, &(0x7f00000003c0)) socketpair(0xa, 0x2, 0x7, &(0x7f00000011c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x21, 0x80000, 0x0, 0x0) socketpair(0x1e, 0x6, 0x3f, &(0x7f0000000f80)) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x0, 0x800, 0x4, 0x0) openat$cgroup_ro(r3, &(0x7f0000001200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='thermal_temperature\x00', r0}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) socketpair(0x23, 0x2, 0x8, &(0x7f0000000140)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ec0)={0x11, 0x9, &(0x7f0000000a80)=ANY=[@ANYBLOB="7c35e0fffcffffff851000fbfaffefff8500000074000000181210000f3c33cc009ba7389a61ba09f4290100000000000000215c06c6266f80c26dbaef5380f49d3d9cebce352039e940cecfdf5cb7776b002bbfd510bbc64a54149fcc7a22c1c84d1eaaab9d5b6df270cf6ae59873d37accde884080f3417c8c8f6b3bc7cb2d8a62259ab76f5871bfb19ed5707a5c7e25377e305856405f847148513420a4365026877ea38c1160a86fa4f52e522d7a0bdea3b0eb31876299479d5fee4bb785413f882d0063fe205ba946f04c10de788587ec381a4fc12d5125a902a465bae549925cd05acc7aabd1f90dc91bcbe1f5801f514fb2268b806dfcd796f117e9ca7a9151e8c4de506d7c1dc8180e985748b2f4bf4e2276d181f92c974f", @ANYRES32, @ANYBLOB="00000000000000c0b703d04200a11fd6a20760f8e700000000080000000000000000000000000000000000000000000090d85b027a617bc13e39ad542a33a8782c2d974562925423d12d0b66eb1049700f227bcc66d3f31fba5007df4fb6f89bc4fc7e4d6b02f8cd309c850b8fa5def7002d567ad7c5b20a6f0d933fde"], &(0x7f0000000640)='syzkaller\x00', 0x172b, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000006c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000a40)={0x0, 0x4, 0x5, 0x77}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000e00)=[r5], &(0x7f0000000e40)=[{0x4000000, 0x4, 0x9, 0x9}, {0x0, 0x5, 0x6, 0x3}, {0x4, 0x2, 0x10, 0xb}, {0x4, 0x5, 0x7, 0x6}, {0x3, 0x3, 0x1}, {0x0, 0x5, 0x2005}], 0x10, 0x40}, 0x90) [ 336.519163][T20349] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 336.526972][T20349] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 336.534790][T20349] [ 336.727779][T20358] sock: sock_set_timeout: `syz-executor.2' (pid 20358) tries to set negative timeout 22:26:40 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) 22:26:40 executing program 0: syz_clone(0x44040100, 0x0, 0x700000000000000, 0x0, 0x0, 0x0) [ 336.797664][T20365] FAULT_INJECTION: forcing a failure. [ 336.797664][T20365] name failslab, interval 1, probability 0, space 0, times 0 [ 336.828840][T20365] CPU: 0 PID: 20365 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 336.839009][T20365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 336.848904][T20365] Call Trace: [ 336.852025][T20365] [ 336.854807][T20365] dump_stack_lvl+0x151/0x1b7 [ 336.859354][T20365] ? io_uring_drop_tctx_refs+0x190/0x190 [ 336.864788][T20365] dump_stack+0x15/0x17 [ 336.868774][T20365] should_fail+0x3c6/0x510 [ 336.873028][T20365] __should_failslab+0xa4/0xe0 [ 336.877628][T20365] ? anon_vma_clone+0x9a/0x500 [ 336.882229][T20365] should_failslab+0x9/0x20 [ 336.886578][T20365] slab_pre_alloc_hook+0x37/0xd0 [ 336.891344][T20365] ? anon_vma_clone+0x9a/0x500 [ 336.895948][T20365] kmem_cache_alloc+0x44/0x200 [ 336.900541][T20365] anon_vma_clone+0x9a/0x500 [ 336.904968][T20365] anon_vma_fork+0x91/0x4e0 [ 336.909306][T20365] ? anon_vma_name+0x43/0x70 [ 336.913749][T20365] ? vm_area_dup+0x17a/0x230 [ 336.918164][T20365] copy_mm+0xa3a/0x13e0 [ 336.922160][T20365] ? copy_signal+0x610/0x610 [ 336.926577][T20365] ? __init_rwsem+0xd6/0x1c0 [ 336.931005][T20365] ? copy_signal+0x4e3/0x610 [ 336.935432][T20365] copy_process+0x1149/0x3290 [ 336.939945][T20365] ? proc_fail_nth_write+0x20b/0x290 [ 336.945065][T20365] ? fsnotify_perm+0x6a/0x5d0 [ 336.949582][T20365] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 336.954528][T20365] ? vfs_write+0x9ec/0x1110 [ 336.958867][T20365] kernel_clone+0x21e/0x9e0 [ 336.963206][T20365] ? file_end_write+0x1c0/0x1c0 [ 336.967891][T20365] ? create_io_thread+0x1e0/0x1e0 [ 336.972750][T20365] ? mutex_unlock+0xb2/0x260 [ 336.977179][T20365] ? __mutex_lock_slowpath+0x10/0x10 [ 336.982300][T20365] __x64_sys_clone+0x23f/0x290 [ 336.986903][T20365] ? __do_sys_vfork+0x130/0x130 [ 336.991585][T20365] ? ksys_write+0x260/0x2c0 [ 336.995931][T20365] ? debug_smp_processor_id+0x17/0x20 [ 337.001134][T20365] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 337.007036][T20365] ? exit_to_user_mode_prepare+0x39/0xa0 [ 337.012504][T20365] do_syscall_64+0x3d/0xb0 [ 337.016757][T20365] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 337.022487][T20365] RIP: 0033:0x7f8118545da9 [ 337.026739][T20365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 22:26:40 executing program 2: r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x18}, 0xc) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b80), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.numa_stat\x00', 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r1, &(0x7f00000018c0)='cgroup.controllers\x00', 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="9f54f61e411f9f0b9401849bc5cf1c659ac964e38c08940682989d8bdb7f004a675fc3ca1da05c725e725b7c8c3510093256e2bd8bb8f80753748902f0bb7177da09000000000000002cdf87605eb8289e527b3dad55c3d5eab0f0a66448ccfec344b9a0f58d86b154ae209f3e6cae9b4c6c1770630a5f23c06a895e4602ce7183d1c8c279f3f0e26942fd9436812a5bc03b5e6c9fbfb3d848806ab9d0d74c5b3652015234fdf44eefb225e3108733d50669d3e7589f41de3a29890d9d164237829849ae6c66ca5cdcde834ff54ccae7e35a23523bd7ee7d7d098b63267de74ca927ed93e1942dba35551dfa71f3edf08ace4d185050eb52d3b9d7d45e0bf4ed36b3dbc88eddb581bc1e57a3e83a1b73a44b1334ec03212ab824c8d7fc23593137eb9ecc00eb1b2fd88f3a3b2a10b0092b22da2315dff81336c36be12312412d318ead5da3d0c24d44", @ANYRES32=r0, @ANYBLOB="0000000004000000a50a1800010000401800000003ff01ffffffffff7f040000da845f782dca272a34ad4274185cc4794e6fe3b5bbfa230b03f994f18f51404a65a4ed2572a59b7f6dd1b17e1122edf8b42fbb677b9d50f005372079f47333cd9670b3a169f61b7a35b9b9ce6e20897da37c318f8a492983ab8e97468c752c295184ebb319c6c1ac0f2b0df054bbedb27baa5b73d01f448183d0f2549059dee41f9b239191e28cc8e6ea43520f13ded325c929302e16a389247fcdd3064865a2a47123a804f8fd4b42ed9e5854ef1b9c22bff2465245b57576f7c930cd4b0fdfc3f9a728b625ecaec357bd19395605fa382737f04154f13a335122", @ANYRES16=r3], &(0x7f0000000a40)='GPL\x00', 0x91, 0x4d, &(0x7f0000000a80)=""/77, 0x41100, 0x52, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000b00)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000b40)={0x2, 0x4, 0x261}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000bc0)=[0xffffffffffffffff, 0x1, 0x1, r3, r4, 0xffffffffffffffff, 0x1], &(0x7f0000000c00)=[{0x3, 0x3, 0x6, 0x1}, {0x3, 0x2, 0xd, 0x6}, {0x4, 0x2, 0x5, 0xc}, {0x0, 0x1, 0xe, 0x7}]}, 0x90) (async) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0xa0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000380)}, 0x4840}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) syz_clone(0x40045000, &(0x7f0000000800)="fdfaaa0bc343f4223e77d903967e105cfa9ad3b5cb2284ecfdff6d34e75203c9108910169700d5e62ca368d3eda875e5054b150a61a0f017c27831db1ed076dd92f1cfacb8a8d5db81f5550a2b0bb06edf484e867ead06059dd79a8501cedb1b90c256846bc849de4a246c6c12c45a78a979675a0a8e34f3cb5d7d7d0fcb18e5486c74bd48c317c281bf49856d90d2582b42ec3e65db4e92826d8b2011475273dba0e52121f4da89f6b6be144cf825df93cea3c0486249cd8cc4cf40e2c640b1299ac6216fea9154ca69468391a389674d90acbee07a68aeaaad05cf44ef4bd8e6881b4c5c8d6320f4cf99", 0xeb, &(0x7f0000000080), &(0x7f0000000480), &(0x7f00000004c0)="9bc657d9718c40ab1decd113e0a918a3092d4c1c9775c7f8be16132830614b3fd1ffc73eb77547c7cc90745edf42aef194a3c89314c39180") (async) bpf$ITER_CREATE(0x21, &(0x7f0000000200)={r4}, 0x8) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r5}, &(0x7f0000000540), &(0x7f0000000640)='%-010d \x00'}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0xffffffffffffffff) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x9b, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x5, 0x1, 0xfff, 0x2502, r5, 0x6, '\x00', 0x0, r2, 0x3, 0x0, 0x5}, 0x48) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001a00)={0x0, 0x8, 0x8}, 0xc) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, r6, 0x9) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40086607, &(0x7f0000000040)=0xc400000000000000) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r7, 0x1, 0x42, &(0x7f0000000040), 0x3b) 22:26:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x10284, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x0, 0x7}, 0x4002, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0x0, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0x1d, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x20000a}, 0x10}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000006c0600ec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000fc0)=[0x0, 0x0], 0x0, 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async) syz_open_procfs$namespace(0x0, 0x0) (async) perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x17, 0xf, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, [@map_idx={0x18, 0x5, 0x5, 0x0, 0x7}, @alu={0x7, 0x0, 0x7, 0x8, 0x9, 0xffffffffffffffe0}, @tail_call, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000980)='GPL\x00', 0x1, 0x35, &(0x7f00000009c0)=""/53, 0x40f00, 0x12, '\x00', r1, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000dc0)={0x2, 0x5, 0x3, 0x8000}, 0x10, r2, r0, 0x2, &(0x7f0000001000)=[0xffffffffffffffff], &(0x7f0000001040)=[{0x5, 0x5, 0x6, 0x2}, {0x2, 0x4, 0x1, 0xb}], 0x10, 0x8acd}, 0x90) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000004c0)='\\^&%*})\x00') (async) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) (async) socketpair(0x1, 0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, 0x0) (async) socketpair(0xf, 0x3, 0x200, &(0x7f00000003c0)) socketpair(0xa, 0x2, 0x7, &(0x7f00000011c0)) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x21, 0x80000, 0x0, 0x0) (async) socketpair(0x1e, 0x6, 0x3f, &(0x7f0000000f80)) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socketpair(0x0, 0x800, 0x4, 0x0) openat$cgroup_ro(r3, &(0x7f0000001200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='thermal_temperature\x00', r0}, 0x10) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) socketpair(0x23, 0x2, 0x8, &(0x7f0000000140)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ec0)={0x11, 0x9, &(0x7f0000000a80)=ANY=[@ANYBLOB="7c35e0fffcffffff851000fbfaffefff8500000074000000181210000f3c33cc009ba7389a61ba09f4290100000000000000215c06c6266f80c26dbaef5380f49d3d9cebce352039e940cecfdf5cb7776b002bbfd510bbc64a54149fcc7a22c1c84d1eaaab9d5b6df270cf6ae59873d37accde884080f3417c8c8f6b3bc7cb2d8a62259ab76f5871bfb19ed5707a5c7e25377e305856405f847148513420a4365026877ea38c1160a86fa4f52e522d7a0bdea3b0eb31876299479d5fee4bb785413f882d0063fe205ba946f04c10de788587ec381a4fc12d5125a902a465bae549925cd05acc7aabd1f90dc91bcbe1f5801f514fb2268b806dfcd796f117e9ca7a9151e8c4de506d7c1dc8180e985748b2f4bf4e2276d181f92c974f", @ANYRES32, @ANYBLOB="00000000000000c0b703d04200a11fd6a20760f8e700000000080000000000000000000000000000000000000000000090d85b027a617bc13e39ad542a33a8782c2d974562925423d12d0b66eb1049700f227bcc66d3f31fba5007df4fb6f89bc4fc7e4d6b02f8cd309c850b8fa5def7002d567ad7c5b20a6f0d933fde"], &(0x7f0000000640)='syzkaller\x00', 0x172b, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000006c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000a40)={0x0, 0x4, 0x5, 0x77}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000e00)=[r5], &(0x7f0000000e40)=[{0x4000000, 0x4, 0x9, 0x9}, {0x0, 0x5, 0x6, 0x3}, {0x4, 0x2, 0x10, 0xb}, {0x4, 0x5, 0x7, 0x6}, {0x3, 0x3, 0x1}, {0x0, 0x5, 0x2005}], 0x10, 0x40}, 0x90) [ 337.046179][T20365] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 337.054422][T20365] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 337.062236][T20365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 337.070050][T20365] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 337.077858][T20365] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 337.085670][T20365] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 337.093490][T20365] 22:26:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1, 0xffffffffffffffff}, 0x4) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r1}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000009c0)={r1, 0x58, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = openat$cgroup_ro(r1, &(0x7f0000000a00)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x8, &(0x7f0000000800)=@raw=[@map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x400}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @btf_id={0x18, 0xf, 0x3, 0x0, 0x1}], &(0x7f0000000840)='syzkaller\x00', 0x8, 0x8b, &(0x7f0000000880)=""/139, 0x40f00, 0x0, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000a40)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x0, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[r1, r0, r1, r0], 0x0, 0x10, 0x4}, 0x90) (async, rerun: 32) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) (rerun: 32) write$cgroup_type(r6, &(0x7f0000000080), 0x11ffffce1) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x660c, 0x0) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x7, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x8000}, [@generic={0xff, 0xb, 0x1, 0xfff7}, @exit, @map_val={0x18, 0x8, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x101}]}, &(0x7f0000000540)='syzkaller\x00', 0xfea5, 0x0, 0x0, 0x40f00, 0x6f, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x6, 0x6098, 0x1f}, 0x10, 0x0, r6, 0x5, 0x0, &(0x7f0000000600)=[{0x3, 0x1, 0x10, 0xb}, {0x4, 0x5, 0xa, 0xb}, {0x0, 0x2, 0xb}, {0x0, 0x5, 0x7, 0x3}, {0x0, 0x1, 0xe, 0xc}], 0x10, 0x9}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x1e, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1f}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x1, 0x3, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, r6], 0x0, 0x10, 0x7ff}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async, rerun: 32) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (rerun: 32) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a5a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r8, 0x4010744d, 0x20000000) 22:26:40 executing program 2: syz_clone(0x60120400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x10284, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x0, 0x7}, 0x4002, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0x0, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0x1d, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x20000a}, 0x10}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000006c0600ec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000fc0)=[0x0, 0x0], 0x0, 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x17, 0xf, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, [@map_idx={0x18, 0x5, 0x5, 0x0, 0x7}, @alu={0x7, 0x0, 0x7, 0x8, 0x9, 0xffffffffffffffe0}, @tail_call, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000980)='GPL\x00', 0x1, 0x35, &(0x7f00000009c0)=""/53, 0x40f00, 0x12, '\x00', r1, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000dc0)={0x2, 0x5, 0x3, 0x8000}, 0x10, r2, r0, 0x2, &(0x7f0000001000)=[0xffffffffffffffff], &(0x7f0000001040)=[{0x5, 0x5, 0x6, 0x2}, {0x2, 0x4, 0x1, 0xb}], 0x10, 0x8acd}, 0x90) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000004c0)='\\^&%*})\x00') r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) socketpair(0x1, 0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) openat$cgroup_ro(r3, &(0x7f0000000100)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, 0x0) socketpair(0xf, 0x3, 0x200, &(0x7f00000003c0)) (async) socketpair(0xa, 0x2, 0x7, &(0x7f00000011c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) socketpair(0x21, 0x80000, 0x0, 0x0) (async, rerun: 32) socketpair(0x1e, 0x6, 0x3f, &(0x7f0000000f80)) (async, rerun: 32) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x0, 0x800, 0x4, 0x0) openat$cgroup_ro(r3, &(0x7f0000001200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='thermal_temperature\x00', r0}, 0x10) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) socketpair(0x23, 0x2, 0x8, &(0x7f0000000140)) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ec0)={0x11, 0x9, &(0x7f0000000a80)=ANY=[@ANYBLOB="7c35e0fffcffffff851000fbfaffefff8500000074000000181210000f3c33cc009ba7389a61ba09f4290100000000000000215c06c6266f80c26dbaef5380f49d3d9cebce352039e940cecfdf5cb7776b002bbfd510bbc64a54149fcc7a22c1c84d1eaaab9d5b6df270cf6ae59873d37accde884080f3417c8c8f6b3bc7cb2d8a62259ab76f5871bfb19ed5707a5c7e25377e305856405f847148513420a4365026877ea38c1160a86fa4f52e522d7a0bdea3b0eb31876299479d5fee4bb785413f882d0063fe205ba946f04c10de788587ec381a4fc12d5125a902a465bae549925cd05acc7aabd1f90dc91bcbe1f5801f514fb2268b806dfcd796f117e9ca7a9151e8c4de506d7c1dc8180e985748b2f4bf4e2276d181f92c974f", @ANYRES32, @ANYBLOB="00000000000000c0b703d04200a11fd6a20760f8e700000000080000000000000000000000000000000000000000000090d85b027a617bc13e39ad542a33a8782c2d974562925423d12d0b66eb1049700f227bcc66d3f31fba5007df4fb6f89bc4fc7e4d6b02f8cd309c850b8fa5def7002d567ad7c5b20a6f0d933fde"], &(0x7f0000000640)='syzkaller\x00', 0x172b, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000006c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000a40)={0x0, 0x4, 0x5, 0x77}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000e00)=[r5], &(0x7f0000000e40)=[{0x4000000, 0x4, 0x9, 0x9}, {0x0, 0x5, 0x6, 0x3}, {0x4, 0x2, 0x10, 0xb}, {0x4, 0x5, 0x7, 0x6}, {0x3, 0x3, 0x1}, {0x0, 0x5, 0x2005}], 0x10, 0x40}, 0x90) (rerun: 32) 22:26:40 executing program 2: syz_clone(0x60120400, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:40 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0, 0xa, &(0x7f0000000400), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000001f00000000000000000000802d2000000100001859000009000000000000000000000040b7020004000000354102000000000018450000ffffffff0000000000000000950000000000000011fc8408e73e684cc042d43d01730dfdae62f1597617fa1e8b8ffdbfeac70b472d03f3214c5a4147ab5d046468242d9e80fd45cf17287f23d60d0639f0ec6a1ab1d9dd2a869ea3955a1c5b107fac029751fa0b8ee163e673f6a92d2bf4fde550c7d9e21b489164230e24c5ef1b363a14eafa7f221036177e912aa846d1c8dbf874989e3f7f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', r2, 0x14, r3, 0x8, &(0x7f00000009c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x2, 0x4, 0x3b}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff]}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000004085100000fdffffff95000000000000000000000000000000007d0381a6dc95d97895ede4f439e2180be940f46df6078f0adbb6a208cf4860bbe89c61a521c69c8e85cbee1d8b24f91202f1362e51689d2b3e4cff3f3205ebecd22994c6fa295a218ff6e1fbffacb83a9d7ab6bf58cf86237db7a89827773c8587dc99d979e892eb34813c0f3b7d8ebfa9615a82000000000000000000000000070000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x10, '\x00', r2, 0x0, r0, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0, r4, r0], 0x0, 0x10, 0x1}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xfbb, 0x0, 0x0, 0x41100, 0x2, '\x00', r2, 0x2}, 0x90) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 22:26:40 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0, 0xa, &(0x7f0000000400), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000001f00000000000000000000802d2000000100001859000009000000000000000000000040b7020004000000354102000000000018450000ffffffff0000000000000000950000000000000011fc8408e73e684cc042d43d01730dfdae62f1597617fa1e8b8ffdbfeac70b472d03f3214c5a4147ab5d046468242d9e80fd45cf17287f23d60d0639f0ec6a1ab1d9dd2a869ea3955a1c5b107fac029751fa0b8ee163e673f6a92d2bf4fde550c7d9e21b489164230e24c5ef1b363a14eafa7f221036177e912aa846d1c8dbf874989e3f7f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', r2, 0x14, r3, 0x8, &(0x7f00000009c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x2, 0x4, 0x3b}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff]}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000004085100000fdffffff95000000000000000000000000000000007d0381a6dc95d97895ede4f439e2180be940f46df6078f0adbb6a208cf4860bbe89c61a521c69c8e85cbee1d8b24f91202f1362e51689d2b3e4cff3f3205ebecd22994c6fa295a218ff6e1fbffacb83a9d7ab6bf58cf86237db7a89827773c8587dc99d979e892eb34813c0f3b7d8ebfa9615a82000000000000000000000000070000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x10, '\x00', r2, 0x0, r0, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0, r4, r0], 0x0, 0x10, 0x1}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xfbb, 0x0, 0x0, 0x41100, 0x2, '\x00', r2, 0x2}, 0x90) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0, 0xa, &(0x7f0000000400), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000001f00000000000000000000802d2000000100001859000009000000000000000000000040b7020004000000354102000000000018450000ffffffff0000000000000000950000000000000011fc8408e73e684cc042d43d01730dfdae62f1597617fa1e8b8ffdbfeac70b472d03f3214c5a4147ab5d046468242d9e80fd45cf17287f23d60d0639f0ec6a1ab1d9dd2a869ea3955a1c5b107fac029751fa0b8ee163e673f6a92d2bf4fde550c7d9e21b489164230e24c5ef1b363a14eafa7f221036177e912aa846d1c8dbf874989e3f7f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', r2, 0x14, r3, 0x8, &(0x7f00000009c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x2, 0x4, 0x3b}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff]}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8}, 0xc) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000004085100000fdffffff95000000000000000000000000000000007d0381a6dc95d97895ede4f439e2180be940f46df6078f0adbb6a208cf4860bbe89c61a521c69c8e85cbee1d8b24f91202f1362e51689d2b3e4cff3f3205ebecd22994c6fa295a218ff6e1fbffacb83a9d7ab6bf58cf86237db7a89827773c8587dc99d979e892eb34813c0f3b7d8ebfa9615a82000000000000000000000000070000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x10, '\x00', r2, 0x0, r0, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0, r4, r0], 0x0, 0x10, 0x1}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xfbb, 0x0, 0x0, 0x41100, 0x2, '\x00', r2, 0x2}, 0x90) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) 22:26:40 executing program 0: syz_clone(0x44040100, 0x0, 0x800000000000000, 0x0, 0x0, 0x0) 22:26:40 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0, 0xa, &(0x7f0000000400), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000001f00000000000000000000802d2000000100001859000009000000000000000000000040b7020004000000354102000000000018450000ffffffff0000000000000000950000000000000011fc8408e73e684cc042d43d01730dfdae62f1597617fa1e8b8ffdbfeac70b472d03f3214c5a4147ab5d046468242d9e80fd45cf17287f23d60d0639f0ec6a1ab1d9dd2a869ea3955a1c5b107fac029751fa0b8ee163e673f6a92d2bf4fde550c7d9e21b489164230e24c5ef1b363a14eafa7f221036177e912aa846d1c8dbf874989e3f7f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', r2, 0x14, r3, 0x8, &(0x7f00000009c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x2, 0x4, 0x3b}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff]}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000004085100000fdffffff95000000000000000000000000000000007d0381a6dc95d97895ede4f439e2180be940f46df6078f0adbb6a208cf4860bbe89c61a521c69c8e85cbee1d8b24f91202f1362e51689d2b3e4cff3f3205ebecd22994c6fa295a218ff6e1fbffacb83a9d7ab6bf58cf86237db7a89827773c8587dc99d979e892eb34813c0f3b7d8ebfa9615a82000000000000000000000000070000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x10, '\x00', r2, 0x0, r0, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0, r4, r0], 0x0, 0x10, 0x1}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xfbb, 0x0, 0x0, 0x41100, 0x2, '\x00', r2, 0x2}, 0x90) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r0, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0, 0xa, &(0x7f0000000400), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000001f00000000000000000000802d2000000100001859000009000000000000000000000040b7020004000000354102000000000018450000ffffffff0000000000000000950000000000000011fc8408e73e684cc042d43d01730dfdae62f1597617fa1e8b8ffdbfeac70b472d03f3214c5a4147ab5d046468242d9e80fd45cf17287f23d60d0639f0ec6a1ab1d9dd2a869ea3955a1c5b107fac029751fa0b8ee163e673f6a92d2bf4fde550c7d9e21b489164230e24c5ef1b363a14eafa7f221036177e912aa846d1c8dbf874989e3f7f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', r2, 0x14, r3, 0x8, &(0x7f00000009c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0x2, 0x4, 0x3b}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a40)=[0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff]}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x5, 0x9, 0x5, 0x40, 0x1, 0x100, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8}, 0xc) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000004085100000fdffffff95000000000000000000000000000000007d0381a6dc95d97895ede4f439e2180be940f46df6078f0adbb6a208cf4860bbe89c61a521c69c8e85cbee1d8b24f91202f1362e51689d2b3e4cff3f3205ebecd22994c6fa295a218ff6e1fbffacb83a9d7ab6bf58cf86237db7a89827773c8587dc99d979e892eb34813c0f3b7d8ebfa9615a82000000000000000000000000070000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x10, '\x00', r2, 0x0, r0, 0x8, &(0x7f0000000300)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0, r4, r0], 0x0, 0x10, 0x1}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xfbb, 0x0, 0x0, 0x41100, 0x2, '\x00', r2, 0x2}, 0x90) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) 22:26:40 executing program 2: syz_clone(0x60120400, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:40 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000180)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:40 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) 22:26:40 executing program 1: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x4, 0x40, 0x3f, 0x100}, {0x5, 0x0, 0x0, 0xfff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x11, 0x800, 0x1, &(0x7f0000000000)) syz_open_procfs$namespace(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0x0, 0xffffffffffffffff, 0x0, 0xb4, &(0x7f0000000b80)='(\x0fP\xa9\xfeG\'^\x86|!{\x16\xdf]\x12E\x7f\r\xe6\xb2\x06\xa4\x0f\xec\xf7\xd2\xf6\xeb7\xb91^\xe9\xa4e\x0f]\xf2\x1e\xa5\xb1Y\xa4u40\x18\xe6\xa7x\xb5\x1d\xa7\xcb[f\x1b\x90[i\x98=\x90\xbe \x96\xf4\x1f\xd6\xc1\bO,?^\xad\xfc\x02\vxE\xe9\x8d\xe6\x8b\xf9\x95\xc9\x95-\xcel\xc9\xea\x85\x9a(\x7f\x97\x14\x89\xd3\xe3\x94\xbcZ(\x9e\x83-Mz\x14\xa6\xd1\xdf\xec\xe9\'\b\xdf\xd1\x89K?l\xf0\x9e\xec}\xb1\x95\xca\x02\xf4\xc1\xd1w\xdf7\xd5[\n\xc3\x01\xfdpnk\xc9Gb\x9b\x9b\x1a\xa9C\xb4\x92\xda#\xe8\x02\xf3\fw\x8d\x1e\xf9\x04\xc2|\xe0\xac\x81\x01\xcc\xe8\x9c'}, 0x30) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000240)='syz0\x00', 0x1ff) openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.events\x00', 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb7907009875f3751de486ddb9879b8ab283f72332190b6317e9eb00703aa528c7000000875a65969ff57b000000000059007b5bf7bf0000"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="14000000000000000100000001000000a20896195a8700"/41, @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000), 0xfdef) [ 337.718407][T20443] FAULT_INJECTION: forcing a failure. [ 337.718407][T20443] name failslab, interval 1, probability 0, space 0, times 0 [ 337.767270][T20443] CPU: 0 PID: 20443 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 337.777430][T20443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 337.787327][T20443] Call Trace: [ 337.790444][T20443] [ 337.793224][T20443] dump_stack_lvl+0x151/0x1b7 [ 337.797739][T20443] ? io_uring_drop_tctx_refs+0x190/0x190 [ 337.803208][T20443] dump_stack+0x15/0x17 [ 337.807195][T20443] should_fail+0x3c6/0x510 [ 337.811451][T20443] __should_failslab+0xa4/0xe0 [ 337.816051][T20443] ? vm_area_dup+0x26/0x230 [ 337.820386][T20443] should_failslab+0x9/0x20 [ 337.824738][T20443] slab_pre_alloc_hook+0x37/0xd0 [ 337.829506][T20443] ? vm_area_dup+0x26/0x230 [ 337.833839][T20443] kmem_cache_alloc+0x44/0x200 [ 337.838440][T20443] vm_area_dup+0x26/0x230 [ 337.842694][T20443] copy_mm+0x9a1/0x13e0 [ 337.846691][T20443] ? copy_signal+0x610/0x610 [ 337.851115][T20443] ? __init_rwsem+0xd6/0x1c0 [ 337.855549][T20443] ? copy_signal+0x4e3/0x610 [ 337.859968][T20443] copy_process+0x1149/0x3290 [ 337.864487][T20443] ? proc_fail_nth_write+0x20b/0x290 [ 337.869600][T20443] ? fsnotify_perm+0x6a/0x5d0 [ 337.874115][T20443] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 337.879068][T20443] ? vfs_write+0x9ec/0x1110 [ 337.883402][T20443] kernel_clone+0x21e/0x9e0 [ 337.887746][T20443] ? file_end_write+0x1c0/0x1c0 [ 337.892513][T20443] ? create_io_thread+0x1e0/0x1e0 [ 337.897371][T20443] ? mutex_unlock+0xb2/0x260 [ 337.901800][T20443] ? __mutex_lock_slowpath+0x10/0x10 [ 337.906946][T20443] __x64_sys_clone+0x23f/0x290 [ 337.911530][T20443] ? __do_sys_vfork+0x130/0x130 22:26:41 executing program 1: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x4, 0x40, 0x3f, 0x100}, {0x5, 0x0, 0x0, 0xfff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x11, 0x800, 0x1, &(0x7f0000000000)) syz_open_procfs$namespace(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0x0, 0xffffffffffffffff, 0x0, 0xb4, &(0x7f0000000b80)='(\x0fP\xa9\xfeG\'^\x86|!{\x16\xdf]\x12E\x7f\r\xe6\xb2\x06\xa4\x0f\xec\xf7\xd2\xf6\xeb7\xb91^\xe9\xa4e\x0f]\xf2\x1e\xa5\xb1Y\xa4u40\x18\xe6\xa7x\xb5\x1d\xa7\xcb[f\x1b\x90[i\x98=\x90\xbe \x96\xf4\x1f\xd6\xc1\bO,?^\xad\xfc\x02\vxE\xe9\x8d\xe6\x8b\xf9\x95\xc9\x95-\xcel\xc9\xea\x85\x9a(\x7f\x97\x14\x89\xd3\xe3\x94\xbcZ(\x9e\x83-Mz\x14\xa6\xd1\xdf\xec\xe9\'\b\xdf\xd1\x89K?l\xf0\x9e\xec}\xb1\x95\xca\x02\xf4\xc1\xd1w\xdf7\xd5[\n\xc3\x01\xfdpnk\xc9Gb\x9b\x9b\x1a\xa9C\xb4\x92\xda#\xe8\x02\xf3\fw\x8d\x1e\xf9\x04\xc2|\xe0\xac\x81\x01\xcc\xe8\x9c'}, 0x30) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000240)='syz0\x00', 0x1ff) openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.events\x00', 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb7907009875f3751de486ddb9879b8ab283f72332190b6317e9eb00703aa528c7000000875a65969ff57b000000000059007b5bf7bf0000"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="14000000000000000100000001000000a20896195a8700"/41, @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000), 0xfdef) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) close(r1) (async) bpf$ITER_CREATE(0x21, 0x0, 0x0) (async) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x4, 0x40, 0x3f, 0x100}, {0x5, 0x0, 0x0, 0xfff}]}) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0}, 0x90) (async) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socketpair(0x11, 0x800, 0x1, &(0x7f0000000000)) (async) syz_open_procfs$namespace(0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0x0, 0xffffffffffffffff, 0x0, 0xb4, &(0x7f0000000b80)='(\x0fP\xa9\xfeG\'^\x86|!{\x16\xdf]\x12E\x7f\r\xe6\xb2\x06\xa4\x0f\xec\xf7\xd2\xf6\xeb7\xb91^\xe9\xa4e\x0f]\xf2\x1e\xa5\xb1Y\xa4u40\x18\xe6\xa7x\xb5\x1d\xa7\xcb[f\x1b\x90[i\x98=\x90\xbe \x96\xf4\x1f\xd6\xc1\bO,?^\xad\xfc\x02\vxE\xe9\x8d\xe6\x8b\xf9\x95\xc9\x95-\xcel\xc9\xea\x85\x9a(\x7f\x97\x14\x89\xd3\xe3\x94\xbcZ(\x9e\x83-Mz\x14\xa6\xd1\xdf\xec\xe9\'\b\xdf\xd1\x89K?l\xf0\x9e\xec}\xb1\x95\xca\x02\xf4\xc1\xd1w\xdf7\xd5[\n\xc3\x01\xfdpnk\xc9Gb\x9b\x9b\x1a\xa9C\xb4\x92\xda#\xe8\x02\xf3\fw\x8d\x1e\xf9\x04\xc2|\xe0\xac\x81\x01\xcc\xe8\x9c'}, 0x30) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) (async) mkdirat$cgroup(r3, &(0x7f0000000240)='syz0\x00', 0x1ff) (async) openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.events\x00', 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb7907009875f3751de486ddb9879b8ab283f72332190b6317e9eb00703aa528c7000000875a65969ff57b000000000059007b5bf7bf0000"], 0xfdef) (async) recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="14000000000000000100000001000000a20896195a8700"/41, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x18}, 0x0) (async) write$cgroup_subtree(r4, &(0x7f0000000000), 0xfdef) (async) [ 337.916206][T20443] ? ksys_write+0x260/0x2c0 [ 337.920554][T20443] ? debug_smp_processor_id+0x17/0x20 [ 337.925753][T20443] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 337.931654][T20443] ? exit_to_user_mode_prepare+0x39/0xa0 [ 337.937125][T20443] do_syscall_64+0x3d/0xb0 [ 337.941387][T20443] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 337.947103][T20443] RIP: 0033:0x7f8118545da9 [ 337.951356][T20443] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 337.970803][T20443] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 337.979043][T20443] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 337.986859][T20443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 337.994675][T20443] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 338.002487][T20443] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 338.010287][T20443] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 22:26:41 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000}, 0x0, 0x80000000c8, 0x0, 0x0, 0x0, 0x2000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b0"], 0xfdef) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)={[{0x2b, 'cpuset'}]}, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000240)={0x0, 0x5, [@remote, @multicast, @broadcast, @local, @random="03fa88e4f50c"]}) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) [ 338.018106][T20443] 22:26:41 executing program 0: syz_clone(0x44040100, 0x0, 0x900000000000000, 0x0, 0x0, 0x0) 22:26:41 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000180)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:41 executing program 1: perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x4, 0x40, 0x3f, 0x100}, {0x5, 0x0, 0x0, 0xfff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x11, 0x800, 0x1, &(0x7f0000000000)) syz_open_procfs$namespace(0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0x0, 0xffffffffffffffff, 0x0, 0xb4, &(0x7f0000000b80)='(\x0fP\xa9\xfeG\'^\x86|!{\x16\xdf]\x12E\x7f\r\xe6\xb2\x06\xa4\x0f\xec\xf7\xd2\xf6\xeb7\xb91^\xe9\xa4e\x0f]\xf2\x1e\xa5\xb1Y\xa4u40\x18\xe6\xa7x\xb5\x1d\xa7\xcb[f\x1b\x90[i\x98=\x90\xbe \x96\xf4\x1f\xd6\xc1\bO,?^\xad\xfc\x02\vxE\xe9\x8d\xe6\x8b\xf9\x95\xc9\x95-\xcel\xc9\xea\x85\x9a(\x7f\x97\x14\x89\xd3\xe3\x94\xbcZ(\x9e\x83-Mz\x14\xa6\xd1\xdf\xec\xe9\'\b\xdf\xd1\x89K?l\xf0\x9e\xec}\xb1\x95\xca\x02\xf4\xc1\xd1w\xdf7\xd5[\n\xc3\x01\xfdpnk\xc9Gb\x9b\x9b\x1a\xa9C\xb4\x92\xda#\xe8\x02\xf3\fw\x8d\x1e\xf9\x04\xc2|\xe0\xac\x81\x01\xcc\xe8\x9c'}, 0x30) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) (async) mkdirat$cgroup(r3, &(0x7f0000000240)='syz0\x00', 0x1ff) (async) openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.events\x00', 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb7907009875f3751de486ddb9879b8ab283f72332190b6317e9eb00703aa528c7000000875a65969ff57b000000000059007b5bf7bf0000"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="14000000000000000100000001000000a20896195a8700"/41, @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000), 0xfdef) 22:26:41 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000180)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:41 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000}, 0x0, 0x80000000c8, 0x0, 0x0, 0x0, 0x2000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b0"], 0xfdef) (async) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) (async) openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)={[{0x2b, 'cpuset'}]}, 0x8) (async) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000240)={0x0, 0x5, [@remote, @multicast, @broadcast, @local, @random="03fa88e4f50c"]}) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:41 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) 22:26:41 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300), &(0x7f0000000340)=[0x0], 0x0, 0x8, &(0x7f0000000240), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000380)={0x7, &(0x7f0000000300)=[{0x400, 0x0, 0x4, 0x5}, {0x8, 0xd, 0xbd, 0x82}, {0x2e53, 0x0, 0xab, 0x7}, {0x0, 0x1f, 0x0, 0x5}, {0xea, 0xff, 0xa, 0x4}, {0x1, 0x6b, 0x2, 0x7fffffff}, {0xf000, 0x3, 0xff}]}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xd144, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48) getpid() ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f00000004c0)='\x02;\xe5\b\x00\x00\x9c\x00\x00\x00\x00\x00\x00') bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1100}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80) [ 338.422496][T20502] FAULT_INJECTION: forcing a failure. [ 338.422496][T20502] name failslab, interval 1, probability 0, space 0, times 0 [ 338.465730][T20502] CPU: 0 PID: 20502 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 338.475887][T20502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 338.485783][T20502] Call Trace: [ 338.488907][T20502] [ 338.491685][T20502] dump_stack_lvl+0x151/0x1b7 [ 338.496198][T20502] ? io_uring_drop_tctx_refs+0x190/0x190 [ 338.501667][T20502] dump_stack+0x15/0x17 [ 338.505657][T20502] should_fail+0x3c6/0x510 [ 338.509910][T20502] __should_failslab+0xa4/0xe0 [ 338.514508][T20502] ? anon_vma_fork+0xf7/0x4e0 [ 338.519030][T20502] should_failslab+0x9/0x20 [ 338.523363][T20502] slab_pre_alloc_hook+0x37/0xd0 [ 338.528138][T20502] ? anon_vma_fork+0xf7/0x4e0 [ 338.532651][T20502] kmem_cache_alloc+0x44/0x200 [ 338.537253][T20502] anon_vma_fork+0xf7/0x4e0 [ 338.541587][T20502] ? anon_vma_name+0x43/0x70 [ 338.546016][T20502] ? vm_area_dup+0x17a/0x230 [ 338.550439][T20502] copy_mm+0xa3a/0x13e0 [ 338.554437][T20502] ? copy_signal+0x610/0x610 [ 338.558859][T20502] ? __init_rwsem+0xd6/0x1c0 [ 338.563284][T20502] ? copy_signal+0x4e3/0x610 [ 338.567715][T20502] copy_process+0x1149/0x3290 [ 338.572228][T20502] ? proc_fail_nth_write+0x20b/0x290 [ 338.577347][T20502] ? fsnotify_perm+0x6a/0x5d0 [ 338.581859][T20502] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 338.586810][T20502] ? vfs_write+0x9ec/0x1110 [ 338.591148][T20502] kernel_clone+0x21e/0x9e0 [ 338.595484][T20502] ? file_end_write+0x1c0/0x1c0 [ 338.600174][T20502] ? create_io_thread+0x1e0/0x1e0 [ 338.605032][T20502] ? mutex_unlock+0xb2/0x260 [ 338.609459][T20502] ? __mutex_lock_slowpath+0x10/0x10 [ 338.614585][T20502] __x64_sys_clone+0x23f/0x290 [ 338.619180][T20502] ? __do_sys_vfork+0x130/0x130 [ 338.623865][T20502] ? ksys_write+0x260/0x2c0 [ 338.628208][T20502] ? debug_smp_processor_id+0x17/0x20 [ 338.633416][T20502] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 338.639316][T20502] ? exit_to_user_mode_prepare+0x39/0xa0 [ 338.644782][T20502] do_syscall_64+0x3d/0xb0 [ 338.649036][T20502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 338.654764][T20502] RIP: 0033:0x7f8118545da9 [ 338.659018][T20502] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 338.678457][T20502] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 338.686698][T20502] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 338.694515][T20502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 338.702327][T20502] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 22:26:41 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) (async) r1 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000}, 0x0, 0x80000000c8, 0x0, 0x0, 0x0, 0x2000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041000f3fe80000000000000110880febb0007aafe8000000000000027bfa7b0"], 0xfdef) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0) (async) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337) (async) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)={[{0x2b, 'cpuset'}]}, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000240)={0x0, 0x5, [@remote, @multicast, @broadcast, @local, @random="03fa88e4f50c"]}) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) [ 338.710133][T20502] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 338.717957][T20502] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 338.725846][T20502] 22:26:42 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) getpid() gettid() bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00'}, 0x18) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0) gettid() syz_clone(0x44000000, 0x0, 0x0, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)="dfde1890d68e7fdfb4f417da7c3993eb80f909bbf4e004438a841cdc5fa9f9a1e79d161b2e0ea0") 22:26:42 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) (async) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) (async) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300), &(0x7f0000000340)=[0x0], 0x0, 0x8, &(0x7f0000000240), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000380)={0x7, &(0x7f0000000300)=[{0x400, 0x0, 0x4, 0x5}, {0x8, 0xd, 0xbd, 0x82}, {0x2e53, 0x0, 0xab, 0x7}, {0x0, 0x1f, 0x0, 0x5}, {0xea, 0xff, 0xa, 0x4}, {0x1, 0x6b, 0x2, 0x7fffffff}, {0xf000, 0x3, 0xff}]}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xd144, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48) getpid() ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f00000004c0)='\x02;\xe5\b\x00\x00\x9c\x00\x00\x00\x00\x00\x00') bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1100}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80) 22:26:42 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) (async) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300), &(0x7f0000000340)=[0x0], 0x0, 0x8, &(0x7f0000000240), 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000380)={0x7, &(0x7f0000000300)=[{0x400, 0x0, 0x4, 0x5}, {0x8, 0xd, 0xbd, 0x82}, {0x2e53, 0x0, 0xab, 0x7}, {0x0, 0x1f, 0x0, 0x5}, {0xea, 0xff, 0xa, 0x4}, {0x1, 0x6b, 0x2, 0x7fffffff}, {0xf000, 0x3, 0xff}]}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xd144, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x48) (async, rerun: 32) getpid() (rerun: 32) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f00000004c0)='\x02;\xe5\b\x00\x00\x9c\x00\x00\x00\x00\x00\x00') (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1100}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80) 22:26:42 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) (async) getpid() gettid() (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00'}, 0x18) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0) (async) gettid() (async) syz_clone(0x44000000, 0x0, 0x0, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)="dfde1890d68e7fdfb4f417da7c3993eb80f909bbf4e004438a841cdc5fa9f9a1e79d161b2e0ea0") 22:26:42 executing program 0: syz_clone(0x44040100, 0x0, 0x1100000000000000, 0x0, 0x0, 0x0) 22:26:42 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) getpid() gettid() bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00'}, 0x18) openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) (async) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0) (async) openat$cgroup_freezer_state(r0, &(0x7f0000000040), 0x2, 0x0) gettid() syz_clone(0x44000000, 0x0, 0x0, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)="dfde1890d68e7fdfb4f417da7c3993eb80f909bbf4e004438a841cdc5fa9f9a1e79d161b2e0ea0") 22:26:42 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) [ 339.427872][T20537] FAULT_INJECTION: forcing a failure. [ 339.427872][T20537] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 339.515033][T20537] CPU: 0 PID: 20537 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 339.525193][T20537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 339.535088][T20537] Call Trace: [ 339.538210][T20537] [ 339.540988][T20537] dump_stack_lvl+0x151/0x1b7 [ 339.545502][T20537] ? io_uring_drop_tctx_refs+0x190/0x190 [ 339.550973][T20537] ? __alloc_pages+0x27e/0x8f0 [ 339.555568][T20537] dump_stack+0x15/0x17 [ 339.559582][T20537] should_fail+0x3c6/0x510 [ 339.563817][T20537] should_fail_alloc_page+0x5a/0x80 [ 339.568847][T20537] prepare_alloc_pages+0x15c/0x700 [ 339.573794][T20537] ? page_ext_put+0x1c/0x30 [ 339.578133][T20537] ? __alloc_pages_bulk+0xe40/0xe40 [ 339.583339][T20537] ? post_alloc_hook+0x1a3/0x1b0 [ 339.588115][T20537] __alloc_pages+0x18c/0x8f0 [ 339.592541][T20537] ? prep_new_page+0x110/0x110 [ 339.597144][T20537] ? 0xffffffffa002679c [ 339.601131][T20537] ? is_bpf_text_address+0x172/0x190 [ 339.606268][T20537] pte_alloc_one+0x73/0x1b0 [ 339.610619][T20537] ? pfn_modify_allowed+0x2f0/0x2f0 [ 339.615629][T20537] ? arch_stack_walk+0xf3/0x140 [ 339.620324][T20537] __pte_alloc+0x86/0x350 [ 339.624483][T20537] ? free_pgtables+0x280/0x280 [ 339.629080][T20537] ? _raw_spin_lock+0xa4/0x1b0 [ 339.633682][T20537] ? __kasan_check_write+0x14/0x20 [ 339.638626][T20537] copy_page_range+0x28a8/0x2f90 [ 339.643401][T20537] ? __kasan_slab_alloc+0xb1/0xe0 [ 339.648267][T20537] ? pfn_valid+0x1e0/0x1e0 [ 339.652515][T20537] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 339.658066][T20537] ? __rb_insert_augmented+0x5de/0x610 [ 339.663366][T20537] copy_mm+0xc7e/0x13e0 [ 339.667358][T20537] ? copy_signal+0x610/0x610 [ 339.671780][T20537] ? __init_rwsem+0xd6/0x1c0 [ 339.676208][T20537] ? copy_signal+0x4e3/0x610 [ 339.680634][T20537] copy_process+0x1149/0x3290 [ 339.685159][T20537] ? proc_fail_nth_write+0x20b/0x290 [ 339.690267][T20537] ? fsnotify_perm+0x6a/0x5d0 [ 339.694782][T20537] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 339.699726][T20537] ? vfs_write+0x9ec/0x1110 [ 339.704069][T20537] kernel_clone+0x21e/0x9e0 [ 339.708416][T20537] ? file_end_write+0x1c0/0x1c0 [ 339.713099][T20537] ? create_io_thread+0x1e0/0x1e0 [ 339.717953][T20537] ? mutex_unlock+0xb2/0x260 [ 339.722380][T20537] ? __mutex_lock_slowpath+0x10/0x10 [ 339.727511][T20537] __x64_sys_clone+0x23f/0x290 [ 339.732100][T20537] ? __do_sys_vfork+0x130/0x130 [ 339.736789][T20537] ? ksys_write+0x260/0x2c0 [ 339.741129][T20537] ? debug_smp_processor_id+0x17/0x20 [ 339.746334][T20537] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 339.752235][T20537] ? exit_to_user_mode_prepare+0x39/0xa0 [ 339.757702][T20537] do_syscall_64+0x3d/0xb0 [ 339.761959][T20537] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 339.767691][T20537] RIP: 0033:0x7f8118545da9 [ 339.771947][T20537] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 339.791385][T20537] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 339.799623][T20537] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 339.807436][T20537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 339.815249][T20537] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 339.823060][T20537] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 339.830875][T20537] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 339.838688][T20537] 22:26:43 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg\x00'}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0x0, 0x85, 0x8}, {0x3, 0x4, 0x32, 0x10001}, {0x7ff, 0x6, 0xca, 0xffffffff}]}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{0x3, 0x3f, 0x7f, 0xdfc0}, {0x3d, 0x1, 0x3, 0x6a21}, {0x5, 0x0, 0x3, 0x5}, {0xfffe, 0x81, 0x7, 0x7f}, {0xff, 0xd, 0xc4, 0x800}, {0x400, 0xe8, 0xa7}, {0x3800, 0x9, 0x9f, 0x2}]}) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x54, 0x31, 0x1, 0x9, 0x0, 0x0, 0x8802, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x81, 0xffffffffffffff6c}, 0x10000, 0xaef, 0x2, 0x3, 0xff, 0xffffffff, 0x401, 0x0, 0xdc35, 0x0, 0x7}, r1, 0x9, 0xffffffffffffffff, 0x8) r3 = perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x3f, 0xfe, 0x9, 0x73, 0x0, 0x401, 0x20010, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x80, 0x0, @perf_config_ext={0x33808000000000, 0x6}, 0x400, 0x8, 0x8, 0x9, 0x0, 0x80, 0x8bc, 0x0, 0x3, 0x0, 0xde}, r1, 0x5, r2, 0x9) r4 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x14, 0x7, 0x3f, 0x8, 0x0, 0x0, 0x80, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xae, 0x2, @perf_bp={&(0x7f0000000280), 0xb}, 0x953, 0x8, 0x7, 0x2, 0x101, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x5}, r1, 0xb, r3, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$unix(r5, &(0x7f0000000780)={&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)="a232b0c1cd9bd3067c924bdac6665fcd30b6da5900f5f55336ae1914ab583861e334b889370b15db4b3a9d564c22f3f2b4490f865140778f68e29e6b46e168a9473ad0780bc56759acce23babe3cb97ea78b9d901778aa60ac41e8ad8dfeead4d34328083b14d9399d2f0f6c", 0x6c}, {&(0x7f0000000480)="21fb74d00faab0518cd3116b97f52ff70a12eea64d5a615bd788dfb628f64bf57214e0d3fd85251d45cd41040961e292b78ee778c526d887ee9ed374f2dd19ffe42b59447500bf6d8df5463521a3fcbdd9b7494ca011ae2dc9d23be0200de055ea83d4133923df465ac116c068d3f566d69dc99bc98dc0c59a0da4223d83dae19f8e6ba323b6d1286fb033c6cb4b9139dc0540eec657d612dff850903f7b30e806cf3d977c2e9221895e8bb72db867389e0f64a2d0140ce13cb79959f760533908c1e9d220a0ef2b7e608ac3775a2fb0e74919a5d4d1f3a8c1205d1139ca772880b1664baa1afd9aafea801e2f5c8b58b0471947e7a5256a1e74", 0xfa}, {&(0x7f0000000580)="4d3cf6f126a28f3d94468d82ff7661f3ba744187433f1a11974b7055a8d77a31bf955bd48f2810e66c3ff2a5aaba6c9be70cc19728dfe8e4db083f06f2b7a00e3c1f11e1f88cbbafde28cc4e2230d88b801ec0c65c536ea72b7b5c90701766c66914fa17cc29732c41b755560d1ac2c7940cf7f476f814a2acddcdd886c41ff4b0aba68156c871452d", 0x89}, {&(0x7f0000000640)="7cc40aea4dab1b09cffafd57a1ee235771375ed910d7a298d543d9e01844ae259435155fc25645583c9c9857d7e6660f39207b9cdb9197f2deb47851692d415fdf26ca4e286eb7263eca8a6aa647818252292feb10b4e5fda2b929a8a336b31b8ed62e66ec8be4cbb261281945ee041642355be596bc588967217347dc9a78a1cd8e42f4e2859eda25de2bc748aa21d9bc9cccae15ae67f6d052c66c510fdbd9384742c113273fa30f5fa01cabd3989f73ce752ad7a08b6923c66fff5d8569ec48da652e0c26f4e4242194f6c4b761697d319c95a07b3fbc3a2d631958", 0xdd}], 0x4, 0x0, 0x0, 0x40}, 0x4041) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000007c0)={'ip_vti0\x00', 0x4000}) r6 = getpid() ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000800)=0x1) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000840)=0x7) perf_event_open(&(0x7f0000000880)={0x4, 0x80, 0x5, 0x6, 0xf6, 0x5b, 0x0, 0x1, 0x2062, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8001}, 0x102901, 0x8d3, 0x8, 0x4, 0xff, 0x3f, 0x0, 0x0, 0xf5416bd, 0x0, 0x33c5f7ca}, r1, 0x8, r3, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000900)={'dvmrp0\x00', 0x1000}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000940)='syz1\x00', 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000980)='cpu.stat\x00', 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000009c0)={'veth0_to_bond\x00', 0x4000}) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000a00)={r8}, 0x8) write$cgroup_int(r9, &(0x7f0000000a40)=0x81, 0x12) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000a80)={'netpci0\x00', 0x1}) ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000000b00)={0x4, &(0x7f0000000ac0)=[{0x2, 0x5, 0x0, 0x81}, {0x2, 0x1, 0xb2, 0x9}, {0xbd, 0x2c, 0x7f, 0x6}, {0x1, 0x20, 0x3f, 0xfffffffc}]}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e40)={0xffffffffffffffff, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000b80)=[0x0], &(0x7f0000000bc0)=[0x0, 0x0], 0x0, 0x8c, &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000c80), &(0x7f0000000cc0), 0x8, 0x28, 0x8, 0x8, &(0x7f0000000d00)}}, 0x10) ioctl$TUNSETIFINDEX(r9, 0x400454da, &(0x7f0000000e80)=r10) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000f00)={0x2, &(0x7f0000000ec0)=[{0x1, 0x5, 0x7f, 0x7}, {0xfff, 0x6, 0x5, 0xffffffff}]}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000f40)={'hsr0\x00', 0x200}) ioctl$TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000000f80)=0x7) perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x5, 0x7, 0x81, 0x0, 0x0, 0x9, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80000000, 0x4, @perf_config_ext={0x3f, 0x3ff}, 0xc05, 0x1, 0x9, 0x0, 0x5ba6, 0x5, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffff16}, r6, 0x9, r3, 0x1) 22:26:43 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) 22:26:43 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0185879, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) [ 339.931222][T20540] FAULT_INJECTION: forcing a failure. [ 339.931222][T20540] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 339.958108][T20540] CPU: 1 PID: 20540 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 339.968270][T20540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 339.978861][T20540] Call Trace: [ 339.981983][T20540] [ 339.984761][T20540] dump_stack_lvl+0x151/0x1b7 [ 339.989271][T20540] ? io_uring_drop_tctx_refs+0x190/0x190 [ 339.994743][T20540] dump_stack+0x15/0x17 [ 339.998730][T20540] should_fail+0x3c6/0x510 [ 340.002988][T20540] should_fail_alloc_page+0x5a/0x80 [ 340.008023][T20540] prepare_alloc_pages+0x15c/0x700 [ 340.012967][T20540] ? __alloc_pages+0x8f0/0x8f0 [ 340.017567][T20540] ? __alloc_pages_bulk+0xe40/0xe40 [ 340.022607][T20540] ? sched_clock+0x9/0x10 [ 340.026769][T20540] __alloc_pages+0x18c/0x8f0 [ 340.031200][T20540] ? prep_new_page+0x110/0x110 [ 340.035794][T20540] ? 0xffffffffa002c000 [ 340.039785][T20540] ? is_bpf_text_address+0x172/0x190 [ 340.044912][T20540] pte_alloc_one+0x73/0x1b0 [ 340.049347][T20540] ? pfn_modify_allowed+0x2f0/0x2f0 [ 340.054371][T20540] ? arch_stack_walk+0xf3/0x140 [ 340.059052][T20540] __pte_alloc+0x86/0x350 [ 340.063222][T20540] ? free_pgtables+0x280/0x280 [ 340.067819][T20540] ? _raw_spin_lock+0xa4/0x1b0 [ 340.072421][T20540] ? __kasan_check_write+0x14/0x20 [ 340.077373][T20540] copy_page_range+0x28a8/0x2f90 [ 340.082144][T20540] ? __kasan_slab_alloc+0xb1/0xe0 [ 340.087006][T20540] ? pfn_valid+0x1e0/0x1e0 [ 340.091263][T20540] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 340.096808][T20540] ? __rb_insert_augmented+0x5de/0x610 [ 340.102123][T20540] copy_mm+0xc7e/0x13e0 [ 340.106096][T20540] ? copy_signal+0x610/0x610 [ 340.110520][T20540] ? __init_rwsem+0xd6/0x1c0 [ 340.114954][T20540] ? copy_signal+0x4e3/0x610 [ 340.119379][T20540] copy_process+0x1149/0x3290 [ 340.123890][T20540] ? proc_fail_nth_write+0x20b/0x290 22:26:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000940)='rose0\x00'}, 0x30) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c40)={r3, 0x20, &(0x7f0000000c00)={&(0x7f0000003380)=""/4096, 0x1000, 0x0, &(0x7f0000000b80)=""/92, 0x5c}}, 0x10) r4 = getpid() r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r5, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e26}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x20}, 0x0) sendmsg$unix(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)="803c8152933b85de7f505dd6584c8d94d1c95881cf8e0701a5a3018937f358cef053e5f19b904811b11d963ffdc3276293cc599412a21e3546705a153ab63a05678f616e3220d1865259c2c1b42c96c7a1e934626da1e0f322b8c0ea5df81a7441", 0x61}, {&(0x7f00000009c0)="f69aa4e3108452ccfa8bfdc9fa154143341db62a3d94e062ecdbde841adff9195d49fb841bb199a064c9c6c7c491e4fd6e963a88815fc0eea043d50386f99d95e20ae8dc2e8df9ad446ef6e8955222cd48bd3649032bba40ac28486d72fa01220a105bcf937896e992f300ebc0f172773888d6f4e709fc4e6c1b6c9384a51cbd12289157306c003d9e86b469dc9784d58fe42cdcfe4cb901ca4724825bd66d32b07a81df2f18ec70ac60b7fcb96752b46d7080477d410fcfbd70d678ecb4256e87a06bc158a7ae521545388f17ce9c221ddf8960576e", 0xd6}, {&(0x7f0000001f80)="e600538694dd8667e6b3097c4efc28e8768389c8df9152cf27171ed83100670519307df4a120701dca9f40961f91d9b5ebb937319d3986b19e46748c24344092667cdc9f7f017796220272e9212ec58aaebe627944b0d5a3dc65b4ae3b5083d0d30e3dd1b72c8effb7a1a528ca2694346ad4dff2b9b227b46cd96337813e42ce79ff841a6ea39b035ec885b389a83bcc15022b98ea718b41fefadd41fd5b171325e5b57220387f896a0f814fba12a2c75bb47327515b3d55865749264ce8cc697e3ec032bbb5eccce43a28f4d3a23ca1ea5c2f6403c86a0ad02442291b66175488eda89601d634bc859ea3ecc8b38ca560dc1396a16c", 0xf6}, {&(0x7f00000003c0)="5383e04545e96380c7b8cb98202f5d", 0xf}], 0x4, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xffffffffffffffff, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x60, 0x4040}, 0x40000) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r7, &(0x7f0000000000), 0x248800) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001780)={0xffffffffffffffff}) r9 = getpid() r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) perf_event_open(&(0x7f00000007c0)={0x0, 0x80, 0x9, 0x5, 0x1, 0x2, 0x0, 0x8797, 0xa1310, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000680), 0x7}, 0x80, 0x36eafc62, 0x1, 0x1, 0x2, 0x7, 0x9, 0x0, 0x7, 0x0, 0x81}, r9, 0xf, r10, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r11, &(0x7f0000000040)={&(0x7f0000000dc0)=@abs, 0x6e, &(0x7f0000001580)=[{&(0x7f0000000e40)=""/238, 0xee}, {&(0x7f0000000f40)=""/120, 0x78}, {&(0x7f0000000fc0)=""/221, 0xdd}, {&(0x7f00000010c0)=""/75, 0x4b}, {&(0x7f0000001140)=""/131, 0x83}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/251, 0xfb}, {&(0x7f0000001480)=""/215, 0xd7}], 0x8, &(0x7f0000001640)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x1ffee89e357be4af) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001880)={0xffffffffffffffff}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000018c0)={r24, 0xffffffffffffffff}, 0x4) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000001700)="81d998a0583d7afc2b9fb56e8c747cb040df20aa74e7cef60bc7df6cc6d8923691331b49a79ca4ab2085b2b05085d84baca34ffae1ae0cb4f37c5626e712584a1a7e7c4e7b", 0x45}, {&(0x7f00000002c0)="fcc7140c58ca0f8f3450209d401c4ff237ea2698d64cc3f07339d12063e1f630263d4a5ac8bb3d9d0ae143", 0x2b}], 0x2, &(0x7f0000001940)=[@cred={{0x1c, 0x1, 0x2, {r12, r13, r14}}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [r17]}}, @rights={{0x2c, 0x1, 0x1, [r16, r25, r22, r21, r15, r11, r18]}}, @rights={{0x24, 0x1, 0x1, [r24, r27, r26, r28, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r23, r16, r20, r26, r19]}}], 0xc8}, 0x0) r29 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r29, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r30}}}], 0x20}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001900)={&(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000080)="b60e0cffc23abdbd88cb32e62103ac2f71267c520fc69d", 0x17}, {&(0x7f0000000200)="1b7b170321bf728e9fea284e5bc1a7678c3fc2ee1d31c68036ed118265ab91d2e04f3f5341e13bfb951b0068ae2a4788d4b7259186fdab02dd08545b917f33c96acb9aa8efe6034a10b49ad650c671ac595e1bbdf2ecbb9b4ff49eef5625826073e93ba450e1e139d72776621287250e3d3ecec82cc5c2085a060efa2ae4bd6b578078f4cd407cc48731e18a34facf779075a379c75e5c7094b9c50e63d29ab446488ad4e20d6e3f0b52613994c4bfed786c683a3617384c78c74cc42a21d37d506fafa3604c4f", 0xc7}, {&(0x7f0000000300)="22e5c3fab0e62317227bd385b2d29e5ffee469db94fb0ac26399c6ecb638e0b371a75c840618572ae15a4889691300a7b8522d9c956a5cc4bc171c9e78c49a66ca52fbf0edb791c9eb7bdf2f1358b769c9569b841b2f1ebae809c2f85541663a97a55b6bdbc66da46bbfbe09ff28799aea883e64614f8f81c58b3e50ef18fa1e5f43580cf8337e1db303ea15a9f6993032c71dfd15c2118326d4fd3d21ef1e", 0x9f}, {&(0x7f0000000400)="d9389ce6de3871b0f521ba303f626b8638165f4daf597e3d4d027f6e03c00dddd99e9c643b8679c57c5e52c6f09ced0eb577adae551b0b79bb589a45a756a007c8095d15aeaafff1e4052f1b6bf4b99a1cf22628a187e8481f6e8c46d32cb484967b54d4f7b3640ca971e67d60faf7ffac3d5a4f140c93e12b4e85302f0854d65d42c9382676e154a58ea59313279142110d4459c1c9cb", 0x97}, {&(0x7f00000004c0)="7ec57585250d58ec0ce43817de6d90dab44cf0f2ebbabb6f996513864c37eca4fcb1007b4ad582eefbaa891f84841621d573e0ec6d890141b24793b5897ed675170b283bd4a846c62f9336b08572bbb0766c6a09e4fd1490d414af9520d5c35da448e0c17f8d89c465a201d3724405c4bd57dd305e31426a0b7d351d8cb292311c4f4c40ca1ab1809e3404d5eb043bf904", 0x91}, {&(0x7f0000000580)="1b9f5d0d680630d62f68ac80a8627b8a723ed42724070d70d9fd6576f3ea3a4645f62c4b69d1ffe94e4fd3c63f0742e256cc21420064666f4f150ee177e64de226de6953e7ab546fa7314c26366eaf41852cfa7cb4ebc5b8", 0x58}], 0x6, &(0x7f00000017c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, r6}}}, @rights={{0x20, 0x1, 0x1, [r1, r2, r0, r7]}}, @rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r9, r13}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, r30}}}], 0x130, 0xc0}, 0x4000) r31 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r31, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r31, 0x4010744d, 0x20000000) [ 340.129538][T20540] ? fsnotify_perm+0x6a/0x5d0 [ 340.134041][T20540] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 340.138987][T20540] ? vfs_write+0x9ec/0x1110 [ 340.143328][T20540] kernel_clone+0x21e/0x9e0 [ 340.147672][T20540] ? file_end_write+0x1c0/0x1c0 [ 340.152357][T20540] ? create_io_thread+0x1e0/0x1e0 [ 340.157214][T20540] ? mutex_unlock+0xb2/0x260 [ 340.161816][T20540] ? __mutex_lock_slowpath+0x10/0x10 [ 340.166938][T20540] __x64_sys_clone+0x23f/0x290 [ 340.171539][T20540] ? __do_sys_vfork+0x130/0x130 [ 340.176229][T20540] ? ksys_write+0x260/0x2c0 [ 340.180564][T20540] ? debug_smp_processor_id+0x17/0x20 [ 340.185770][T20540] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 340.191675][T20540] ? exit_to_user_mode_prepare+0x39/0xa0 [ 340.197139][T20540] do_syscall_64+0x3d/0xb0 [ 340.201390][T20540] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 340.207121][T20540] RIP: 0033:0x7f8118545da9 [ 340.211372][T20540] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 340.230813][T20540] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 340.239064][T20540] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 340.246868][T20540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 340.254682][T20540] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 340.262491][T20540] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 340.270303][T20540] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 340.278122][T20540] 22:26:43 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0185879, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0185879, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='\x00') (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async) 22:26:43 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) 22:26:43 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg\x00'}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0x0, 0x85, 0x8}, {0x3, 0x4, 0x32, 0x10001}, {0x7ff, 0x6, 0xca, 0xffffffff}]}) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{0x3, 0x3f, 0x7f, 0xdfc0}, {0x3d, 0x1, 0x3, 0x6a21}, {0x5, 0x0, 0x3, 0x5}, {0xfffe, 0x81, 0x7, 0x7f}, {0xff, 0xd, 0xc4, 0x800}, {0x400, 0xe8, 0xa7}, {0x3800, 0x9, 0x9f, 0x2}]}) (async) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x54, 0x31, 0x1, 0x9, 0x0, 0x0, 0x8802, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x81, 0xffffffffffffff6c}, 0x10000, 0xaef, 0x2, 0x3, 0xff, 0xffffffff, 0x401, 0x0, 0xdc35, 0x0, 0x7}, r1, 0x9, 0xffffffffffffffff, 0x8) r3 = perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x3f, 0xfe, 0x9, 0x73, 0x0, 0x401, 0x20010, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x80, 0x0, @perf_config_ext={0x33808000000000, 0x6}, 0x400, 0x8, 0x8, 0x9, 0x0, 0x80, 0x8bc, 0x0, 0x3, 0x0, 0xde}, r1, 0x5, r2, 0x9) r4 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x14, 0x7, 0x3f, 0x8, 0x0, 0x0, 0x80, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xae, 0x2, @perf_bp={&(0x7f0000000280), 0xb}, 0x953, 0x8, 0x7, 0x2, 0x101, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x5}, r1, 0xb, r3, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$unix(r5, &(0x7f0000000780)={&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)="a232b0c1cd9bd3067c924bdac6665fcd30b6da5900f5f55336ae1914ab583861e334b889370b15db4b3a9d564c22f3f2b4490f865140778f68e29e6b46e168a9473ad0780bc56759acce23babe3cb97ea78b9d901778aa60ac41e8ad8dfeead4d34328083b14d9399d2f0f6c", 0x6c}, {&(0x7f0000000480)="21fb74d00faab0518cd3116b97f52ff70a12eea64d5a615bd788dfb628f64bf57214e0d3fd85251d45cd41040961e292b78ee778c526d887ee9ed374f2dd19ffe42b59447500bf6d8df5463521a3fcbdd9b7494ca011ae2dc9d23be0200de055ea83d4133923df465ac116c068d3f566d69dc99bc98dc0c59a0da4223d83dae19f8e6ba323b6d1286fb033c6cb4b9139dc0540eec657d612dff850903f7b30e806cf3d977c2e9221895e8bb72db867389e0f64a2d0140ce13cb79959f760533908c1e9d220a0ef2b7e608ac3775a2fb0e74919a5d4d1f3a8c1205d1139ca772880b1664baa1afd9aafea801e2f5c8b58b0471947e7a5256a1e74", 0xfa}, {&(0x7f0000000580)="4d3cf6f126a28f3d94468d82ff7661f3ba744187433f1a11974b7055a8d77a31bf955bd48f2810e66c3ff2a5aaba6c9be70cc19728dfe8e4db083f06f2b7a00e3c1f11e1f88cbbafde28cc4e2230d88b801ec0c65c536ea72b7b5c90701766c66914fa17cc29732c41b755560d1ac2c7940cf7f476f814a2acddcdd886c41ff4b0aba68156c871452d", 0x89}, {&(0x7f0000000640)="7cc40aea4dab1b09cffafd57a1ee235771375ed910d7a298d543d9e01844ae259435155fc25645583c9c9857d7e6660f39207b9cdb9197f2deb47851692d415fdf26ca4e286eb7263eca8a6aa647818252292feb10b4e5fda2b929a8a336b31b8ed62e66ec8be4cbb261281945ee041642355be596bc588967217347dc9a78a1cd8e42f4e2859eda25de2bc748aa21d9bc9cccae15ae67f6d052c66c510fdbd9384742c113273fa30f5fa01cabd3989f73ce752ad7a08b6923c66fff5d8569ec48da652e0c26f4e4242194f6c4b761697d319c95a07b3fbc3a2d631958", 0xdd}], 0x4, 0x0, 0x0, 0x40}, 0x4041) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000007c0)={'ip_vti0\x00', 0x4000}) (async) r6 = getpid() (async) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000800)=0x1) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000840)=0x7) (async) perf_event_open(&(0x7f0000000880)={0x4, 0x80, 0x5, 0x6, 0xf6, 0x5b, 0x0, 0x1, 0x2062, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8001}, 0x102901, 0x8d3, 0x8, 0x4, 0xff, 0x3f, 0x0, 0x0, 0xf5416bd, 0x0, 0x33c5f7ca}, r1, 0x8, r3, 0x0) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000900)={'dvmrp0\x00', 0x1000}) (async) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) (async) r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000940)='syz1\x00', 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000980)='cpu.stat\x00', 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000009c0)={'veth0_to_bond\x00', 0x4000}) (async) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000a00)={r8}, 0x8) write$cgroup_int(r9, &(0x7f0000000a40)=0x81, 0x12) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000a80)={'netpci0\x00', 0x1}) (async) ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000000b00)={0x4, &(0x7f0000000ac0)=[{0x2, 0x5, 0x0, 0x81}, {0x2, 0x1, 0xb2, 0x9}, {0xbd, 0x2c, 0x7f, 0x6}, {0x1, 0x20, 0x3f, 0xfffffffc}]}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e40)={0xffffffffffffffff, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000b80)=[0x0], &(0x7f0000000bc0)=[0x0, 0x0], 0x0, 0x8c, &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000c80), &(0x7f0000000cc0), 0x8, 0x28, 0x8, 0x8, &(0x7f0000000d00)}}, 0x10) ioctl$TUNSETIFINDEX(r9, 0x400454da, &(0x7f0000000e80)=r10) (async) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000f00)={0x2, &(0x7f0000000ec0)=[{0x1, 0x5, 0x7f, 0x7}, {0xfff, 0x6, 0x5, 0xffffffff}]}) (async) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000f40)={'hsr0\x00', 0x200}) ioctl$TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000000f80)=0x7) (async) perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x5, 0x7, 0x81, 0x0, 0x0, 0x9, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80000000, 0x4, @perf_config_ext={0x3f, 0x3ff}, 0xc05, 0x1, 0x9, 0x0, 0x5ba6, 0x5, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffff16}, r6, 0x9, r3, 0x1) 22:26:43 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc0185879, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='\x00') (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) [ 340.379180][T20559] FAULT_INJECTION: forcing a failure. [ 340.379180][T20559] name failslab, interval 1, probability 0, space 0, times 0 22:26:43 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuacct.stat\x00', 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000b40)={r1}, 0x8) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESDEC=0x0], 0x7ab6) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000440)='blkio.bfq.idle_time\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='devices.list\x00', 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x7fff, 0x0, 0xffffffffffffffff, 0x2c84, '\x00', 0x0, r3, 0x0, 0x2, 0x2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='gpio_direction\x00'}, 0x10) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa30}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) syz_clone(0xe0920400, 0x0, 0x0, 0x0, 0x0, 0x0) [ 340.430818][T20559] CPU: 1 PID: 20559 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 340.440977][T20559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 340.450876][T20559] Call Trace: [ 340.453997][T20559] [ 340.456772][T20559] dump_stack_lvl+0x151/0x1b7 [ 340.461288][T20559] ? io_uring_drop_tctx_refs+0x190/0x190 [ 340.466754][T20559] dump_stack+0x15/0x17 [ 340.470744][T20559] should_fail+0x3c6/0x510 [ 340.475002][T20559] __should_failslab+0xa4/0xe0 [ 340.479602][T20559] ? vm_area_dup+0x26/0x230 [ 340.483943][T20559] should_failslab+0x9/0x20 [ 340.488280][T20559] slab_pre_alloc_hook+0x37/0xd0 [ 340.493052][T20559] ? vm_area_dup+0x26/0x230 [ 340.497390][T20559] kmem_cache_alloc+0x44/0x200 [ 340.501996][T20559] vm_area_dup+0x26/0x230 [ 340.506161][T20559] copy_mm+0x9a1/0x13e0 [ 340.510161][T20559] ? copy_signal+0x610/0x610 [ 340.514579][T20559] ? __init_rwsem+0xd6/0x1c0 [ 340.519004][T20559] ? copy_signal+0x4e3/0x610 [ 340.523430][T20559] copy_process+0x1149/0x3290 [ 340.527944][T20559] ? proc_fail_nth_write+0x20b/0x290 [ 340.533066][T20559] ? fsnotify_perm+0x6a/0x5d0 [ 340.537577][T20559] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 340.542529][T20559] ? vfs_write+0x9ec/0x1110 [ 340.546875][T20559] kernel_clone+0x21e/0x9e0 [ 340.551202][T20559] ? file_end_write+0x1c0/0x1c0 [ 340.555909][T20559] ? create_io_thread+0x1e0/0x1e0 [ 340.560748][T20559] ? mutex_unlock+0xb2/0x260 [ 340.565178][T20559] ? __mutex_lock_slowpath+0x10/0x10 [ 340.570299][T20559] __x64_sys_clone+0x23f/0x290 [ 340.574897][T20559] ? __do_sys_vfork+0x130/0x130 [ 340.579584][T20559] ? ksys_write+0x260/0x2c0 [ 340.583925][T20559] ? debug_smp_processor_id+0x17/0x20 [ 340.589179][T20559] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 340.595053][T20559] ? exit_to_user_mode_prepare+0x39/0xa0 [ 340.600500][T20559] do_syscall_64+0x3d/0xb0 [ 340.604755][T20559] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 340.610480][T20559] RIP: 0033:0x7f8118545da9 [ 340.614736][T20559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 340.634178][T20559] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 340.642511][T20559] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 340.650329][T20559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 340.658155][T20559] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 340.665942][T20559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 340.673754][T20559] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 22:26:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000940)='rose0\x00'}, 0x30) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c40)={r3, 0x20, &(0x7f0000000c00)={&(0x7f0000003380)=""/4096, 0x1000, 0x0, &(0x7f0000000b80)=""/92, 0x5c}}, 0x10) r4 = getpid() (async, rerun: 32) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async, rerun: 32) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r5, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e26}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x20}, 0x0) (async) sendmsg$unix(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)="803c8152933b85de7f505dd6584c8d94d1c95881cf8e0701a5a3018937f358cef053e5f19b904811b11d963ffdc3276293cc599412a21e3546705a153ab63a05678f616e3220d1865259c2c1b42c96c7a1e934626da1e0f322b8c0ea5df81a7441", 0x61}, {&(0x7f00000009c0)="f69aa4e3108452ccfa8bfdc9fa154143341db62a3d94e062ecdbde841adff9195d49fb841bb199a064c9c6c7c491e4fd6e963a88815fc0eea043d50386f99d95e20ae8dc2e8df9ad446ef6e8955222cd48bd3649032bba40ac28486d72fa01220a105bcf937896e992f300ebc0f172773888d6f4e709fc4e6c1b6c9384a51cbd12289157306c003d9e86b469dc9784d58fe42cdcfe4cb901ca4724825bd66d32b07a81df2f18ec70ac60b7fcb96752b46d7080477d410fcfbd70d678ecb4256e87a06bc158a7ae521545388f17ce9c221ddf8960576e", 0xd6}, {&(0x7f0000001f80)="e600538694dd8667e6b3097c4efc28e8768389c8df9152cf27171ed83100670519307df4a120701dca9f40961f91d9b5ebb937319d3986b19e46748c24344092667cdc9f7f017796220272e9212ec58aaebe627944b0d5a3dc65b4ae3b5083d0d30e3dd1b72c8effb7a1a528ca2694346ad4dff2b9b227b46cd96337813e42ce79ff841a6ea39b035ec885b389a83bcc15022b98ea718b41fefadd41fd5b171325e5b57220387f896a0f814fba12a2c75bb47327515b3d55865749264ce8cc697e3ec032bbb5eccce43a28f4d3a23ca1ea5c2f6403c86a0ad02442291b66175488eda89601d634bc859ea3ecc8b38ca560dc1396a16c", 0xf6}, {&(0x7f00000003c0)="5383e04545e96380c7b8cb98202f5d", 0xf}], 0x4, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xffffffffffffffff, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x60, 0x4040}, 0x40000) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r7, &(0x7f0000000000), 0x248800) (async, rerun: 64) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001780)={0xffffffffffffffff}) (rerun: 64) r9 = getpid() (async) r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) perf_event_open(&(0x7f00000007c0)={0x0, 0x80, 0x9, 0x5, 0x1, 0x2, 0x0, 0x8797, 0xa1310, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000680), 0x7}, 0x80, 0x36eafc62, 0x1, 0x1, 0x2, 0x7, 0x9, 0x0, 0x7, 0x0, 0x81}, r9, 0xf, r10, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r11, &(0x7f0000000040)={&(0x7f0000000dc0)=@abs, 0x6e, &(0x7f0000001580)=[{&(0x7f0000000e40)=""/238, 0xee}, {&(0x7f0000000f40)=""/120, 0x78}, {&(0x7f0000000fc0)=""/221, 0xdd}, {&(0x7f00000010c0)=""/75, 0x4b}, {&(0x7f0000001140)=""/131, 0x83}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/251, 0xfb}, {&(0x7f0000001480)=""/215, 0xd7}], 0x8, &(0x7f0000001640)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x1ffee89e357be4af) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001880)={0xffffffffffffffff}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000018c0)={r24, 0xffffffffffffffff}, 0x4) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000001700)="81d998a0583d7afc2b9fb56e8c747cb040df20aa74e7cef60bc7df6cc6d8923691331b49a79ca4ab2085b2b05085d84baca34ffae1ae0cb4f37c5626e712584a1a7e7c4e7b", 0x45}, {&(0x7f00000002c0)="fcc7140c58ca0f8f3450209d401c4ff237ea2698d64cc3f07339d12063e1f630263d4a5ac8bb3d9d0ae143", 0x2b}], 0x2, &(0x7f0000001940)=[@cred={{0x1c, 0x1, 0x2, {r12, r13, r14}}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [r17]}}, @rights={{0x2c, 0x1, 0x1, [r16, r25, r22, r21, r15, r11, r18]}}, @rights={{0x24, 0x1, 0x1, [r24, r27, r26, r28, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r23, r16, r20, r26, r19]}}], 0xc8}, 0x0) (async) r29 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r29, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r30}}}], 0x20}, 0x0) (async) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001900)={&(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000080)="b60e0cffc23abdbd88cb32e62103ac2f71267c520fc69d", 0x17}, {&(0x7f0000000200)="1b7b170321bf728e9fea284e5bc1a7678c3fc2ee1d31c68036ed118265ab91d2e04f3f5341e13bfb951b0068ae2a4788d4b7259186fdab02dd08545b917f33c96acb9aa8efe6034a10b49ad650c671ac595e1bbdf2ecbb9b4ff49eef5625826073e93ba450e1e139d72776621287250e3d3ecec82cc5c2085a060efa2ae4bd6b578078f4cd407cc48731e18a34facf779075a379c75e5c7094b9c50e63d29ab446488ad4e20d6e3f0b52613994c4bfed786c683a3617384c78c74cc42a21d37d506fafa3604c4f", 0xc7}, {&(0x7f0000000300)="22e5c3fab0e62317227bd385b2d29e5ffee469db94fb0ac26399c6ecb638e0b371a75c840618572ae15a4889691300a7b8522d9c956a5cc4bc171c9e78c49a66ca52fbf0edb791c9eb7bdf2f1358b769c9569b841b2f1ebae809c2f85541663a97a55b6bdbc66da46bbfbe09ff28799aea883e64614f8f81c58b3e50ef18fa1e5f43580cf8337e1db303ea15a9f6993032c71dfd15c2118326d4fd3d21ef1e", 0x9f}, {&(0x7f0000000400)="d9389ce6de3871b0f521ba303f626b8638165f4daf597e3d4d027f6e03c00dddd99e9c643b8679c57c5e52c6f09ced0eb577adae551b0b79bb589a45a756a007c8095d15aeaafff1e4052f1b6bf4b99a1cf22628a187e8481f6e8c46d32cb484967b54d4f7b3640ca971e67d60faf7ffac3d5a4f140c93e12b4e85302f0854d65d42c9382676e154a58ea59313279142110d4459c1c9cb", 0x97}, {&(0x7f00000004c0)="7ec57585250d58ec0ce43817de6d90dab44cf0f2ebbabb6f996513864c37eca4fcb1007b4ad582eefbaa891f84841621d573e0ec6d890141b24793b5897ed675170b283bd4a846c62f9336b08572bbb0766c6a09e4fd1490d414af9520d5c35da448e0c17f8d89c465a201d3724405c4bd57dd305e31426a0b7d351d8cb292311c4f4c40ca1ab1809e3404d5eb043bf904", 0x91}, {&(0x7f0000000580)="1b9f5d0d680630d62f68ac80a8627b8a723ed42724070d70d9fd6576f3ea3a4645f62c4b69d1ffe94e4fd3c63f0742e256cc21420064666f4f150ee177e64de226de6953e7ab546fa7314c26366eaf41852cfa7cb4ebc5b8", 0x58}], 0x6, &(0x7f00000017c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, r6}}}, @rights={{0x20, 0x1, 0x1, [r1, r2, r0, r7]}}, @rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r9, r13}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, r30}}}], 0x130, 0xc0}, 0x4000) (async, rerun: 64) r31 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (rerun: 64) ioctl$TUNSETOFFLOAD(r31, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r31, 0x4010744d, 0x20000000) [ 340.681573][T20559] 22:26:43 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg\x00'}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0x0, 0x85, 0x8}, {0x3, 0x4, 0x32, 0x10001}, {0x7ff, 0x6, 0xca, 0xffffffff}]}) (async) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0x0, 0x85, 0x8}, {0x3, 0x4, 0x32, 0x10001}, {0x7ff, 0x6, 0xca, 0xffffffff}]}) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{0x3, 0x3f, 0x7f, 0xdfc0}, {0x3d, 0x1, 0x3, 0x6a21}, {0x5, 0x0, 0x3, 0x5}, {0xfffe, 0x81, 0x7, 0x7f}, {0xff, 0xd, 0xc4, 0x800}, {0x400, 0xe8, 0xa7}, {0x3800, 0x9, 0x9f, 0x2}]}) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x54, 0x31, 0x1, 0x9, 0x0, 0x0, 0x8802, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x81, 0xffffffffffffff6c}, 0x10000, 0xaef, 0x2, 0x3, 0xff, 0xffffffff, 0x401, 0x0, 0xdc35, 0x0, 0x7}, r1, 0x9, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x3f, 0xfe, 0x9, 0x73, 0x0, 0x401, 0x20010, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x80, 0x0, @perf_config_ext={0x33808000000000, 0x6}, 0x400, 0x8, 0x8, 0x9, 0x0, 0x80, 0x8bc, 0x0, 0x3, 0x0, 0xde}, r1, 0x5, r2, 0x9) (async) r3 = perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x3f, 0xfe, 0x9, 0x73, 0x0, 0x401, 0x20010, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x80, 0x0, @perf_config_ext={0x33808000000000, 0x6}, 0x400, 0x8, 0x8, 0x9, 0x0, 0x80, 0x8bc, 0x0, 0x3, 0x0, 0xde}, r1, 0x5, r2, 0x9) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x14, 0x7, 0x3f, 0x8, 0x0, 0x0, 0x80, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xae, 0x2, @perf_bp={&(0x7f0000000280), 0xb}, 0x953, 0x8, 0x7, 0x2, 0x101, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x5}, r1, 0xb, r3, 0x1) (async) r4 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x14, 0x7, 0x3f, 0x8, 0x0, 0x0, 0x80, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xae, 0x2, @perf_bp={&(0x7f0000000280), 0xb}, 0x953, 0x8, 0x7, 0x2, 0x101, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x5}, r1, 0xb, r3, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$unix(r5, &(0x7f0000000780)={&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)="a232b0c1cd9bd3067c924bdac6665fcd30b6da5900f5f55336ae1914ab583861e334b889370b15db4b3a9d564c22f3f2b4490f865140778f68e29e6b46e168a9473ad0780bc56759acce23babe3cb97ea78b9d901778aa60ac41e8ad8dfeead4d34328083b14d9399d2f0f6c", 0x6c}, {&(0x7f0000000480)="21fb74d00faab0518cd3116b97f52ff70a12eea64d5a615bd788dfb628f64bf57214e0d3fd85251d45cd41040961e292b78ee778c526d887ee9ed374f2dd19ffe42b59447500bf6d8df5463521a3fcbdd9b7494ca011ae2dc9d23be0200de055ea83d4133923df465ac116c068d3f566d69dc99bc98dc0c59a0da4223d83dae19f8e6ba323b6d1286fb033c6cb4b9139dc0540eec657d612dff850903f7b30e806cf3d977c2e9221895e8bb72db867389e0f64a2d0140ce13cb79959f760533908c1e9d220a0ef2b7e608ac3775a2fb0e74919a5d4d1f3a8c1205d1139ca772880b1664baa1afd9aafea801e2f5c8b58b0471947e7a5256a1e74", 0xfa}, {&(0x7f0000000580)="4d3cf6f126a28f3d94468d82ff7661f3ba744187433f1a11974b7055a8d77a31bf955bd48f2810e66c3ff2a5aaba6c9be70cc19728dfe8e4db083f06f2b7a00e3c1f11e1f88cbbafde28cc4e2230d88b801ec0c65c536ea72b7b5c90701766c66914fa17cc29732c41b755560d1ac2c7940cf7f476f814a2acddcdd886c41ff4b0aba68156c871452d", 0x89}, {&(0x7f0000000640)="7cc40aea4dab1b09cffafd57a1ee235771375ed910d7a298d543d9e01844ae259435155fc25645583c9c9857d7e6660f39207b9cdb9197f2deb47851692d415fdf26ca4e286eb7263eca8a6aa647818252292feb10b4e5fda2b929a8a336b31b8ed62e66ec8be4cbb261281945ee041642355be596bc588967217347dc9a78a1cd8e42f4e2859eda25de2bc748aa21d9bc9cccae15ae67f6d052c66c510fdbd9384742c113273fa30f5fa01cabd3989f73ce752ad7a08b6923c66fff5d8569ec48da652e0c26f4e4242194f6c4b761697d319c95a07b3fbc3a2d631958", 0xdd}], 0x4, 0x0, 0x0, 0x40}, 0x4041) (async) sendmsg$unix(r5, &(0x7f0000000780)={&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)="a232b0c1cd9bd3067c924bdac6665fcd30b6da5900f5f55336ae1914ab583861e334b889370b15db4b3a9d564c22f3f2b4490f865140778f68e29e6b46e168a9473ad0780bc56759acce23babe3cb97ea78b9d901778aa60ac41e8ad8dfeead4d34328083b14d9399d2f0f6c", 0x6c}, {&(0x7f0000000480)="21fb74d00faab0518cd3116b97f52ff70a12eea64d5a615bd788dfb628f64bf57214e0d3fd85251d45cd41040961e292b78ee778c526d887ee9ed374f2dd19ffe42b59447500bf6d8df5463521a3fcbdd9b7494ca011ae2dc9d23be0200de055ea83d4133923df465ac116c068d3f566d69dc99bc98dc0c59a0da4223d83dae19f8e6ba323b6d1286fb033c6cb4b9139dc0540eec657d612dff850903f7b30e806cf3d977c2e9221895e8bb72db867389e0f64a2d0140ce13cb79959f760533908c1e9d220a0ef2b7e608ac3775a2fb0e74919a5d4d1f3a8c1205d1139ca772880b1664baa1afd9aafea801e2f5c8b58b0471947e7a5256a1e74", 0xfa}, {&(0x7f0000000580)="4d3cf6f126a28f3d94468d82ff7661f3ba744187433f1a11974b7055a8d77a31bf955bd48f2810e66c3ff2a5aaba6c9be70cc19728dfe8e4db083f06f2b7a00e3c1f11e1f88cbbafde28cc4e2230d88b801ec0c65c536ea72b7b5c90701766c66914fa17cc29732c41b755560d1ac2c7940cf7f476f814a2acddcdd886c41ff4b0aba68156c871452d", 0x89}, {&(0x7f0000000640)="7cc40aea4dab1b09cffafd57a1ee235771375ed910d7a298d543d9e01844ae259435155fc25645583c9c9857d7e6660f39207b9cdb9197f2deb47851692d415fdf26ca4e286eb7263eca8a6aa647818252292feb10b4e5fda2b929a8a336b31b8ed62e66ec8be4cbb261281945ee041642355be596bc588967217347dc9a78a1cd8e42f4e2859eda25de2bc748aa21d9bc9cccae15ae67f6d052c66c510fdbd9384742c113273fa30f5fa01cabd3989f73ce752ad7a08b6923c66fff5d8569ec48da652e0c26f4e4242194f6c4b761697d319c95a07b3fbc3a2d631958", 0xdd}], 0x4, 0x0, 0x0, 0x40}, 0x4041) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000007c0)={'ip_vti0\x00', 0x4000}) r6 = getpid() ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000800)=0x1) (async) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000800)=0x1) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000840)=0x7) perf_event_open(&(0x7f0000000880)={0x4, 0x80, 0x5, 0x6, 0xf6, 0x5b, 0x0, 0x1, 0x2062, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8001}, 0x102901, 0x8d3, 0x8, 0x4, 0xff, 0x3f, 0x0, 0x0, 0xf5416bd, 0x0, 0x33c5f7ca}, r1, 0x8, r3, 0x0) (async) perf_event_open(&(0x7f0000000880)={0x4, 0x80, 0x5, 0x6, 0xf6, 0x5b, 0x0, 0x1, 0x2062, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8001}, 0x102901, 0x8d3, 0x8, 0x4, 0xff, 0x3f, 0x0, 0x0, 0xf5416bd, 0x0, 0x33c5f7ca}, r1, 0x8, r3, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000900)={'dvmrp0\x00', 0x1000}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000940)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r7, &(0x7f0000000980)='cpu.stat\x00', 0x0, 0x0) (async) r8 = openat$cgroup_ro(r7, &(0x7f0000000980)='cpu.stat\x00', 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000009c0)={'veth0_to_bond\x00', 0x4000}) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000a00)={r8}, 0x8) write$cgroup_int(r9, &(0x7f0000000a40)=0x81, 0x12) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000a80)={'netpci0\x00', 0x1}) ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000000b00)={0x4, &(0x7f0000000ac0)=[{0x2, 0x5, 0x0, 0x81}, {0x2, 0x1, 0xb2, 0x9}, {0xbd, 0x2c, 0x7f, 0x6}, {0x1, 0x20, 0x3f, 0xfffffffc}]}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e40)={0xffffffffffffffff, 0xe0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000b80)=[0x0], &(0x7f0000000bc0)=[0x0, 0x0], 0x0, 0x8c, &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000c80), &(0x7f0000000cc0), 0x8, 0x28, 0x8, 0x8, &(0x7f0000000d00)}}, 0x10) ioctl$TUNSETIFINDEX(r9, 0x400454da, &(0x7f0000000e80)=r10) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000f00)={0x2, &(0x7f0000000ec0)=[{0x1, 0x5, 0x7f, 0x7}, {0xfff, 0x6, 0x5, 0xffffffff}]}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000f40)={'hsr0\x00', 0x200}) (async) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000f40)={'hsr0\x00', 0x200}) ioctl$TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000000f80)=0x7) perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x5, 0x7, 0x81, 0x0, 0x0, 0x9, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80000000, 0x4, @perf_config_ext={0x3f, 0x3ff}, 0xc05, 0x1, 0x9, 0x0, 0x5ba6, 0x5, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffff16}, r6, 0x9, r3, 0x1) 22:26:44 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) 22:26:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x2000004e, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x16, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff97e3}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000014c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000001440), &(0x7f0000001480)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1c, 0xc, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0xd1}, @alu={0x0, 0x0, 0x0, 0xa, 0x4, 0x4a}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xf}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000840)='GPL\x00', 0x2, 0xb9, &(0x7f0000000880)=""/185, 0x20880, 0x64, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000fc0)={0x1, 0xa, 0x6, 0x7fff}, 0x10, 0x0, 0xffffffffffffffff, 0x9, &(0x7f0000001500)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r1, r0], &(0x7f0000001540)=[{0x5, 0x5, 0xd, 0xb}, {0x5, 0x1, 0x1, 0x9}, {0x5, 0x5, 0x4}, {0x2, 0x5, 0xc, 0x3}, {0x2, 0x3, 0xd}, {0x3, 0x1, 0x5, 0x4}, {0x3, 0x5, 0x6, 0x6}, {0x2, 0x4, 0x5, 0x1}, {0x1, 0x1, 0xf, 0xa}], 0x10, 0x5}, 0x90) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8001}, 0x4000, 0x0, 0x0, 0x1e01a995e4604291, 0x800000000000, 0x14e, 0xd1}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x19893a9f0a0e2244) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x800000, 0x3}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000003c0)='memory.numa_stat\x00') perf_event_open(0x0, 0x0, 0x0, r5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r4}, 0x10) r7 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32=r8], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r8, r8, r8, r7]}, 0x90) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000440)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)={@cgroup=r8, 0xffffffffffffffff, 0x3, 0x0, 0x0, @prog_id=0xffffffffffffffff}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)=0xffffffff00000000) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000d00)={0x5, 0x80, 0x40, 0x7f, 0x7, 0x1, 0x0, 0x1, 0x40, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000cc0), 0x2}, 0x1, 0x8001, 0x9, 0x1, 0x9, 0x8, 0x8, 0x0, 0x1, 0x0, 0x401}, r3, 0x2, r6, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0xda00) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r3, r2, 0x0, 0xd, &(0x7f0000000000)='sched_switch\x00'}, 0x30) r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@o_path={&(0x7f0000000b00)='./file0\x00', 0x0, 0x4000, r9}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x8, &(0x7f0000000300)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x4f}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x61}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x78, &(0x7f0000000a00)=""/120, 0x40f00, 0x50, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000a80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000b80)=[r11, r10, r10], &(0x7f0000000bc0)=[{0x0, 0x1, 0xe}], 0x10, 0x5}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000240)='\xd9y\x01\x00Un\'\x04\xc9\x13\xc2)l\x1f\xe1\x88,\xf5\x00\"') 22:26:44 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) (rerun: 32) write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuacct.stat\x00', 0x0, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000b40)={r1}, 0x8) (async, rerun: 64) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESDEC=0x0], 0x7ab6) (async, rerun: 64) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000440)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async, rerun: 32) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='devices.list\x00', 0x0, 0x0) (rerun: 32) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x7fff, 0x0, 0xffffffffffffffff, 0x2c84, '\x00', 0x0, r3, 0x0, 0x2, 0x2}, 0x48) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='gpio_direction\x00'}, 0x10) (async) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa30}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) (async) syz_clone(0xe0920400, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:44 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) openat$cgroup_ro(r1, &(0x7f0000000500)='cpuacct.stat\x00', 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000b40)={r1}, 0x8) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESDEC=0x0], 0x7ab6) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESDEC=0x0], 0x7ab6) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000440)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000440)='blkio.bfq.idle_time\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='devices.list\x00', 0x0, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='devices.list\x00', 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x7fff, 0x0, 0xffffffffffffffff, 0x2c84, '\x00', 0x0, r3, 0x0, 0x2, 0x2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='gpio_direction\x00'}, 0x10) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa30}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) syz_clone(0xe0920400, 0x0, 0x0, 0x0, 0x0, 0x0) 22:26:44 executing program 2: r0 = perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="2d6e6574202b636c73202d6e65745f636c73203d8de89a800084775b04e7e1b76f45bb79cd9975de9d5c21c1ae04f8bc9e20e42dead9876621b508e34a90532b9a3ccf33c60e81d8fd7c2800000000000000000000000000000000258aaa22de6373433d4aab6e0eb429664551fd9ea29e3e3d7dfb8b7ebe3cdef6c23ceb5211b162e5f6e68cf8d97cb4e0e350e97542be77d1d14749c88a3d8fdde289ea80a0d7273d94323062b184473ba9d7681ffdc74ddb0e06bcd20593f7285fbd63a9cf412f229de86f5c9537b1f2800490e596a49c3aeb484136f844cc306fb3266706a7075002fafc2f59c6bff035eb1a936693ad8e980a73f12083153a7c7a73054746e96e04d3c61639fa4af3523c31ab100c34eba4a2f44daa005ea29608df8b12d4e61c2387521305eaf248"], 0x23) perf_event_open$cgroup(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x3, 0x2, 0x8, 0x0, 0x5, 0xc0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x1cd, 0x1}, 0x1108, 0x5, 0xef, 0x3, 0x0, 0x9, 0x2, 0x0, 0x8, 0x0, 0x5}, r1, 0x9, r0, 0x11) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)=0x1f94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x2, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x1c}]}, &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26}, 0x48) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xdf, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xd, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x0, 0x0, 0x0, &(0x7f0000001e40), 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d00000085000000080f612b7f1406e0c400000095c0c3d409750eb3bfaa7b4164440200000061d59ae4c2c51e60a1e4bd277ed3214559bc735fd8cb7058b8160667e834e97a78ce8a854110684ca199086cc07deb08b5c8bb7a05b5bceb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000017c0)={0xffffffffffffffff, 0x20, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x14, 0xc, &(0x7f0000000e00)=@raw=[@btf_id={0x18, 0x7}, @ringbuf_output, @ldst={0x1, 0x0, 0x4, 0x0, 0x0, 0x8, 0xffffffffffffffff}], &(0x7f0000001480)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x3c, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x9}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0x0, &(0x7f0000001900), 0x0, 0x10, 0x9}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000a00000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r1, 0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)=r4}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c80)={r9, 0x58, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d40)={0xffffffffffffffff, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x18, 0xc, &(0x7f0000000b00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000b80)='syzkaller\x00', 0x1, 0x5, &(0x7f0000000bc0)=""/5, 0x41000, 0x51, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000cc0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0xf, 0x4d, 0x80}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r9, r12, 0xffffffffffffffff, r3, r1, r1, r3, r5, r5, r3], &(0x7f0000000dc0)=[{0x0, 0x1, 0x9, 0xc}, {0x0, 0x5, 0xf, 0x1}, {0x0, 0x4, 0xd, 0x2}], 0x10, 0x3}, 0x90) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r9, r8, 0x7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xd, 0x6, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9f0, 0x0, 0x0, 0x0, 0x401}, [@call={0x85, 0x0, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x45, &(0x7f0000000600)=""/69, 0x41100, 0x75, '\x00', 0x0, 0x34, r4, 0x8, &(0x7f0000000680)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0xa, &(0x7f00000006c0)=[r9], &(0x7f00000007c0)=[{0x3, 0x1, 0x0, 0x5}, {0x1, 0x2, 0x2, 0xb}, {0x2, 0x5, 0x3, 0xa}, {0x0, 0x4, 0x7, 0x1}, {0x3, 0x1, 0x6, 0xc}, {0x4, 0x5, 0x2, 0x8}, {0x2, 0x3, 0x1, 0x4}, {0x3, 0x3, 0x2, 0x7}, {0x2, 0x3, 0x4, 0xa}, {0x4, 0x7, 0x2, 0xa}], 0x10, 0x45}, 0x90) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xda00) write$cgroup_int(r5, &(0x7f0000000000)=0x2ffffffffffffffd, 0x12) r13 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000880)='xen_mc_extend_args\x00', r6}, 0x10) perf_event_open$cgroup(&(0x7f0000000700)={0x3, 0x80, 0x3f, 0x2, 0x3, 0x0, 0x0, 0x81, 0x406e0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0x5, 0x3}, 0x8102, 0x4, 0x8, 0x0, 0x320d, 0x5, 0x2, 0x0, 0x10001, 0x0, 0x7e}, r5, 0x2, r13, 0x8) [ 341.088349][T20606] FAULT_INJECTION: forcing a failure. [ 341.088349][T20606] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 341.132060][T20606] CPU: 0 PID: 20606 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 341.142400][T20606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 341.152294][T20606] Call Trace: [ 341.155411][T20606] [ 341.158195][T20606] dump_stack_lvl+0x151/0x1b7 [ 341.162707][T20606] ? io_uring_drop_tctx_refs+0x190/0x190 [ 341.168174][T20606] dump_stack+0x15/0x17 [ 341.172163][T20606] should_fail+0x3c6/0x510 [ 341.176420][T20606] should_fail_alloc_page+0x5a/0x80 [ 341.181452][T20606] prepare_alloc_pages+0x15c/0x700 [ 341.186396][T20606] ? __alloc_pages+0x8f0/0x8f0 [ 341.191004][T20606] ? __alloc_pages_bulk+0xe40/0xe40 [ 341.196037][T20606] __alloc_pages+0x18c/0x8f0 [ 341.200458][T20606] ? prep_new_page+0x110/0x110 [ 341.205064][T20606] ? 0xffffffffa0026520 [ 341.209052][T20606] ? is_bpf_text_address+0x172/0x190 [ 341.214183][T20606] pte_alloc_one+0x73/0x1b0 [ 341.218509][T20606] ? pfn_modify_allowed+0x2f0/0x2f0 [ 341.223547][T20606] ? arch_stack_walk+0xf3/0x140 [ 341.228235][T20606] __pte_alloc+0x86/0x350 [ 341.232400][T20606] ? free_pgtables+0x280/0x280 [ 341.237006][T20606] ? _raw_spin_lock+0xa4/0x1b0 [ 341.241598][T20606] ? __kasan_check_write+0x14/0x20 [ 341.246548][T20606] copy_page_range+0x28a8/0x2f90 [ 341.251319][T20606] ? __kasan_slab_alloc+0xb1/0xe0 [ 341.256194][T20606] ? pfn_valid+0x1e0/0x1e0 [ 341.260430][T20606] ? vma_interval_tree_augment_rotate+0x1a3/0x1d0 [ 341.266689][T20606] copy_mm+0xc7e/0x13e0 [ 341.270686][T20606] ? copy_signal+0x610/0x610 [ 341.275101][T20606] ? __init_rwsem+0xd6/0x1c0 [ 341.279531][T20606] ? copy_signal+0x4e3/0x610 [ 341.283954][T20606] copy_process+0x1149/0x3290 [ 341.288467][T20606] ? proc_fail_nth_write+0x20b/0x290 [ 341.293590][T20606] ? fsnotify_perm+0x6a/0x5d0 [ 341.298118][T20606] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 341.303053][T20606] ? vfs_write+0x9ec/0x1110 [ 341.307389][T20606] kernel_clone+0x21e/0x9e0 [ 341.311728][T20606] ? file_end_write+0x1c0/0x1c0 [ 341.316411][T20606] ? create_io_thread+0x1e0/0x1e0 [ 341.321273][T20606] ? mutex_unlock+0xb2/0x260 [ 341.325699][T20606] ? __mutex_lock_slowpath+0x10/0x10 [ 341.330831][T20606] __x64_sys_clone+0x23f/0x290 [ 341.335424][T20606] ? __do_sys_vfork+0x130/0x130 [ 341.340115][T20606] ? ksys_write+0x260/0x2c0 [ 341.344468][T20606] ? debug_smp_processor_id+0x17/0x20 [ 341.349658][T20606] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 341.355561][T20606] ? exit_to_user_mode_prepare+0x39/0xa0 [ 341.361027][T20606] do_syscall_64+0x3d/0xb0 [ 341.365280][T20606] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 341.371006][T20606] RIP: 0033:0x7f8118545da9 [ 341.375265][T20606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 341.395134][T20606] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 341.403374][T20606] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 341.411197][T20606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 341.418997][T20606] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 341.426808][T20606] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 341.434617][T20606] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 341.442436][T20606] 22:26:44 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x2000004e, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x16, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff97e3}, 0x90) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x2000004e, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x16, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff97e3}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000014c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000001440), &(0x7f0000001480)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1c, 0xc, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0xd1}, @alu={0x0, 0x0, 0x0, 0xa, 0x4, 0x4a}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xf}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000840)='GPL\x00', 0x2, 0xb9, &(0x7f0000000880)=""/185, 0x20880, 0x64, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000fc0)={0x1, 0xa, 0x6, 0x7fff}, 0x10, 0x0, 0xffffffffffffffff, 0x9, &(0x7f0000001500)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r1, r0], &(0x7f0000001540)=[{0x5, 0x5, 0xd, 0xb}, {0x5, 0x1, 0x1, 0x9}, {0x5, 0x5, 0x4}, {0x2, 0x5, 0xc, 0x3}, {0x2, 0x3, 0xd}, {0x3, 0x1, 0x5, 0x4}, {0x3, 0x5, 0x6, 0x6}, {0x2, 0x4, 0x5, 0x1}, {0x1, 0x1, 0xf, 0xa}], 0x10, 0x5}, 0x90) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8001}, 0x4000, 0x0, 0x0, 0x1e01a995e4604291, 0x800000000000, 0x14e, 0xd1}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x19893a9f0a0e2244) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x800000, 0x3}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000003c0)='memory.numa_stat\x00') perf_event_open(0x0, 0x0, 0x0, r5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r4}, 0x10) r7 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32=r8], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r8, r8, r8, r7]}, 0x90) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000440)=0xffffffffffffffff, 0x4) (async) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000440)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)={@cgroup=r8, 0xffffffffffffffff, 0x3, 0x0, 0x0, @prog_id=0xffffffffffffffff}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)=0xffffffff00000000) (async) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)=0xffffffff00000000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000d00)={0x5, 0x80, 0x40, 0x7f, 0x7, 0x1, 0x0, 0x1, 0x40, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000cc0), 0x2}, 0x1, 0x8001, 0x9, 0x1, 0x9, 0x8, 0x8, 0x0, 0x1, 0x0, 0x401}, r3, 0x2, r6, 0x0) (async) perf_event_open(&(0x7f0000000d00)={0x5, 0x80, 0x40, 0x7f, 0x7, 0x1, 0x0, 0x1, 0x40, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000cc0), 0x2}, 0x1, 0x8001, 0x9, 0x1, 0x9, 0x8, 0x8, 0x0, 0x1, 0x0, 0x401}, r3, 0x2, r6, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0xda00) (async) write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0xda00) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r3, r2, 0x0, 0xd, &(0x7f0000000000)='sched_switch\x00'}, 0x30) r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@o_path={&(0x7f0000000b00)='./file0\x00', 0x0, 0x4000, r9}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x8, &(0x7f0000000300)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x4f}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x61}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x78, &(0x7f0000000a00)=""/120, 0x40f00, 0x50, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000a80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000b80)=[r11, r10, r10], &(0x7f0000000bc0)=[{0x0, 0x1, 0xe}], 0x10, 0x5}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000240)='\xd9y\x01\x00Un\'\x04\xc9\x13\xc2)l\x1f\xe1\x88,\xf5\x00\"') 22:26:44 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62) [ 341.603742][T20619] FAULT_INJECTION: forcing a failure. [ 341.603742][T20619] name failslab, interval 1, probability 0, space 0, times 0 [ 341.640922][T20619] CPU: 0 PID: 20619 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 341.651085][T20619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 341.660979][T20619] Call Trace: [ 341.664105][T20619] [ 341.666879][T20619] dump_stack_lvl+0x151/0x1b7 [ 341.671396][T20619] ? io_uring_drop_tctx_refs+0x190/0x190 [ 341.677037][T20619] dump_stack+0x15/0x17 [ 341.681026][T20619] should_fail+0x3c6/0x510 [ 341.685290][T20619] __should_failslab+0xa4/0xe0 [ 341.689880][T20619] ? anon_vma_fork+0xf7/0x4e0 [ 341.694396][T20619] should_failslab+0x9/0x20 [ 341.698732][T20619] slab_pre_alloc_hook+0x37/0xd0 [ 341.703506][T20619] ? anon_vma_fork+0xf7/0x4e0 [ 341.708020][T20619] kmem_cache_alloc+0x44/0x200 [ 341.712621][T20619] anon_vma_fork+0xf7/0x4e0 [ 341.716958][T20619] ? anon_vma_name+0x43/0x70 [ 341.721386][T20619] ? vm_area_dup+0x17a/0x230 [ 341.725811][T20619] copy_mm+0xa3a/0x13e0 [ 341.729809][T20619] ? copy_signal+0x610/0x610 [ 341.734232][T20619] ? __init_rwsem+0xd6/0x1c0 [ 341.738655][T20619] ? copy_signal+0x4e3/0x610 [ 341.743084][T20619] copy_process+0x1149/0x3290 [ 341.747603][T20619] ? proc_fail_nth_write+0x20b/0x290 [ 341.752713][T20619] ? fsnotify_perm+0x6a/0x5d0 [ 341.757226][T20619] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 341.762225][T20619] ? vfs_write+0x9ec/0x1110 [ 341.766514][T20619] kernel_clone+0x21e/0x9e0 [ 341.770850][T20619] ? file_end_write+0x1c0/0x1c0 [ 341.775538][T20619] ? create_io_thread+0x1e0/0x1e0 [ 341.780402][T20619] ? mutex_unlock+0xb2/0x260 [ 341.784824][T20619] ? __mutex_lock_slowpath+0x10/0x10 [ 341.790033][T20619] __x64_sys_clone+0x23f/0x290 [ 341.794634][T20619] ? __do_sys_vfork+0x130/0x130 [ 341.799319][T20619] ? ksys_write+0x260/0x2c0 [ 341.803658][T20619] ? debug_smp_processor_id+0x17/0x20 [ 341.808866][T20619] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 341.814766][T20619] ? exit_to_user_mode_prepare+0x39/0xa0 [ 341.820238][T20619] do_syscall_64+0x3d/0xb0 [ 341.824488][T20619] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 341.830216][T20619] RIP: 0033:0x7f8118545da9 [ 341.834470][T20619] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 22:26:45 executing program 2: r0 = perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async, rerun: 64) write$cgroup_subtree(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="2d6e6574202b636c73202d6e65745f636c73203d8de89a800084775b04e7e1b76f45bb79cd9975de9d5c21c1ae04f8bc9e20e42dead9876621b508e34a90532b9a3ccf33c60e81d8fd7c2800000000000000000000000000000000258aaa22de6373433d4aab6e0eb429664551fd9ea29e3e3d7dfb8b7ebe3cdef6c23ceb5211b162e5f6e68cf8d97cb4e0e350e97542be77d1d14749c88a3d8fdde289ea80a0d7273d94323062b184473ba9d7681ffdc74ddb0e06bcd20593f7285fbd63a9cf412f229de86f5c9537b1f2800490e596a49c3aeb484136f844cc306fb3266706a7075002fafc2f59c6bff035eb1a936693ad8e980a73f12083153a7c7a73054746e96e04d3c61639fa4af3523c31ab100c34eba4a2f44daa005ea29608df8b12d4e61c2387521305eaf248"], 0x23) (rerun: 64) perf_event_open$cgroup(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x3, 0x2, 0x8, 0x0, 0x5, 0xc0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x1cd, 0x1}, 0x1108, 0x5, 0xef, 0x3, 0x0, 0x9, 0x2, 0x0, 0x8, 0x0, 0x5}, r1, 0x9, r0, 0x11) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)=0x1f94) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x2, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x1c}]}, &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26}, 0x48) (async, rerun: 32) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) (async, rerun: 32) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xdf, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xd, 0xffffffffffffffff, 0x0) (async, rerun: 32) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) syz_clone(0x0, 0x0, 0x0, &(0x7f0000001e40), 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d00000085000000080f612b7f1406e0c400000095c0c3d409750eb3bfaa7b4164440200000061d59ae4c2c51e60a1e4bd277ed3214559bc735fd8cb7058b8160667e834e97a78ce8a854110684ca199086cc07deb08b5c8bb7a05b5bceb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async, rerun: 32) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000017c0)={0xffffffffffffffff, 0x20, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0}}, 0x10) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x14, 0xc, &(0x7f0000000e00)=@raw=[@btf_id={0x18, 0x7}, @ringbuf_output, @ldst={0x1, 0x0, 0x4, 0x0, 0x0, 0x8, 0xffffffffffffffff}], &(0x7f0000001480)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x3c, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x9}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0x0, &(0x7f0000001900), 0x0, 0x10, 0x9}, 0x90) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000a00000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r1, 0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)=r4}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c80)={r9, 0x58, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d40)={0xffffffffffffffff, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x18, 0xc, &(0x7f0000000b00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000b80)='syzkaller\x00', 0x1, 0x5, &(0x7f0000000bc0)=""/5, 0x41000, 0x51, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000cc0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0xf, 0x4d, 0x80}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r9, r12, 0xffffffffffffffff, r3, r1, r1, r3, r5, r5, r3], &(0x7f0000000dc0)=[{0x0, 0x1, 0x9, 0xc}, {0x0, 0x5, 0xf, 0x1}, {0x0, 0x4, 0xd, 0x2}], 0x10, 0x3}, 0x90) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r9, r8, 0x7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xd, 0x6, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9f0, 0x0, 0x0, 0x0, 0x401}, [@call={0x85, 0x0, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x45, &(0x7f0000000600)=""/69, 0x41100, 0x75, '\x00', 0x0, 0x34, r4, 0x8, &(0x7f0000000680)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0xa, &(0x7f00000006c0)=[r9], &(0x7f00000007c0)=[{0x3, 0x1, 0x0, 0x5}, {0x1, 0x2, 0x2, 0xb}, {0x2, 0x5, 0x3, 0xa}, {0x0, 0x4, 0x7, 0x1}, {0x3, 0x1, 0x6, 0xc}, {0x4, 0x5, 0x2, 0x8}, {0x2, 0x3, 0x1, 0x4}, {0x3, 0x3, 0x2, 0x7}, {0x2, 0x3, 0x4, 0xa}, {0x4, 0x7, 0x2, 0xa}], 0x10, 0x45}, 0x90) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xda00) (async) write$cgroup_int(r5, &(0x7f0000000000)=0x2ffffffffffffffd, 0x12) (async) r13 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000880)='xen_mc_extend_args\x00', r6}, 0x10) perf_event_open$cgroup(&(0x7f0000000700)={0x3, 0x80, 0x3f, 0x2, 0x3, 0x0, 0x0, 0x81, 0x406e0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0x5, 0x3}, 0x8102, 0x4, 0x8, 0x0, 0x320d, 0x5, 0x2, 0x0, 0x10001, 0x0, 0x7e}, r5, 0x2, r13, 0x8) [ 341.853916][T20619] RSP: 002b:00007f81172a6078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 341.862155][T20619] RAX: ffffffffffffffda RBX: 00007f8118674050 RCX: 00007f8118545da9 [ 341.869967][T20619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 341.877779][T20619] RBP: 00007f81172a6120 R08: 0000000000000000 R09: 0000000000000000 [ 341.885591][T20619] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 341.893421][T20619] R13: 000000000000006e R14: 00007f8118674050 R15: 00007ffce2e3adf8 [ 341.901217][T20619] 22:26:45 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (rerun: 64) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000940)='rose0\x00'}, 0x30) (rerun: 64) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c40)={r3, 0x20, &(0x7f0000000c00)={&(0x7f0000003380)=""/4096, 0x1000, 0x0, &(0x7f0000000b80)=""/92, 0x5c}}, 0x10) r4 = getpid() (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r5, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e26}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x20}, 0x0) (async) sendmsg$unix(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)="803c8152933b85de7f505dd6584c8d94d1c95881cf8e0701a5a3018937f358cef053e5f19b904811b11d963ffdc3276293cc599412a21e3546705a153ab63a05678f616e3220d1865259c2c1b42c96c7a1e934626da1e0f322b8c0ea5df81a7441", 0x61}, {&(0x7f00000009c0)="f69aa4e3108452ccfa8bfdc9fa154143341db62a3d94e062ecdbde841adff9195d49fb841bb199a064c9c6c7c491e4fd6e963a88815fc0eea043d50386f99d95e20ae8dc2e8df9ad446ef6e8955222cd48bd3649032bba40ac28486d72fa01220a105bcf937896e992f300ebc0f172773888d6f4e709fc4e6c1b6c9384a51cbd12289157306c003d9e86b469dc9784d58fe42cdcfe4cb901ca4724825bd66d32b07a81df2f18ec70ac60b7fcb96752b46d7080477d410fcfbd70d678ecb4256e87a06bc158a7ae521545388f17ce9c221ddf8960576e", 0xd6}, {&(0x7f0000001f80)="e600538694dd8667e6b3097c4efc28e8768389c8df9152cf27171ed83100670519307df4a120701dca9f40961f91d9b5ebb937319d3986b19e46748c24344092667cdc9f7f017796220272e9212ec58aaebe627944b0d5a3dc65b4ae3b5083d0d30e3dd1b72c8effb7a1a528ca2694346ad4dff2b9b227b46cd96337813e42ce79ff841a6ea39b035ec885b389a83bcc15022b98ea718b41fefadd41fd5b171325e5b57220387f896a0f814fba12a2c75bb47327515b3d55865749264ce8cc697e3ec032bbb5eccce43a28f4d3a23ca1ea5c2f6403c86a0ad02442291b66175488eda89601d634bc859ea3ecc8b38ca560dc1396a16c", 0xf6}, {&(0x7f00000003c0)="5383e04545e96380c7b8cb98202f5d", 0xf}], 0x4, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xffffffffffffffff, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x60, 0x4040}, 0x40000) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r7, &(0x7f0000000000), 0x248800) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001780)={0xffffffffffffffff}) (async) r9 = getpid() (async) r10 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) perf_event_open(&(0x7f00000007c0)={0x0, 0x80, 0x9, 0x5, 0x1, 0x2, 0x0, 0x8797, 0xa1310, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000680), 0x7}, 0x80, 0x36eafc62, 0x1, 0x1, 0x2, 0x7, 0x9, 0x0, 0x7, 0x0, 0x81}, r9, 0xf, r10, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) recvmsg$unix(r11, &(0x7f0000000040)={&(0x7f0000000dc0)=@abs, 0x6e, &(0x7f0000001580)=[{&(0x7f0000000e40)=""/238, 0xee}, {&(0x7f0000000f40)=""/120, 0x78}, {&(0x7f0000000fc0)=""/221, 0xdd}, {&(0x7f00000010c0)=""/75, 0x4b}, {&(0x7f0000001140)=""/131, 0x83}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/251, 0xfb}, {&(0x7f0000001480)=""/215, 0xd7}], 0x8, &(0x7f0000001640)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x1ffee89e357be4af) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001880)={0xffffffffffffffff}) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000018c0)={r24, 0xffffffffffffffff}, 0x4) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000001700)="81d998a0583d7afc2b9fb56e8c747cb040df20aa74e7cef60bc7df6cc6d8923691331b49a79ca4ab2085b2b05085d84baca34ffae1ae0cb4f37c5626e712584a1a7e7c4e7b", 0x45}, {&(0x7f00000002c0)="fcc7140c58ca0f8f3450209d401c4ff237ea2698d64cc3f07339d12063e1f630263d4a5ac8bb3d9d0ae143", 0x2b}], 0x2, &(0x7f0000001940)=[@cred={{0x1c, 0x1, 0x2, {r12, r13, r14}}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [r17]}}, @rights={{0x2c, 0x1, 0x1, [r16, r25, r22, r21, r15, r11, r18]}}, @rights={{0x24, 0x1, 0x1, [r24, r27, r26, r28, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r23, r16, r20, r26, r19]}}], 0xc8}, 0x0) r29 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {&(0x7f0000001340)=""/74, 0x4a}, {&(0x7f00000013c0)=""/232, 0xe8}, {0x0}], 0x5, &(0x7f00000015c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x40}, 0x1) sendmsg$unix(r29, &(0x7f0000000580)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="733d109fa07de36a0a3da7b7d00178b5c68495313dc7274e1287f66b86aeb96e8f7640ab797d516cd67e51acc0694d43f8f19755c9ebebb3221d69cfd1c5efa4f9867a42bdd7b932ebe07158bf242ba808c0ccaf8eba5aa6a49de335381f", 0x5e}, {&(0x7f0000000440)="a06a834d5cd9b84dd504a7a4f79804f66262393452b200c05af4db7f6b66a8aae0c630d8297fa2902c9c09dd854a8e6539d4e132ee10385fd4c534492319d6eb9a24b3d48f69497ab745fd19bda68be714fc5a0b8fe4ec14206cb35e0f0df78f3b1f229eeb0eeef010cae0c25d92c6b7c552ddf442e8906b7500b113f99c6929e7004bc7a57ddb502017f061510effb22af47ed6b62d7b77d1ed366c5469c5a9004cdc981c95646c494ebe1d10c27ed6382429ba9b62ce563dc7c948f72a2cd57092", 0xc2}, {&(0x7f0000000200)="109629e64880934cfb6e9ab9b498ff7a41a7f3e56425ac9500bdce9d106aba7a2301883cc9efead3fcad49ef34e22c2e16c4acafe94def4c58968767bba009a2f2c248f23a56801a4e1b35e307", 0x4d}], 0x3, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r30}}}], 0x20}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001900)={&(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000080)="b60e0cffc23abdbd88cb32e62103ac2f71267c520fc69d", 0x17}, {&(0x7f0000000200)="1b7b170321bf728e9fea284e5bc1a7678c3fc2ee1d31c68036ed118265ab91d2e04f3f5341e13bfb951b0068ae2a4788d4b7259186fdab02dd08545b917f33c96acb9aa8efe6034a10b49ad650c671ac595e1bbdf2ecbb9b4ff49eef5625826073e93ba450e1e139d72776621287250e3d3ecec82cc5c2085a060efa2ae4bd6b578078f4cd407cc48731e18a34facf779075a379c75e5c7094b9c50e63d29ab446488ad4e20d6e3f0b52613994c4bfed786c683a3617384c78c74cc42a21d37d506fafa3604c4f", 0xc7}, {&(0x7f0000000300)="22e5c3fab0e62317227bd385b2d29e5ffee469db94fb0ac26399c6ecb638e0b371a75c840618572ae15a4889691300a7b8522d9c956a5cc4bc171c9e78c49a66ca52fbf0edb791c9eb7bdf2f1358b769c9569b841b2f1ebae809c2f85541663a97a55b6bdbc66da46bbfbe09ff28799aea883e64614f8f81c58b3e50ef18fa1e5f43580cf8337e1db303ea15a9f6993032c71dfd15c2118326d4fd3d21ef1e", 0x9f}, {&(0x7f0000000400)="d9389ce6de3871b0f521ba303f626b8638165f4daf597e3d4d027f6e03c00dddd99e9c643b8679c57c5e52c6f09ced0eb577adae551b0b79bb589a45a756a007c8095d15aeaafff1e4052f1b6bf4b99a1cf22628a187e8481f6e8c46d32cb484967b54d4f7b3640ca971e67d60faf7ffac3d5a4f140c93e12b4e85302f0854d65d42c9382676e154a58ea59313279142110d4459c1c9cb", 0x97}, {&(0x7f00000004c0)="7ec57585250d58ec0ce43817de6d90dab44cf0f2ebbabb6f996513864c37eca4fcb1007b4ad582eefbaa891f84841621d573e0ec6d890141b24793b5897ed675170b283bd4a846c62f9336b08572bbb0766c6a09e4fd1490d414af9520d5c35da448e0c17f8d89c465a201d3724405c4bd57dd305e31426a0b7d351d8cb292311c4f4c40ca1ab1809e3404d5eb043bf904", 0x91}, {&(0x7f0000000580)="1b9f5d0d680630d62f68ac80a8627b8a723ed42724070d70d9fd6576f3ea3a4645f62c4b69d1ffe94e4fd3c63f0742e256cc21420064666f4f150ee177e64de226de6953e7ab546fa7314c26366eaf41852cfa7cb4ebc5b8", 0x58}], 0x6, &(0x7f00000017c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, r6}}}, @rights={{0x20, 0x1, 0x1, [r1, r2, r0, r7]}}, @rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r9, r13}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, r30}}}], 0x130, 0xc0}, 0x4000) r31 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r31, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async, rerun: 32) ioctl$TUNSETOFFLOAD(r31, 0x4010744d, 0x20000000) (rerun: 32) 22:26:45 executing program 2: r0 = perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) write$cgroup_subtree(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="2d6e6574202b636c73202d6e65745f636c73203d8de89a800084775b04e7e1b76f45bb79cd9975de9d5c21c1ae04f8bc9e20e42dead9876621b508e34a90532b9a3ccf33c60e81d8fd7c2800000000000000000000000000000000258aaa22de6373433d4aab6e0eb429664551fd9ea29e3e3d7dfb8b7ebe3cdef6c23ceb5211b162e5f6e68cf8d97cb4e0e350e97542be77d1d14749c88a3d8fdde289ea80a0d7273d94323062b184473ba9d7681ffdc74ddb0e06bcd20593f7285fbd63a9cf412f229de86f5c9537b1f2800490e596a49c3aeb484136f844cc306fb3266706a7075002fafc2f59c6bff035eb1a936693ad8e980a73f12083153a7c7a73054746e96e04d3c61639fa4af3523c31ab100c34eba4a2f44daa005ea29608df8b12d4e61c2387521305eaf248"], 0x23) perf_event_open$cgroup(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x3, 0x2, 0x8, 0x0, 0x5, 0xc0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x1cd, 0x1}, 0x1108, 0x5, 0xef, 0x3, 0x0, 0x9, 0x2, 0x0, 0x8, 0x0, 0x5}, r1, 0x9, r0, 0x11) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000040)=0x1f94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x2, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x1c}]}, &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26}, 0x48) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) (async) r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) (async) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xdf, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xd, 0xffffffffffffffff, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) (async) syz_clone(0x0, 0x0, 0x0, &(0x7f0000001e40), 0x0, 0x0) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d00000085000000080f612b7f1406e0c400000095c0c3d409750eb3bfaa7b4164440200000061d59ae4c2c51e60a1e4bd277ed3214559bc735fd8cb7058b8160667e834e97a78ce8a854110684ca199086cc07deb08b5c8bb7a05b5bceb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000017c0)={0xffffffffffffffff, 0x20, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x14, 0xc, &(0x7f0000000e00)=@raw=[@btf_id={0x18, 0x7}, @ringbuf_output, @ldst={0x1, 0x0, 0x4, 0x0, 0x0, 0x8, 0xffffffffffffffff}], &(0x7f0000001480)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x3c, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x9}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0x0, &(0x7f0000001900), 0x0, 0x10, 0x9}, 0x90) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000a00000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r1, 0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)=r4}, 0x20) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c80)={r9, 0x58, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d40)={0xffffffffffffffff, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x18, 0xc, &(0x7f0000000b00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000b80)='syzkaller\x00', 0x1, 0x5, &(0x7f0000000bc0)=""/5, 0x41000, 0x51, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000cc0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0xf, 0x4d, 0x80}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r9, r12, 0xffffffffffffffff, r3, r1, r1, r3, r5, r5, r3], &(0x7f0000000dc0)=[{0x0, 0x1, 0x9, 0xc}, {0x0, 0x5, 0xf, 0x1}, {0x0, 0x4, 0xd, 0x2}], 0x10, 0x3}, 0x90) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r9, r8, 0x7}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xd, 0x6, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9f0, 0x0, 0x0, 0x0, 0x401}, [@call={0x85, 0x0, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x45, &(0x7f0000000600)=""/69, 0x41100, 0x75, '\x00', 0x0, 0x34, r4, 0x8, &(0x7f0000000680)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, r7, 0xffffffffffffffff, 0xa, &(0x7f00000006c0)=[r9], &(0x7f00000007c0)=[{0x3, 0x1, 0x0, 0x5}, {0x1, 0x2, 0x2, 0xb}, {0x2, 0x5, 0x3, 0xa}, {0x0, 0x4, 0x7, 0x1}, {0x3, 0x1, 0x6, 0xc}, {0x4, 0x5, 0x2, 0x8}, {0x2, 0x3, 0x1, 0x4}, {0x3, 0x3, 0x2, 0x7}, {0x2, 0x3, 0x4, 0xa}, {0x4, 0x7, 0x2, 0xa}], 0x10, 0x45}, 0x90) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) (async) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xda00) write$cgroup_int(r5, &(0x7f0000000000)=0x2ffffffffffffffd, 0x12) (async) r13 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000880)='xen_mc_extend_args\x00', r6}, 0x10) perf_event_open$cgroup(&(0x7f0000000700)={0x3, 0x80, 0x3f, 0x2, 0x3, 0x0, 0x0, 0x81, 0x406e0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0x5, 0x3}, 0x8102, 0x4, 0x8, 0x0, 0x320d, 0x5, 0x2, 0x0, 0x10001, 0x0, 0x7e}, r5, 0x2, r13, 0x8) 22:26:45 executing program 0: syz_clone(0x44040100, 0x0, 0x1f00000000000000, 0x0, 0x0, 0x0) 22:26:45 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x2000004e, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x16, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff97e3}, 0x90) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x2000004e, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x16, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff97e3}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000014c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000001440), &(0x7f0000001480)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x1c, 0xc, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0xd1}, @alu={0x0, 0x0, 0x0, 0xa, 0x4, 0x4a}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xf}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000840)='GPL\x00', 0x2, 0xb9, &(0x7f0000000880)=""/185, 0x20880, 0x64, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000fc0)={0x1, 0xa, 0x6, 0x7fff}, 0x10, 0x0, 0xffffffffffffffff, 0x9, &(0x7f0000001500)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r1, r0], &(0x7f0000001540)=[{0x5, 0x5, 0xd, 0xb}, {0x5, 0x1, 0x1, 0x9}, {0x5, 0x5, 0x4}, {0x2, 0x5, 0xc, 0x3}, {0x2, 0x3, 0xd}, {0x3, 0x1, 0x5, 0x4}, {0x3, 0x5, 0x6, 0x6}, {0x2, 0x4, 0x5, 0x1}, {0x1, 0x1, 0xf, 0xa}], 0x10, 0x5}, 0x90) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8001}, 0x4000, 0x0, 0x0, 0x1e01a995e4604291, 0x800000000000, 0x14e, 0xd1}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x19893a9f0a0e2244) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1007}, 0x8006, 0x0, 0x0, 0x1, 0x4, 0x800000, 0x3}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000003c0)='memory.numa_stat\x00') (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000003c0)='memory.numa_stat\x00') perf_event_open(0x0, 0x0, 0x0, r5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r4}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r7 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) (async) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32=r8], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r8, r8, r8, r7]}, 0x90) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000440)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)={@cgroup=r8, 0xffffffffffffffff, 0x3, 0x0, 0x0, @prog_id=0xffffffffffffffff}, 0x20) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)={@cgroup=r8, 0xffffffffffffffff, 0x3, 0x0, 0x0, @prog_id=0xffffffffffffffff}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x4030582a, &(0x7f0000000040)=0xffffffff00000000) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000d00)={0x5, 0x80, 0x40, 0x7f, 0x7, 0x1, 0x0, 0x1, 0x40, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000cc0), 0x2}, 0x1, 0x8001, 0x9, 0x1, 0x9, 0x8, 0x8, 0x0, 0x1, 0x0, 0x401}, r3, 0x2, r6, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0xda00) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r3, r2, 0x0, 0xd, &(0x7f0000000000)='sched_switch\x00'}, 0x30) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r3, r2, 0x0, 0xd, &(0x7f0000000000)='sched_switch\x00'}, 0x30) r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@o_path={&(0x7f0000000b00)='./file0\x00', 0x0, 0x4000, r9}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x8, &(0x7f0000000300)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x4f}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x61}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x78, &(0x7f0000000a00)=""/120, 0x40f00, 0x50, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000a80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000b80)=[r11, r10, r10], &(0x7f0000000bc0)=[{0x0, 0x1, 0xe}], 0x10, 0x5}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000240)='\xd9y\x01\x00Un\'\x04\xc9\x13\xc2)l\x1f\xe1\x88,\xf5\x00\"') 22:26:45 executing program 2: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r1, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(r3, &(0x7f0000000580)='cgroup.controllers\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@bloom_filter={0x1e, 0x80, 0x80000001, 0x20005, 0x280, r3, 0x4, '\x00', r2, r3, 0x3, 0x5, 0x5, 0x5}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x0, 0x40, 0x0, 0x0, 0x420, r0, 0xffffff9f, '\x00', r2, 0xffffffffffffffff, 0x5, 0x3}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="18000020000000950000000000003e9f6818198ca17eae22000000000000955bcead12000000000000b95f0d2dd574e1f518698f36a659a3412080edf9e6ef006c431d1071b740a208479d51af9370272a4a8e7f5099292a806ad58c07dafc27f41f5d44"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x42, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x10, 0x4}, 0x90) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x3, [@func={0x6, 0x0, 0x0, 0xc, 0x1}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x10}, {0xd}, {0x6, 0x5}, {0x5, 0x4}, {0xa}, {0x4, 0x4}, {0xc, 0x3}, {0xe, 0x5}, {0xc, 0x3}]}]}, {0x0, [0x5f]}}, &(0x7f0000000040)=""/60, 0x7b, 0x3c, 0x1, 0x7}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x4, '\x00', r2, r6, 0x1, 0x3, 0x5}, 0x48) r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x9, 0x1, 0xc, r5, 0x7ff, '\x00', r2, 0xffffffffffffffff, 0x5, 0x2, 0x3, 0x7}, 0x48) r8 = openat$cgroup_ro(r4, &(0x7f00000005c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r8, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f00000006c0)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000000180900002020782500000009002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) 22:26:45 executing program 2: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r1, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(r3, &(0x7f0000000580)='cgroup.controllers\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@bloom_filter={0x1e, 0x80, 0x80000001, 0x20005, 0x280, r3, 0x4, '\x00', r2, r3, 0x3, 0x5, 0x5, 0x5}, 0x48) (async, rerun: 64) bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x0, 0x40, 0x0, 0x0, 0x420, r0, 0xffffff9f, '\x00', r2, 0xffffffffffffffff, 0x5, 0x3}, 0x48) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="18000020000000950000000000003e9f6818198ca17eae22000000000000955bcead12000000000000b95f0d2dd574e1f518698f36a659a3412080edf9e6ef006c431d1071b740a208479d51af9370272a4a8e7f5099292a806ad58c07dafc27f41f5d44"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x42, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x10, 0x4}, 0x90) (async) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x3, [@func={0x6, 0x0, 0x0, 0xc, 0x1}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x10}, {0xd}, {0x6, 0x5}, {0x5, 0x4}, {0xa}, {0x4, 0x4}, {0xc, 0x3}, {0xe, 0x5}, {0xc, 0x3}]}]}, {0x0, [0x5f]}}, &(0x7f0000000040)=""/60, 0x7b, 0x3c, 0x1, 0x7}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x4, '\x00', r2, r6, 0x1, 0x3, 0x5}, 0x48) (async) r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x9, 0x1, 0xc, r5, 0x7ff, '\x00', r2, 0xffffffffffffffff, 0x5, 0x2, 0x3, 0x7}, 0x48) r8 = openat$cgroup_ro(r4, &(0x7f00000005c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r8, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f00000006c0)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000000180900002020782500000009002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) 22:26:45 executing program 0: syz_clone(0x44040100, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0) 22:26:45 executing program 2: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3}, 0x48) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r1, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000500), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(r3, &(0x7f0000000580)='cgroup.controllers\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@bloom_filter={0x1e, 0x80, 0x80000001, 0x20005, 0x280, r3, 0x4, '\x00', r2, r3, 0x3, 0x5, 0x5, 0x5}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x0, 0x40, 0x0, 0x0, 0x420, r0, 0xffffff9f, '\x00', r2, 0xffffffffffffffff, 0x5, 0x3}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="18000020000000950000000000003e9f6818198ca17eae22000000000000955bcead12000000000000b95f0d2dd574e1f518698f36a659a3412080edf9e6ef006c431d1071b740a208479d51af9370272a4a8e7f5099292a806ad58c07dafc27f41f5d44"], &(0x7f00000002c0)='GPL\x00', 0x0, 0xe5, &(0x7f0000000a00)=""/229, 0x41000, 0x42, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0xc, 0x2, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x10, 0x4}, 0x90) (async, rerun: 32) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x3, [@func={0x6, 0x0, 0x0, 0xc, 0x1}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x10}, {0xd}, {0x6, 0x5}, {0x5, 0x4}, {0xa}, {0x4, 0x4}, {0xc, 0x3}, {0xe, 0x5}, {0xc, 0x3}]}]}, {0x0, [0x5f]}}, &(0x7f0000000040)=""/60, 0x7b, 0x3c, 0x1, 0x7}, 0x20) (rerun: 32) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x4, '\x00', r2, r6, 0x1, 0x3, 0x5}, 0x48) r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x9, 0x1, 0xc, r5, 0x7ff, '\x00', r2, 0xffffffffffffffff, 0x5, 0x2, 0x3, 0x7}, 0x48) (async) r8 = openat$cgroup_ro(r4, &(0x7f00000005c0)='cpuacct.usage_user\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r8, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f00000006c0)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000d50a000000000000180900002020782500000009002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x36) 22:26:45 executing program 2: r0 = syz_clone(0x40000000, &(0x7f0000000000)="29cca91d6d3f3d08a4123314a1e8cbe7afa99e1077549003b7233d7a1565ad0bf0d479fac5", 0x25, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="03bfc9894e99725817ece81d7ace50915f1dcaa7e9944362f4d90d5ee5c0de63f67f0a7324b34025b950f4e935fc741eb90190c305b5b5eb92876bd27ae967264719112abf672799c2e486ea20235bac5c5f1a1d018995610b837df72eb8668e0ad5b289e8128e6f821f07f033adea62483d5cb3547208c1c50e2cfe049d8df50e6a427a30f1ec7293cb0c47ab70af91057b3867eebec330c821d5320c4119420d80e3c9cbe6a3b5f06475f09325406e256d1ddb7c874578dc42") r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='fsi_master_write\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r0, r1, 0x0, 0x2, &(0x7f0000000200)=':\x00'}, 0x30) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x1100) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0x0, 0xbe, 0x8}, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f0000000680), 0x0, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xa, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x19, 0x4, 0x7, 0x80000000, 0x41, r2, 0x25, '\x00', r3, r4, 0x1, 0x2, 0x2}, 0x48) 22:26:45 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63) 22:26:45 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'veth0_to_team\x00', 0x200}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xff, 0x2, 0x7fffffff, 0x10, r0, 0xfffff800, '\x00', 0x0, r1, 0x2, 0x1, 0x1, 0x1}, 0x48) 22:26:45 executing program 1: r0 = syz_clone(0xc0800000, &(0x7f0000000000)="d5787d3ce49a0ba60e9ba92bae4684ddb1b543d52bc4af8d75579ea6e3d58048e70c5cc57129130b62f549100641b6fcf0dc583e9fa42fcd57c60b59ae7e4d", 0x3f, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="ac22c4e5c29042d14abfdd4550a4adbacd940939e465160b63e6069e8a444d7f5b6030c2da1de5421e17be752c265d3f9f0c2654e823de76e49398cc1cd717c3195bcb929d1990a6922f35b42d679d359d629233dc9d60c840a25d8b89aa7a083fccc3f0ebeb229c68b60b24d4a2901ebf5e90945155432b9187a2d15272e351e0da1f2620c189d10661ff415987bba930e86221e5a18cbed8cebfff6cc18febb06332ee68656f328c0c51c66bb49a6c49851c38ebf48a11763bb485") r1 = perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x7, 0x3, 0x7, 0x7, 0x0, 0x4, 0x42011, 0x6, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_bp={&(0x7f0000000200), 0x2}, 0x28, 0x7fffffff, 0x9, 0x6, 0x0, 0x8, 0xd26f, 0x0, 0x8, 0x0, 0xcb}, r0, 0x737a, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x3, 0x5, 0x80, 0x81, 0x0, 0x0, 0x20000, 0xc, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x7fff, 0x44f6651e}, 0x80, 0x3, 0x786, 0x3, 0x1800000000, 0x1ff, 0x8, 0x0, 0x800000, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0x3) 22:26:45 executing program 2: r0 = syz_clone(0x40000000, &(0x7f0000000000)="29cca91d6d3f3d08a4123314a1e8cbe7afa99e1077549003b7233d7a1565ad0bf0d479fac5", 0x25, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="03bfc9894e99725817ece81d7ace50915f1dcaa7e9944362f4d90d5ee5c0de63f67f0a7324b34025b950f4e935fc741eb90190c305b5b5eb92876bd27ae967264719112abf672799c2e486ea20235bac5c5f1a1d018995610b837df72eb8668e0ad5b289e8128e6f821f07f033adea62483d5cb3547208c1c50e2cfe049d8df50e6a427a30f1ec7293cb0c47ab70af91057b3867eebec330c821d5320c4119420d80e3c9cbe6a3b5f06475f09325406e256d1ddb7c874578dc42") (async) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='fsi_master_write\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r0, r1, 0x0, 0x2, &(0x7f0000000200)=':\x00'}, 0x30) (async) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x1100) (async) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0x0, 0xbe, 0x8}, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f0000000680), 0x0, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xa, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x19, 0x4, 0x7, 0x80000000, 0x41, r2, 0x25, '\x00', r3, r4, 0x1, 0x2, 0x2}, 0x48) 22:26:45 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'veth0_to_team\x00', 0x200}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xff, 0x2, 0x7fffffff, 0x10, r0, 0xfffff800, '\x00', 0x0, r1, 0x2, 0x1, 0x1, 0x1}, 0x48) 22:26:45 executing program 1: r0 = syz_clone(0xc0800000, &(0x7f0000000000)="d5787d3ce49a0ba60e9ba92bae4684ddb1b543d52bc4af8d75579ea6e3d58048e70c5cc57129130b62f549100641b6fcf0dc583e9fa42fcd57c60b59ae7e4d", 0x3f, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="ac22c4e5c29042d14abfdd4550a4adbacd940939e465160b63e6069e8a444d7f5b6030c2da1de5421e17be752c265d3f9f0c2654e823de76e49398cc1cd717c3195bcb929d1990a6922f35b42d679d359d629233dc9d60c840a25d8b89aa7a083fccc3f0ebeb229c68b60b24d4a2901ebf5e90945155432b9187a2d15272e351e0da1f2620c189d10661ff415987bba930e86221e5a18cbed8cebfff6cc18febb06332ee68656f328c0c51c66bb49a6c49851c38ebf48a11763bb485") r1 = perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x7, 0x3, 0x7, 0x7, 0x0, 0x4, 0x42011, 0x6, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_bp={&(0x7f0000000200), 0x2}, 0x28, 0x7fffffff, 0x9, 0x6, 0x0, 0x8, 0xd26f, 0x0, 0x8, 0x0, 0xcb}, r0, 0x737a, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x3, 0x5, 0x80, 0x81, 0x0, 0x0, 0x20000, 0xc, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x7fff, 0x44f6651e}, 0x80, 0x3, 0x786, 0x3, 0x1800000000, 0x1ff, 0x8, 0x0, 0x800000, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0x3) [ 342.260105][T20688] FAULT_INJECTION: forcing a failure. [ 342.260105][T20688] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 342.307688][T20688] CPU: 1 PID: 20688 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 342.317853][T20688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 342.327744][T20688] Call Trace: [ 342.330867][T20688] [ 342.333646][T20688] dump_stack_lvl+0x151/0x1b7 [ 342.338165][T20688] ? io_uring_drop_tctx_refs+0x190/0x190 [ 342.343638][T20688] dump_stack+0x15/0x17 [ 342.347621][T20688] should_fail+0x3c6/0x510 [ 342.351881][T20688] should_fail_alloc_page+0x5a/0x80 22:26:45 executing program 0: syz_clone(0x44040100, 0x0, 0xf5ffffff00000000, 0x0, 0x0, 0x0) [ 342.356906][T20688] prepare_alloc_pages+0x15c/0x700 [ 342.361855][T20688] ? __alloc_pages+0x8f0/0x8f0 [ 342.366459][T20688] ? __alloc_pages_bulk+0xe40/0xe40 [ 342.371493][T20688] __alloc_pages+0x18c/0x8f0 [ 342.375915][T20688] ? prep_new_page+0x110/0x110 [ 342.380515][T20688] ? 0xffffffffa002c000 [ 342.384506][T20688] ? is_bpf_text_address+0x172/0x190 [ 342.389654][T20688] pte_alloc_one+0x73/0x1b0 [ 342.393969][T20688] ? pfn_modify_allowed+0x2f0/0x2f0 [ 342.398998][T20688] ? arch_stack_walk+0xf3/0x140 [ 342.403688][T20688] __pte_alloc+0x86/0x350 22:26:45 executing program 1: r0 = syz_clone(0xc0800000, &(0x7f0000000000)="d5787d3ce49a0ba60e9ba92bae4684ddb1b543d52bc4af8d75579ea6e3d58048e70c5cc57129130b62f549100641b6fcf0dc583e9fa42fcd57c60b59ae7e4d", 0x3f, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="ac22c4e5c29042d14abfdd4550a4adbacd940939e465160b63e6069e8a444d7f5b6030c2da1de5421e17be752c265d3f9f0c2654e823de76e49398cc1cd717c3195bcb929d1990a6922f35b42d679d359d629233dc9d60c840a25d8b89aa7a083fccc3f0ebeb229c68b60b24d4a2901ebf5e90945155432b9187a2d15272e351e0da1f2620c189d10661ff415987bba930e86221e5a18cbed8cebfff6cc18febb06332ee68656f328c0c51c66bb49a6c49851c38ebf48a11763bb485") r1 = perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x7, 0x3, 0x7, 0x7, 0x0, 0x4, 0x42011, 0x6, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_bp={&(0x7f0000000200), 0x2}, 0x28, 0x7fffffff, 0x9, 0x6, 0x0, 0x8, 0xd26f, 0x0, 0x8, 0x0, 0xcb}, r0, 0x737a, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x3, 0x5, 0x80, 0x81, 0x0, 0x0, 0x20000, 0xc, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x7fff, 0x44f6651e}, 0x80, 0x3, 0x786, 0x3, 0x1800000000, 0x1ff, 0x8, 0x0, 0x800000, 0x0, 0x40}, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0x3) [ 342.407855][T20688] ? free_pgtables+0x280/0x280 [ 342.412457][T20688] ? _raw_spin_lock+0xa4/0x1b0 [ 342.417053][T20688] ? __kasan_check_write+0x14/0x20 [ 342.422000][T20688] copy_page_range+0x28a8/0x2f90 [ 342.426775][T20688] ? __kasan_slab_alloc+0xb1/0xe0 [ 342.431639][T20688] ? pfn_valid+0x1e0/0x1e0 [ 342.435885][T20688] ? vma_interval_tree_augment_rotate+0x1a3/0x1d0 [ 342.442142][T20688] copy_mm+0xc7e/0x13e0 [ 342.446130][T20688] ? copy_signal+0x610/0x610 [ 342.450555][T20688] ? __init_rwsem+0xd6/0x1c0 [ 342.454979][T20688] ? copy_signal+0x4e3/0x610 [ 342.459408][T20688] copy_process+0x1149/0x3290 [ 342.463921][T20688] ? proc_fail_nth_write+0x20b/0x290 [ 342.469041][T20688] ? fsnotify_perm+0x6a/0x5d0 [ 342.473554][T20688] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 342.478503][T20688] ? vfs_write+0x9ec/0x1110 [ 342.482841][T20688] kernel_clone+0x21e/0x9e0 [ 342.487178][T20688] ? file_end_write+0x1c0/0x1c0 [ 342.491869][T20688] ? create_io_thread+0x1e0/0x1e0 [ 342.496739][T20688] ? mutex_unlock+0xb2/0x260 [ 342.501154][T20688] ? __mutex_lock_slowpath+0x10/0x10 [ 342.506276][T20688] __x64_sys_clone+0x23f/0x290 [ 342.510874][T20688] ? __do_sys_vfork+0x130/0x130 [ 342.515559][T20688] ? ksys_write+0x260/0x2c0 [ 342.519903][T20688] ? debug_smp_processor_id+0x17/0x20 [ 342.525107][T20688] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 342.531009][T20688] ? exit_to_user_mode_prepare+0x39/0xa0 [ 342.536478][T20688] do_syscall_64+0x3d/0xb0 [ 342.540732][T20688] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 342.546459][T20688] RIP: 0033:0x7f8118545da9 22:26:45 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, @perf_bp={&(0x7f0000000080), 0x7}, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffd, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0x89}, 0x48) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x8, &(0x7f0000000b40)=ANY=[@ANYRES32, @ANYRESOCT], 0x0, 0xd6, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6}, 0x8}, 0x90) r2 = perf_event_open$cgroup(&(0x7f0000000200)={0x4, 0x80, 0x7, 0x20, 0x0, 0x2, 0x0, 0x0, 0x80080, 0x5, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x3, 0x2}, 0x21, 0x8, 0x0, 0x1, 0x1ff, 0xff, 0x1, 0x0, 0x3, 0x0, 0xffffffffffffffff}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x3, 0x7, 0x4, 0xff, 0x0, 0xe4bc, 0xb0001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfffffffc, 0x4, @perf_config_ext={0x3, 0x2}, 0x10, 0x3, 0xae, 0x2, 0x80000001, 0x7fffffff, 0x5, 0x0, 0xffffffff, 0x0, 0x76ee}, 0xffffffffffffffff, 0x2, r2, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc0c0583b, &(0x7f0000000040)) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000001b40), 0x80, r1, 0x0, 0x7}, 0x38) [ 342.550710][T20688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 342.570157][T20688] RSP: 002b:00007f81172a6078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 342.578402][T20688] RAX: ffffffffffffffda RBX: 00007f8118674050 RCX: 00007f8118545da9 [ 342.586211][T20688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 342.594019][T20688] RBP: 00007f81172a6120 R08: 0000000000000000 R09: 0000000000000000 22:26:45 executing program 2: r0 = syz_clone(0x40000000, &(0x7f0000000000)="29cca91d6d3f3d08a4123314a1e8cbe7afa99e1077549003b7233d7a1565ad0bf0d479fac5", 0x25, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="03bfc9894e99725817ece81d7ace50915f1dcaa7e9944362f4d90d5ee5c0de63f67f0a7324b34025b950f4e935fc741eb90190c305b5b5eb92876bd27ae967264719112abf672799c2e486ea20235bac5c5f1a1d018995610b837df72eb8668e0ad5b289e8128e6f821f07f033adea62483d5cb3547208c1c50e2cfe049d8df50e6a427a30f1ec7293cb0c47ab70af91057b3867eebec330c821d5320c4119420d80e3c9cbe6a3b5f06475f09325406e256d1ddb7c874578dc42") (async) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='fsi_master_write\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r0, r1, 0x0, 0x2, &(0x7f0000000200)=':\x00'}, 0x30) (async) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x1100) (async) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0x0, 0xbe, 0x8}, 0xc) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x87, &(0x7f0000000680), 0x0, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xa, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) (async) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x19, 0x4, 0x7, 0x80000000, 0x41, r2, 0x25, '\x00', r3, r4, 0x1, 0x2, 0x2}, 0x48) 22:26:45 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async, rerun: 32) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'veth0_to_team\x00', 0x200}) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xff, 0x2, 0x7fffffff, 0x10, r0, 0xfffff800, '\x00', 0x0, r1, 0x2, 0x1, 0x1, 0x1}, 0x48) [ 342.601851][T20688] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 342.609644][T20688] R13: 000000000000006e R14: 00007f8118674050 R15: 00007ffce2e3adf8 [ 342.617458][T20688] 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:46 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, @perf_bp={&(0x7f0000000080), 0x7}, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffd, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0x89}, 0x48) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x8, &(0x7f0000000b40)=ANY=[@ANYRES32, @ANYRESOCT], 0x0, 0xd6, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6}, 0x8}, 0x90) r2 = perf_event_open$cgroup(&(0x7f0000000200)={0x4, 0x80, 0x7, 0x20, 0x0, 0x2, 0x0, 0x0, 0x80080, 0x5, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x3, 0x2}, 0x21, 0x8, 0x0, 0x1, 0x1ff, 0xff, 0x1, 0x0, 0x3, 0x0, 0xffffffffffffffff}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x3, 0x7, 0x4, 0xff, 0x0, 0xe4bc, 0xb0001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfffffffc, 0x4, @perf_config_ext={0x3, 0x2}, 0x10, 0x3, 0xae, 0x2, 0x80000001, 0x7fffffff, 0x5, 0x0, 0xffffffff, 0x0, 0x76ee}, 0xffffffffffffffff, 0x2, r2, 0x2) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc0c0583b, &(0x7f0000000040)) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000001b40), 0x80, r1, 0x0, 0x7}, 0x38) 22:26:46 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x1cb3fbb3, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000480)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x80000008, &(0x7f0000000a40), 0x0, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280), 0xc) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080)) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0xa8, 0x0, 0x1, 0x500, r6, 0x0, '\x00', r3, 0xffffffffffffffff, 0x2, 0x5, 0x5, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x9, 0x9, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000880000100000000110100007c0008000400000418190000e5f9716b162b666e05f0586eecc1cb3da0154334d03fde4884f13978a384f9ce0c8132563548db2365aa4c4c040d12a587e72af90d424731cc81a9b0342d1d463e", @ANYRES32, @ANYBLOB="041e2d49f07748691dfbc08847b7c8ae50573b101dc0303ea7ec147a5e2554c102978ffbeda3a4a041579a8287d5b91fb8d493dbd76f33b35b12e4b08c7174641a5c111b3880ff618ee3328d655596e194aede0f66c15f07b1d8bcb501a367c2076a0407fdbef05d666b9737e774292518f3010fa1cee3ef"], &(0x7f0000000240)='GPL\x00', 0x0, 0x8f, &(0x7f0000000b00)=""/143, 0x41100, 0x10, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x1, 0xf, 0x6, 0x206}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000bc0)=[{0x85, 0x2, 0x9, 0x6}, {0x4, 0x5, 0x2, 0xd}, {0x5, 0x0, 0x0, 0x3}, {0x4, 0x2, 0xf, 0x3}], 0x10, 0x1}, 0x90) r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x3, 0x1, 0x2, 0x0, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x20, 0x4, @perf_config_ext={0xec, 0x80000000}, 0x2054, 0x9, 0x10001, 0x8, 0x10001, 0x23, 0x93b, 0x0, 0x80, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000040)=0x3) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) socketpair(0x4, 0x0, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ID(r7, 0x80082407, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, &(0x7f0000000080)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socketpair(0x1a, 0x3, 0x200, &(0x7f0000000140)) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x6, 0x800, 0x4, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000640)=0x915b) bpf$MAP_CREATE(0x0, 0x0, 0x10276d7ae9abb262) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (rerun: 64) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:46 executing program 0: syz_clone(0x44040100, 0x0, 0xfbffffff00000000, 0x0, 0x0, 0x0) 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000) 22:26:46 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, @perf_bp={&(0x7f0000000080), 0x7}, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffd, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0x89}, 0x48) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x8, &(0x7f0000000b40)=ANY=[@ANYRES32, @ANYRESOCT], 0x0, 0xd6, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6}, 0x8}, 0x90) (async) r2 = perf_event_open$cgroup(&(0x7f0000000200)={0x4, 0x80, 0x7, 0x20, 0x0, 0x2, 0x0, 0x0, 0x80080, 0x5, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x3, 0x2}, 0x21, 0x8, 0x0, 0x1, 0x1ff, 0xff, 0x1, 0x0, 0x3, 0x0, 0xffffffffffffffff}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x3, 0x7, 0x4, 0xff, 0x0, 0xe4bc, 0xb0001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfffffffc, 0x4, @perf_config_ext={0x3, 0x2}, 0x10, 0x3, 0xae, 0x2, 0x80000001, 0x7fffffff, 0x5, 0x0, 0xffffffff, 0x0, 0x76ee}, 0xffffffffffffffff, 0x2, r2, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc0c0583b, &(0x7f0000000040)) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000001b40), 0x80, r1, 0x0, 0x7}, 0x38) 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_queued\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:46 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180300002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r1) write$cgroup_type(r1, &(0x7f0000000000), 0x165243) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x5, 0x0, 0x81}, 0x4c) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000bc0), 0x20000000}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r2, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x20, &(0x7f0000000680)={&(0x7f0000000540)=""/16, 0x10, 0x0, &(0x7f0000000580)=""/253, 0xfd}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x29, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x69}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0xff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ldst={0x3, 0x3, 0x4, 0x0, 0x4, 0xfffffffffffffffe}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @call={0x85, 0x0, 0x0, 0x21}, @ldst={0x2, 0x1, 0x2, 0x3, 0x1, 0x1, 0x1}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0xffffffffffffffff, 0xffffffffffffffff}, @exit, @jmp={0x5, 0x1, 0x0, 0x8, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x41, &(0x7f00000003c0)=""/65, 0x41100, 0x4, '\x00', r4, 0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x5, 0x9, 0x9, 0x3f}, 0x10, r5, r2, 0x4, 0x0, &(0x7f0000000700)=[{0x0, 0x2}, {0x2, 0x3, 0xa, 0x5}, {0x5, 0x3, 0x10, 0x4}, {0x1, 0x1, 0x4, 0x3}], 0x10, 0x6}, 0x90) 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_queued\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_queued\x00', 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) 22:26:46 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180300002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r1) (async) write$cgroup_type(r1, &(0x7f0000000000), 0x165243) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x5, 0x0, 0x81}, 0x4c) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000bc0), 0x20000000}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r2, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x20, &(0x7f0000000680)={&(0x7f0000000540)=""/16, 0x10, 0x0, &(0x7f0000000580)=""/253, 0xfd}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x29, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x69}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0xff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ldst={0x3, 0x3, 0x4, 0x0, 0x4, 0xfffffffffffffffe}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @call={0x85, 0x0, 0x0, 0x21}, @ldst={0x2, 0x1, 0x2, 0x3, 0x1, 0x1, 0x1}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0xffffffffffffffff, 0xffffffffffffffff}, @exit, @jmp={0x5, 0x1, 0x0, 0x8, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x41, &(0x7f00000003c0)=""/65, 0x41100, 0x4, '\x00', r4, 0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x5, 0x9, 0x9, 0x3f}, 0x10, r5, r2, 0x4, 0x0, &(0x7f0000000700)=[{0x0, 0x2}, {0x2, 0x3, 0xa, 0x5}, {0x5, 0x3, 0x10, 0x4}, {0x1, 0x1, 0x4, 0x3}], 0x10, 0x6}, 0x90) 22:26:46 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64) [ 343.324171][T20755] FAULT_INJECTION: forcing a failure. [ 343.324171][T20755] name failslab, interval 1, probability 0, space 0, times 0 [ 343.372556][T20755] CPU: 1 PID: 20755 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 343.382717][T20755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 343.393046][T20755] Call Trace: [ 343.396169][T20755] [ 343.398947][T20755] dump_stack_lvl+0x151/0x1b7 [ 343.403459][T20755] ? io_uring_drop_tctx_refs+0x190/0x190 [ 343.408932][T20755] dump_stack+0x15/0x17 [ 343.412920][T20755] should_fail+0x3c6/0x510 [ 343.417173][T20755] __should_failslab+0xa4/0xe0 22:26:46 executing program 0: syz_clone(0x44040100, 0x0, 0xff0f010000000000, 0x0, 0x0, 0x0) [ 343.421775][T20755] ? vm_area_dup+0x26/0x230 [ 343.426119][T20755] should_failslab+0x9/0x20 [ 343.430450][T20755] slab_pre_alloc_hook+0x37/0xd0 [ 343.435225][T20755] ? vm_area_dup+0x26/0x230 [ 343.439570][T20755] kmem_cache_alloc+0x44/0x200 [ 343.444165][T20755] vm_area_dup+0x26/0x230 [ 343.448333][T20755] copy_mm+0x9a1/0x13e0 [ 343.452328][T20755] ? copy_signal+0x610/0x610 [ 343.456766][T20755] ? __init_rwsem+0xd6/0x1c0 [ 343.461184][T20755] ? copy_signal+0x4e3/0x610 [ 343.465603][T20755] copy_process+0x1149/0x3290 22:26:46 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x1cb3fbb3, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000480)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x80000008, &(0x7f0000000a40), 0x0, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x80000008, &(0x7f0000000a40), 0x0, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)) (async) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280), 0xc) (async) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280), 0xc) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080)) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0xa8, 0x0, 0x1, 0x500, r6, 0x0, '\x00', r3, 0xffffffffffffffff, 0x2, 0x5, 0x5, 0x3}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0xa8, 0x0, 0x1, 0x500, r6, 0x0, '\x00', r3, 0xffffffffffffffff, 0x2, 0x5, 0x5, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x9, 0x9, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000880000100000000110100007c0008000400000418190000e5f9716b162b666e05f0586eecc1cb3da0154334d03fde4884f13978a384f9ce0c8132563548db2365aa4c4c040d12a587e72af90d424731cc81a9b0342d1d463e", @ANYRES32, @ANYBLOB="041e2d49f07748691dfbc08847b7c8ae50573b101dc0303ea7ec147a5e2554c102978ffbeda3a4a041579a8287d5b91fb8d493dbd76f33b35b12e4b08c7174641a5c111b3880ff618ee3328d655596e194aede0f66c15f07b1d8bcb501a367c2076a0407fdbef05d666b9737e774292518f3010fa1cee3ef"], &(0x7f0000000240)='GPL\x00', 0x0, 0x8f, &(0x7f0000000b00)=""/143, 0x41100, 0x10, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x1, 0xf, 0x6, 0x206}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000bc0)=[{0x85, 0x2, 0x9, 0x6}, {0x4, 0x5, 0x2, 0xd}, {0x5, 0x0, 0x0, 0x3}, {0x4, 0x2, 0xf, 0x3}], 0x10, 0x1}, 0x90) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x3, 0x1, 0x2, 0x0, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x20, 0x4, @perf_config_ext={0xec, 0x80000000}, 0x2054, 0x9, 0x10001, 0x8, 0x10001, 0x23, 0x93b, 0x0, 0x80, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0x8) (async) r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x3, 0x1, 0x2, 0x0, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x20, 0x4, @perf_config_ext={0xec, 0x80000000}, 0x2054, 0x9, 0x10001, 0x8, 0x10001, 0x23, 0x93b, 0x0, 0x80, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000040)=0x3) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) socketpair(0x4, 0x0, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ID(r7, 0x80082407, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, &(0x7f0000000080)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socketpair(0x1a, 0x3, 0x200, &(0x7f0000000140)) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair(0x6, 0x800, 0x4, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000640)=0x915b) bpf$MAP_CREATE(0x0, 0x0, 0x10276d7ae9abb262) (async) bpf$MAP_CREATE(0x0, 0x0, 0x10276d7ae9abb262) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) (async) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) [ 343.470118][T20755] ? proc_fail_nth_write+0x20b/0x290 [ 343.475237][T20755] ? fsnotify_perm+0x6a/0x5d0 [ 343.479751][T20755] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 343.484694][T20755] ? vfs_write+0x9ec/0x1110 [ 343.489043][T20755] kernel_clone+0x21e/0x9e0 [ 343.493375][T20755] ? file_end_write+0x1c0/0x1c0 [ 343.498062][T20755] ? create_io_thread+0x1e0/0x1e0 [ 343.502927][T20755] ? mutex_unlock+0xb2/0x260 [ 343.507348][T20755] ? __mutex_lock_slowpath+0x10/0x10 [ 343.512473][T20755] __x64_sys_clone+0x23f/0x290 [ 343.517071][T20755] ? __do_sys_vfork+0x130/0x130 [ 343.521753][T20755] ? ksys_write+0x260/0x2c0 [ 343.526098][T20755] ? debug_smp_processor_id+0x17/0x20 [ 343.531305][T20755] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 343.537210][T20755] ? exit_to_user_mode_prepare+0x39/0xa0 [ 343.542672][T20755] do_syscall_64+0x3d/0xb0 [ 343.546930][T20755] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 343.552650][T20755] RIP: 0033:0x7f8118545da9 [ 343.556903][T20755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 343.576345][T20755] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 343.584992][T20755] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 343.592749][T20755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 343.600560][T20755] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 343.608375][T20755] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 22:26:46 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180300002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r1) (async) write$cgroup_type(r1, &(0x7f0000000000), 0x165243) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x5, 0x0, 0x81}, 0x4c) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000bc0), 0x20000000}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r2, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x20, &(0x7f0000000680)={&(0x7f0000000540)=""/16, 0x10, 0x0, &(0x7f0000000580)=""/253, 0xfd}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x29, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x69}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0xff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ldst={0x3, 0x3, 0x4, 0x0, 0x4, 0xfffffffffffffffe}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @call={0x85, 0x0, 0x0, 0x21}, @ldst={0x2, 0x1, 0x2, 0x3, 0x1, 0x1, 0x1}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0xffffffffffffffff, 0xffffffffffffffff}, @exit, @jmp={0x5, 0x1, 0x0, 0x8, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x41, &(0x7f00000003c0)=""/65, 0x41100, 0x4, '\x00', r4, 0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x5, 0x9, 0x9, 0x3f}, 0x10, r5, r2, 0x4, 0x0, &(0x7f0000000700)=[{0x0, 0x2}, {0x2, 0x3, 0xa, 0x5}, {0x5, 0x3, 0x10, 0x4}, {0x1, 0x1, 0x4, 0x3}], 0x10, 0x6}, 0x90) [ 343.616182][T20755] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 343.624002][T20755] 22:26:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8000, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.io_queued\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) (async) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:47 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8001, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='cachefiles_ondemand_read\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r3 = perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x6}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8001}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r3) perf_event_open$cgroup(&(0x7f00000001c0)={0x5, 0x80, 0x3, 0x6e, 0xdc, 0x8, 0x0, 0x5, 0x20002, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xeb0, 0x1, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x7fff, 0x10000, 0x3, 0x0, 0x7, 0x2, 0x0, 0x7fffffff, 0x0, 0x6}, r0, 0x5, r1, 0x1b) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0xf8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x1, @perf_config_ext={0x9, 0x4c12d709}, 0x12435, 0xfffffffffffffff8, 0x7, 0x9, 0x3f, 0x7f, 0x8001, 0x0, 0x7fffffff, 0x0, 0x9}, r5, 0x2, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x3, 0x0, 0x0, 0x3d, 0x0, 0x0, 0xa0, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x102, 0x7}, 0x12, 0x8000000000000001, 0x7, 0x9, 0x8000, 0x0, 0xfff, 0x0, 0x100, 0x0, 0x8000}, r5, 0xffffffffffffffff, r4, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x80, 0x3, 0x62, 0x1, 0x0, 0xd3, 0x80401, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x7, 0x1ff}, 0x100000, 0x3, 0x10000, 0x4, 0x3, 0x7fffffff, 0x2, 0x0, 0x80000001, 0x0, 0x3ff}, r5, 0x1, 0xffffffffffffffff, 0x0) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) 22:26:47 executing program 0: syz_clone(0x44040100, 0x0, 0xffffffffa002c000, 0x0, 0x0, 0x0) 22:26:47 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8001, 0x1}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='cachefiles_ondemand_read\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r3 = perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x6}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8001}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r3) perf_event_open$cgroup(&(0x7f00000001c0)={0x5, 0x80, 0x3, 0x6e, 0xdc, 0x8, 0x0, 0x5, 0x20002, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xeb0, 0x1, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x7fff, 0x10000, 0x3, 0x0, 0x7, 0x2, 0x0, 0x7fffffff, 0x0, 0x6}, r0, 0x5, r1, 0x1b) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0xf8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x1, @perf_config_ext={0x9, 0x4c12d709}, 0x12435, 0xfffffffffffffff8, 0x7, 0x9, 0x3f, 0x7f, 0x8001, 0x0, 0x7fffffff, 0x0, 0x9}, r5, 0x2, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x3, 0x0, 0x0, 0x3d, 0x0, 0x0, 0xa0, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x102, 0x7}, 0x12, 0x8000000000000001, 0x7, 0x9, 0x8000, 0x0, 0xfff, 0x0, 0x100, 0x0, 0x8000}, r5, 0xffffffffffffffff, r4, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x80, 0x3, 0x62, 0x1, 0x0, 0xd3, 0x80401, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x7, 0x1ff}, 0x100000, 0x3, 0x10000, 0x4, 0x3, 0x7fffffff, 0x2, 0x0, 0x80000001, 0x0, 0x3ff}, r5, 0x1, 0xffffffffffffffff, 0x0) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8001, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='cachefiles_ondemand_read\x00', r0}, 0x10) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) close(r2) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x6}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8001}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) (async) close(r3) (async) perf_event_open$cgroup(&(0x7f00000001c0)={0x5, 0x80, 0x3, 0x6e, 0xdc, 0x8, 0x0, 0x5, 0x20002, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xeb0, 0x1, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x7fff, 0x10000, 0x3, 0x0, 0x7, 0x2, 0x0, 0x7fffffff, 0x0, 0x6}, r0, 0x5, r1, 0x1b) (async) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0xf8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x1, @perf_config_ext={0x9, 0x4c12d709}, 0x12435, 0xfffffffffffffff8, 0x7, 0x9, 0x3f, 0x7f, 0x8001, 0x0, 0x7fffffff, 0x0, 0x9}, r5, 0x2, 0xffffffffffffffff, 0xb) (async) perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x3, 0x0, 0x0, 0x3d, 0x0, 0x0, 0xa0, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x102, 0x7}, 0x12, 0x8000000000000001, 0x7, 0x9, 0x8000, 0x0, 0xfff, 0x0, 0x100, 0x0, 0x8000}, r5, 0xffffffffffffffff, r4, 0x0) (async) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x80, 0x3, 0x62, 0x1, 0x0, 0xd3, 0x80401, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x7, 0x1ff}, 0x100000, 0x3, 0x10000, 0x4, 0x3, 0x7fffffff, 0x2, 0x0, 0x80000001, 0x0, 0x3ff}, r5, 0x1, 0xffffffffffffffff, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) (async) 22:26:47 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x4}, 0x0, 0x5, 0x2, 0x0, 0x0, 0x7f}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0xa) r0 = perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x5, 0xfffffffffffffe99, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100024, 0x1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xd, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000800), 0x8) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000001080)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000280)='Y\xa0T\a\xb8\xe7J+Y\\\xcbA\xa3\xcen\x83') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={0x0, r5}, 0xfffffffffffffccf) perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x48, 0x1f, 0x5, 0x0, 0x0, 0xcae869a, 0xca0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_config_ext={0x6aa36e77, 0x86e}, 0x0, 0x8, 0xa67, 0x5, 0x8000000000000000, 0x6, 0xffff, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, r1, 0x9) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300), 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000740)={0x7ff}, 0x8) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21}, 0x90) close(0xffffffffffffffff) perf_event_open(&(0x7f00000006c0)={0x5, 0x80, 0x1f, 0x7f, 0x14, 0xdc, 0x0, 0x2, 0x1000, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x320ddeefb0f3916d, @perf_config_ext={0x1, 0xd393}, 0x4020, 0x8, 0xbc000000, 0x0, 0x5, 0x101, 0x1ff, 0x0, 0xffffffff, 0x0, 0xfffffffffffff1e6}, 0xffffffffffffffff, 0xffffffffffffffff, r8, 0xa) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000680)={@cgroup=r8, 0xffffffffffffffff, 0x28}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x20}) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x5, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffff0000"], &(0x7f0000000c80)='GPL\x00', 0x101, 0x3f, &(0x7f0000000cc0)=""/63, 0x0, 0x19, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000001000)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000001040)={0x1, 0x6, 0x10000, 0x1000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x19, 0x2d, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0xff}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}}, @map_fd={0x18, 0x6, 0x1, 0x0, r7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xced}}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x1, 0x9b, &(0x7f00000009c0)=""/155, 0x41100, 0x0, '\x00', 0x0, 0x12, r5, 0x8, &(0x7f00000004c0)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xd, 0x7, 0x1}, 0x10, 0x0, r3, 0x2, &(0x7f0000000c40)=[0xffffffffffffffff, r7, r2, r2], &(0x7f0000000d00)=[{0x4, 0x4, 0x8, 0x4}, {0x3, 0x3, 0xe, 0xbdce821a5ca4da41}], 0x10, 0xf566}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x0, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="852000000300000018250000", @ANYRES32=r8, @ANYBLOB], &(0x7f0000000400)='syzkaller\x00', 0x8, 0xd1, &(0x7f0000000a80)=""/209, 0x40f00, 0x3, '\x00', r6, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r4, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x89f2, &(0x7f0000000080)) 22:26:47 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65) [ 344.091897][T20795] FAULT_INJECTION: forcing a failure. [ 344.091897][T20795] name failslab, interval 1, probability 0, space 0, times 0 [ 344.122922][T20795] CPU: 1 PID: 20795 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 344.133084][T20795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 344.142980][T20795] Call Trace: [ 344.146106][T20795] [ 344.148878][T20795] dump_stack_lvl+0x151/0x1b7 [ 344.153389][T20795] ? io_uring_drop_tctx_refs+0x190/0x190 [ 344.158859][T20795] dump_stack+0x15/0x17 [ 344.162845][T20795] should_fail+0x3c6/0x510 [ 344.167099][T20795] __should_failslab+0xa4/0xe0 [ 344.171707][T20795] ? anon_vma_fork+0xf7/0x4e0 [ 344.176212][T20795] should_failslab+0x9/0x20 [ 344.180552][T20795] slab_pre_alloc_hook+0x37/0xd0 [ 344.185324][T20795] ? anon_vma_fork+0xf7/0x4e0 [ 344.189836][T20795] kmem_cache_alloc+0x44/0x200 [ 344.194440][T20795] anon_vma_fork+0xf7/0x4e0 [ 344.198777][T20795] ? anon_vma_name+0x43/0x70 [ 344.203205][T20795] ? vm_area_dup+0x17a/0x230 [ 344.207631][T20795] copy_mm+0xa3a/0x13e0 [ 344.211629][T20795] ? copy_signal+0x610/0x610 [ 344.216049][T20795] ? __init_rwsem+0xd6/0x1c0 [ 344.220475][T20795] ? copy_signal+0x4e3/0x610 [ 344.224903][T20795] copy_process+0x1149/0x3290 [ 344.229418][T20795] ? proc_fail_nth_write+0x20b/0x290 [ 344.234538][T20795] ? fsnotify_perm+0x6a/0x5d0 [ 344.239055][T20795] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 344.243997][T20795] ? vfs_write+0x9ec/0x1110 [ 344.248340][T20795] kernel_clone+0x21e/0x9e0 [ 344.252678][T20795] ? file_end_write+0x1c0/0x1c0 [ 344.257363][T20795] ? create_io_thread+0x1e0/0x1e0 [ 344.262222][T20795] ? mutex_unlock+0xb2/0x260 [ 344.266648][T20795] ? __mutex_lock_slowpath+0x10/0x10 [ 344.271770][T20795] __x64_sys_clone+0x23f/0x290 [ 344.276381][T20795] ? __do_sys_vfork+0x130/0x130 [ 344.281060][T20795] ? ksys_write+0x260/0x2c0 [ 344.285402][T20795] ? debug_smp_processor_id+0x17/0x20 [ 344.290606][T20795] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 344.296507][T20795] ? exit_to_user_mode_prepare+0x39/0xa0 [ 344.301976][T20795] do_syscall_64+0x3d/0xb0 [ 344.306226][T20795] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 344.311954][T20795] RIP: 0033:0x7f8118545da9 [ 344.316210][T20795] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 344.335653][T20795] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 344.343895][T20795] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 344.351705][T20795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 344.359514][T20795] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 344.367329][T20795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 344.375138][T20795] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 344.382965][T20795] 22:26:47 executing program 0: r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x90, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.stat\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40086607, &(0x7f0000000040)) perf_event_open$cgroup(&(0x7f0000000080)={0x1, 0x80, 0xe7, 0x6, 0x9, 0x3, 0x0, 0x9, 0x10, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x8000000000000001}, 0x9904, 0x8000000000000001, 0x5, 0x3, 0x85, 0x7, 0x1c0, 0x0, 0x8, 0x0, 0xff4}, r1, 0x1, r0, 0xd) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff1f, 0x0, &(0x7f00000007c0)="17"}, 0x50) r3 = syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x85, 0x7f, 0x8, 0x5, 0x0, 0xffffffffffffffc1, 0x98800, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x9, 0x4, @perf_config_ext={0x1, 0x401}, 0x8000, 0x0, 0x0, 0x6, 0x3, 0xfffffff5, 0x794, 0x0, 0x8, 0x0, 0xb1f}, r3, 0x2, 0xffffffffffffffff, 0xb) 22:26:47 executing program 4: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_clone(0x44040100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66) [ 344.499654][T20800] FAULT_INJECTION: forcing a failure. [ 344.499654][T20800] name failslab, interval 1, probability 0, space 0, times 0 [ 344.533933][T20800] CPU: 0 PID: 20800 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 344.544106][T20800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 344.553993][T20800] Call Trace: [ 344.557114][T20800] [ 344.559893][T20800] dump_stack_lvl+0x151/0x1b7 [ 344.564410][T20800] ? io_uring_drop_tctx_refs+0x190/0x190 [ 344.569877][T20800] dump_stack+0x15/0x17 [ 344.573864][T20800] should_fail+0x3c6/0x510 [ 344.578124][T20800] __should_failslab+0xa4/0xe0 [ 344.582717][T20800] ? anon_vma_fork+0x1df/0x4e0 [ 344.587325][T20800] should_failslab+0x9/0x20 [ 344.591656][T20800] slab_pre_alloc_hook+0x37/0xd0 [ 344.596444][T20800] ? anon_vma_fork+0x1df/0x4e0 [ 344.601029][T20800] kmem_cache_alloc+0x44/0x200 [ 344.605721][T20800] anon_vma_fork+0x1df/0x4e0 [ 344.610145][T20800] copy_mm+0xa3a/0x13e0 [ 344.614144][T20800] ? copy_signal+0x610/0x610 [ 344.618566][T20800] ? __init_rwsem+0xd6/0x1c0 [ 344.622990][T20800] ? copy_signal+0x4e3/0x610 [ 344.627415][T20800] copy_process+0x1149/0x3290 [ 344.631937][T20800] ? proc_fail_nth_write+0x20b/0x290 [ 344.637054][T20800] ? fsnotify_perm+0x6a/0x5d0 [ 344.641566][T20800] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 344.646595][T20800] ? vfs_write+0x9ec/0x1110 [ 344.650936][T20800] kernel_clone+0x21e/0x9e0 [ 344.655272][T20800] ? file_end_write+0x1c0/0x1c0 [ 344.659959][T20800] ? create_io_thread+0x1e0/0x1e0 [ 344.664928][T20800] ? mutex_unlock+0xb2/0x260 [ 344.669332][T20800] ? __mutex_lock_slowpath+0x10/0x10 [ 344.674452][T20800] __x64_sys_clone+0x23f/0x290 [ 344.679062][T20800] ? __do_sys_vfork+0x130/0x130 [ 344.683746][T20800] ? ksys_write+0x260/0x2c0 [ 344.688078][T20800] ? debug_smp_processor_id+0x17/0x20 [ 344.693286][T20800] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 344.699187][T20800] ? exit_to_user_mode_prepare+0x39/0xa0 [ 344.704669][T20800] do_syscall_64+0x3d/0xb0 [ 344.708908][T20800] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 344.714637][T20800] RIP: 0033:0x7f8118545da9 [ 344.718894][T20800] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 344.738332][T20800] RSP: 002b:00007f81172c7078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 22:26:48 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x1cb3fbb3, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000480)) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x80000008, &(0x7f0000000a40), 0x0, 0x10, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) (async) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x200}) (async) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280), 0xc) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080)) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0xa8, 0x0, 0x1, 0x500, r6, 0x0, '\x00', r3, 0xffffffffffffffff, 0x2, 0x5, 0x5, 0x3}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x9, 0x9, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000880000100000000110100007c0008000400000418190000e5f9716b162b666e05f0586eecc1cb3da0154334d03fde4884f13978a384f9ce0c8132563548db2365aa4c4c040d12a587e72af90d424731cc81a9b0342d1d463e", @ANYRES32, @ANYBLOB="041e2d49f07748691dfbc08847b7c8ae50573b101dc0303ea7ec147a5e2554c102978ffbeda3a4a041579a8287d5b91fb8d493dbd76f33b35b12e4b08c7174641a5c111b3880ff618ee3328d655596e194aede0f66c15f07b1d8bcb501a367c2076a0407fdbef05d666b9737e774292518f3010fa1cee3ef"], &(0x7f0000000240)='GPL\x00', 0x0, 0x8f, &(0x7f0000000b00)=""/143, 0x41100, 0x10, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x1, 0xf, 0x6, 0x206}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000bc0)=[{0x85, 0x2, 0x9, 0x6}, {0x4, 0x5, 0x2, 0xd}, {0x5, 0x0, 0x0, 0x3}, {0x4, 0x2, 0xf, 0x3}], 0x10, 0x1}, 0x90) (async) r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x3, 0x1, 0x2, 0x0, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x20, 0x4, @perf_config_ext={0xec, 0x80000000}, 0x2054, 0x9, 0x10001, 0x8, 0x10001, 0x23, 0x93b, 0x0, 0x80, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0x8) (async) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000040)=0x3) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) (async) socketpair(0x4, 0x0, 0x0, &(0x7f0000000100)) (async) ioctl$PERF_EVENT_IOC_ID(r7, 0x80082407, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a1, &(0x7f0000000080)) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) socketpair(0x1a, 0x3, 0x200, &(0x7f0000000140)) (async) syz_clone(0x738c0480, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socketpair(0x6, 0x800, 0x4, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000640)=0x915b) bpf$MAP_CREATE(0x0, 0x0, 0x10276d7ae9abb262) (async) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) [ 344.746583][T20800] RAX: ffffffffffffffda RBX: 00007f8118673f80 RCX: 00007f8118545da9 [ 344.754387][T20800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000044040000 [ 344.762197][T20800] RBP: 00007f81172c7120 R08: 0000000000000000 R09: 0000000000000000 [ 344.770018][T20800] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 344.777821][T20800] R13: 000000000000000b R14: 00007f8118673f80 R15: 00007ffce2e3adf8 [ 344.785646][T20800] [ 344.802726][T20800] general protection fault, probably for non-canonical address 0xe534c09f1ffff110: 0000 [#1] PREEMPT SMP KASAN [ 344.814264][T20800] KASAN: maybe wild-memory-access in range [0x29a624f8ffff8880-0x29a624f8ffff8887] [ 344.823374][T20800] CPU: 1 PID: 20800 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 344.833535][T20800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 344.843423][T20800] RIP: 0010:__rb_erase_color+0x60/0xa60 [ 344.848802][T20800] Code: 03 48 89 45 c8 42 80 3c 20 00 74 08 48 89 df e8 86 29 2b ff 4c 8b 33 4d 39 f7 0f 84 87 01 00 00 4c 89 e0 4d 89 f4 49 c1 ec 03 <41> 80 3c 04 00 74 08 4c 89 f7 e8 61 29 2b ff 48 89 5d a8 41 f6 06 [ 344.868245][T20800] RSP: 0018:ffffc9000147f6a0 EFLAGS: 00010202 [ 344.874162][T20800] RAX: dffffc0000000000 RBX: ffff88811d43c3d4 RCX: ffff88816650cf00 [ 344.881957][T20800] RDX: ffffffff81a50880 RSI: ffff88810bda2658 RDI: ffff888129a624f8 [ 344.889766][T20800] RBP: ffffc9000147f700 R08: ffffffff81a4e940 R09: ffffed10217b44cf [ 344.897580][T20800] R10: 0000000000000000 R11: dffffc0000000001 R12: 0534c49f1ffff110 [ 344.905477][T20800] R13: ffff88811d43c3cc R14: 29a624f8ffff8881 R15: ffff888129a624f8 [ 344.913291][T20800] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 344.922053][T20800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 344.928477][T20800] CR2: 00005555564d1788 CR3: 0000000131554000 CR4: 00000000003506a0 [ 344.936291][T20800] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 344.944098][T20800] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 344.951909][T20800] Call Trace: [ 344.955036][T20800] [ 344.957815][T20800] ? __die_body+0x62/0xb0 [ 344.961997][T20800] ? die_addr+0x9f/0xd0 [ 344.965978][T20800] ? exc_general_protection+0x311/0x4b0 [ 344.971357][T20800] ? asm_exc_general_protection+0x27/0x30 [ 344.976906][T20800] ? vma_interval_tree_remove+0xae0/0xba0 [ 344.982462][T20800] ? anon_vma_interval_tree_iter_next+0x390/0x390 [ 344.988711][T20800] ? __rb_erase_color+0x60/0xa60 [ 344.993489][T20800] ? anon_vma_interval_tree_iter_next+0x390/0x390 [ 344.999825][T20800] ? rwsem_mark_wake+0x6b0/0x6b0 [ 345.004594][T20800] vma_interval_tree_remove+0xb82/0xba0 [ 345.009982][T20800] unlink_file_vma+0xd9/0xf0 [ 345.014408][T20800] free_pgtables+0x13f/0x280 [ 345.018827][T20800] exit_mmap+0x3e7/0x6f0 [ 345.022912][T20800] ? exit_aio+0x25e/0x3c0 [ 345.027074][T20800] ? vm_brk+0x30/0x30 [ 345.030890][T20800] ? mutex_unlock+0xb2/0x260 [ 345.035318][T20800] ? uprobe_clear_state+0x2cd/0x320 [ 345.040351][T20800] __mmput+0x95/0x310 [ 345.044179][T20800] mmput+0x5b/0x170 [ 345.047902][T20800] do_exit+0xb9c/0x2ca0 [ 345.051893][T20800] ? task_work_run+0x129/0x190 [ 345.056494][T20800] ? exit_to_user_mode_loop+0xc4/0xe0 [ 345.061699][T20800] ? exit_to_user_mode_prepare+0x5a/0xa0 [ 345.067171][T20800] ? put_task_struct+0x80/0x80 [ 345.071770][T20800] ? cgroup_freezing+0x88/0xb0 [ 345.076375][T20800] do_group_exit+0x141/0x310 [ 345.080801][T20800] get_signal+0x7a3/0x1630 [ 345.085050][T20800] arch_do_signal_or_restart+0xbd/0x1680 [ 345.090518][T20800] ? rcu_gp_kthread_wake+0x90/0x90 [ 345.095900][T20800] ? security_file_free+0xc6/0xe0 [ 345.100757][T20800] ? kmem_cache_free+0x116/0x2e0 [ 345.105534][T20800] ? percpu_counter_add_batch+0x13d/0x160 [ 345.111093][T20800] ? get_sigframe_size+0x10/0x10 [ 345.115864][T20800] ? __se_sys_futex+0x37b/0x3e0 [ 345.120553][T20800] ? ____fput+0x15/0x20 [ 345.124542][T20800] exit_to_user_mode_loop+0xa0/0xe0 [ 345.129575][T20800] exit_to_user_mode_prepare+0x5a/0xa0 [ 345.134872][T20800] syscall_exit_to_user_mode+0x26/0x160 [ 345.140256][T20800] do_syscall_64+0x49/0xb0 [ 345.144504][T20800] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 345.150232][T20800] RIP: 0033:0x7f8118545da9 [ 345.154482][T20800] Code: Unable to access opcode bytes at RIP 0x7f8118545d7f. [ 345.161686][T20800] RSP: 002b:00007f81172c7178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 345.169931][T20800] RAX: fffffffffffffe00 RBX: 00007f8118673f88 RCX: 00007f8118545da9 [ 345.177742][T20800] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8118673f88 [ 345.185554][T20800] RBP: 00007f8118673f80 R08: 00007f81172c76c0 R09: 00007f81172c76c0 [ 345.193364][T20800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8118673f8c 22:26:48 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0xa, 0x8001, 0x1}, 0x48) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='cachefiles_ondemand_read\x00', r0}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) close(r2) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) (async) r3 = perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x6}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8001}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r3) (async) perf_event_open$cgroup(&(0x7f00000001c0)={0x5, 0x80, 0x3, 0x6e, 0xdc, 0x8, 0x0, 0x5, 0x20002, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xeb0, 0x1, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x7fff, 0x10000, 0x3, 0x0, 0x7, 0x2, 0x0, 0x7fffffff, 0x0, 0x6}, r0, 0x5, r1, 0x1b) (async) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) (async) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0xf8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x1, @perf_config_ext={0x9, 0x4c12d709}, 0x12435, 0xfffffffffffffff8, 0x7, 0x9, 0x3f, 0x7f, 0x8001, 0x0, 0x7fffffff, 0x0, 0x9}, r5, 0x2, 0xffffffffffffffff, 0xb) (async) perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x3, 0x0, 0x0, 0x3d, 0x0, 0x0, 0xa0, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x102, 0x7}, 0x12, 0x8000000000000001, 0x7, 0x9, 0x8000, 0x0, 0xfff, 0x0, 0x100, 0x0, 0x8000}, r5, 0xffffffffffffffff, r4, 0x0) (async) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x80, 0x3, 0x62, 0x1, 0x0, 0xd3, 0x80401, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x7, 0x1ff}, 0x100000, 0x3, 0x10000, 0x4, 0x3, 0x7fffffff, 0x2, 0x0, 0x80000001, 0x0, 0x3ff}, r5, 0x1, 0xffffffffffffffff, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0x4010744d, 0x20000000) [ 345.201174][T20800] R13: 000000000000000b R14: 00007ffce2e3ad10 R15: 00007ffce2e3adf8 [ 345.208993][T20800] [ 345.211852][T20800] Modules linked in: [ 345.215858][T20800] ---[ end trace 377333a29497b537 ]--- [ 345.221280][T20800] RIP: 0010:__rb_erase_color+0x60/0xa60 [ 345.228206][T20800] Code: 03 48 89 45 c8 42 80 3c 20 00 74 08 48 89 df e8 86 29 2b ff 4c 8b 33 4d 39 f7 0f 84 87 01 00 00 4c 89 e0 4d 89 f4 49 c1 ec 03 <41> 80 3c 04 00 74 08 4c 89 f7 e8 61 29 2b ff 48 89 5d a8 41 f6 06 [ 345.248196][T20800] RSP: 0018:ffffc9000147f6a0 EFLAGS: 00010202 [ 345.254177][T20800] RAX: dffffc0000000000 RBX: ffff88811d43c3d4 RCX: ffff88816650cf00 [ 345.262079][T20800] RDX: ffffffff81a50880 RSI: ffff88810bda2658 RDI: ffff888129a624f8 [ 345.269971][T20800] RBP: ffffc9000147f700 R08: ffffffff81a4e940 R09: ffffed10217b44cf [ 345.277971][T20800] R10: 0000000000000000 R11: dffffc0000000001 R12: 0534c49f1ffff110 [ 345.285866][T20800] R13: ffff88811d43c3cc R14: 29a624f8ffff8881 R15: ffff888129a624f8 [ 345.301807][T20800] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 345.320357][T20800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 345.330131][T20800] CR2: 0000001b30727000 CR3: 00000001494de000 CR4: 00000000003506b0 [ 345.342363][T20800] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 345.386315][T20800] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 345.427629][T20800] Kernel panic - not syncing: Fatal exception [ 345.433670][T20800] Kernel Offset: disabled [ 345.437885][T20800] Rebooting in 86400 seconds..